Magictallguy

http://makewebgames.io/showthread.php/44061-Gang-Armoury?p=297274#post297274

PHP 5.6 compliant Yes, I know this has been done, but I was requested to create another one here by Bennyh789 I've tested this extensively, so far, everything works. Any bugs, post here and I'll fix 🙂 SQLs -- SQLS -- Inventory update ALTER TABLE `inventory` ADD `inv_borrowed` ENUM ('Yes', 'No') NOT NULL DEFAULT 'No', ADD `inv_time` INT NOT NULL; -- Users update ALTER TABLE `users` ADD `equip_primary_loaned` ENUM ('Yes', 'No') NOT NULL DEFAULT 'No', ADD `equip_secondary_loaned` ENUM ('Yes', 'No') NOT NULL DEFAULT 'No', ADD `equip_armor_loaned` ENUM ('Yes', 'No') NOT NULL DEFAULT 'No'; -- gang_settings CREATE TABLE `gang_settings` ( `gangid` INT NOT NULL PRIMARY KEY, `armoury_is_closed` ENUM ('Yes', 'No') NOT NULL DEFAULT 'No', `gang_armoury_item_withdrawable` ENUM ('Yes', 'No') NOT NULL DEFAULT 'No', `gang_armoury_item_auto_returned` ENUM ('Yes', 'No') NOT NULL DEFAULT 'No', `gang_armoury_item_auto_returned_time_frame` INT NOT NULL DEFAULT 0, `gang_armoury_item_donation_enabled` ENUM ('Yes', 'No') NOT NULL DEFAULT 'Yes' ); -- gang_armoury CREATE TABLE `gang_armoury` ( `id` INT NOT NULL PRIMARY KEY AUTO_INCREMENT, `gang` INT NOT NULL, `item` INT NOT NULL, `qty` INT NOT NULL, `total` INT NOT NULL ); -- gang_armoury_loans CREATE TABLE `gang_armoury_loans` ( `id` INT NOT NULL PRIMARY KEY AUTO_INCREMENT, `gang` INT NOT NULL, `userid` INT NOT NULL, `item` INT NOT NULL ); Edit yourgang.php Find: The main query that populates the $gangdata variable (default: line 6) $gq = $db->query("SELECT g.*,oc.* FROM gangs g LEFT JOIN orgcrimes oc ON g.gangCRIME=oc.ocID WHERE g.gangID={$ir['gang']}"); Replace with: <?php // added this line for syntax highlighting, remove before pasting $requireSettings = true; // Set as false to disable the requirement to set the armoury settings first $gq = $db->query( 'SELECT g.*, oc.*, gs.* FROM gangs AS g INNER JOIN orgcrimes AS oc ON g.gangCRIME = oc.ocID INNER JOIN gang_settings AS gs ON gs.gangid = g.gangID WHERE g.gangID = ' . $ir['gang'] ); if ($requireSettings) { if (empty($gangdata['armoury_is_open']) && 'editarmoury' != $_GET['act2']) { $selectLeader = $db->query('SELECT username FROM users WHERE userid = ' . $gangdata['gangPRESIDENT']); $leader = stripslashes($db->fetch_single($selectLeader)); cleanKill($leader . ' <strong>must</strong> set up the gang armoury before you can access this'); } } Find: case "crimes": gang_crimes(); break; Add below: case 'viewarmoury': gang_view_armoury($db, $gangdata, $ir); break; case 'borrowitem': gang_borrow_item($db, $gangdata, $ir); break; case 'donateitem': gang_donate_item($db, $gangdata, $ir); break; Find: The closing brace of gang_index() Add below: /** * Applies stripslashes() and htmlspecialchars() to strings, and number_format() to integers/floats. * @param int|float|string $str * @return string */ function format($str) { return is_numeric($str) ? number_format($str) : stripslashes(htmlspecialchars($str)); } /** * Displays the gang's armoury * @param database $db * @param array $gangdata * @param array $ir * @return void */ function gang_view_armoury($db, $gangdata, $ir) { $heading = 'Your Gang: Armoury: View'; $selectItems = $db->query( 'SELECT g.item, g.qty, g.total, i.itmname FROM gang_armoury AS g INNER JOIN items AS i ON g.item = i.itmid WHERE g.gang = ' . $gangdata['gangid'] ); if ('No' == $gangdata['armoury_is_open']) { clean_kill('The armoury is currently closed', $heading); } if ('Yes' == $gangdata['gang_armoury_item_donation_enabled']) { ?> <a href="yourgang.php?action=donateitem" class="text-bold">Donate an Item</a><br /><br /> <?php } ?> <table class="table w-85"> <thead> <tr> <th class="w-33">Item</th> <th class="w-34">Quantity</th> <th class="w-33">Links</th> </tr> </thead> <tfoot> <tr> <th>Item</th> <th>Quantity</th> <th>Links</th> </tr> </tfoot> <tbody> <?php if (!$db->num_rows($selectItems)) { ?> <tr> <td colspan="3" class="center">There are no items available in the Armoury</td> </tr> <?php } else { while ($row = $db->fetch_row($selectItems)) { $selectInventory = $db->query('SELECT inv_borrowed FROM inventory WHERE inv_itemid = ' . $row['item']); ?> <tr> <td class="text-center"><?php echo format($row['itmname']); ?></td> <td class="text-right"><?php echo format($row['qty']) . '/' . format($row['total']); ?></td> <td class="text-center"> <?php echo 'Yes' == $db->fetch_single($selectInventory) ? '<span style="color:#888;">Borrowed</span>' : ('Yes' == $gangdata['gang_armoury_item_withdrawable']) ? '<a href="yourgang.php?action=borrowitem&ID=' . $row['item'] . '">Borrow</a>' : '<span style="color:#888;">Locked</span>'; echo $gangdata['gangPRESIDENT'] == $ir['userid'] ? ' · <a href="yourgang.php?action=staff&act2=leaditem&ID=' . $row['item'] . '">Take</a> · <a href="yourgang.php?action=staff&act2=trash&ID=' . $row['item'] . '">Trash</a>' : ''; ?> </td> </tr> <?php } } ?> </tbody> </table> <?php } /** * Borrows an item from the armoury * @param database $db * @param array $gangdata * @param array $ir * @return void */ function gang_borrow_item($db, $gangdata, $ir) { $heading = 'Your Gang: Armoury: Borrow Item'; if ('No' == $gangdata['armoury_is_open']) { clean_kill('The armoury is currently closed', $heading); } if ('No' == $gangdata['gang_armoury_item_withdrawable']) { clean_kill('Your gang has locked the Armoury from being withdrawable', $heading); } $_GET['ID'] = array_key_exists('ID', $_GET) && is_numeric($_GET['ID']) && $_GET['ID'] > 0 ? $_GET['ID'] : null; if (empty($_GET['ID'])) { clean_kill('You didn\'t specify a valid item', $heading); } $selectItem = $db->query( 'SELECT g.item, g.qty, i.itmname FROM gang_armoury AS g INNER JOIN items AS i ON g.item = i.itmid WHERE g.gang = ' . $gangdata['gangID'] . ' AND g.item = ' . $_GET['ID'] ); if (!$db->num_rows($selectItem)) { clean_kill('Your gang doesn\'t own that item', $heading); } $item = $db->fetch_row($selectItem); if (!$item['qty']) { clean_kill('Your gang doesn\'t have any of that item in stock', $heading); } $selectInventory = $db->query('SELECT inv_borrowed FROM inventory WHERE inv_itemid = ' . $_GET['ID'] . ' AND inv_userid = ' . $ir['userid']); if ($db->num_rows($selectInventory)) { clean_kill('You already own this item, there is no need to borrow it', $heading); } if ('Yes' == $db->fetch_single($selectInventory)) { clean_kill('You\'re already borrowing this item', $heading); } $db->query('INSERT INTO inventory (inv_itemid, inv_userid, inv_borrowed, inv_time) VALUES (' . $_GET['ID'] . ', ' . $ir['userid'] . ', "Yes", ' . time() . ')'); $db->query('INSERT INTO gang_armoury_loans (gang, userid, item) VALUES (' . $gangdata['gangID'] . ', ' . $ir['userid'] . ', ' . $_GET['ID'] . ')'); $db->query('UPDATE gang_armoury SET qty = qty - 1 WHERE item = ' . $_GET['ID'] . ' AND gang = ' . $gangdata['gangID']); gang_event_add($db, $gangdata['gangID'], $ir['username'] . ' borrowed the ' . format($item['itmname']) . ' from the Gang Armoury'); echo 'You\'ve borrowed the ' . format($item['itmname']) . ' from the Gang Armoury, be sure to return it'; } /** * Donates an item to the armoury * @param database $db * @param array $gangdata * @param array $ir * @return void */ function gang_donate_item($db, $gangdata, $ir) { $heading = 'Your Gang: Armoury: Donate Item'; if ('No' == $gangdata['gang_armoury_item_donation_enabled']) { clean_kill('Donating items to the Gang Armoury has been temporarily blocked', $heading); } if (array_key_exists('submit', $_POST)) { $_POST['item'] = array_key_exists('item', $_POST) && is_numeric($_POST['item']) && (int)$_POST['item'] > 0 ? (int)$_POST['item'] : null; $_POST['qty'] = array_key_exists('qty', $_POST) && is_numeric($_POST['qty']) && (int)$_POST['qty'] > 0 ? (int)$_POST['qty'] : null; if (empty($_POST['item'])) { clean_kill('You didn\'t select a valid item', $heading); } if (empty($_POST['qty'])) { clean_kill('You didn\'t enter a valid quantity', $heading); } $selectItem = $db->query('SELECT inv.inv_qty, i.itmname FROM inventory AS inv INNER JOIN items AS i ON inv.inv_itemid = i.itmid WHERE inv.inv_itemid = ' . $_POST['item'] . ' AND inv.inv_userid = ' . $ir['userid']); if (!$db->num_rows($selectItem)) { clean_kill('You don\'t own that item', $heading); } $item = $db->fetch_row($selectItem); $itemPlural = ('s' == substr($item['itmname'], -1)) ? '' : 's'; if ($_POST['qty'] > $item['inv_qty']) { clean_kill('You don\'t have enough ' . format($item['itmname']) . $itemPlural . ' to deposit that many', $heading); } item_remove($ir['userid'], $_POST['item'], $_POST['qty']); $db->query('INSERT INTO gang_armoury (gang, item, qty, total) VALUES (' . $gangdata['gangID'] . ', ' . $_POST['item'] . ', ' . $_POST['qty'] . ', ' . $_POST['qty'] . ') ON DUPLICATE KEY UPDATE qty = qty + ' . $_POST['qty'] . ', total = total + ' . $_POST['qty']); gang_event_add($db, $gangdata['gangID'], $ir['username'] . ' donated ' . format($_POST['qty']) . ' ' . format($item['itmname']) . (1 == $_POST['qty'] ? '' : $itemPlural) . ' to the Gang Armoury'); echo 'You\'ve donated ' . format($_POST['qty']) . ' ' . format($item['itmname']) . (1 == $_POST['qty'] ? '' : $itemPlural) . ' to your Gang Armoury'; } $selectInventory = $db->query( 'SELECT inv.inv_itemid, inv.inv_qty, i.itmname FROM inventory AS inv INNER JOIN items AS i ON inv.inv_itemid = i.itmid WHERE inv.inv_userid = ' . $ir['userid'] ); if (!$db->num_rows($selectInventory)) { clean_kill('You have no items to donate', $heading); } ?> <form action="yourgang.php?action=donateitem" method="post"> <div class="form-group"> <label for="item">Item</label> <select name="item" id="item" class="form-control"> <?php while ($row = $db->fetch_row($selectInventory)) { ?> <option value="<?php echo $row['inv_itemid']; ?>"><?php echo format($row['itmname']) . ' [x' . format($row['inv_qty']) . ']'; ?></option> <?php } ?> </select> </div> <div class="form-group"> <label for="qty">Quantity</label> <input type="number" name="qty" id="qty" value="1" class="form-control"> </div> <button type="submit" class="btn btn-primary"> <span class="fas fa-check"></span> Donate </button> </form> <?php } c Find: case "masspayment": gang_staff_masspayment(); break; Add below: case 'editarmoury': gang_staff_edit_armoury_settings($db, $gangdata, $ir); break; case 'trash': gang_staff_armoury_trash_item($db, $gangdata, $ir); break; case 'recall': gang_staff_armoury_recall_item($db, $gangdata, $ir); break; case 'leaditem': gang_staff_armoury_leader_take_item($db, $gangdata, $ir); break; Find: The anchors in the gang_staff_idx() Add into the non-presidential part: <br /> <a href='yourgang.php?action=staff&act2=recall'>Recall Items to the Armoury.</a> Still in the anchors of the gang_staff_idx(), Add into the presidential part: <br /> <a href='yourgang.php?action=staff&act2=editarmoury'>Change Armoury Settings</a> Find: The closing brace of the gang_staff_idx() Add below: /** * Edit armoury settings * @param database $db * @param array $gangdata * @param array $ir * @return void */ function gang_staff_edit_armoury_settings($db, $gangdata, $ir) { $heading = 'Your Gang: Staff: Edit Armoury Settings'; if ($gangdata['gangPRESIDENT'] != $ir['userid']) { clean_kill('You don\'t have access to this', $heading); } if (array_key_exists('submit', $_POST)) { $required = ['armoury_is_open', 'gang_armoury_item_withdrawable', 'gang_armoury_item_donation_enabled', 'gang_armoury_item_auto_returned']; foreach ($required as $name) { if (empty($_POST[$name])) { clean_kill('You missed something..', $heading); } } if (empty($_POST['gang_armoury_item_auto_returned_time_frame'])) { clean_kill('You missed something..', $heading); } foreach ($required as $choice) { if (!in_array($_POST[$choice], ['Yes', 'No'])) { clean_kill('You didn\'t select a valid choice', $heading); } } $selectGangSet = $db->query('SELECT COUNT(gangid) FROM gang_settings WHERE gangid = ' . $gangdata['gangID']); if ($db->fetch_single($selectGangSet)) { $db->query('UPDATE gang_settings SET armoury_is_open = \'' . $_POST['armoury_is_open'] . '\', gang_armoury_item_withdrawable = \'' . $_POST['gang_armoury_item_withdrawable'] . '\', gang_armoury_item_donation_enabled = \'' . $_POST['gang_armoury_item_donation_enabled'] . '\', gang_armoury_item_auto_returned = \'' . $_POST['gang_armoury_item_auto_returned'] . '\', gang_armoury_item_auto_returned_time_frame = ' . $_POST['gang_armoury_item_auto_returned_time_frame'] . ' WHERE gangid = ' . $gangdata['gangID']); } else { $db->query('INSERT INTO gang_settings (gangid, armoury_is_open, gang_armoury_item_withdrawable, gang_armoury_item_donation_enabled, gang_armoury_item_auto_returned, gang_armoury_item_auto_returned_time_frame) VALUES (' . $gangdata['gangID'] . ', \'' . $_POST['armoury_is_open'] . '\', \'' . $_POST['gang_armoury_item_withdrawable'] . '\', \'' . $_POST['gang_armoury_item_donation_enabled'] . '\', \'' . $_POST['gang_armoury_item_auto_returned'] . '\', ' . $_POST['gang_armoury_item_auto_returned_time_frame'] . ')'); } ?> You've updated your Gang Armoury's settings <?php } $settings = [ 'Access Armoury' => 'armoury_is_open', 'Withdrawable' => 'gang_armoury_item_withdrawable', 'Donations Enabled' => 'gang_armoury_item_donation_enabled', 'Automatically returned' => 'gang_armoury_item_auto_returned', ]; ?> <form action="yourgang.php?action=staff&act2=editarmoury" method="post"> <table class="table w-85"> <?php foreach ($settings as $desc => $name) { ?> <tr> <th class="w-35"><label for="<?php echo $name; ?>"><?php echo $desc; ?></label></th> <td class="w-65"> <select name="<?php echo $name; ?>" id="<?php echo $name; ?>"> <option value="Yes"<?php echo ('Yes' == $gangdata[$name]) ? ' selected' : ''; ?>>Yes</option> <option value="No"<?php echo ('No' == $gangdata[$name]) ? ' selected' : ''; ?>>No</option> </select> </td> </tr> <?php } ?> <tr> <th><label for="gang_armoury_item_auto_returned_time_frame">Returns: Timeframe (in days)</label></th> <td><input type="number" name="gang_armoury_item_auto_returned_time_frame" id="gang_armoury_item_auto_returned_time_frame" value="<?php echo $gangdata['gang_armoury_item_auto_returned_time_frame']; ?>" /></td> </tr> <tr> <td colspan="2" class="center"> <button type="submit" name="submit" class="btn btn-primary"> <span class="fas fa-check"></span> Submit Changes </button> </td> </tr> </table> </form> <?php } /** * Permanently remove an item from the armoury * @param database $db * @param array $gangdata * @param array $ir * @return void */ function gang_staff_armoury_trash_item($db, $gangdata, $ir) { $heading = 'Your Gang: Staff: Trash Item'; if ($gangdata['gangPRESIDENT'] != $ir['userid']) { clean_kill('You don\'t have access to this', $heading); } $_GET['ID'] = array_key_exists('ID', $_GET) && is_numeric($_GET['ID']) && (int)$_GET['ID'] > 0 ? (int)$_GET['ID'] : null; if (empty($_GET['ID'])) { clean_kill('You didn\'t select a valid item', $heading); } $selectItem = $db->query( 'SELECT g.item, g.qty, g.total, i.itmname FROM gang_armoury AS g INNER JOIN items AS i ON g.item = i.itmid WHERE g.item = ' . $_GET['ID'] . ' AND g.gang = ' . $gangdata['gangID'] ); if (!$db->num_rows($selectItem)) { clean_kill('Your gang doesn\'t own that item', $heading); } $item = $db->fetch_row($selectItem); if ($item['qty'] != $item['total']) { clean_kill(($item['total'] - $item['qty']) . ' member' . (($item['total'] - $item['qty']) == 1 ? '' : 's') . ' of your gang ha' . (($item['total'] - $item['qty']) == 1 ? 's' : 've') . ' borrowed the ' . format($item['itmname']) . '. You can\'t trash it until they"ve all been returned', $heading); } $db->query('DELETE FROM gang_armoury WHERE gang = ' . $gangdata['gangID'] . ' AND item = ' . $_GET['ID']); $itemPlural = ('s' == substr($item['itmname'], -1)) ? '' : 's'; gang_event_add($db, $gangdata['gangID'], $ir['username'] . ' removed the ' . format($item['itmname']) . ((1 == $item['total']) ? '' : $itemPlural) . ' from the Gang Armoury'); echo 'You\'ve removed the ' . format($item['itmname']) . ((1 == $item['total']) ? '' : $itemPlural) . ' from your Gang Armoury<br /><br />'; gang_view_armoury($db, $gangdata, $ir); } /** * Recall an item to the armoury * @param database $db * @param array $gangdata * @param array $ir * @return void */ function gang_staff_armoury_recall_item($db, $gangdata, $ir) { $heading = 'Your Gang: Staff: Recall Armoury Item'; if (!in_array($ir['userid'], [$gangdata['gangPRESIDENT'], $gangdata['gangVICEPRES']])) { clean_kill('You have no access to this..', $heading); } $_GET['ID'] = array_key_exists('ID', $_GET) && is_numeric($_GET['ID']) && (int)$_GET['ID'] > 0 ? (int)$_GET['ID'] : null; $_GET['user'] = array_key_exists('user', $_GET) && is_numeric($_GET['user']) && (int)$_GET['user'] > 0 ? (int)$_GET['user'] : null; if (!empty($_GET['ID']) && !empty($_GET['user'])) { $selectItem = $db->query('SELECT item FROM gang_armoury WHERE gang = ' . $gangdata['gangID'] . ' AND item = ' . $_GET['ID']); if (!$db->num_rows($selectItem)) { clean_kill('Your gang doesn\'t own this item', $heading); } $selectLoan = $db->query( 'SELECT g.userid, g.item, i.itmname FROM gang_armoury_loans AS g INNER JOIN items AS i ON g.item = i.itmid WHERE g.gang = ' . $gangdata['gangID'] . ' AND g.item = ' . $_GET['ID'] ); if (!$db->num_rows($selectLoan)) { clean_kill('That item hasn\'t been loaned out', $heading); } $item = $db->fetch_row($selectLoan); $selectUser = $db->query('SELECT username FROM users WHERE userid = ' . $item['userid']); $user = $db->num_rows($selectUser) ? $db->fetch_single($selectUser) : 'Unknown'; $selectInventory = $db->query('SELECT inv_borrowed FROM inventory WHERE inv_userid = ' . $item['userid'] . ' AND inv_itemid = ' . $_GET['ID']); if (!$db->num_rows($selectInventory)) { $selectEquipment = $db->query('SELECT equip_primary, equip_secondary, equip_armor FROM users WHERE equip_primary = ' . $_GET['ID'] . ' OR equip_secondary = ' . $_GET['ID'] . ' OR equip_armor = ' . $_GET['ID'] . ' AND userid = ' . $item['userid']); if (!$db->num_rows($selectEquipment)) { clean_kill('The ' . format($item['itmname']) . ' can\'t be found. ' . format($user) . ' hasn\'t equipped it, nor is it in their inventory..', $heading); } // No-one should ever see this message unless something's seriously screwed up $equipped = $db->fetch_row($selectEquipment); if ($equipped['equip_primary'] == $_GET['ID']) { $db->query('UPDATE users SET equip_primary = 0 WHERE userid = ' . $item['userid']); } elseif ($equipped['equip_secondary'] == $_GET['ID']) { $db->query('UPDATE users SET equip_secondary = 0 WHERE userid = ' . $item['userid']); } elseif ($equipped['equip_armor'] == $_GET['ID']) { $db->query('UPDATE users SET equip_armor = 0 WHERE userid = ' . $item['userid']); } } $db->query('DELETE FROM gang_armoury_loans WHERE gang = ' . $gangdata['gangID'] . ' AND item = ' . $_GET['ID'] . ' AND userid = ' . $_GET['user']); $db->query('UPDATE gang_armoury SET qty = qty + 1 WHERE gang = ' . $gangdata['gangID'] . ' AND item = ' . $_GET['ID']); item_remove($_GET['user'], $_GET['ID'], 1); event_add($_GET['user'], 'Your Gang has recalled the ' . format($item['itmname']) . ' that you borrowed'); gang_event_add($gangdata['gangID'], $ir['username'] . ' recalled the ' . format($item['itmname']) . ' from ' . format($user)); echo 'You\'ve recalled the ' . format($item['itmname']) . ' from ' . format($user) . '<br /><br />'; } $selectLoanedItems = $db->query( 'SELECT g.userid, g.item, i.itmname, u.username FROM gang_armoury_loans AS g INNER JOIN items AS i ON g.item = i.itmid INNER JOIN users AS u ON u.userid = g.userid WHERE g.gang = ' . $gangdata['gangID'] ); if (!$db->num_rows($selectLoanedItems)) { clean_kill('Your members haven\'t borrowed any items', $heading); } ?> <table class="table w-85"> <thead> <tr> <th class="w-45">Member</th> <th class="w-45">Item</th> <th class="w-10">Links</th> </tr> </thead> <tfoot> <tr> <th>Member</th> <th>Item</th> <th>Links</th> </tr> </tfoot> <tbody> <?php if (!$db->num_rows($selectLoanedItems)) { ?> <tr> <td colspan="3" class="text-center">No data available</td> </tr> <?php } else { while ($row = $db->fetch_row($selectLoanedItems)) { ?> <tr> <td><a href="viewuser.php?u=<?php echo $row['userid']; ?>"><?php echo format($row['username']); ?></a> [<?php echo $row['userid']; ?>]</td> <td><a href="iteminfo.php?ID=<?php echo $row['item']; ?>"><?php echo format($row['itmname']); ?></a></td> <td><a href="yourgang.php?action=staff&amp;act2=recall&amp;ID=<?php echo $row['item']; ?>&amp;user=<?php echo $row['userid']; ?>">Recall</a></td> </tr> <?php } } ?> </tbody> </table> <?php } /** * Allows the gang leader to take an item from the armoury * @param database $db * @param array $gangdata * @param array $ir * @return void */ function gang_staff_armoury_leader_take_item($db, $gangdata, $ir) { $heading = 'Your Gang: Staff: Take Armoury Item'; if ($gangdata['gangPRESIDENT'] != $ir['userid']) { clean_kill('You have no access to this..', $heading); } $_GET['ID'] = array_key_exists('ID', $_GET) && is_numeric($_GET['ID']) && (int)$_GET['ID'] > 0 ? (int)$_GET['ID'] : null; if (empty($_GET['ID'])) { clean_kill('You didn\'t select a valid item', $heading); } $selectItem = $db->query( 'SELECT g.item, g.qty, g.total, i.itmname FROM gang_armoury AS g INNER JOIN items AS i ON g.item = i.itmid WHERE g.gang = ' . $gangdata['gangID'] . ' AND g.item = ' . $_GET['ID'] ); if (!$db->num_rows($selectItem)) { clean_kill('Your gang doesn\'t own this item', $heading); } $row = $db->fetch_row($selectItem); if (!$row['qty']) { clean_kill('You must recall that item before you can take it from your gang', $heading); } if (1 == $row['total']) { $db->query('DELETE FROM gang_armoury WHERE item = ' . $_GET['ID'] . ' AND gang = ' . $gangdata['gangID']); } else { $db->query('UPDATE gang_armoury SET total = total - 1 WHERE item = ' . $_GET['ID'] . ' AND gang = ' . $gangdata['gangID']); } item_add($ir['userid'], $_GET['ID'], 1); echo 'You have taken the ' . format($row['itmname']) . ' from your gang'; } Edit global_func.php At the very end, add: /** * A simple function to kill the page with the given message * @param string $str * @param string|null $heading * @return void */ function clean_kill($str, $heading = null) { global $h; $message = ''; if (!empty($heading)) { $message = '<h3>' . $heading . '</h3>' . PHP_EOL; } echo $message . $str; $h->endpage(); exit; } /** * Check if the given item owned by the current user has been borrowed from their gang * @param int $item_id * @param string|null $context * @return void */ function item_gang_loan_check($item_id, $context = null) { global $db, $ir; $selectItem = $db->query('SELECT inv_borrowed FROM inventory WHERE inv_id = ' . $item_id . ' AND inv_userid = ' . $ir['userid']); if (!$db->num_rows($selectItem) || 'Yes' === $db->fetch_single($selectItem)) { if (!empty($context)) { $parts = explode(' ', $context); if (count($parts) === 1) { $context = 'You can\'t ' . $context . ' an item you\'ve borrowed from your gang'; } } clean_kill(!empty($context) ? $context : 'You\'re already borrowing this from your gang, return it first'); } } /** * Adds an event to the gangevents table. * @param database $db * @param int $gangID * @param string $event * @return void */ function gang_event_add($db, $gangID, $event) { $db->query('INSERT INTO gangevents (gevGANG, gevTIME, gevTEXT) VALUES (' . $gangID . ', ' . time() . ', \'' . $db->escape($event) . '\')'); } Find: print "</tr> </table><hr /><h3>Inventory</h3><hr />"; Replace with: echo '</tr> </table><hr />'; $_GET['return'] = array_key_exists('return', $_GET) && is_numeric($_GET['return']) && (int)$_GET['return'] > 0 ? (int)$_GET['return'] : null; if (!empty($_GET['return'])) { $selectItem = $db->query('SELECT inv_borrowed FROM inventory WHERE inv_itemid = ' . $_GET['return'] . ' AND inv_userid = ' . $ir['userid']); if (!$db->num_rows($selectItem)) { clean_kill('Either that item doesn\'t exist, or it\'s not yours'); } $borrowed = $db->fetch_single($selectItem); if ('No' == $borrowed) { clean_kill('You haven\'t borrowed that item'); } $db->query('UPDATE gang_armoury SET qty = qty + 1 WHERE gang = ' . $ir['gang'] . ' AND item = ' . $_GET['return']); $db->query('DELETE FROM gang_armoury_loans WHERE userid = ' . $ir['userid'] . ' AND item = ' . $_GET['return']); item_remove($ir['userid'], $_GET['return'], 1, 1); echo 'You\'ve returned the item back to your Gang Armoury'; } echo '<h3>Inventory</h3><hr />'; Find: if($i['armor']) { $i['itmname']="<font color='green'>*</font>".$i['itmname']; } Add below: if ('Yes' === $i['inv_borrowed']) { $i['itmname'] = '<span class="text-blue">*</span>' . $i['itmname']; } Find: if($i['armor']) { print " [<a href='equip_armor.php?ID={$i['inv_id']}'>Equip as Armor</a>]"; } Add below: if ('Yes' === $i['inv_borrowed']) { echo ' [<a href="inventory.php?return=' . $i['inv_itemid'] . '">Return</a>]'; } Find: Items with a small green </small><font color='green'>*</font><small> next to their name can be used as armor in combat.</small><br /> Add below: <small>Items with a small blue </small><span class="text-blue">*</span><small> next to their name have been borrowed from your gang's armoury.</small> Edit imadd.php Find: $_GET['ID'] = abs((int) $_GET['ID']); $_GET['price'] = abs((int) $_GET['price']); Replace with: $_GET['ID'] = array_key_exists('ID', $_GET) && is_numeric($_GET['ID']) && (int)$_GET['ID'] > 0 ? (int)$_GET['ID'] : 0; $_GET['price'] = array_key_exists('price', $_GET) && is_numeric($_GET['price']) && (int)$_GET['price'] > 0 ? (int)$_GET['price'] : 0; item_gang_loan_check($_GET['ID'], 'sell'); Edit itembuy.php Find: $_GET['ID']= abs((int) $_GET['ID']); $_POST['qty']= abs((int) $_POST['qty']); Replace with: $_GET['ID'] = array_key_exists('ID', $_GET) && is_numeric($_GET['ID']) && (int)$_GET['ID'] > 0 ? (int)$_GET['ID'] : 0; $_POST['qty'] = array_key_exists('qty', $_POST) && is_numeric($_POST['qty']) && (int)$_POST['qty'] > 0 ? (int)$_POST['qty'] : 0; item_gang_loan_check($_GET['ID']); Edit itemsell.php Find: $_GET['ID'] = abs((int) $_GET['ID']); $_GET['qty'] = abs((int) $_GET['qty']); Replace with: $_GET['ID'] = array_key_exists('ID', $_GET) && is_numeric($_GET['ID']) && (int)$_GET['ID'] > 0 ? (int)$_GET['ID'] : 0; $_GET['qty'] = array_key_exists('qty', $_GET) && is_numeric($_GET['qty']) && (int)$_GET['qty'] > 0 ? (int)$_GET['qty'] : 0; item_gang_loan_check($_GET['ID'], 'sell'); Edit itemsend.php Find: $_GET['ID'] = abs((int) $_GET['ID']); $_GET['qty'] = abs((int) $_GET['qty']); Replace with: $_GET['ID'] = array_key_exists('ID', $_GET) && ctype_digit($_GET['ID']) && $_GET['ID'] > 0 ? $_GET['ID'] : null; $_GET['qty'] = array_key_exists('qty', $_GET) && ctype_digit($_GET['qty']) && $_GET['qty'] > 0 ? $_GET['qty'] : null; item_gang_loan_check($_GET['ID'], 'send'); Find: if($_GET['qty'] && $_GET['user']) { Add below: item_gang_loan_check($item['inv_itemid'], 'That player is already borrowing that item from their gang. Ask them to return it before you continue'); Edit global_func.php Find: The entire item_add() function Replace with: /** * @param int $user * @param int $itemid * @param int $qty * @param int $not_inv_id * @param bool $is_gang_item * @return void */ function item_add($user, $itemid, $qty = 1, $not_inv_id = 0, $is_gang_item = false) { global $db; if ($not_inv_id > 0) { $q = $db->query('SELECT inv_id FROM inventory WHERE inv_userid = ' . $user . ' AND inv_itemid = ' . $itemid . ' AND inv_id != ' . $not_inv_id); } else { $q = $db->query('SELECT inv_id FROM inventory WHERE inv_userid = ' . $user . ' AND inv_itemid = ' . $itemid); } if ($db->num_rows($q) > 0) { $r = $db->fetch_row($q); $db->query('UPDATE inventory SET inv_qty = inv_qty + ' . $qty . ($is_gang_item ? ', inv_borrowed = \'No\'' : '') . ' WHERE inv_id = ' . $r['inv_id']); } else { $borrowedQuery = $is_gang_item ? ', inv_borrowed' : ''; $borrowedVal = $is_gang_item ? ', \'Yes\'' : ''; $db->query('INSERT INTO inventory (inv_itemid, inv_userid, inv_qty' . $borrowedQuery . ') VALUES (' . $itemid . ', ' . $user . ', ' . $qty . $borrowedVal . ')'); } } Find: The entire item_remove() function Replace with: /** * @param int $user * @param int $itemid * @param int $qty * @param bool $gangitem * @return void */ function item_remove($user, $itemid, $qty, $gangitem = false) { global $db; $q = $db->query('SELECT inv_id, inv_qty FROM inventory WHERE inv_userid = ' . $user . ' AND inv_itemid = ' . $itemid); if ($db->num_rows($q) > 0) { $r = $db->fetch_row($q); if ($r['inv_qty'] > $qty) { $db->query('UPDATE inventory SET inv_qty = inv_qty - ' . $qty . ($gangitem ? ', inv_borrowed = \'No\'' : '') . ' WHERE inv_id = ' . $r['inv_id']); } else { $db->query('DELETE FROM inventory WHERE inv_id = ' . $r['inv_id']); } } } Edit equip_weapon.php Find: if(!in_array($_GET['type'], array("equip_primary","equip_secondary"))) { print "This slot ID is not valid."; $h->endpage(); exit; } if($ir[$_GET['type']]) { item_add($userid, $ir[$_GET['type']], 1); } item_remove($userid, $r['itmid'], 1); $db->query("UPDATE users SET {$_GET['type']} = {$r['itmid']} WHERE userid = {$userid}"); Replace with: if (!in_array($_GET['type'], ['equip_primary', 'equip_secondary']) || !array_key_exists($_GET['type'], $ir)) { clean_kill('This slot ID is not valid.'); } $borrowed = 'No'; $selectBorrowed = $db->query('SELECT inv_borrowed FROM inventory WHERE inv_itemid = ' . $ir[$_GET['type']]); $borrowed = $db->num_rows($selectBorrowed) ? $db->fetch_single($selectBorrowed) : 'No'; if ($ir[$_GET['type']] > 0) { item_add($ir['userid'], $ir[$_GET['type']], 1, 0, (('Yes' == $borrowed) ? 1 : 0)); } item_remove($ir['userid'], $r['itmid'], 1, 1); $secondaryArg = 'Yes' === $r['inv_borrowed'] ? ', ' . $_GET['type'] . '_loaned = \'Yes\'' : ''; $db->query('UPDATE users SET ' . $_GET['type'] . ' = ' . $r['itmid'] . $secondaryArg . ' WHERE userid = ' . $ir['userid']); Edit equip_armor.php *Note: The edits to the equip_armor.php are exactly the same as the equip_weapon.php Find: if(!in_array($_GET['type'], array("equip_armor"))) { print "This slot ID is not valid."; $h->endpage(); exit; } if($ir[$_GET['type']]) { item_add($userid, $ir[$_GET['type']], 1); } item_remove($userid, $r['itmid'], 1); $db->query("UPDATE users SET {$_GET['type']} = {$r['itmid']} WHERE userid = {$userid}"); Replace with: if ('equip_armor' !== $_GET['type']) { clean_kill('This slot ID is not valid.'); } $selectBorrowed = $db->query('SELECT inv_borrowed FROM inventory WHERE inv_itemid = ' . $ir[$_GET['type']]); $borrowed = $db->num_rows($selectBorrowed) ? $db->fetch_single($selectBorrowed) : 'No'; if ($ir[$_GET['type']] > 0) { item_add($ir['userid'], $ir[$_GET['type']], 1, 0, (('Yes' == $borrowed) ? 1 : 0)); } item_remove($ir['userid'], $r['itmid'], 1, 1); $secondaryArg = 'Yes' == $r['inv_borrowed'] ? ', ' . $_GET['type'] . '_loaned = "Yes"' : ''; $db->query('UPDATE users SET ' . $_GET['type'] . ' = ' . $r['itmid'] . $secondaryArg . ' WHERE userid = ' . $ir['userid']); Edit unequip.php Find: item_add($userid, $ir[$_GET['type']], 1); $db->query("UPDATE users SET {$_GET['type']}=0 WHERE userid={$ir['userid']}"); Replace with $is_gang_item = false; if ('Yes' === $ir[$_GET['type'] . '_loaned']) { $db->query('UPDATE users SET ' . $_GET['type'] . '_loaned = \'No\' WHERE userid = ' . $ir['userid']); $is_gang_item = true; } item_add($ir['userid'], $ir[$_GET['type']], 1, 0, $is_gang_item); $db->query('UPDATE users SET ' . $_GET['type'] . ' = 0 WHERE userid = ' . $ir['userid']); Edit cron_day.php Find: $db->query("TRUNCATE TABLE votes;"); Add below: /** * @param int $id * @return string */ function username($id) { global $db; if (!$id) { return 'Unknown'; } $select = $db->query('SELECT username FROM users WHERE userid = ' . $id); if (!$db->num_rows($select)) { return 'Unknown'; } return $db->fetch_single($select); } $selectArmourySettings = $db->query('SELECT gangid, gang_armoury_item_auto_returned_time_frame FROM gang_settings WHERE gang_armoury_item_auto_returned = \'Yes\' AND (gang_armoury_item_auto_returned_time_frame * 86400) < ' . time()); if ($db->num_rows($selectArmourySettings)) { while ($row = $db->fetch_row($selectArmourySettings)) { $selectArmoury = $db->query( 'SELECT g.*, i.itmname FROM gang_armoury_loans AS g INNER JOIN items AS i ON g.item = i.itmid WHERE g.gang = ' . $row['gangid'] ); if ($db->num_rows($selectArmoury)) { while ($row2 = $db->fetch_row($selectArmoury)) { $db->query('DELETE FROM gang_armoury_loans WHERE gang = ' . $row2['gang'] . ' AND item = ' . $row2['item']); $db->query('UPDATE gang_armoury SET qty = qty + 1 WHERE gang = ' . $row2['gang'] . ' AND item = ' . $row2['item']); gang_event_add($db, $row2['gang'], 'The ' . $row2['itmname'] . ' has been automatically recalled from ' . username($row2['userid'])); item_remove($row2['userid'], $row2['item'], 1); } } } } Oh, and before I forget! Here's the CSS .text-bold { font-weight: 700; } .w-10 { width: 10%; } .w-33 { width: 33%; } .w-34 { width: 34%; } .w-35 { width: 35%; } .w-45 { width: 45%; } .w-65 { width: 65%; } .w-85 { width: 85%; } .text-center { text-align: center; } .text-left { text-align: left; } .text-right { text-align: right; } .text-blue { color: #2626ec; }

By the screenshots, there's no AJAX on there. The look is a standard HTML layout, which anyone can do - but I can still do it if you want. I've added you to the queue

I think I need to refresh my eyes.. I'm not currently seeing anything remotely AJAX-y about it

Feel free to use my TitanPad ;)

Done and responded, I've signed into Skype now though, so reach me there instead.. Bloody hate Facef*ck xD

On it now :)

Original code updated and tested :)

For the record, this is still open. Feel free to request whatever you want here :) Doesn't even need to be MC Craps ;)

Whereas, with standard procedural MySQLi_* functions, I can! *Anything* that the user can touch, I work on. I live by a "it doesn't have to look good, it just has to work well" system.. If a user can exploit my work, then it doesn't work well!

I'd recommend a build similar to mine actually, the build you've suggested is good, but I've done comparisons and mine's better :P Also, my setup only cost me £298.99 (including case) Speccy dump (cleaned up a lot): Operating System Microsoft Windows 8 Pro (WMC) 64-bit CPU AMD A8-5600K - Trinity RAM 8.00 GB DDR3 @ 800MHz - 820MHz Motherboard ASUSTeK COMPUTER INC. F2A85-M LE (FM2) Graphics DELL 1905FP (1280 x 1024 @ 60Hz) MW19E-AAA (1600 x 1024 @ 60Hz) GeForce GTS 450 (EVGA - SLI Bridged, Master) GeForce GTS 250 (SLI Bridged, Slave) Hard Drives 233GB Western Digital WDC (SATA) 149GB SAMSUNG (SATA) 1499GB SAMSUNG (SATA) PSU 850w I'll be upgrading my graphics card to a GeForce GTX 295 shortly.

Alright.. *rephrases* My work is secured against threats I know how to secure against Prepping statements is still not currently necessary, whether or not I'm setting myself up for future failure :P

Syntax Highlighter from Asgaard: Luminous Easy to use, and highly customisable

Getting us back on track a little, my personal choice is MySQLi. My current line of work doesn't need PDO, so I won't use it. The only thing that would be advantageous in my use of PDO is the catch the insecurities that I miss (which is bloody rare) - and I always proof-read my work. I will admit, I've been having some serious thought about whether I should start using PDO full time and eradicate my MySQLi methods entirely, but I so little to no point. My work is secure, so preparing statements isn't a necessity. The people I work for prefer MySQLi over PDO. I prefer MySQLi over PDO (then again, I'm much more comfortable with MySQLi). All-in-all, I think I'm happy to switch over in the future should the industrial side demand it, but I'm happy with MySQLi. It does what I want, when I want, and how - naturally, I've wrote my own class and a couple of abstraction layers and, they all use MySQLi (and a couple of converted-from-Python tricks)

Question: Why use sprintf() on straight text? Untested, but this should work - not the cleanest code in the world <?php include(__DIR__ . '/config.php'); global $_CONFIG; define("MONO_ON", 1); require(__DIR__ . '/class/class_db_'.$_CONFIG['driver'].'.php'); $db = new database; $db->configure($_CONFIG['hostname'], $_CONFIG['username'], $_CONFIG['password'], $_CONFIG['database'], $_CONFIG['persistent']); $db->connect(); $c = $db->connection_id; $userInfo = $db->query('SELECT `userid`, `username`, `sides` FROM `users` ORDER BY `sides` DESC LIMIT 3'); if($db->num_rows($userInfo) > 0) { $announce = ''; $i = 0; $stNdRd = array( 1 => '1st', 2 => '2nd', 3 => '3rd' ); $prize = array( 1 => 10, 2 => 5, 3 => 1 ); while($row = $db->fetch_row($userInfo)) { ++$i; $announce .= $stNdRd[$i].' Place - '.$row['username'].' Winning '.$prize[$i].' Magic Box'.(($prize[$i] == 1) ? '' : 'es')."\r\n"; $db->query("INSERT INTO `inventory` VALUES (NULL, 72, ".$row['userid'].", ".$prize[$i].")"); } $db->query("INSERT INTO mod_announcements (`annouce_NAME`, `annouce_TEXT`, `annouce_TIME`, `annouce_URGENCY`, `annouce_TOPIC`, `annouce_POSTED`) VALUES ('Hackers VS Police', 'Hackers Vs Police Event has Finished. The Winners are: ".$announce." Congrats and well done.', unix_timestamp(), 'No Urgency', 'Fun', 'System Message')"); $db->query("UPDATE `users` SET `new_announcements` = `new_announcements` + 1"); $db->query("UPDATE `users` SET `sides` = 0 WHERE `sides` > 0"); } ?>

That's a pretty easy fix. This is without viewing any source, just guess work here. Edit your class_db_mysql.php and add this before the final } function free_result($result) { if(!$result) $result = $this->result; mysql_free_result($result); }   Do the same to your class_db_mysqli.php, but simply change mysql_free_result to mysqli_free_result

Wow, didn't spot your message until now. I'll start working on that at some point tomorrow - could be fun ^.^

Code updated, stupid syntax highlighter -.-

Thank you, original code updated and optimised slightly

After having a brief look at the code on Xampp, it's a bloody mess. I'm surprised that thing even works.

Send me that section of your yourgang.php (via PM), I'll have a look and see what's going wrong there. That code should work fine

You know, that sounds pretty cool.. Let's do that! xD

Code updated, I believe there should be no bugs now

To get us back on topic, this system I use for "Fed Reports" is simple to use. Here's what I've got in my "header"   if($ir['fedjail']) { $q = $mtg->query(sprintf("SELECT `fed_days`, `fed_reason` FROM `fedjail` WHERE (`fed_userid` = %u)", $ir['userid'])); $r = $mtg->fetch_row($q); if($_SERVER['PHP_SELF'] != '/fedreport.php') { $mtg->error(sprintf("You have been put in the %s Federal Jail for %s day%s.<br />Reason: %s<br /><br /><a href='fedreport.php'>Appeal against this</a>", $mtg->gameSettings('game_name'), $mtg->output($r['fed_days']), $mtg->s($r['fed_days']), $mtg->output($r['fed_reason']))); } else { $mtg->notice(sprintf("You have been put in the %s Federal Jail for %s day%s.<br />Reason: %s", $mtg->gameSettings('game_name'), $mtg->output($r['fed_days']), $mtg->s($r['fed_days']), $mtg->output($r['fed_reason']))); } }

Due to multiple IRL issues, this offer has been rescinded. My apologies to all