Jump to content
MakeWebGames

TEST: McCodes Crystal Market/Item market


BeastTheKidd
 Share

Recommended Posts

Basically, i've recreated the crystal market. I want someone to test it out and make sure that it works well, and to report any errors/security issues that pop up. This will eventually include the item market as well, to group the 2 together in one file,

but I want to make sure that this half works good first.

 

<?php

   require('globals.php');

       $currency_sym = '$'; //Sets your currency symbol;
       $sec_currency_name = 'Point'; //Sets your second currency name for output;
       $item_name = 'Item'; //Sets your name for for item market, so you could use Supply, etc.
       //$price_cap = '200000'; Sets the price capacity;
       $_GET['id'] = abs(@intval($_GET['id']));

           switch($_GET['page'])
           {
               case 'smarket': smarket(); break;
               case 'imarket': imarket(); break;
               default: 
                   echo 'Invalid Page'; 
                   $h->endpage();
                   exit; 
                   break;
           }

               function smarket(){
                   global $db,$ir,$currency_sym,$sec_currency_name,$price_cap,$h;

                       echo '<h3><strong><u>'.$sec_currency_name.' Market</u></strong></h3>
                             <a href="market.php?page=smarket&cmd=add"><strong><u>  Add Listing</u></strong></a>';


                       $db->query('DELETE FROM `crystalmarket` WHERE `cmQTY`=0'); //Clear market of entries with 0 or less quantities;

                           switch($_GET['cmd'])
                           {
                               case 'view':
                                   $view = 'SELECT c.`cmID`,c.`cmQTY`,c.`cmADDER`,c.`cmPRICE`,u.`user  id`,u.`username` '.
                                           'FROM `users` u '.
                                           'LEFT JOIN `crystalmarket` c '.
                                           'ON c.`cmADDER`=u.`userid` '.
                                           'WHERE u.`userid`=c.`cmADDER` '.
                                           'ORDER BY c.`cmQTY` DESC';
                                   $q = $db->query($view);


                                   echo '<table class="table" width="70%">
                                         <tr><th>User</th>
                                             <th>QTY</th>
                                             <th>Price each</th>
                                             <th>Price total</th>
                                             <th>Commands</th></tr>';

                                           while($data = $db->fetch_row($q))
                                           {
                                               echo '<tr><td>'.htmlentities($data['username']).'['.$data['userid'].']</td>
                                                         <td>'.number_format($data['cmQTY'],0).'</td>
                                                         <td>'.$currency_sym.number_format($data['cmPRICE'],0).'</td>
                                                         <td>'.$currency_sym.number_format($data['cmPRICE']*$data['cmQTY'],0).'</td>
                                                         <td>';
                                                         if($data['cmADDER'] != $_SESSION['userid'])
                                                           echo '[<a href="#">Purchase</a>]';
                                                         else
                                                           echo '[<a href="market.php?page=smarket&cmd=remove&id='.$data["cmID"].'">Remove</a>]';

                                                           echo '</td></tr>';
                                           }
                                   echo '</table>';
                                    break;
                               case 'purchase':

                                   $purchase = 'SELECT `cmID`,`cmADDER`,`cmQTY`,`cmPRICE` '.
                                               'FROM `crystalmarket` '.
                                               'WHERE `cmID`='.$_GET['id'];
                                   $q = $db->query($purchase);
                                   $data =  $db->fetch_row($q);

                                       if(!$db->num_rows($q))
                                       {
                                           echo 'Error: We could not find the requested listing.';
                                           $h->endpage();
                                           exit;
                                       }

                                   echo '<h3><strong>Purchase Listing</strong></h3>';
                                       if(!$_POST['submit'])
                                       {
                                           echo '<form action="market.php?page=smarket&cmd=purchase&id='.  $_GET["id"].'" method="POST">
                                                 <table class="table" cellpadding="0">
                                                 <tr><th>Qty:</th><td align="center"> <input style="width:50px;" type="text" name="p_qty" value="'.$data["cmQTY"].'" /></td></tr>
                                                 <tr><td></td><td><input type="submit" name="submit" value="Purchase" /></td></tr>
                                                 </form>';
                                       }

                                       else
                                       {
                                           $_POST['p_qty'] = abs(@intval($_POST['p_qty']));
                                           $price = floor($data['cmPRICE']*$_POST['p_qty']);


                                               if(!$_POST['p_qty'])
                                               {
                                                   echo 'Error; You have either tried to purchase nothing, or there is nothing available to purchase.';
                                                   $h->endpage();
                                                   exit;
                                               }


                                               if($_POST['p_qty'] > $data['cmQTY'])
                                               {
                                                   echo 'Error: You have requested more '.$sec_currency_name.'s than are available in this listing.';
                                                   $h->endpage();
                                                   exit;
                                               }

                                               if($_SESSION['userid'] == $data['cmADDER'])
                                               {
                                                   echo 'Error: You cannot purchase your own listing. You can <a href="market.php?page=smarket&cmd=remove&id='.$data["cmID"].'">remove</a> it however.';
                                                   $h->endpage();
                                                   exit;
                                               }

                                               else if($price > $ir['money'])
                                               {
                                                   echo 'Error: You do not have the sufficient funds to complete this purchase.';
                                                   $h->endpage();
                                                   exit;
                                               }

                                               else
                                               {
                                                   $text = 'Someone has purchased your '.number_format($_POST['p_qty']).' point(s) for '.number_format($price,0).'.';
                                                   $db->query('UPDATE `users` SET `money`=`money`-'.$price.' WHERE `userid`='.$_SESSION['userid']);
                                                   $db->query('UPDATE `users` SET `crystals`=`crystals`+'.$_POST["p_qty"].' WHERE `userid`='.$_SESSION["userid"]);
                                                   $db->query('UPDATE `users` SET `money`=`money`+'.$price.' WHERE `userid`='.$data["cmADDER"]);
                                                   $db->query('INSERT INTO `events` VALUES (NULL,'.$data["cmADDER"].','.time().',0,"'.$text.'")');
                                                   $db->query('UPDATE `crystalmarket` SET `cmQTY`=`cmQTY`-'.$_POST['p_qty'].' WHERE `cmID`='.$data["cmID"]);

                                                               echo 'You have successfully purchased your '.number_format($_POST["p_qty"]).' '.$sec_currency_name.'(s)';
                                                               $h->endpage();
                                                               exit;
                                               }

                                       }


                                   break;
                               case 'add':
                                   echo '<h3><strong>Add Listing</strong></h3>';
                                       if(!$_POST['submit'])
                                       {
                                           echo '<form action="market.php?page=smarket&cmd=add" method="POST">
                                                 Qty: <input type="text" name="a_qty" value="'.$ir["crystals"].'" />
                                                 Price each: <input type="text" name="a_price" value="1000" />
                                                 <input type="submit" name="submit" value="Add Listing" />
                                                 </form>';
                                       }
                                       else
                                       {
                                           $_POST['a_qty'] = abs(@intval($_POST['a_qty']));
                                           $_POST['a_price'] = abs(@intval($_POST['a_price']));

                                               $q = $db->query('SELECT `cmID`,`cmADDER` FROM `crystalmarket` WHERE `cmADDER`='.$_SESSION['userid']);

                                               if($_POST['a_qty'] > $ir['crystals'])
                                               {
                                                   echo 'Error: You do not have enough '.$sec_currency_name.'s to complete this action.';
                                                   $h->endpage();
                                                   exit;
                                               }

                                               else if(!$_POST['a_qty'] || !$_POST['a_price'])
                                               {
                                                   echo 'Error: You must enter a quantity/price.';
                                                   $h->endpage();
                                                   exit;
                                               }

                                               else if($db->num_rows($q))
                                               {
                                                   echo 'Error: You already have a listing. Please remove it before adding another one.';
                                                   $h->endpage();
                                                   exit;
                                               }

                                           //  else if($ir['a_price'] > $price_cap) 
                                           //  {
                                           //      echo 'Error: Your selling price each exceeds the current price capacity.';
                                           //      $h->endpage();
                                           //      exit;
                                           //  }

                                               else
                                               {
                                                   $db->query('INSERT INTO `crystalmarket` VALUES (NULL,'.$_POST["a_qty"].','.$_SESSION["userid"].','.$_POST["a_price"].')');
                                                   $db->query('UPDATE `users` SET `crystals`=`crystals`-'.$_POST["a_qty"].' WHERE `userid`='.$_SESSION['userid']);
                                                   echo $sec_currency_name.'s sucessfully added to the market';
                                               }

                                       }
                                   break;
                               case 'remove':

                                   echo '<h3><strong>Remove Listing</strong></h3>';

                                   $remove = 'SELECT `cmID`,`cmADDER`,`cmQTY` '.
                                             'FROM `crystalmarket` '.
                                             'WHERE `cmID`='.$_GET['id'].' AND `cmADDER`='.$_SESSION['userid'];
                                   $q = $db->query($remove);
                                   $r = $db->fetch_row($q);

                                       if(!$db->num_rows($q))
                                       {
                                           echo 'Error: We could not find your entry. Either it does not exist, or you do not have permission to remove it.';
                                           $h->endpage();
                                           exit;
                                       }

                                       else
                                       {
                                           $db->query('UPDATE `users` SET `crystals`=`crystals`+'.$r["cmQTY"].' WHERE `userid`='.$_SESSION['userid']);
                                           $db->query('DELETE FROM `crystalmarket` WHERE `cmID`='.$_GET['id']);
                                           echo 'Your entry has successfully been removed.';
                                       }

                                   break;
                               default:
                                   echo 'Invalid Command';
                                   $h->endpage();
                                   exit;
                                   break;
                           }

               }

               function imarket(){

               }

   $h->endpage();

?>
Edited by Dominion
Attempted to fixed space error.
Link to comment
Share on other sites

Disregard the price cap error in the global, just put it together.. The box on here did that, its not in the original code.. just check the code for any spaces in the variables.. ridiculous that you have to this but its not my fault.. :)

Edited by BeastTheKidd
Link to comment
Share on other sites

Disregard the price cap error in the global, just put it together.. The box on here did that, its not in the original code.. just check the code for any spaces in the variables.. ridiculous that you have to this but its not my fault.. :)

If the forum software is messing with the script, upload to pastebin.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...