@ -10,6 +10,7 @@ include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/designfunctions.inc.php');
include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/fehlerausgabe.inc.php');
include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/fehlerausgabe.inc.php');
include_once ($_SERVER['DOCUMENT_ROOT'] . 'ag/include/char.inc.php');
include_once ($_SERVER['DOCUMENT_ROOT'] . 'ag/include/char.inc.php');
include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/parse.inc.php');
include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/parse.inc.php');
include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/messagefunctions.inc.php');
// GET-Section
// GET-Section
// Kritisch (SQL-Injections)
// Kritisch (SQL-Injections)
@ -17,6 +18,10 @@ $item_id1 = validateUnsignedInteger($_GET['item_id1'], null);
$char_id2 = validateUnsignedInteger($_GET['char_id2'], null);
$char_id2 = validateUnsignedInteger($_GET['char_id2'], null);
$item_id = validateUnsignedInteger($_GET['item_id'], null);
$item_id = validateUnsignedInteger($_GET['item_id'], null);
$sp_item = validateUnsignedInteger($_GET['sp_item'], null);
$sp_item = validateUnsignedInteger($_GET['sp_item'], null);
$tausch_item = validateString($_GET['item_id']);
$tausch_anzahl = validateUnsignedInteger($_GET['anzahl'], null);
$tausch_geld= validateUnsignedInteger($_GET['geld'], null);
$tausch_user = validateName($_GET['user']);
// Unkritisch
// Unkritisch
$charm = $_GET['charm'];
$charm = $_GET['charm'];
@ -35,8 +40,44 @@ else document.forms[0].elements['submit'].disabled=true;
}
}
-->
-->
< / script >
< / script >
<?php
<?php
// Die etwas abgewandelten Methode aus dem auktion_functions.php
function getTradeItems($userid){
$result = NULL;
$index = 0;
$arenalvl = mysql_fetch_array(mysql_query("SELECT level FROM arena WHERE besitzer = ".$userid.";"));
// Die etwas abgewandelten SQL-Querys aus dem auktion_functions.php
$query = 'SELECT i.id, i.name, count(i.id) AS anzahl, tausch_anzahl, tausch_lvl, \'ware\' as tablename FROM ware w INNER JOIN item i ON(i.id=w.item_id) WHERE w.user = '.$userid.' AND s_type = \'Trank\' AND tausch_lvl < = '.$arenalvl['level'].' GROUP BY i.id
union
SELECT i.id, i.name,count(i.id) AS anzahl, tausch_anzahl, tausch_lvl, \'sp_ware\' as tablename FROM sp_ware w INNER JOIN sp_item i ON(i.id=w.item) WHERE w.user = '.$userid.' AND tausch_lvl < = '.$arenalvl['level'].' GROUP BY i.id
union
SELECT i.id, i.item AS name, count(i.id) AS anzahl, tausch_anzahl, tausch_lvl, \'wochen_ware\' as tablename FROM wochen_ware w INNER JOIN wochen_markt i ON(i.id=w.item) WHERE w.user = '.$userid.' AND tausch_lvl < = '.$arenalvl['level'].' GROUP BY (i.id)';
$qry = mysql_query($query);
// Damit waeren alle noetigen Datenbankaufrufe erledigt!
while($row = mysql_fetch_assoc($qry)){
$result[$index++] = '< option value = \''.$row['id'].','.$row['tablename'].'\' > '.$row['name'].' | Anzahl:'.$row['anzahl'].' (max: '.$row['tausch_anzahl'].')< / option > ';
}
return $result;
}
function getTradeOptions($table, $item_id) {
$row = null;
switch ($table) {
case 'ware':
$row = mysql_fetch_array(mysql_query("SELECT tausch_lvl, tausch_anzahl, name FROM item WHERE id = $item_id;"));
break;
case 'wochen_ware':
$row = mysql_fetch_array(mysql_query("SELECT tausch_lvl, tausch_anzahl, item FROM wochen_markt WHERE id = $item_id;"));
break;
case 'sp_ware':
$row = mysql_fetch_array(mysql_query("SELECT tausch_lvl, tausch_anzahl, name FROM sp_item WHERE id = $item_id;"));
break;
}
return $row;
}
$user = $user_ida;
$user = $user_ida;
@ -45,20 +86,20 @@ if ($charm == 1) {
$item_info3 = mysql_fetch_array(mysql_query("SELECT preis, anzahl, hp, mp, starke, verteidigung, speed, s_type, type FROM item WHERE id='$item_info1[item_id]' LIMIT 1"));
$item_info3 = mysql_fetch_array(mysql_query("SELECT preis, anzahl, hp, mp, starke, verteidigung, speed, s_type, type FROM item WHERE id='$item_info1[item_id]' LIMIT 1"));
$char_id1 = getChar($char_id2);
$char_id1 = getChar($char_id2);
if ($item_info1[user] != $user[id]) {
if ($item_info1[' user' ] != $user[' id' ]) {
displayErrorMessage(NULL,'Dieses Item gehö rt nicht dir', displayHistoryBackLink());
displayErrorMessage(NULL,'Dieses Item gehö rt nicht dir', displayHistoryBackLink());
exit;
exit;
}
}
if ($char_id1[besitzer] != $user[id]) {
if ($char_id1[' besitzer' ] != $user[' id' ]) {
displayErrorMessage(NULL,'Dieser Charakter gehö rt nicht dir!', displayHistoryBackLink());
displayErrorMessage(NULL,'Dieser Charakter gehö rt nicht dir!', displayHistoryBackLink());
exit;
exit;
}
}
if ($item_info3[type] != "$char_id1[type]" AND $item_info3[type] != "ALL") {
if ($item_info3[' type' ] != "$char_id1[type]" AND $item_info3[' type' ] != "ALL") {
displayErrorMessage(NULL,'Dein Charakter kann dieses Item nicht benutzen!', displayHistoryBackLink());
displayErrorMessage(NULL,'Dein Charakter kann dieses Item nicht benutzen!', displayHistoryBackLink());
exit;
exit;
}
}
if ($item_info3[s_type] != "Trank") {
if ($item_info3[' s_type' ] != "Trank") {
displayErrorMessage(NULL,'Fehler dieses Item ist kein Trank!', displayHistoryBackLink());
displayErrorMessage(NULL,'Fehler dieses Item ist kein Trank!', displayHistoryBackLink());
exit;
exit;
}
}
@ -116,7 +157,7 @@ if ($charm == 2) {
$new_zahl = $item_info2['anzahl'] + 1;
$new_zahl = $item_info2['anzahl'] + 1;
$sql = "UPDATE user SET geld='$new_geld' WHERE id='$user[id]'";
$sql = "UPDATE user SET geld='$new_geld' WHERE id='$user[id]'";
// echo $sql.'< br > ';
// echo $sql.'< br > ';
mysql_query($sql);
mysql_query($sql);
mysql_query("UPDATE item SET anzahl='$new_zahl' WHERE id='$item_info[item_id]'");
mysql_query("UPDATE item SET anzahl='$new_zahl' WHERE id='$item_info[item_id]'");
mysql_Query("DELETE FROM ware WHERE id='$item_info[id]'");
mysql_Query("DELETE FROM ware WHERE id='$item_info[id]'");
@ -124,6 +165,81 @@ if ($charm == 2) {
exit;
exit;
}
}
if($charm == 3) {
if($tausch_user == null) {
displayErrorMessage(NULL,'Kein Namen für den User angegeben!', displayHistoryBackLink());
exit;
} else {
$row = mysql_fetch_array(mysql_query("SELECT id FROM user WHERE nickname='$tausch_user' LIMIT 1"));
$tausch_user_id = $row['id'];
if($tausch_user_id == null) {
displayErrorMessage(NULL,'Unbekannter User!', displayHistoryBackLink());
exit;
}
if($tausch_user_id == $user['id']) {
displayErrorMessage(NULL,'Warum an sich selbst was schenken?', displayHistoryBackLink());
exit;
}
}
$tausch_item = explode(",", $tausch_item);
if($tausch_geld != null xor $tausch_item[0] >= 0) {
//TODO: Transaktionsabfrage für den heutigen Tag
if($tausch_geld != null) {
$row = mysql_fetch_array(mysql_query("SELECT level FROM arena WHERE besitzer = ".$user['id'].";"));
$arenalvl = $row['level'];
if($tausch_geld < = ($arenalvl * 10000)) {
if($tausch_geld < = $user['geld']) {
$qry = 'UPDATE user SET geld = geld - '.$tausch_geld.' WHERE id = '.$user['id'].';';
mysql_query($qry);
$qry = 'UPDATE user SET geld = geld + '.$tausch_geld.' WHERE id = '.$tausch_user_id.';';
mysql_query($qry);
sendMessage($user['nickname'], $tausch_user_id, 'Geschenk', 'Der Spieler '.$user['nickname'].'hat dir '.$tausch_geld.' geschenkt!');
displayErrorMessage(NULL, 'Die Summe von '.$tausch_geld.'¥ wurde erfolgreich dem Spieler '.$tausch_user.' geschenkt!', '< a href = "index.php?as=item" > weiter...< / a > ');
exit;
} else {
displayErrorMessage(NULL,'Du besitzt garnicht soviel Geld!', displayHistoryBackLink());
exit;
}
} else {
displayErrorMessage(NULL,'Die Höhe des Geldbetrags darf nicht getauscht werden! (Max. Arenalevel * 10000)', displayHistoryBackLink());
exit;
}
}
if($tausch_item[0] >= 0) {
if($tausch_anzahl != null) {
$row = getTradeOptions($tausch_item[1], $tausch_item[0]);
if($tausch_anzahl < = $row['tausch_anzahl']) {
if($tausch_item[1] == 'ware') {
$qry = 'UPDATE ware SET user = '.$tausch_user_id.' WHERE item_id = '.$tausch_item[0].' AND user = '.$user['id'].' LIMIT '.$tausch_anzahl.';';
mysql_query($qry);
} else {
$qry = 'UPDATE '.$tausch_item[1].' SET user = '.$tausch_user_id.' WHERE item = '.$tausch_item[0].' AND user = '.$user['id'].' LIMIT '.$tausch_anzahl.';';
mysql_query($qry);
}
sendMessage($user['nickname'], $tausch_user_id, 'Geschenk', 'Der Spieler '.$user['nickname'].' hat dir das Item '.$row['name'].$row['item'].' geschenkt!');
displayErrorMessage(NULL, 'Item erfolgreich dem Spieler geschenkt!', '< a href = "index.php?as=item" > weiter...< / a > ');
exit;
} else {
displayErrorMessage(NULL,'Keine gültige Eingabe bei der Anzahl!', displayHistoryBackLink());
exit;
}
} else {
displayErrorMessage(NULL,'Keine gültige Eingabe bei der Anzahl!', displayHistoryBackLink());
exit;
}
}
} else {
displayErrorMessage(NULL,'Es kann entweder nur Geld oder ein Item verschenkt werden.', displayHistoryBackLink());
exit;
}
}
if ($charm == 6) {
if ($charm == 6) {
$item_info = mysql_fetch_array(mysql_query("SELECT w.user, i.item, i.starke, i.ver, i.speed, i.ausdauer, i.hp, i.mp, i.glueck FROM wochen_ware w LEFT JOIN wochen_markt i ON(i.id=w.item) WHERE w.id='$sp_item' LIMIT 1"));
$item_info = mysql_fetch_array(mysql_query("SELECT w.user, i.item, i.starke, i.ver, i.speed, i.ausdauer, i.hp, i.mp, i.glueck FROM wochen_ware w LEFT JOIN wochen_markt i ON(i.id=w.item) WHERE w.id='$sp_item' LIMIT 1"));
$char_id1 = getChar($char_id2);
$char_id1 = getChar($char_id2);
@ -173,50 +289,52 @@ print_r($char_id1);
?>
?>
< div align = "center" >
< div align = "center" >
< center >
< center >
< table border = "0" cellpadding = "0" cellspacing = "0" style = "border-collapse: collapse" bordercolor = "#111111" width = "100%" height = "1" >
< table border = "0" cellpadding = "0" cellspacing = "0"
< tr >
style="border-collapse: collapse" bordercolor="#111111" width="100%"
< th align = "center" > Item nutzen< / th >
height="1">
< / tr >
< tr >
< tr >
< th align = "center" > Item nutzen< / th >
< td width = "488" height = "50" align = "center" >
< / tr >
< form action = " <?php echo $_SERVER [ 'PHP_SELF' ]; ?> " method = "get" >
< tr >
< input type = "hidden" name = "as" value = "item" >
< td width = "488" height = "50" align = "center" >
< input type = "hidden" name = "charm" value = "1" >
< form action = " <?php echo $_SERVER [ 'PHP_SELF' ]; ?> " method = "get" >
< select id = "input" name = "char_id2" onchange = "disablebutton()" >
< input type = "hidden" name = "as" value = "item" > < input type = "hidden"
< option value = "-1" > Charakter auswä hlen< / option >
name="charm" value="1"> < select id = "input" name = "char_id2"
<?php
onchange="disablebutton()">
foreach($chars as $row){
< option value = "-1" > Charakter auswä hlen< / option >
$hp1 = explode(",", $row['hp']);
<?php
$mp1 = explode(",", $row['mp']);
foreach($chars as $row){
echo '< option value = "'.$row['id'].'" > '.$row['name'].' (HP: '.$hp1[0].' / '.$hp1[1].') (MP: '.$mp1[0].' / '.$mp1[1].') (Type: '.$row['type'].')< / option > ';
$hp1 = explode(",", $row['hp']);
}
$mp1 = explode(",", $row['mp']);
?>
echo '< option value = "'.$row['id'].'" > '.$row['name'].' (HP: '.$hp1[0].' / '.$hp1[1].') (MP: '.$mp1[0].' / '.$mp1[1].') (Type: '.$row['type'].')< / option > ';
< / select >
}
< br > < br >
?>
< select id = "input" name = "item_id1" >
< / select > < br > < br > < select id = "input" name = "item_id1" >
<?php
<?php
while ($row = mysql_fetch_array($item2)) {
while ($row = mysql_fetch_array($item2)) {
$item_name = mysql_fetch_assoc(mysql_query('SELECT hp, mp, name, type, s_type, id FROM item WHERE id='.$row['item_id']));
$item_name = mysql_fetch_assoc(mysql_query('SELECT hp, mp, name, type, s_type, id FROM item WHERE id='.$row['item_id']));
if ($item_name[s_type] == "Trank") {
if ($item_name[s_type] == "Trank") {
echo '< option value = "'.$row['id'].'" > '.$item_name['name'].' ('.$row['anzahl'].' mal)';
echo '< option value = "'.$row['id'].'" > '.$item_name['name'].' ('.$row['anzahl'].' mal)';
}
}
}
}
?>
?>
< / select >
< / select > < br > < br > < input id = "input" type = submit disabled
< br > < br >
<?php echo $disabled ; ?> name='submit' value='Benutzen'>
< input id = "input" type = submit disabled <?php echo $disabled ; ?> name = 'submit' value = 'Benutzen' >
< / form >
< / form >
< / td >
< / td >
< / tr >
< / tr >
< tr >
< tr > < td > < hr id = "hrc" > < / td > < / tr >
< td > < hr id = "hrc" > < / td >
< tr > < th > Spezialitems nutzen< / th > < / tr >
< / tr >
< tr >
< tr >
< td width = "488" height = "50" align = "center" >
< th > Spezialitems nutzen< / th >
<?php
< / tr >
< tr >
< td width = "488" height = "50" align = "center" > <?php
$sp_items = array(1,2,11,404,415);
$sp_items = array(1,2,11,404,415);
$sql = 'SELECT si.name, si.id, count(sw.item) as anzahl FROM sp_item si LEFT JOIN (Select item from sp_ware where user = '.$user_ida['id'].') sw ON sw.item = si.id WHERE si.id IN ('.join(',',$sp_items).') GROUP by si.id';
$sql = 'SELECT si.name, si.id, count(sw.item) as anzahl FROM sp_item si LEFT JOIN (Select item from sp_ware where user = '.$user_ida['id'].') sw ON sw.item = si.id WHERE si.id IN ('.join(',',$sp_items).') GROUP by si.id';
// echo $sql.'< br > ';
// echo $sql.'< br > ';
$qry = mysql_query($sql);
$qry = mysql_query($sql);
while($row = mysql_fetch_assoc($qry)){
while($row = mysql_fetch_assoc($qry)){
// 7 DBs, 1 Potara und 1 Bohne gibts derzeit
// 7 DBs, 1 Potara und 1 Bohne gibts derzeit
@ -233,68 +351,117 @@ print_r($char_id1);
echo $row['name'].' ('.$row['anzahl'].')< br > '."\n";
echo $row['name'].' ('.$row['anzahl'].')< br > '."\n";
}
}
}
}
?>
?>
< / td >
< / td >
< / tr >
< / tr >
< tr > < td > < hr id = "hrc" > < / td > < / tr >
< tr >
< tr > < th > Teufelsfrucht benutzen< / th > < / tr >
< td > < hr id = "hrc" > < / td >
< tr >
< / tr >
< td width = "491" height = "25" align = "center" >
< tr >
< form action = " <?php echo $_SERVER [ 'PHP_SELF' ] ?> " method = "get" >
< th > Teufelsfrucht benutzen< / th >
< input type = "hidden" name = "as" value = "item" >
< / tr >
< input type = "hidden" name = "charm" value = "6" >
< tr >
< select id = "input" name = "char_id2" >
< td width = "491" height = "25" align = "center" >
< option value = "" > Charakter auswä hlen< / option >
< form action = " <?php echo $_SERVER [ 'PHP_SELF' ] ?> " method = "get" >
<?php
< input type = "hidden" name = "as" value = "item" > < input type = "hidden"
// Speziell!!
name="charm" value="6"> < select id = "input" name = "char_id2" >
$char4 = mysql_query('SELECT id, name FROM chars WHERE besitzer='.$user_ida['id'].' AND type=\'Onepiece\' AND frucht is NULL');
< option value = "" > Charakter auswä hlen< / option >
while ($row4 = mysql_fetch_array($char4)) {
<?php
echo '< option value = "'.$row4['id'].'" > '.$row4['name'].'< / option > ';
// Speziell!!
}
$char4 = mysql_query('SELECT id, name FROM chars WHERE besitzer='.$user_ida['id'].' AND type=\'Onepiece\' AND frucht is NULL');
?>
while ($row4 = mysql_fetch_array($char4)) {
< / select >
echo '< option value = "'.$row4['id'].'" > '.$row4['name'].'< / option > ';
< br > < br >
}
< select id = "input" name = "sp_item" >
?>
< / select > < br > < br > < select id = "input" name = "sp_item" >
<?php
<?php
$sp_item = mysql_query("SELECT w.id, i.item FROM wochen_ware w LEFT JOIN wochen_markt i ON(w.item=i.id) WHERE w.user='$user_ida[id]'");
$sp_item = mysql_query("SELECT w.id, i.item FROM wochen_ware w LEFT JOIN wochen_markt i ON(w.item=i.id) WHERE w.user='$user_ida[id]'");
while ($row3 = mysql_fetch_array($sp_item)) {
while ($row3 = mysql_fetch_array($sp_item)) {
echo "< option value = '$row3[id]' > $row3[item]";
echo "< option value = '$row3[id]' > $row3[item]";
}
}
?>
?>
< / select >
< / select > < br > < br > < input id = "input" type = submit
< br > < br >
value="Teufels Frucht Benutzen">
< input id = "input" type = submit value = "Teufels Frucht Benutzen" >
< / form >
< / form >
< / td >
< / td >
< / tr >
< / tr >
< tr >
< tr > < td > < hr id = "hrc" > < / td > < / tr >
< td > < hr id = "hrc" > < / td >
< tr >
< / tr >
< th align = "center" > Item verkaufen< / th >
< tr >
< / tr >
< th align = "center" > Item verkaufen< / th >
< tr >
< / tr >
< td width = "491" height = "50" align = "center" >
< tr >
< form action = " <?php echo $_SERVER [ 'PHP_SELF' ]; ?> " method = "get" >
< td width = "491" height = "50" align = "center" >
< input type = "hidden" name = "as" value = "item" >
< form action = " <?php echo $_SERVER [ 'PHP_SELF' ]; ?> " method = "get" >
< input type = "hidden" name = "charm" value = "2" >
< input type = "hidden" name = "as" value = "item" > < input type = "hidden"
< select id = "input" name = item_id >
name="charm" value="2"> < select id = "input" name = item_id >
< option value = "0" > Verkaufen!< / option >
< option value = "0" > Verkaufen!< / option >
<?php
<?php
while ($row = mysql_fetch_assoc($item1)) {
while ($row = mysql_fetch_assoc($item1)) {
$item_name = mysql_fetch_assoc(mysql_query('SELECT * FROM item WHERE id='.$row['item_id']));
$item_name = mysql_fetch_assoc(mysql_query('SELECT * FROM item WHERE id='.$row['item_id']));
if($item_name['s_type'] != 'Trank'){
if($item_name['s_type'] != 'Trank'){
echo '< option value = "'.$row['id'].'" > '.$item_name['name'].' (Typ: '.$item_name['s_type'].', Level: '.$item_name['level'].')< / option > ';
echo '< option value = "'.$row['id'].'" > '.$item_name['name'].' (Typ: '.$item_name['s_type'].', Level: '.$item_name['level'].')< / option > ';
} else{
} else{
echo '< option value = "'.$row['id'].'" > '.$item_name['name'].'< / option > ';
echo '< option value = "'.$row['id'].'" > '.$item_name['name'].'< / option > ';
}
}
}
}
?>
?>
< / select >
< / select > < br > < br > < input id = "input" type = "submit"
< br > < br >
value="Verkaufen">
< input id = "input" type = "submit" value = "Verkaufen" >
< / form >
< / form >
< / td >
< / td >
< / tr >
< / tr >
< tr >
< td > < hr id = "hrc" > < / td >
< / table >
< / tr >
< / center >
< tr >
< th align = "center" > Item verschenken< / th >
< / tr >
< tr >
< td width = "491" align = "center" >
< form action = " <?php echo $_SERVER [ 'PHP_SELF' ]; ?> " method = "GET" >
< input type = "hidden" name = "as" value = "item" > < input type = "hidden"
name="charm" value="3">
< table border = "0" width = "70%" align = "center" >
< tr >
< td align = "center" > Item:< / td >
< td align = "left" > < select id = "input" name = item_id >
< option value = "-1" > Auswahl...< / option >
<?php
$user_items = getTradeItems($user['id']);
for($i = 0; $i < count ( $ user_items ) ; $ i + + ) {
echo $user_items[$i];
}
?>
< / select >
< / td >
< / tr >
< tr >
< td align = "center" > Anzahl:< / td >
< td align = "left" > < input class = "input" name = "anzahl" value = "" >
< / td >
< / tr >
< tr >
< td align = "center" > Geld:< / td >
< td align = "left" > < input class = "input" name = "geld" value = "" > < / td >
< / tr >
< tr >
< td align = "center" > User:< / td >
< td align = "left" > < input class = "input" name = "user" value = "" > < / td >
< / tr >
< tr >
< td colspan = "2" align = "center" > < input id = "input" type = "submit"
value="Verschenken">
< / td >
< / tr >
< tr >
< td > <?php //print_r($user);?></td>
< / tr >
< / table >
< / form >
< / td >
< / tr >
< / table >
< / center >
< / div >
< / div >