sullins38 Posted December 18, 2015 Share Posted December 18, 2015 Im trying to set this up where it will refill your brave just like energy but i just cant get it to work everytime i try the page turns white any pointers tips or help would be greatly apprciated ive already got the db queries set up i just need help with the top part <?php include "globals.php"; if(!$_GET['spend']) { print "Welcome to the crystal temple!<br /> You have <b>{$ir['crystals']}</b> crystals.<br /> What would you like to spend your crystals on?<br /> <br /> <a href='crystaltemple.php?spend=refill'>Energy Refill - {$set['ct_refillprice']} Crystals</a><br /> <a href='crystaltemple.php?spend=IQ'>IQ - {$set['ct_iqpercrys']} IQ per crystal</a><br /> <a href='crystaltemple.php?spend=money'>Money - \$".number_format($set['ct_moneypercrys'])." per crystal</a><br />"; } else { if($_GET['spend'] == 'brefill') } if($ir['crystals'] <$set['br_refillprice']) { print "You don't have enough crystals!"; } else if($ir['brave'] == $ir['maxbrave']) { print "You already have full energy."; } else { if($_GET['spend'] == 'refill') { if($ir['crystals'] <$set['ct_refillprice']) { print "You don't have enough crystals!"; } else if($ir['energy'] == $ir['maxenergy']) { print "You already have full energy."; } else { $db->query("UPDATE users SET energy=maxenergy,crystals=crystals-{$set['ct_refillprice']} WHERE userid=$userid"); print "You have paid {$set['ct_refillprice']} crystals to refill your energy bar."; } } else if($_GET['spend'] == 'IQ') { print "Type in the amount of crystals you want to swap for IQ.<br /> You have <b>{$ir['crystals']}</b> crystals.<br /> One crystal = {$set['ct_iqpercrys']} IQ.<form action='crystaltemple.php?spend=IQ2' method='post'><input type='text' name='crystals' /><br /><input type='submit' value='Swap' /></form>"; } else if($_GET['spend'] == 'IQ2') { $_POST['crystals']=(int) $_POST['crystals']; if($_POST['crystals'] <= 0 || $_POST['crystals'] > $ir['crystals']) { print "Error, you either do not have enough crystals or did not fill out the form.<br /> <a href='crystaltemple.php?spend=IQ'>Back</a>"; } else { $iqgain=$_POST['crystals']*$set['ct_iqpercrys']; $db->query("UPDATE users SET crystals=crystals-{$_POST['crystals']} WHERE userid=$userid"); $db->query("UPDATE userstats SET IQ=IQ+$iqgain WHERE userid=$userid"); print "You traded {$_POST['crystals']} crystals for $iqgain IQ."; } } else if($_GET['spend'] == 'money') { print "Type in the amount of crystals you want to swap for money.<br /> You have <b>{$ir['crystals']}</b> crystals.<br /> One crystal = \$".number_format($set['ct_moneypercrys']).".<form action='crystaltemple.php?spend=money2' method='post'><input type='text' name='crystals' /><br /><input type='submit' value='Swap' /></form>"; } else if($_GET['spend'] == 'money2') { $_POST['crystals']=(int) $_POST['crystals']; if($_POST['crystals'] <= 0 || $_POST['crystals'] > $ir['crystals']) { print "Error, you either do not have enough crystals or did not fill out the form.<br /> <a href='crystaltemple.php?spend=money'>Back</a>"; } else { $iqgain=$_POST['crystals']*$set['ct_moneypercrys']; $db->query("UPDATE users SET crystals=crystals-{$_POST['crystals']},money=money+$iqgain WHERE userid=$userid"); print "You traded {$_POST['crystals']} crystals for \$".number_format($iqgain)."."; } } } ini_set('display_errors',1); error_reporting(E_ALL); $h->endpage(); ?> Quote Link to comment Share on other sites More sharing options...
AdamHull Posted December 18, 2015 Share Posted December 18, 2015 (edited) Try this: http://pastebin.com/KbumiRXF Edited December 18, 2015 by adamhull Quote Link to comment Share on other sites More sharing options...
sullins38 Posted December 18, 2015 Author Share Posted December 18, 2015 It still does the same thing i fought with it for hours last night Quote Link to comment Share on other sites More sharing options...
sullins38 Posted December 18, 2015 Author Share Posted December 18, 2015 i found the error now it works thank you soo much Quote Link to comment Share on other sites More sharing options...
AdamHull Posted December 18, 2015 Share Posted December 18, 2015 ini_set('display_errors',1); error_reporting(E_ALL); Paste the above under your first line off code which will be Quote Link to comment Share on other sites More sharing options...
AdamHull Posted December 18, 2015 Share Posted December 18, 2015 Yes so did I, I pasted a p after one of the } Quote Link to comment Share on other sites More sharing options...
sullins38 Posted December 18, 2015 Author Share Posted December 18, 2015 now im getting this Notice: Undefined index: spend in /home/.../public_html/crystaltemple.php on line 4 Quote Link to comment Share on other sites More sharing options...
KyleMassacre Posted December 18, 2015 Share Posted December 18, 2015 Try this: <?php /* * When you go live you may wish to remove this */ ini_set('display_errors',1); error_reporting(E_ALL); include "globals.php"; $spend = isset($_GET['spend'] ? $db->escape($_GET['spend']) : false) switch ($spend) { case 'brefill': braveRefill(); break; case 'refill': refillEnergy(); break; case 'IQ': buyIq(); break; case 'IQ2': buyIqSubmit(); break; case 'money': spendMoney(); break; case 'money2': spendMoneyConfirm(); break; default: index(); break; } function index() { global $ir, $set, $h; print "Welcome to the crystal temple!<br /> You have <b>". number_format($ir['crystals']) ."</b> crystals.<br /> What would you like to spend your crystals on?<br /> <br /> <a href='crystaltemple.php?spend=refill'>Energy Refill - {$set['ct_refillprice']} Crystals</a><br /> <a href='crystaltemple.php?spend=IQ'>IQ - {$set['ct_iqpercrys']} IQ per crystal</a><br /> <a href='crystaltemple.php?spend=money'>Money - \$".number_format($set['ct_moneypercrys'])." per crystal</a><br />"; $h->endpage(); return; } function braveRefill() { global $set, $db, $ir, $h; if($ir['crystals'] <$set['br_refillprice']) { print "You don't have enough crystals!"; $h->endpage(); return; } else if($ir['brave'] == $ir['maxbrave']) { print "You already have full energy."; $h->endpage(); return; } else { $db->query("UPDATE users SET brave=maxbrave,crystals=crystals-{$set['br_refillprice']} WHERE userid={$ir['userid']}"); echo "You have spent ". number_format($set['br_refillprice']) . "and filled up your brave"; $h->endpage(); return; } } function refillEnergy() { global $set, $db, $ir, $h; if($ir['crystals'] <$set['ct_refillprice']) { print "You don't have enough crystals!"; $h->endpage(); return; } else if($ir['energy'] == $ir['maxenergy']) { print "You already have full energy."; $h->endpage(); return; } else { $db->query("UPDATE users SET energy=maxenergy,crystals=crystals-{$set['ct_refillprice']} WHERE userid={$ir['userid']}"); print "You have paid ". number_format($set['ct_refillprice']) ."crystals to refill your energy bar."; $h->endpage(); return; } } function buyIq() { global $ir, $set, $h; print "Type in the amount of crystals you want to swap for IQ.<br /> You have <b>{$ir['crystals']}</b> crystals.<br /> One crystal = {$set['ct_iqpercrys']} IQ. <form action='crystaltemple.php?spend=IQ2' method='post'> <input type='text' name='crystals' /><br /> <input type='submit' value='Swap' /> </form>"; $h->endpage(); return; } function buyIqSubmit() { global $set, $db, $ir, $h; $_POST['crystals']=(int) $_POST['crystals']; if($_POST['crystals'] <= 0 || $_POST['crystals'] > $ir['crystals']) { print "Error, you either do not have enough crystals or did not fill out the form.<br /> <a href='crystaltemple.php?spend=IQ'>Back</a>"; } else { $iqgain=$_POST['crystals']*$set['ct_iqpercrys']; $db->query("UPDATE users SET crystals=crystals-{$_POST['crystals']} WHERE userid={$ir['userid']}"); $db->query("UPDATE userstats SET IQ=IQ+$iqgain WHERE userid={$ir['userid']}"); print "You traded {$_POST['crystals']} crystals for $iqgain IQ."; $h->endpage(); return; } } function spendMoney() { global $ir, $set, $h; print "Type in the amount of crystals you want to swap for money.<br /> You have <b>{$ir['crystals']}</b> crystals.<br /> One crystal = \$".number_format($set['ct_moneypercrys']).". <form action='crystaltemple.php?spend=money2' method='post'> <input type='text' name='crystals' /><br /> <input type='submit' value='Swap' /> </form>"; $h->endpage(); return; } function spendMoneyConfirm() { global $set, $db, $ir, $h; $_POST['crystals']=(int) $_POST['crystals']; if($_POST['crystals'] <= 0 || $_POST['crystals'] > $ir['crystals']) { print "Error, you either do not have enough crystals or did not fill out the form.<br /> <a href='crystaltemple.php?spend=money'>Back</a>"; } else { $iqgain=$_POST['crystals']*$set['ct_moneypercrys']; $db->query("UPDATE users SET crystals=crystals-{$_POST['crystals']},money=money+$iqgain WHERE userid={$ir['userid']}"); print "You traded {$_POST['crystals']} crystals for \$".number_format($iqgain)."."; } $h->endpage(); return; } 1 Quote Link to comment Share on other sites More sharing options...
sullins38 Posted December 18, 2015 Author Share Posted December 18, 2015 Im getting the blank page Quote Link to comment Share on other sites More sharing options...
AdamHull Posted December 18, 2015 Share Posted December 18, 2015 <?php /* * When you go live you may wish to remove this */ ini_set('display_errors',1); error_reporting(E_ALL); include "globals.php"; $spend = isset($_GET['spend']) ? $db->escape($_GET['spend']) : false; switch ($spend) { case 'brefill': braveRefill(); break; case 'refill': refillEnergy(); break; case 'IQ': buyIq(); break; case 'IQ2': buyIqSubmit(); break; case 'money': spendMoney(); break; case 'money2': spendMoneyConfirm(); break; default: index(); break; } function index() { global $ir, $set, $h; print "Welcome to the crystal temple!<br /> You have <b>". number_format($ir['crystals']) ."</b> crystals.<br /> What would you like to spend your crystals on?<br /> <br /> <a href='crystaltemple.php?spend=refill'>Energy Refill - {$set['ct_refillprice']} Crystals</a><br /> <a href='crystaltemple.php?spend=IQ'>IQ - {$set['ct_iqpercrys']} IQ per crystal</a><br /> <a href='crystaltemple.php?spend=money'>Money - \$".number_format($set['ct_moneypercrys'])." per crystal</a><br />"; $h->endpage(); return; } function braveRefill() { global $set, $db, $ir, $h; if($ir['crystals'] <$set['br_refillprice']) { print "You don't have enough crystals!"; $h->endpage(); return; } else if($ir['brave'] == $ir['maxbrave']) { print "You already have full energy."; $h->endpage(); return; } else { $db->query("UPDATE users SET brave=maxbrave,crystals=crystals-{$set['br_refillprice']} WHERE userid={$ir['userid']}"); echo "You have spent ". number_format($set['br_refillprice']) . "and filled up your brave"; $h->endpage(); return; } } function refillEnergy() { global $set, $db, $ir, $h; if($ir['crystals'] <$set['ct_refillprice']) { print "You don't have enough crystals!"; $h->endpage(); return; } else if($ir['energy'] == $ir['maxenergy']) { print "You already have full energy."; $h->endpage(); return; } else { $db->query("UPDATE users SET energy=maxenergy,crystals=crystals-{$set['ct_refillprice']} WHERE userid={$ir['userid']}"); print "You have paid ". number_format($set['ct_refillprice']) ."crystals to refill your energy bar."; $h->endpage(); return; } } function buyIq() { global $ir, $set, $h; print "Type in the amount of crystals you want to swap for IQ.<br /> You have <b>{$ir['crystals']}</b> crystals.<br /> One crystal = {$set['ct_iqpercrys']} IQ. <form action='crystaltemple.php?spend=IQ2' method='post'> <input type='text' name='crystals' /><br /> <input type='submit' value='Swap' /> </form>"; $h->endpage(); return; } function buyIqSubmit() { global $set, $db, $ir, $h; $_POST['crystals']=(int) $_POST['crystals']; if($_POST['crystals'] <= 0 || $_POST['crystals'] > $ir['crystals']) { print "Error, you either do not have enough crystals or did not fill out the form.<br /> <a href='crystaltemple.php?spend=IQ'>Back</a>"; } else { $iqgain=$_POST['crystals']*$set['ct_iqpercrys']; $db->query("UPDATE users SET crystals=crystals-{$_POST['crystals']} WHERE userid={$ir['userid']}"); $db->query("UPDATE userstats SET IQ=IQ+$iqgain WHERE userid={$ir['userid']}"); print "You traded {$_POST['crystals']} crystals for $iqgain IQ."; $h->endpage(); return; } } function spendMoney() { global $ir, $set, $h; print "Type in the amount of crystals you want to swap for money.<br /> You have <b>{$ir['crystals']}</b> crystals.<br /> One crystal = \$".number_format($set['ct_moneypercrys']).". <form action='crystaltemple.php?spend=money2' method='post'> <input type='text' name='crystals' /><br /> <input type='submit' value='Swap' /> </form>"; $h->endpage(); return; } function spendMoneyConfirm() { global $set, $db, $ir, $h; $_POST['crystals']=(int) $_POST['crystals']; if($_POST['crystals'] <= 0 || $_POST['crystals'] > $ir['crystals']) { print "Error, you either do not have enough crystals or did not fill out the form.<br /> <a href='crystaltemple.php?spend=money'>Back</a>"; } else { $iqgain=$_POST['crystals']*$set['ct_moneypercrys']; $db->query("UPDATE users SET crystals=crystals-{$_POST['crystals']},money=money+$iqgain WHERE userid={$ir['userid']}"); print "You traded {$_POST['crystals']} crystals for \$".number_format($iqgain)."."; } $h->endpage(); return; } there you go 1 Quote Link to comment Share on other sites More sharing options...
KyleMassacre Posted December 18, 2015 Share Posted December 18, 2015 Whoops :o Seems as if I got carried away with the closing ")" Quote Link to comment Share on other sites More sharing options...
sullins38 Posted December 18, 2015 Author Share Posted December 18, 2015 Awesome thank you guys for the help! Quote Link to comment Share on other sites More sharing options...
KyleMassacre Posted December 18, 2015 Share Posted December 18, 2015 Here is some advice: I am not sure if it was the forum but format your code please. I just went a head and re-wrote the entire thing because it was un-readable. But I think your main problem was missing a closing curly bracket "}" somewhere. I used the switch method with all the functions just to ease the readability of the code for you but its probably better if you dont Quote Link to comment Share on other sites More sharing options...
sullins38 Posted December 18, 2015 Author Share Posted December 18, 2015 Thnaks for the advice im new to all of this Quote Link to comment Share on other sites More sharing options...
AdamHull Posted December 18, 2015 Share Posted December 18, 2015 (edited) IT was on you isset Kyle you closed the ) right at the end of the line and missed the ; Just reread your post, guess you figured it out Kyle :p Edited December 18, 2015 by adamhull Quote Link to comment Share on other sites More sharing options...
KyleMassacre Posted December 18, 2015 Share Posted December 18, 2015 Thnaks for the advice im new to all of this All fine and dandy. I don't mind helping people sometimes ;) Quote Link to comment Share on other sites More sharing options...
sullins38 Posted December 18, 2015 Author Share Posted December 18, 2015 How would i go about getting this secured once i got everything done ? Quote Link to comment Share on other sites More sharing options...
KyleMassacre Posted December 19, 2015 Share Posted December 19, 2015 Securing this wouldn't be too hard. Basically anything that the user touches needs to be secured for example any get or post requests. You can make use of the abs() for your post variables. Without actually looking at it right now I believe you were typecasting your variables as Int but a negative number is considered an Int which is where the abs function comes in Quote Link to comment Share on other sites More sharing options...
sullins38 Posted December 19, 2015 Author Share Posted December 19, 2015 ok im gonna look into this more later on maybe i could get an example Quote Link to comment Share on other sites More sharing options...
sullins38 Posted December 19, 2015 Author Share Posted December 19, 2015 Something along these lines ? $_GET[‘ID’] = abs((int) $_GET[‘ID’]); Quote Link to comment Share on other sites More sharing options...
KyleMassacre Posted December 20, 2015 Share Posted December 20, 2015 Yeah abs((int)$num); is basically all you will need in this script because all you have is (int)$number; and here is why: $db->query('update users set crystals = crystals - -1000'); In your case -1000 is an integer but in math a positive - negative comes out as positive. So the user would actually gain crystals if they put a negative number Quote Link to comment Share on other sites More sharing options...
sullins38 Posted December 21, 2015 Author Share Posted December 21, 2015 (edited) look correct anything i missed ? <?php include "globals.php"; print "<h3>Item Market</h3>"; switch($_GET['action']) { case "buy": item_buy(); break; case "gift1": item_gift1(); break; case "gift2": item_gift2(); break; case "remove": itemm_remove(); break; default: imarket_index(); break; } function imarket_index() { global $db,$ir,$c,$userid,$h; print "Viewing all listings... <table width=75% cellspacing=1 class='table'> <tr style='background:gray'> <th>Adder</th> <th>Item</th> <th>Price</th> <th>Links</th> </tr>"; $q=$db->query("SELECT im.*, i.*, u.*,it.* FROM itemmarket im LEFT JOIN items i ON im.imITEM=i.itmid LEFT JOIN users u ON u.userid=im.imADDER LEFT JOIN itemtypes it ON i.itmtype=it.itmtypeid ORDER BY i.itmtype, i.itmname ASC"); $lt=""; while($r=$db->fetch_row($q)) { if($lt!=$r['itmtypename']) { $lt=$r['itmtypename']; print "\n<tr style='background: gray;'><th colspan=4>{$lt}</th></tr>"; } if($r['imCURRENCY']=="money") { $price="\$".number_format($r['imPRICE']); } else { $price=number_format($r['imPRICE'])." crystals"; } if($r['imADDER'] == $userid) { $link = "[<a href='itemmarket.php?action=remove&ID={$r['imID']}'>Remove</a>]"; } else { $link = "[<a href='itemmarket.php?action=buy&ID={$r['imID']}'>Buy</a>] [<a href='itemmarket.php?action=gift1&ID={$r['imID']}'>Gift</a>]"; } print "\n<tr> <td><a href='viewuser.php?u={$r['userid']}'>{$r['username']}</a> [{$r['userid']}]</td> <td>{$r['itmname']}</td> <td>$price</td> <td>[<a href='iteminfo.php?ID={$r['itmid']}'>Info</a>] $link</td> </tr>"; } print "</table>"; } function itemm_remove() { global $db,$ir,$c,$userid,$h; $q=$db->query("SELECT im.*,i.* FROM itemmarket im LEFT JOIN items i ON im.imITEM=i.itmid WHERE imID=$_GET[‘ID’] = abs((int) $_GET[‘ID’]) AND imADDER=$userid"); if(!$db->num_rows($q)) { print "Error, either this item does not exist, or you are not the owner.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } $r=$db->fetch_row($q); item_add($userid, $r['imITEM'], 1); $i=($db->insert_id()) ? $db->insert_id() : 99999; $db->query("DELETE FROM itemmarket WHERE imID=$_GET[‘ID’] = abs((int) $_GET[‘ID’])"); $db->query("INSERT INTO imremovelogs VALUES ('', {$r['imITEM']}, {$r['imADDER']}, $userid, {$r['imID']}, $i, unix_timestamp(), '{$ir['username']} removed a {$r['itmname']} from the item market.')"); print "Item removed from market!<br /> <a href='itemmarket.php'>> Back</a>"; } function item_buy() { global $db,$ir,$c,$userid,$h; $q=$db->query("SELECT * FROM itemmarket im LEFT JOIN items i ON i.itmid=im.imITEM WHERE imID=$_GET[‘ID’] = abs((int) $_GET[‘ID’])",$c); if(!$db->num_rows($q)) { print "Error, either this item does not exist, or it has already been bought.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } $r=$db->fetch_row($q); $curr=$r['imCURRENCY']; if($r['imPRICE'] > $ir[$curr]) { print "Error, you do not have the funds to buy this item.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } item_add($userid, $r['imITEM'], 1); $i=($db->insert_id()) ? $db->insert_id() : 99999; $db->query("DELETE FROM itemmarket WHERE imID=$_GET[‘ID’] = abs((int) $_GET[‘ID’])"); $db->query("UPDATE users SET $curr=$curr-{$r['imPRICE']} where userid=$userid"); $db->query("UPDATE users SET $curr=$curr+{$r['imPRICE']} where userid={$r['imADDER']}"); if($curr=="money") { event_add($r['imADDER'],"<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought your {$r['itmname']} item from the market for \$".number_format($r['imPRICE']).".",$c); $db->query("INSERT INTO imbuylogs VALUES ('', {$r['imITEM']}, {$r['imADDER']}, $userid, {$r['imPRICE']}, {$r['imID']}, $i, unix_timestamp(), '{$ir['username']} bought a {$r['itmname']} from the item market for \${$r['imPRICE']} from user ID {$r['imADDER']}')"); print "You bought the {$r['itmname']} from the market for \$".number_format($r['imPRICE'])."."; } else { event_add($r['imADDER'],"<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought your {$r['itmname']} item from the market for ".number_format($r['imPRICE'])." crystals.",$c); $db->query("INSERT INTO imbuylogs VALUES ('', {$r['imITEM']}, {$r['imADDER']}, $userid, {$r['imPRICE']}, {$r['imID']}, $i, unix_timestamp(), '{$ir['username']} bought a {$r['itmname']} from the item market for {$r['imPRICE']} crystals from user ID {$r['imADDER']}')"); print "You bought the {$r['itmname']} from the market for ".number_format($r['imPRICE'])." crystals."; } } function item_gift1() { global $db,$ir,$c,$userid,$h; $q=$db->query("SELECT * FROM itemmarket im LEFT JOIN items i ON i.itmid=im.imITEM WHERE imID=$_GET[‘ID’] = abs((int) $_GET[‘ID’])"); if(!$db->num_rows($q)) { print "Error, either this item does not exist, or it has already been bought.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } $r=$db->fetch_row($q); $curr=$r['imCURRENCY']; if($r['imPRICE'] > $ir[$curr]) { print "Error, you do not have the funds to buy this item.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } if($curr=="money") { print "Buying the <b>{$r['itmname']}</b> for \$".number_format($r['imPRICE'])." as a gift...<br /> <form action='itemmarket.php?action=gift2' method='post'> <input type='hidden' name='ID' value='$_GET[‘ID’] = abs((int) $_GET[‘ID’])' /> User to give gift to: ".user_dropdown($c,'user')."<br /> <input type='submit' value='Buy Item and Send Gift' /></form>"; } else { print "Buying the <b>{$r['itmname']}</b> for ".number_format($r['imPRICE'])." crystals as a gift...<br /> <form action='itemmarket.php?action=gift2' method='post'> <input type='hidden' name='ID' value='{$_GET[‘ID’] = abs((int) $_GET[‘ID’])' /> User to give gift to: ".user_dropdown($c,'user')."<br /> <input type='submit' value='Buy Item and Send Gift' /></form>"; } } function item_gift2() { global $db,$ir,$c,$userid,$h; $q=$db->query("SELECT * FROM itemmarket im LEFT JOIN items i ON i.itmid=im.imITEM WHERE imID=$_POST[‘ID’] = abs((int) $_POST[‘ID’])"); if(!$db->num_rows($q)) { print "Error, either this item does not exist, or it has already been bought.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } $r=$db->fetch_row($q); $curr=$r['imCURRENCY']; if($r['imPRICE'] > $ir[$curr]) { print "Error, you do not have the funds to buy this item.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } item_add($_POST['user'], $r['imITEM'], 1); $i=($db->insert_id()) ? $db->insert_id() : 99999; $db->query("DELETE FROM itemmarket WHERE imID=$_POST[‘ID’] = abs((int) $_POST[‘ID’])"); $db->query("UPDATE users SET $curr=$curr-{$r['imPRICE']} where userid=$userid"); $db->query("UPDATE users SET $curr=$curr+{$r['imPRICE']} where userid={$r['imADDER']}"); if($curr=="money") { event_add($r['imADDER'],"<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought your {$r['itmname']} item from the market for \$".number_format($r['imPRICE']).".",$c); event_add($_POST['user'], "<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought you a {$r['itmname']} from the item market as a gift.",$c); $u=$db->query("SELECT username FROM users WHERE userid={$_POST['user']}"); $uname=$db->fetch_single($u); $db->query("INSERT INTO imbuylogs VALUES ('', {$r['imITEM']}, {$r['imADDER']}, $userid, {$r['imPRICE']}, {$r['imID']}, $i, unix_timestamp(), '{$ir['username']} bought a {$r['itmname']} from the item market for \${$r['imPRICE']} from user ID {$r['imADDER']} as a gift for $uname [{$_POST['user']}]')"); print "You bought the {$r['itmname']} from the market for \$".number_format($r['imPRICE'])." and sent the gift to $uname."; } else { event_add($r['imADDER'],"<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought your {$r['itmname']} item from the market for ".number_format($r['imPRICE'])." crystals.",$c); event_add($_POST['user'], "<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought you a {$r['itmname']} from the item market as a gift.",$c); $u=$db->query("SELECT username FROM users WHERE userid={$_POST['user']}"); $uname=$db->fetch_single($u); $db->query("INSERT INTO imbuylogs VALUES ('', {$r['imITEM']}, {$r['imADDER']}, $userid, {$r['imPRICE']}, {$r['imID']}, $i, unix_timestamp(), '{$ir['username']} bought a {$r['itmname']} from the item market for {$r['imPRICE']} crystals from user ID {$r['imADDER']} as a gift for $uname [{$_POST['user']}]')"); print "You bought the {$r['itmname']} from the market for ".number_format($r['imPRICE'])." crystals and sent the gift to $uname."; } } $h->endpage(); ?> Edited December 21, 2015 by sullins38 Quote Link to comment Share on other sites More sharing options...
NonStopCoding Posted December 21, 2015 Share Posted December 21, 2015 look correct anything i missed ? <?php include "globals.php"; print "<h3>Item Market</h3>"; switch($_GET['action']) { case "buy": item_buy(); break; case "gift1": item_gift1(); break; case "gift2": item_gift2(); break; case "remove": itemm_remove(); break; default: imarket_index(); break; } function imarket_index() { global $db,$ir,$c,$userid,$h; print "Viewing all listings... <table width=75% cellspacing=1 class='table'> <tr style='background:gray'> <th>Adder</th> <th>Item</th> <th>Price</th> <th>Links</th> </tr>"; $q=$db->query("SELECT im.*, i.*, u.*,it.* FROM itemmarket im LEFT JOIN items i ON im.imITEM=i.itmid LEFT JOIN users u ON u.userid=im.imADDER LEFT JOIN itemtypes it ON i.itmtype=it.itmtypeid ORDER BY i.itmtype, i.itmname ASC"); $lt=""; while($r=$db->fetch_row($q)) { if($lt!=$r['itmtypename']) { $lt=$r['itmtypename']; print "\n<tr style='background: gray;'><th colspan=4>{$lt}</th></tr>"; } if($r['imCURRENCY']=="money") { $price="\$".number_format($r['imPRICE']); } else { $price=number_format($r['imPRICE'])." crystals"; } if($r['imADDER'] == $userid) { $link = "[<a href='itemmarket.php?action=remove&ID={$r['imID']}'>Remove</a>]"; } else { $link = "[<a href='itemmarket.php?action=buy&ID={$r['imID']}'>Buy</a>] [<a href='itemmarket.php?action=gift1&ID={$r['imID']}'>Gift</a>]"; } print "\n<tr> <td><a href='viewuser.php?u={$r['userid']}'>{$r['username']}</a> [{$r['userid']}]</td> <td>{$r['itmname']}</td> <td>$price</td> <td>[<a href='iteminfo.php?ID={$r['itmid']}'>Info</a>] $link</td> </tr>"; } print "</table>"; } function itemm_remove() { global $db,$ir,$c,$userid,$h; $q=$db->query("SELECT im.*,i.* FROM itemmarket im LEFT JOIN items i ON im.imITEM=i.itmid WHERE imID=$_GET[‘ID’] = abs((int) $_GET[‘ID’]) AND imADDER=$userid"); if(!$db->num_rows($q)) { print "Error, either this item does not exist, or you are not the owner.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } $r=$db->fetch_row($q); item_add($userid, $r['imITEM'], 1); $i=($db->insert_id()) ? $db->insert_id() : 99999; $db->query("DELETE FROM itemmarket WHERE imID=$_GET[‘ID’] = abs((int) $_GET[‘ID’])"); $db->query("INSERT INTO imremovelogs VALUES ('', {$r['imITEM']}, {$r['imADDER']}, $userid, {$r['imID']}, $i, unix_timestamp(), '{$ir['username']} removed a {$r['itmname']} from the item market.')"); print "Item removed from market!<br /> <a href='itemmarket.php'>> Back</a>"; } function item_buy() { global $db,$ir,$c,$userid,$h; $q=$db->query("SELECT * FROM itemmarket im LEFT JOIN items i ON i.itmid=im.imITEM WHERE imID=$_GET[‘ID’] = abs((int) $_GET[‘ID’])",$c); if(!$db->num_rows($q)) { print "Error, either this item does not exist, or it has already been bought.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } $r=$db->fetch_row($q); $curr=$r['imCURRENCY']; if($r['imPRICE'] > $ir[$curr]) { print "Error, you do not have the funds to buy this item.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } item_add($userid, $r['imITEM'], 1); $i=($db->insert_id()) ? $db->insert_id() : 99999; $db->query("DELETE FROM itemmarket WHERE imID=$_GET[‘ID’] = abs((int) $_GET[‘ID’])"); $db->query("UPDATE users SET $curr=$curr-{$r['imPRICE']} where userid=$userid"); $db->query("UPDATE users SET $curr=$curr+{$r['imPRICE']} where userid={$r['imADDER']}"); if($curr=="money") { event_add($r['imADDER'],"<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought your {$r['itmname']} item from the market for \$".number_format($r['imPRICE']).".",$c); $db->query("INSERT INTO imbuylogs VALUES ('', {$r['imITEM']}, {$r['imADDER']}, $userid, {$r['imPRICE']}, {$r['imID']}, $i, unix_timestamp(), '{$ir['username']} bought a {$r['itmname']} from the item market for \${$r['imPRICE']} from user ID {$r['imADDER']}')"); print "You bought the {$r['itmname']} from the market for \$".number_format($r['imPRICE'])."."; } else { event_add($r['imADDER'],"<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought your {$r['itmname']} item from the market for ".number_format($r['imPRICE'])." crystals.",$c); $db->query("INSERT INTO imbuylogs VALUES ('', {$r['imITEM']}, {$r['imADDER']}, $userid, {$r['imPRICE']}, {$r['imID']}, $i, unix_timestamp(), '{$ir['username']} bought a {$r['itmname']} from the item market for {$r['imPRICE']} crystals from user ID {$r['imADDER']}')"); print "You bought the {$r['itmname']} from the market for ".number_format($r['imPRICE'])." crystals."; } } function item_gift1() { global $db,$ir,$c,$userid,$h; $q=$db->query("SELECT * FROM itemmarket im LEFT JOIN items i ON i.itmid=im.imITEM WHERE imID=$_GET[‘ID’] = abs((int) $_GET[‘ID’])"); if(!$db->num_rows($q)) { print "Error, either this item does not exist, or it has already been bought.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } $r=$db->fetch_row($q); $curr=$r['imCURRENCY']; if($r['imPRICE'] > $ir[$curr]) { print "Error, you do not have the funds to buy this item.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } if($curr=="money") { print "Buying the <b>{$r['itmname']}</b> for \$".number_format($r['imPRICE'])." as a gift...<br /> <form action='itemmarket.php?action=gift2' method='post'> <input type='hidden' name='ID' value='$_GET[‘ID’] = abs((int) $_GET[‘ID’])' /> User to give gift to: ".user_dropdown($c,'user')."<br /> <input type='submit' value='Buy Item and Send Gift' /></form>"; } else { print "Buying the <b>{$r['itmname']}</b> for ".number_format($r['imPRICE'])." crystals as a gift...<br /> <form action='itemmarket.php?action=gift2' method='post'> <input type='hidden' name='ID' value='{$_GET[‘ID’] = abs((int) $_GET[‘ID’])' /> User to give gift to: ".user_dropdown($c,'user')."<br /> <input type='submit' value='Buy Item and Send Gift' /></form>"; } } function item_gift2() { global $db,$ir,$c,$userid,$h; $q=$db->query("SELECT * FROM itemmarket im LEFT JOIN items i ON i.itmid=im.imITEM WHERE imID=$_POST[‘ID’] = abs((int) $_POST[‘ID’])"); if(!$db->num_rows($q)) { print "Error, either this item does not exist, or it has already been bought.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } $r=$db->fetch_row($q); $curr=$r['imCURRENCY']; if($r['imPRICE'] > $ir[$curr]) { print "Error, you do not have the funds to buy this item.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } item_add($_POST['user'], $r['imITEM'], 1); $i=($db->insert_id()) ? $db->insert_id() : 99999; $db->query("DELETE FROM itemmarket WHERE imID=$_POST[‘ID’] = abs((int) $_POST[‘ID’])"); $db->query("UPDATE users SET $curr=$curr-{$r['imPRICE']} where userid=$userid"); $db->query("UPDATE users SET $curr=$curr+{$r['imPRICE']} where userid={$r['imADDER']}"); if($curr=="money") { event_add($r['imADDER'],"<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought your {$r['itmname']} item from the market for \$".number_format($r['imPRICE']).".",$c); event_add($_POST['user'], "<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought you a {$r['itmname']} from the item market as a gift.",$c); $u=$db->query("SELECT username FROM users WHERE userid={$_POST['user']}"); $uname=$db->fetch_single($u); $db->query("INSERT INTO imbuylogs VALUES ('', {$r['imITEM']}, {$r['imADDER']}, $userid, {$r['imPRICE']}, {$r['imID']}, $i, unix_timestamp(), '{$ir['username']} bought a {$r['itmname']} from the item market for \${$r['imPRICE']} from user ID {$r['imADDER']} as a gift for $uname [{$_POST['user']}]')"); print "You bought the {$r['itmname']} from the market for \$".number_format($r['imPRICE'])." and sent the gift to $uname."; } else { event_add($r['imADDER'],"<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought your {$r['itmname']} item from the market for ".number_format($r['imPRICE'])." crystals.",$c); event_add($_POST['user'], "<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought you a {$r['itmname']} from the item market as a gift.",$c); $u=$db->query("SELECT username FROM users WHERE userid={$_POST['user']}"); $uname=$db->fetch_single($u); $db->query("INSERT INTO imbuylogs VALUES ('', {$r['imITEM']}, {$r['imADDER']}, $userid, {$r['imPRICE']}, {$r['imID']}, $i, unix_timestamp(), '{$ir['username']} bought a {$r['itmname']} from the item market for {$r['imPRICE']} crystals from user ID {$r['imADDER']} as a gift for $uname [{$_POST['user']}]')"); print "You bought the {$r['itmname']} from the market for ".number_format($r['imPRICE'])." crystals and sent the gift to $uname."; } } $h->endpage(); ?> You can add the security to the start of the function to make things easier so you don't need to add it to each and every query function something() { global $var,$var2; $_GET['whatever'] = abs(intval($_GET['whatever'])); $check = $db->query("SELECT `something` FROM `someplace` WHERE `whatever` = ".$_GET['whatever']); } quick scan also noticed that in your gift2 function you never secured the [{$_POST['user']}] also need to do checks to make sure that the info your searching for is real if not then kill script $usercheck = $db->query("SELECT `userid` FROM `users` WHERE `userid` = ".$_POST['userid']); // Preform check using num_rows() if(!$db->num_rows($usercheck)) { // error $h->endpage(); exit; } Quote Link to comment Share on other sites More sharing options...
sullins38 Posted December 21, 2015 Author Share Posted December 21, 2015 What about this ? <?php include "globals.php"; print "<h3>Item Market</h3>"; switch($_GET['action']) { case "buy": item_buy(); break; case "gift1": item_gift1(); break; case "gift2": item_gift2(); break; case "remove": itemm_remove(); break; default: imarket_index(); break; } function imarket_index() { global $var,$var2; $_GET['ID'] = abs(intval(($_GET['ID'])); $check = $db->query("SELECT im.*,i.* FROM itemmarket im LEFT JOIN items i ON im.imITEM=i.itmid WHERE imID={$_GET['ID']} AND imADDER=$userid"); } global $db,$ir,$c,$userid,$h; print "Viewing all listings... <table width=75% cellspacing=1 class='table'> <tr style='background:gray'> <th>Adder</th> <th>Item</th> <th>Price</th> <th>Links</th> </tr>"; $q=$db->query("SELECT im.*, i.*, u.*,it.* FROM itemmarket im LEFT JOIN items i ON im.imITEM=i.itmid LEFT JOIN users u ON u.userid=im.imADDER LEFT JOIN itemtypes it ON i.itmtype=it.itmtypeid ORDER BY i.itmtype, i.itmname ASC"); $lt=""; while($r=$db->fetch_row($q)) { if($lt!=$r['itmtypename']) { $lt=$r['itmtypename']; print "\n<tr style='background: gray;'><th colspan=4>{$lt}</th></tr>"; } if($r['imCURRENCY']=="money") { $price="\$".number_format($r['imPRICE']); } else { $price=number_format($r['imPRICE'])." crystals"; } if($r['imADDER'] == $userid) { $link = "[<a href='itemmarket.php?action=remove&ID={$r['imID']}'>Remove</a>]"; } else { $link = "[<a href='itemmarket.php?action=buy&ID={$r['imID']}'>Buy</a>] [<a href='itemmarket.php?action=gift1&ID={$r['imID']}'>Gift</a>]"; } print "\n<tr> <td><a href='viewuser.php?u={$r['userid']}'>{$r['username']}</a> [{$r['userid']}]</td> <td>{$r['itmname']}</td> <td>$price</td> <td>[<a href='iteminfo.php?ID={$r['itmid']}'>Info</a>] $link</td> </tr>"; } print "</table>"; } function itemm_remove() { global $db,$ir,$c,$userid,$h; $q=$db->query("SELECT im.*,i.* FROM itemmarket im LEFT JOIN items i ON im.imITEM=i.itmid WHERE imID={$_GET['ID']} AND imADDER=$userid"); if(!$db->num_rows($q)) { print "Error, either this item does not exist, or you are not the owner.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } $r=$db->fetch_row($q); item_add($userid, $r['imITEM'], 1); $i=($db->insert_id()) ? $db->insert_id() : 99999; $db->query("DELETE FROM itemmarket WHERE imID={$_GET['ID']}"); $db->query("INSERT INTO imremovelogs VALUES ('', {$r['imITEM']}, {$r['imADDER']}, $userid, {$r['imID']}, $i, unix_timestamp(), '{$ir['username']} removed a {$r['itmname']} from the item market.')"); print "Item removed from market!<br /> <a href='itemmarket.php'>> Back</a>"; } function item_buy() { global $db,$ir,$c,$userid,$h; $q=$db->query("SELECT * FROM itemmarket im LEFT JOIN items i ON i.itmid=im.imITEM WHERE imID={$_GET['ID']}",$c); if(!$db->num_rows($q)) { print "Error, either this item does not exist, or it has already been bought.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } $r=$db->fetch_row($q); $curr=$r['imCURRENCY']; if($r['imPRICE'] > $ir[$curr]) { print "Error, you do not have the funds to buy this item.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } item_add($userid, $r['imITEM'], 1); $i=($db->insert_id()) ? $db->insert_id() : 99999; $db->query("DELETE FROM itemmarket WHERE imID={$_GET['ID']}"); $db->query("UPDATE users SET $curr=$curr-{$r['imPRICE']} where userid=$userid"); $db->query("UPDATE users SET $curr=$curr+{$r['imPRICE']} where userid={$r['imADDER']}"); if($curr=="money") { event_add($r['imADDER'],"<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought your {$r['itmname']} item from the market for \$".number_format($r['imPRICE']).".",$c); $db->query("INSERT INTO imbuylogs VALUES ('', {$r['imITEM']}, {$r['imADDER']}, $userid, {$r['imPRICE']}, {$r['imID']}, $i, unix_timestamp(), '{$ir['username']} bought a {$r['itmname']} from the item market for \${$r['imPRICE']} from user ID {$r['imADDER']}')"); print "You bought the {$r['itmname']} from the market for \$".number_format($r['imPRICE'])."."; } else { event_add($r['imADDER'],"<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought your {$r['itmname']} item from the market for ".number_format($r['imPRICE'])." crystals.",$c); $db->query("INSERT INTO imbuylogs VALUES ('', {$r['imITEM']}, {$r['imADDER']}, $userid, {$r['imPRICE']}, {$r['imID']}, $i, unix_timestamp(), '{$ir['username']} bought a {$r['itmname']} from the item market for {$r['imPRICE']} crystals from user ID {$r['imADDER']}')"); print "You bought the {$r['itmname']} from the market for ".number_format($r['imPRICE'])." crystals."; } } function item_gift1() { global $db,$ir,$c,$userid,$h; $q=$db->query("SELECT * FROM itemmarket im LEFT JOIN items i ON i.itmid=im.imITEM WHERE imID={$_GET['ID']}"); if(!$db->num_rows($q)) { print "Error, either this item does not exist, or it has already been bought.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } $r=$db->fetch_row($q); $curr=$r['imCURRENCY']; if($r['imPRICE'] > $ir[$curr]) { print "Error, you do not have the funds to buy this item.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } if($curr=="money") { print "Buying the <b>{$r['itmname']}</b> for \$".number_format($r['imPRICE'])." as a gift...<br /> <form action='itemmarket.php?action=gift2' method='post'> <input type='hidden' name='ID' value='{$_GET['ID']}' /> User to give gift to: ".user_dropdown($c,'user')."<br /> <input type='submit' value='Buy Item and Send Gift' /></form>"; } else { print "Buying the <b>{$r['itmname']}</b> for ".number_format($r['imPRICE'])." crystals as a gift...<br /> <form action='itemmarket.php?action=gift2' method='post'> <input type='hidden' name='ID' value='{$_GET['ID']}' /> User to give gift to: ".user_dropdown($c,'user')."<br /> <input type='submit' value='Buy Item and Send Gift' /></form>"; } } $usercheck = $db->query("SELECT `userid` FROM `users` WHERE `userid` = ".$_POST['userid']); // Preform check using num_rows() if(!$db->num_rows($usercheck)) { // error $h->endpage(); exit; } function item_gift2() { global $db,$ir,$c,$userid,$h; $q=$db->query("SELECT * FROM itemmarket im LEFT JOIN items i ON i.itmid=im.imITEM WHERE imID={$_POST['ID']}"); if(!$db->num_rows($q)) { print "Error, either this item does not exist, or it has already been bought.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } $r=$db->fetch_row($q); $curr=$r['imCURRENCY']; if($r['imPRICE'] > $ir[$curr]) { print "Error, you do not have the funds to buy this item.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } item_add($_POST['user'], $r['imITEM'], 1); $i=($db->insert_id()) ? $db->insert_id() : 99999; $db->query("DELETE FROM itemmarket WHERE imID={$_POST['ID']}"); $db->query("UPDATE users SET $curr=$curr-{$r['imPRICE']} where userid=$userid"); $db->query("UPDATE users SET $curr=$curr+{$r['imPRICE']} where userid={$r['imADDER']}"); if($curr=="money") { event_add($r['imADDER'],"<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought your {$r['itmname']} item from the market for \$".number_format($r['imPRICE']).".",$c); event_add($_POST['user'], "<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought you a {$r['itmname']} from the item market as a gift.",$c); $u=$db->query("SELECT username FROM users WHERE userid={$_POST['user']}"); $uname=$db->fetch_single($u); $db->query("INSERT INTO imbuylogs VALUES ('', {$r['imITEM']}, {$r['imADDER']}, $userid, {$r['imPRICE']}, {$r['imID']}, $i, unix_timestamp(), '{$ir['username']} bought a {$r['itmname']} from the item market for \${$r['imPRICE']} from user ID {$r['imADDER']} as a gift for $uname [{$_POST['user']}]')"); print "You bought the {$r['itmname']} from the market for \$".number_format($r['imPRICE'])." and sent the gift to $uname."; } else { event_add($r['imADDER'],"<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought your {$r['itmname']} item from the market for ".number_format($r['imPRICE'])." crystals.",$c); event_add($_POST['user'], "<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought you a {$r['itmname']} from the item market as a gift.",$c); $u=$db->query("SELECT username FROM users WHERE userid={$_POST['user']}"); $uname=$db->fetch_single($u); $db->query("INSERT INTO imbuylogs VALUES ('', {$r['imITEM']}, {$r['imADDER']}, $userid, {$r['imPRICE']}, {$r['imID']}, $i, unix_timestamp(), '{$ir['username']} bought a {$r['itmname']} from the item market for {$r['imPRICE']} crystals from user ID {$r['imADDER']} as a gift for $uname [{$_POST['user']}]')"); print "You bought the {$r['itmname']} from the market for ".number_format($r['imPRICE'])." crystals and sent the gift to $uname."; } } $h->endpage(); ?> Quote Link to comment Share on other sites More sharing options...
NonStopCoding Posted December 21, 2015 Share Posted December 21, 2015 (edited) fixed up some stuff and cleaned up the code Paste bin - http://pastebin.com/ASdwaXFd Edit line 4 should be ctype_alnum not ctype_alphanum <?php require(__DIR__.'/globals.php'); print "<h3>Item Market</h3>"; $_GET['action'] = isset($_GET['action']) && ctype_alnum($_GET['action']) ? strtolower(trim($_GET['action'])) : false; switch($_GET['action']) { case "buy": item_buy(); break; case "gift1": item_gift1(); break; case "gift2": item_gift2(); break; case "remove": itemm_remove(); break; default: imarket_index(); break; } // going to add the code for get id here as its used multiple times $_GET['ID'] = isset($_GET['ID']) && ctype_digit($_GET['ID']) ? abs(intval($_GET['ID'])) : 0; // or simple // $_GET['ID'] = abs(intval($_GET['ID'])); function imarket_index() { global $db,$ir,$c,$userid,$h; // whats this for? $check = $db->query("SELECT im.*,i.* FROM `itemmarket` im LEFT JOIN `items` i ON im.imITEM=i.itmid WHERE `imID` = {$_GET['ID']} AND `imADDER` = $userid"); print "Viewing all listings... <table width=75% cellspacing=1 class='table'> <tr style='background:gray'> <th>Adder</th> <th>Item</th> <th>Price</th> <th>Links</th> </tr>"; $q = $db->query("SELECT im.*, i.*, u.*,it.* FROM `itemmarket` im LEFT JOIN `items` i ON im.imITEM=i.itmid LEFT JOIN `users` u ON u.userid=im.imADDER LEFT JOIN itemtypes it ON i.itmtype=it.itmtypeid ORDER BY i.itmtype, i.itmname ASC"); $lt = ""; while($r=$db->fetch_row($q)) { if($lt!=$r['itmtypename']) { $lt = $r['itmtypename']; print "\n<tr style='background: gray;'><th colspan=4>{$lt}</th></tr>"; } if($r['imCURRENCY']=="money") $price="\$".number_format($r['imPRICE']); else $price=number_format($r['imPRICE'])." crystals"; if($r['imADDER'] == $userid) $link = "[<a href='itemmarket.php?action=remove&ID={$r['imID']}'>Remove</a>]"; else $link = "[<a href='itemmarket.php?action=buy&ID={$r['imID']}'>Buy</a>] [<a href='itemmarket.php?action=gift1&ID={$r['imID']}'>Gift</a>]"; print "\n <tr> <td><a href='viewuser.php?u={$r['userid']}'>{$r['username']}</a> [{$r['userid']}]</td> <td>{$r['itmname']}</td> <td>$price</td> <td>[<a href='iteminfo.php?ID={$r['itmid']}'>Info</a>] $link</td> </tr>"; } print "</table>"; } function itemm_remove() { global $db,$ir,$c,$userid,$h; $q = $db->query("SELECT im.*,i.* FROM itemmarket im LEFT JOIN items i ON im.imITEM=i.itmid WHERE imID={$_GET['ID']} AND imADDER=$userid"); if(!$db->num_rows($q)) { print "Error, either this item does not exist, or you are not the owner.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } $r = $db->fetch_row($q); item_add($userid, $r['imITEM'], 1); $i = ($db->insert_id()) ? $db->insert_id() : 99999; $db->query("DELETE FROM itemmarket WHERE imID={$_GET['ID']}"); $db->query("INSERT INTO imremovelogs VALUES ('', {$r['imITEM']}, {$r['imADDER']}, $userid, {$r['imID']}, $i, unix_timestamp(), '{$ir['username']} removed a {$r['itmname']} from the item market.')"); print "Item removed from market!<br /> <a href='itemmarket.php'>> Back</a>"; } function item_buy() { global $db,$ir,$c,$userid,$h; $q = $db->query("SELECT * FROM itemmarket im LEFT JOIN items i ON i.itmid=im.imITEM WHERE imID={$_GET['ID']}",$c); if(!$db->num_rows($q)) { print "Error, either this item does not exist, or it has already been bought.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } $r = $db->fetch_row($q); $curr = $r['imCURRENCY']; if($r['imPRICE'] > $ir[$curr]) { print "Error, you do not have the funds to buy this item.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } item_add($userid, $r['imITEM'], 1); $i=($db->insert_id()) ? $db->insert_id() : 99999; $db->query("DELETE FROM itemmarket WHERE imID={$_GET['ID']}"); $db->query("UPDATE users SET $curr=$curr-{$r['imPRICE']} where userid=$userid"); $db->query("UPDATE users SET $curr=$curr+{$r['imPRICE']} where userid={$r['imADDER']}"); if($curr == "money") { event_add($r['imADDER'],"<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought your {$r['itmname']} item from the market for \$".number_format($r['imPRICE']).".",$c); $db->query("INSERT INTO imbuylogs VALUES ('', {$r['imITEM']}, {$r['imADDER']}, $userid, {$r['imPRICE']}, {$r['imID']}, $i, unix_timestamp(), '{$ir['username']} bought a {$r['itmname']} from the item market for \${$r['imPRICE']} from user ID {$r['imADDER']}')"); print "You bought the {$r['itmname']} from the market for ".money_formatter($r['imPRICE'])."."; } else { event_add($r['imADDER'],"<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought your {$r['itmname']} item from the market for ".number_format($r['imPRICE'])." crystals.",$c); $db->query("INSERT INTO imbuylogs VALUES ('', {$r['imITEM']}, {$r['imADDER']}, $userid, {$r['imPRICE']}, {$r['imID']}, $i, unix_timestamp(), '{$ir['username']} bought a {$r['itmname']} from the item market for {$r['imPRICE']} crystals from user ID {$r['imADDER']}')"); print "You bought the {$r['itmname']} from the market for ".money_formatter($r['imPRICE'], '')." crystals."; } } function item_gift1() { global $db,$ir,$c,$userid,$h; $q=$db->query("SELECT * FROM itemmarket im LEFT JOIN items i ON i.itmid=im.imITEM WHERE imID={$_GET['ID']}"); if(!$db->num_rows($q)) { print "Error, either this item does not exist, or it has already been bought.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } $r = $db->fetch_row($q); $curr = $r['imCURRENCY']; if($r['imPRICE'] > $ir[$curr]) { print "Error, you do not have the funds to buy this item.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } if($curr == "money") { print "Buying the <b>{$r['itmname']}</b> for ".money_formatter($r['imPRICE'])." as a gift...<br /> <form action='itemmarket.php?action=gift2' method='post'> <input type='hidden' name='ID' value='{$_GET['ID']}' /> User to give gift to: ".user_dropdown($c,'user')."<br /> <input type='submit' value='Buy Item and Send Gift' /> </form>"; } else { print "Buying the <b>{$r['itmname']}</b> for ".money_formatter($r['imPRICE'], '')." crystals as a gift...<br /> <form action='itemmarket.php?action=gift2' method='post'> <input type='hidden' name='ID' value='{$_GET['ID']}' /> User to give gift to: ".user_dropdown($c,'user')."<br /> <input type='submit' value='Buy Item and Send Gift' /> </form>"; } } $usercheck = $db->query("SELECT `userid` FROM `users` WHERE `userid` = ".$_POST['userid']); // Preform check using num_rows() if(!$db->num_rows($usercheck)) { // error $h->endpage(); exit; } function item_gift2() { global $db,$ir,$c,$userid,$h; $_POST['user'] = isset($_POST['user']) && ctype_digit($_POST['user']) ? abs(intval($_POST['user'])) : 0; if(empty($_POST['user']) || empty($_POST['ID'])) { echo "Something went wrong. <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } $q = $db->query("SELECT * FROM itemmarket im LEFT JOIN items i ON i.itmid=im.imITEM WHERE imID={$_POST['ID']}"); if(!$db->num_rows($q)) { print "Error, either this item does not exist, or it has already been bought.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } $r = $db->fetch_row($q); $curr = $r['imCURRENCY']; if($r['imPRICE'] > $ir[$curr]) { print "Error, you do not have the funds to buy this item.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } item_add($_POST['user'], $r['imITEM'], 1); $i=($db->insert_id()) ? $db->insert_id() : 99999; $db->query("DELETE FROM itemmarket WHERE imID={$_POST['ID']}"); $db->query("UPDATE users SET $curr=$curr-{$r['imPRICE']} where userid=$userid"); $db->query("UPDATE users SET $curr=$curr+{$r['imPRICE']} where userid={$r['imADDER']}"); if($curr == "money") { event_add($r['imADDER'],"<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought your {$r['itmname']} item from the market for \$".number_format($r['imPRICE']).".",$c); event_add($_POST['user'], "<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought you a {$r['itmname']} from the item market as a gift.",$c); $u=$db->query("SELECT username FROM users WHERE userid={$_POST['user']}"); if(!$db->num_rows($u)) { echo "Invalid User."; $h->endpage(); exit; } $uname = ($db->num_rows($u)) ? $db->fetch_single($u) : "Error Invalid User"; $db->query("INSERT INTO imbuylogs VALUES ('', {$r['imITEM']}, {$r['imADDER']}, $userid, {$r['imPRICE']}, {$r['imID']}, $i, unix_timestamp(), '{$ir['username']} bought a {$r['itmname']} from the item market for \${$r['imPRICE']} from user ID {$r['imADDER']} as a gift for $uname [{$_POST['user']}]')"); print "You bought the {$r['itmname']} from the market for \$".number_format($r['imPRICE'])." and sent the gift to $uname."; } else { event_add($r['imADDER'],"<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought your {$r['itmname']} item from the market for ".number_format($r['imPRICE'])." crystals.",$c); event_add($_POST['user'], "<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought you a {$r['itmname']} from the item market as a gift.",$c); $u=$db->query("SELECT username FROM users WHERE userid={$_POST['user']}"); if(!$db->num_rows($u)) { echo "Invalid User."; $h->endpage(); exit; } $uname = ($db->num_rows($u)) ? $db->fetch_single($u) : "Error Invalid User"; $db->query("INSERT INTO imbuylogs VALUES ('', {$r['imITEM']}, {$r['imADDER']}, $userid, {$r['imPRICE']}, {$r['imID']}, $i, unix_timestamp(), '{$ir['username']} bought a {$r['itmname']} from the item market for {$r['imPRICE']} crystals from user ID {$r['imADDER']} as a gift for $uname [{$_POST['user']}]')"); print "You bought the {$r['itmname']} from the market for ".number_format($r['imPRICE'])." crystals and sent the gift to $uname."; } } $h->endpage(); ?> You need to go through each function and find if its using the get variable and then do a check to see if its empty i did it in one of the functions for you just look for that and try type it rather than copy and paste reason for that is your really not learning from copying and pasting. Edited December 21, 2015 by NonStopCoding Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.