From 9a6b28e4507ad21ea85a5fd659effbeadfec0823 Mon Sep 17 00:00:00 2001
From: radiskull <radiskull@9a2b23b2-43f4-4935-bed2-871a584d7cab>
Date: Sat, 27 Aug 2011 12:55:04 +0000
Subject: [PATCH] =?UTF-8?q?Verschenken=20von=20Items=20implementiert=20(Te?=
 =?UTF-8?q?il=201)=20=20-=20noch=20keine=20Begrenzung=20eingebaut=20(zum?=
 =?UTF-8?q?=20Testen=20f=C3=BCr=20User)=20=20-=20noch=20keine=20M=C3=B6gli?=
 =?UTF-8?q?chkeit=20Stufe=20und=20Anzahl=20der=20Items=20festzulegen=20im?=
 =?UTF-8?q?=20GM-Panel?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ag/item.php | 383 +++++++++++++++++++++++++++++++++++++---------------
 1 file changed, 275 insertions(+), 108 deletions(-)

diff --git a/ag/item.php b/ag/item.php
index 802e43d..0eed0d3 100644
--- a/ag/item.php
+++ b/ag/item.php
@@ -10,6 +10,7 @@ include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/designfunctions.inc.php');
 include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/fehlerausgabe.inc.php');
 include_once ($_SERVER['DOCUMENT_ROOT'] . 'ag/include/char.inc.php');
 include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/parse.inc.php');
+include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/messagefunctions.inc.php');
 
 // GET-Section
 // Kritisch (SQL-Injections)
@@ -17,6 +18,10 @@ $item_id1 = validateUnsignedInteger($_GET['item_id1'], null);
 $char_id2 = validateUnsignedInteger($_GET['char_id2'], null);
 $item_id = validateUnsignedInteger($_GET['item_id'], null);
 $sp_item = validateUnsignedInteger($_GET['sp_item'], null);
+$tausch_item = validateString($_GET['item_id']);
+$tausch_anzahl = validateUnsignedInteger($_GET['anzahl'], null);
+$tausch_geld= validateUnsignedInteger($_GET['geld'], null);
+$tausch_user  = validateName($_GET['user']);
 
 // Unkritisch
 $charm = $_GET['charm'];
@@ -35,8 +40,44 @@ else document.forms[0].elements['submit'].disabled=true;
 }
 -->
 </script>
+
 <?php
+// Die etwas abgewandelten Methode aus dem auktion_functions.php
+function getTradeItems($userid){
+	$result = NULL;
+	$index = 0;
+
+	$arenalvl = mysql_fetch_array(mysql_query("SELECT level FROM arena WHERE besitzer = ".$userid.";"));
+	// Die etwas abgewandelten SQL-Querys aus dem auktion_functions.php
+	$query = 'SELECT i.id, i.name, count(i.id) AS anzahl, tausch_anzahl, tausch_lvl, \'ware\' as tablename FROM ware w INNER JOIN item i ON(i.id=w.item_id) WHERE w.user = '.$userid.' AND s_type = \'Trank\' AND tausch_lvl <= '.$arenalvl['level'].' GROUP BY i.id
+					union
+					SELECT i.id, i.name,count(i.id) AS anzahl, tausch_anzahl, tausch_lvl, \'sp_ware\' as tablename FROM sp_ware w INNER JOIN sp_item i ON(i.id=w.item) WHERE w.user = '.$userid.' AND tausch_lvl <= '.$arenalvl['level'].' GROUP BY i.id
+					union
+					SELECT i.id, i.item AS name, count(i.id) AS anzahl, tausch_anzahl, tausch_lvl, \'wochen_ware\' as tablename FROM wochen_ware w INNER JOIN wochen_markt i ON(i.id=w.item) WHERE w.user = '.$userid.' AND tausch_lvl <= '.$arenalvl['level'].' GROUP BY (i.id)';
+
+	$qry = mysql_query($query);
+	// Damit waeren alle noetigen Datenbankaufrufe erledigt!
+	while($row = mysql_fetch_assoc($qry)){
+		$result[$index++] = '<option value=\''.$row['id'].','.$row['tablename'].'\'>'.$row['name'].' | Anzahl:'.$row['anzahl'].' (max: '.$row['tausch_anzahl'].')</option>';
+	}
+	return $result;
+}
 
+function getTradeOptions($table, $item_id) {
+	$row = null;
+	switch ($table) {
+		case 'ware':
+			$row = mysql_fetch_array(mysql_query("SELECT tausch_lvl, tausch_anzahl, name FROM item WHERE id = $item_id;"));
+			break;
+		case 'wochen_ware':
+			$row = mysql_fetch_array(mysql_query("SELECT tausch_lvl, tausch_anzahl, item FROM wochen_markt WHERE id = $item_id;"));
+			break;
+		case 'sp_ware':
+			$row = mysql_fetch_array(mysql_query("SELECT tausch_lvl, tausch_anzahl, name FROM sp_item WHERE id = $item_id;"));
+			break;
+	}
+	return $row;
+}
 
 $user = $user_ida;
 
@@ -45,20 +86,20 @@ if ($charm == 1) {
 	$item_info3 = mysql_fetch_array(mysql_query("SELECT preis, anzahl, hp, mp, starke, verteidigung, speed, s_type, type FROM item WHERE id='$item_info1[item_id]' LIMIT 1"));
 	$char_id1 = getChar($char_id2);
 
-	if ($item_info1[user] != $user[id]) {
+	if ($item_info1['user'] != $user['id']) {
 		displayErrorMessage(NULL,'Dieses Item geh&ouml;rt nicht dir', displayHistoryBackLink());
 		exit;
 	}
 
-	if ($char_id1[besitzer] != $user[id]) {
+	if ($char_id1['besitzer'] != $user['id']) {
 		displayErrorMessage(NULL,'Dieser Charakter geh&ouml;rt nicht dir!', displayHistoryBackLink());
 		exit;
 	}
-	if ($item_info3[type] != "$char_id1[type]" AND $item_info3[type] != "ALL") {
+	if ($item_info3['type'] != "$char_id1[type]" AND $item_info3['type'] != "ALL")  {
 		displayErrorMessage(NULL,'Dein Charakter kann dieses Item nicht benutzen!', displayHistoryBackLink());
 		exit;
 	}
-	if ($item_info3[s_type] != "Trank") {
+	if ($item_info3['s_type'] != "Trank") {
 		displayErrorMessage(NULL,'Fehler dieses Item ist kein Trank!', displayHistoryBackLink());
 		exit;
 	}
@@ -116,7 +157,7 @@ if ($charm == 2) {
 	$new_zahl = $item_info2['anzahl'] + 1;
 
 	$sql = "UPDATE user SET geld='$new_geld' WHERE id='$user[id]'";
-//	echo $sql.'<br>';
+	//	echo $sql.'<br>';
 	mysql_query($sql);
 	mysql_query("UPDATE item SET anzahl='$new_zahl' WHERE id='$item_info[item_id]'");
 	mysql_Query("DELETE FROM ware WHERE id='$item_info[id]'");
@@ -124,6 +165,81 @@ if ($charm == 2) {
 	exit;
 }
 
+if($charm == 3) {
+	if($tausch_user == null) {
+		displayErrorMessage(NULL,'Kein Namen für den User angegeben!', displayHistoryBackLink());
+		exit;
+	} else {
+		$row = mysql_fetch_array(mysql_query("SELECT id FROM user WHERE nickname='$tausch_user' LIMIT 1"));
+		$tausch_user_id = $row['id'];
+		if($tausch_user_id == null) {
+			displayErrorMessage(NULL,'Unbekannter User!', displayHistoryBackLink());
+			exit;
+		}
+		if($tausch_user_id == $user['id']) {
+			displayErrorMessage(NULL,'Warum an sich selbst was schenken?', displayHistoryBackLink());
+			exit;
+		}
+	}
+
+	$tausch_item = explode(",", $tausch_item);
+	if($tausch_geld != null xor $tausch_item[0] >= 0) {
+		//TODO: Transaktionsabfrage für den heutigen Tag
+		if($tausch_geld != null) {
+			$row = mysql_fetch_array(mysql_query("SELECT level FROM arena WHERE besitzer = ".$user['id'].";"));
+			$arenalvl = $row['level'];
+
+			if($tausch_geld <= ($arenalvl * 10000)) {
+				if($tausch_geld <= $user['geld']) {
+					$qry = 'UPDATE user SET geld = geld - '.$tausch_geld.' WHERE id = '.$user['id'].';';
+					mysql_query($qry);
+					$qry = 'UPDATE user SET geld = geld + '.$tausch_geld.' WHERE id = '.$tausch_user_id.';';
+					mysql_query($qry);
+					sendMessage($user['nickname'], $tausch_user_id, 'Geschenk', 'Der Spieler '.$user['nickname'].'hat dir '.$tausch_geld.' geschenkt!');
+						
+					displayErrorMessage(NULL, 'Die Summe von '.$tausch_geld.'¥ wurde erfolgreich dem Spieler '.$tausch_user.' geschenkt!', '<a href="index.php?as=item">weiter...</a>');
+					exit;
+				} else {
+					displayErrorMessage(NULL,'Du besitzt garnicht soviel Geld!', displayHistoryBackLink());
+					exit;
+				}
+			} else {
+				displayErrorMessage(NULL,'Die Höhe des Geldbetrags darf nicht getauscht werden! (Max. Arenalevel * 10000)', displayHistoryBackLink());
+				exit;
+			}
+		}
+
+		if($tausch_item[0] >= 0) {
+			if($tausch_anzahl != null) {
+				$row = getTradeOptions($tausch_item[1], $tausch_item[0]);
+				if($tausch_anzahl <= $row['tausch_anzahl']) {
+					if($tausch_item[1] == 'ware') {
+						$qry = 'UPDATE ware SET user = '.$tausch_user_id.' WHERE item_id = '.$tausch_item[0].' AND user = '.$user['id'].' LIMIT '.$tausch_anzahl.';';
+						mysql_query($qry);
+					} else {
+						$qry = 'UPDATE '.$tausch_item[1].' SET user = '.$tausch_user_id.' WHERE item = '.$tausch_item[0].' AND user = '.$user['id'].' LIMIT '.$tausch_anzahl.';';
+						mysql_query($qry);
+					}
+					sendMessage($user['nickname'], $tausch_user_id, 'Geschenk', 'Der Spieler '.$user['nickname'].' hat dir das Item '.$row['name'].$row['item'].' geschenkt!');
+						
+					displayErrorMessage(NULL, 'Item erfolgreich dem Spieler geschenkt!', '<a href="index.php?as=item">weiter...</a>');
+					exit;
+				} else {
+					displayErrorMessage(NULL,'Keine gültige Eingabe bei der Anzahl!', displayHistoryBackLink());
+					exit;
+				}
+			} else {
+				displayErrorMessage(NULL,'Keine gültige Eingabe bei der Anzahl!', displayHistoryBackLink());
+				exit;
+			}
+		}
+
+	} else {
+		displayErrorMessage(NULL,'Es kann entweder nur Geld oder ein Item verschenkt werden.', displayHistoryBackLink());
+		exit;
+	}
+}
+
 if ($charm == 6) {
 	$item_info = mysql_fetch_array(mysql_query("SELECT w.user, i.item, i.starke, i.ver, i.speed, i.ausdauer, i.hp, i.mp, i.glueck  FROM wochen_ware w LEFT JOIN wochen_markt i ON(i.id=w.item) WHERE w.id='$sp_item' LIMIT 1"));
 	$char_id1 = getChar($char_id2);
@@ -137,11 +253,11 @@ if ($charm == 6) {
 		displayErrorMessage(NULL,'Dieser Charakter geh&ouml;rt nicht dir!', displayHistoryBackLink());
 		exit;
 	}
-	
+
 	if ($char_id1['status'] != 'Frei') {
 		displayErrorMessage(NULL,'Dieser Charakter ist nicht frei!', displayHistoryBackLink());
 		exit;
-	}	
+	}
 
 	$hp1 = explode(",", $char_id1['hp']);
 	$mp1 = explode(",", $char_id1['mp']);
@@ -173,50 +289,52 @@ print_r($char_id1);
 ?>
 
 <div align="center">
-  <center>
-  <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" height="1">
-    <tr>
-      <th align="center">Item nutzen</th>
-    </tr>
-    <tr>    
-    	<td width="488" height="50" align="center">
-			<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get">
-				<input type="hidden" name="as" value="item">
-				<input type="hidden" name="charm" value="1">
-      			<select id="input" name="char_id2" onchange="disablebutton()">
-					<option value="-1">Charakter ausw&auml;hlen</option>
-				<?php
-					foreach($chars as $row){
-						$hp1 = explode(",", $row['hp']);
-						$mp1 = explode(",", $row['mp']);
-						echo '<option value="'.$row['id'].'">'.$row['name'].' (HP: '.$hp1[0].' / '.$hp1[1].') (MP: '.$mp1[0].' / '.$mp1[1].') (Type: '.$row['type'].')</option>';
-					}
-				?>
-	      		</select>
-	      		<br><br>
-	      		<select id="input" name="item_id1">
-				<?php
-				while ($row = mysql_fetch_array($item2)) {
-					$item_name = mysql_fetch_assoc(mysql_query('SELECT hp, mp, name, type, s_type, id FROM item WHERE id='.$row['item_id']));
-					if ($item_name[s_type] == "Trank") {
-						echo '<option value="'.$row['id'].'">'.$item_name['name'].' ('.$row['anzahl'].' mal)';
-					}
-				}
-				?>
-	      		</select>
-	      		<br><br>
-				<input id="input" type=submit disabled <?php echo $disabled; ?> name='submit' value='Benutzen'>    
-	      	</form>
-		</td>
-    </tr>
-    <tr><td><hr id="hrc"></td></tr>
-	<tr><th>Spezialitems nutzen</th></tr>
-	<tr>
-    	<td width="488" height="50" align="center">
-			<?php 
+	<center>
+		<table border="0" cellpadding="0" cellspacing="0"
+			style="border-collapse: collapse" bordercolor="#111111" width="100%"
+			height="1">
+			<tr>
+				<th align="center">Item nutzen</th>
+			</tr>
+			<tr>
+				<td width="488" height="50" align="center">
+					<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get">
+						<input type="hidden" name="as" value="item"> <input type="hidden"
+							name="charm" value="1"> <select id="input" name="char_id2"
+							onchange="disablebutton()">
+							<option value="-1">Charakter ausw&auml;hlen</option>
+							<?php
+							foreach($chars as $row){
+								$hp1 = explode(",", $row['hp']);
+								$mp1 = explode(",", $row['mp']);
+								echo '<option value="'.$row['id'].'">'.$row['name'].' (HP: '.$hp1[0].' / '.$hp1[1].') (MP: '.$mp1[0].' / '.$mp1[1].') (Type: '.$row['type'].')</option>';
+							}
+							?>
+						</select> <br> <br> <select id="input" name="item_id1">
+						<?php
+						while ($row = mysql_fetch_array($item2)) {
+							$item_name = mysql_fetch_assoc(mysql_query('SELECT hp, mp, name, type, s_type, id FROM item WHERE id='.$row['item_id']));
+							if ($item_name[s_type] == "Trank") {
+								echo '<option value="'.$row['id'].'">'.$item_name['name'].' ('.$row['anzahl'].' mal)';
+							}
+						}
+						?>
+						</select> <br> <br> <input id="input" type=submit disabled
+						<?php echo $disabled; ?> name='submit' value='Benutzen'>
+					</form>
+				</td>
+			</tr>
+			<tr>
+				<td><hr id="hrc"></td>
+			</tr>
+			<tr>
+				<th>Spezialitems nutzen</th>
+			</tr>
+			<tr>
+				<td width="488" height="50" align="center"><?php 
 				$sp_items = array(1,2,11,404,415);
 				$sql = 'SELECT si.name, si.id, count(sw.item) as anzahl FROM sp_item si LEFT JOIN (Select item from sp_ware where user = '.$user_ida['id'].') sw ON sw.item = si.id WHERE si.id IN ('.join(',',$sp_items).') GROUP by si.id';
-//				echo $sql.'<br>';
+				//				echo $sql.'<br>';
 				$qry = mysql_query($sql);
 				while($row = mysql_fetch_assoc($qry)){
 					// 7 DBs, 1 Potara und 1 Bohne gibts derzeit
@@ -233,68 +351,117 @@ print_r($char_id1);
 						echo $row['name'].' ('.$row['anzahl'].')<br>'."\n";
 					}
 				}
-			?>
-		</td>
-	</tr>
-	<tr><td><hr id="hrc"></td></tr>
-	<tr><th>Teufelsfrucht benutzen</th></tr>
-	<tr>
-		<td width="491" height="25" align="center">
-			<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="get">
-				<input type="hidden" name="as" value="item">
-				<input type="hidden" name="charm" value="6">
-				<select id="input" name="char_id2">
-					<option value="">Charakter ausw&auml;hlen</option>
-						<?php
-						// Speziell!!
-						$char4 = mysql_query('SELECT id, name FROM chars WHERE besitzer='.$user_ida['id'].' AND type=\'Onepiece\' AND frucht is NULL');
-						while ($row4 = mysql_fetch_array($char4)) {
-							echo '<option value="'.$row4['id'].'">'.$row4['name'].'</option>';
-						}
-						?>
-				</select>
-				<br><br>
-				<select id="input" name="sp_item">
+				?>
+				</td>
+			</tr>
+			<tr>
+				<td><hr id="hrc"></td>
+			</tr>
+			<tr>
+				<th>Teufelsfrucht benutzen</th>
+			</tr>
+			<tr>
+				<td width="491" height="25" align="center">
+					<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="get">
+						<input type="hidden" name="as" value="item"> <input type="hidden"
+							name="charm" value="6"> <select id="input" name="char_id2">
+							<option value="">Charakter ausw&auml;hlen</option>
+							<?php
+							// Speziell!!
+							$char4 = mysql_query('SELECT id, name FROM chars WHERE besitzer='.$user_ida['id'].' AND type=\'Onepiece\' AND frucht is NULL');
+							while ($row4 = mysql_fetch_array($char4)) {
+								echo '<option value="'.$row4['id'].'">'.$row4['name'].'</option>';
+							}
+							?>
+						</select> <br> <br> <select id="input" name="sp_item">
 						<?php
 						$sp_item = mysql_query("SELECT w.id, i.item FROM wochen_ware w LEFT JOIN wochen_markt i ON(w.item=i.id) WHERE w.user='$user_ida[id]'");
 						while ($row3 = mysql_fetch_array($sp_item)) {
 							echo "<option value='$row3[id]'>$row3[item]";
 						}
 						?>
-				</select>
-				<br><br>
-      			<input id="input" type=submit value="Teufels Frucht Benutzen">
-			</form>
-		</td>
-	</tr>
-	<tr><td><hr id="hrc"></td></tr>
-	    <tr>
-      <th align="center">Item verkaufen</th>
-    </tr>
-    <tr>
-		<td width="491" height="50" align="center">
-			<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get">
-				<input type="hidden" name="as" value="item">
-				<input type="hidden" name="charm" value="2">
-				<select id="input" name=item_id>
-					<option value="0">Verkaufen!</option>
-					<?php
-					while ($row = mysql_fetch_assoc($item1)) {
-						$item_name = mysql_fetch_assoc(mysql_query('SELECT * FROM item WHERE id='.$row['item_id']));
-						if($item_name['s_type'] != 'Trank'){
-							echo '<option value="'.$row['id'].'">'.$item_name['name'].' (Typ: '.$item_name['s_type'].', Level: '.$item_name['level'].')</option>';
-						} else{
-							echo '<option value="'.$row['id'].'">'.$item_name['name'].'</option>';
-						}
-					}
-					?>
-				</select>
-				<br><br>
-				<input id="input" type="submit" value="Verkaufen">
-			</form> 
-		</td>
-	</tr>
-	
-  </table>
-  </center>
-</div>
\ No newline at end of file
+						</select> <br> <br> <input id="input" type=submit
+							value="Teufels Frucht Benutzen">
+					</form>
+				</td>
+			</tr>
+			<tr>
+				<td><hr id="hrc"></td>
+			</tr>
+			<tr>
+				<th align="center">Item verkaufen</th>
+			</tr>
+			<tr>
+				<td width="491" height="50" align="center">
+					<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get">
+						<input type="hidden" name="as" value="item"> <input type="hidden"
+							name="charm" value="2"> <select id="input" name=item_id>
+							<option value="0">Verkaufen!</option>
+							<?php
+							while ($row = mysql_fetch_assoc($item1)) {
+								$item_name = mysql_fetch_assoc(mysql_query('SELECT * FROM item WHERE id='.$row['item_id']));
+								if($item_name['s_type'] != 'Trank'){
+									echo '<option value="'.$row['id'].'">'.$item_name['name'].' (Typ: '.$item_name['s_type'].', Level: '.$item_name['level'].')</option>';
+								} else{
+									echo '<option value="'.$row['id'].'">'.$item_name['name'].'</option>';
+								}
+							}
+							?>
+						</select> <br> <br> <input id="input" type="submit"
+							value="Verkaufen">
+					</form>
+				</td>
+			</tr>
+			<tr>
+				<td><hr id="hrc"></td>
+			</tr>
+			<tr>
+				<th align="center">Item verschenken</th>
+			</tr>
+			<tr>
+				<td width="491" align="center">
+					<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="GET">
+						<input type="hidden" name="as" value="item"> <input type="hidden"
+							name="charm" value="3">
+						<table border="0" width="70%" align="center">
+							<tr>
+								<td align="center">Item:</td>
+								<td align="left"><select id="input" name=item_id>
+										<option value="-1">Auswahl...</option>
+										<?php
+										$user_items = getTradeItems($user['id']);
+										for($i = 0; $i < count($user_items); $i++) {
+											echo $user_items[$i];
+										}
+										?>
+								</select>
+								</td>
+							</tr>
+							<tr>
+								<td align="center">Anzahl:</td>
+								<td align="left"><input class="input" name="anzahl" value="">
+								</td>
+							</tr>
+							<tr>
+								<td align="center">Geld:</td>
+								<td align="left"><input class="input" name="geld" value=""></td>
+							</tr>
+							<tr>
+								<td align="center">User:</td>
+								<td align="left"><input class="input" name="user" value=""></td>
+							</tr>
+							<tr>
+								<td colspan="2" align="center"><input id="input" type="submit"
+									value="Verschenken">
+								</td>
+							</tr>
+							<tr>
+								<td><?php //print_r($user);?></td>
+							</tr>
+						</table>
+					</form>
+				</td>
+			</tr>
+		</table>
+	</center>
+</div>