agng/ag/item.php

<?php
/*
 *
 * @copyright (c) 2010 animegame.eu
 * @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public Licence
 *
 */
include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/config.inc.php');
include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/designfunctions.inc.php');
include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/fehlerausgabe.inc.php');
include_once ($_SERVER['DOCUMENT_ROOT'] . 'ag/include/char.inc.php');
include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/parse.inc.php');

// GET-Section
// Kritisch (SQL-Injections)
$item_id1 = validateUnsignedInteger($_GET['item_id1'], null);
$char_id2 = validateUnsignedInteger($_GET['char_id2'], null);
$item_id = validateUnsignedInteger($_GET['item_id'], null);
$sp_item = validateUnsignedInteger($_GET['sp_item'], null);

// Unkritisch
$charm = $_GET['charm'];
$ak_no = $_GET['ak_no'];

?>

<script type="text/javascript">
<!--
function disablebutton() 
{
if(document.forms[0].elements['char_id2'].value!=-1)
document.forms[0].elements['submit'].disabled=false;
else document.forms[0].elements['submit'].disabled=true; 

}
-->
</script>
<?php


$user = $user_ida;

if ($charm == 1) {
	$item_info1 = mysql_fetch_array(mysql_query("SELECT item_id, id, user FROM ware WHERE id='$item_id1' LIMIT 1"));
	$item_info3 = mysql_fetch_array(mysql_query("SELECT preis, anzahl, hp, mp, starke, verteidigung, speed, s_type, type FROM item WHERE id='$item_info1[item_id]' LIMIT 1"));
	$char_id1 = getChar($char_id2);

	if ($item_info1[user] != $user[id]) {
		displayErrorMessage(NULL,'Dieses Item geh&ouml;rt nicht dir', displayHistoryBackLink());
		exit;
	}

	if ($char_id1[besitzer] != $user[id]) {
		displayErrorMessage(NULL,'Dieser Charakter geh&ouml;rt nicht dir!', displayHistoryBackLink());
		exit;
	}
	if ($item_info3[type] != "$char_id1[type]" AND $item_info3[type] != "ALL") {
		displayErrorMessage(NULL,'Dein Charakter kann dieses Item nicht benutzen!', displayHistoryBackLink());
		exit;
	}
	if ($item_info3[s_type] != "Trank") {
		displayErrorMessage(NULL,'Fehler dieses Item ist kein Trank!', displayHistoryBackLink());
		exit;
	}

	$hp1 = explode(",", $char_id1['hp']);
	$mp1 = explode(",", $char_id1['mp']);

	$st1 = explode(",", $item_info3['starke']);

	$hp2 = explode(",", $item_info3['hp']);
	$mp2 = explode(",", $item_info3['mp']);

	$ver1 = explode(",", $item_info3['verteidigung']);
	$speed1 = explode(",", $item_info3['speed']);
	$new_hp2 = $hp1[1] + $hp2[1];
	$new_mp2 = $mp1[1] + $mp2[1];
	$new_hp = $hp1[0] + $hp2[0];
	$new_mp = $mp1[0] + $mp2[0];
	$new_starke = $st1[0] + $char_id1['starke'];
	$new_ver = $ver1[0] + $char_id1['verteidigung'];
	$new_speed = $speed1[0] + $char_id1['speed'];

	if ($new_hp > $hp1[1]) {
		$new_hp = $hp1[1];
	}
	if ($new_mp > $mp1[1]) {
		$new_mp = $mp1[1];
	}

	mysql_Query("UPDATE chars SET starke='$new_starke', verteidigung='$new_ver', speed='$new_speed', hp='$new_hp,$new_hp2', mp='$new_mp,$new_mp2' WHERE id='$char_id2' LIMIT 1");
	mysql_query("DELETE FROM ware WHERE id='$item_info1[id]' LIMIT 1");

	displayErrorMessage(NULL,'Trank erfolgreich Benutzt', '<a href="index.php?as=item">weiter...</a>');
	exit;
}

if ($charm == 2) {
	if (!$ak_no) {
		displayErrorMessage(NULL,'Wollen sie das item wirklich Verkaufen? PS: Sie bekommen nur 50%', displayHistoryBackLink().' | <a href="index.php?as=item&charm=2&item_id='.$item_id.'&ak_no=1">Ja</a>');
		exit;
	}

	$item_info = mysql_fetch_array(mysql_query("SELECT item_id, id, user, ru_mal FROM ware WHERE id='$item_id' LIMIT 1"));
	$item_info2 = mysql_fetch_array(mysql_query("SELECT preis, anzahl FROM item WHERE id='$item_info[item_id]' LIMIT 1"));

	if ($item_info['user'] != $user_ida['id']) {
		displayErrorMessage(NULL,'Dieses Item geh&ouml;rt nicht dir', displayHistoryBackLink());
		exit;
	}
	if ($item_info['ru_mal'] == 0) {
		$new_geld = $user['geld'] + ($item_info2['preis'] / 2);
	} else {
		$new_geld = $user['geld'] + (($item_info2['preis'] / 2) * $item_info['ru_mal']);
	}
	$new_zahl = $item_info2['anzahl'] + 1;

	$sql = "UPDATE user SET geld='$new_geld' WHERE id='$user[id]'";
//	echo $sql.'<br>';
	mysql_query($sql);
	mysql_query("UPDATE item SET anzahl='$new_zahl' WHERE id='$item_info[item_id]'");
	mysql_Query("DELETE FROM ware WHERE id='$item_info[id]'");
	displayErrorMessage(NULL,'Item erfolgreich verkauft', '<a href="index.php?as=item">weiter...</a>');
	exit;
}

if ($charm == 6) {
	$item_info = mysql_fetch_array(mysql_query("SELECT w.user, i.item, i.starke, i.ver, i.speed, i.ausdauer, i.hp, i.mp, i.glueck  FROM wochen_ware w LEFT JOIN wochen_markt i ON(i.id=w.item) WHERE w.id='$sp_item' LIMIT 1"));
	$char_id1 = getChar($char_id2);

	if ($item_info['user'] != $user['id']) {
		displayErrorMessage(NULL,'Dieses Item geh&ouml;rt nicht dir', displayHistoryBackLink());
		exit;
	}

	if ($char_id1['besitzer'] != $user['id']) {
		displayErrorMessage(NULL,'Dieser Charakter geh&ouml;rt nicht dir!', displayHistoryBackLink());
		exit;
	}
	
	if ($char_id1['status'] != 'frei') {
		displayErrorMessage(NULL,'Dieser Charakter ist nicht frei!', displayHistoryBackLink());
		exit;
	}
	
	echo 'vars:';
	print_r($char_id1);

	$hp1 = explode(",", $char_id1['hp']);
	$mp1 = explode(",", $char_id1['mp']);

	$new_hp2 = $hp1[1] + $item_info['hp'];
	$new_mp2 = $mp1[1] + $item_info['mp'];

	$new_starke = $item_info['starke'] + $char_id1['starke'];
	$new_ver = $item_info['ver'] + $char_id1['verteidigung'];
	$new_speed = $item_info['speed'] + $char_id1['speed'];
	$new_ausdauer = $item_info['ausdauer'] + $char_id1['ausdauer'];
	$new_glueck = $item_info['glueck'] + $char_id1['glueck'];

	mysql_Query("UPDATE chars SET frucht='$item_info[item]', ausdauer='$new_ausdauer', glueck='$new_glueck', starke='$new_starke', verteidigung='$new_ver', speed='$new_speed', hp='$hp1[0],$new_hp2', mp='$mp1[0],$new_mp2' WHERE id='$char_id2' LIMIT 1");
	mysql_query("DELETE FROM wochen_ware WHERE id='$sp_item' LIMIT 1");

	displayErrorMessage(NULL,$item_info['item'].' erfolgreich benutzt', '<a href="index.php?as=item">weiter...</a>');
	exit;
}

$chars = getCharsOfUser($user_ida['id']);
$sql = "SELECT item_id, count(item_id) as anzahl, user, id, ru_mal FROM ware WHERE user='$user[id]' group by item_id";
//echo $sql;
$item2 = mysql_query($sql);
$item1 = mysql_query("SELECT item_id, id, ru_mal FROM ware WHERE user='$user[id]' group by item_id");


print_r($char_id1);
?>

<div align="center">
  <center>
  <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" height="1">
    <tr>
      <th align="center">Item nutzen</th>
    </tr>
    <tr>    
    	<td width="488" height="50" align="center">
			<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get">
				<input type="hidden" name="as" value="item">
				<input type="hidden" name="charm" value="1">
      			<select id="input" name="char_id2" onchange="disablebutton()">
					<option value="-1">Charakter ausw&auml;hlen</option>
				<?php
					foreach($chars as $row){
						$hp1 = explode(",", $row['hp']);
						$mp1 = explode(",", $row['mp']);
						echo '<option value="'.$row['id'].'">'.$row['name'].' (HP: '.$hp1[0].' / '.$hp1[1].') (MP: '.$mp1[0].' / '.$mp1[1].') (Type: '.$row['type'].')</option>';
					}
				?>
	      		</select>
	      		<br><br>
	      		<select id="input" name="item_id1">
				<?php
				while ($row = mysql_fetch_array($item2)) {
					$item_name = mysql_fetch_assoc(mysql_query('SELECT hp, mp, name, type, s_type, id FROM item WHERE id='.$row['item_id']));
					if ($item_name[s_type] == "Trank") {
						echo '<option value="'.$row['id'].'">'.$item_name['name'].' ('.$row['anzahl'].' mal)';
					}
				}
				?>
	      		</select>
	      		<br><br>
				<input id="input" type=submit disabled <?php echo $disabled; ?> name='submit' value='Benutzen'>    
	      	</form>
		</td>
    </tr>
    <tr><td><hr id="hrc"></td></tr>
	<tr><th>Spezialitems nutzen</th></tr>
	<tr>
    	<td width="488" height="50" align="center">
			<?php 
				$sp_items = array(1,2,11,404,415);
				$sql = 'SELECT si.name, si.id, count(sw.item) as anzahl FROM sp_item si LEFT JOIN (Select item from sp_ware where user = '.$user_ida['id'].') sw ON sw.item = si.id WHERE si.id IN ('.join(',',$sp_items).') GROUP by si.id';
//				echo $sql.'<br>';
				$qry = mysql_query($sql);
				while($row = mysql_fetch_assoc($qry)){
					// 7 DBs, 1 Potara und 1 Bohne gibts derzeit
					if($row['id'] == 11 && $row['anzahl'] >= 7){
						echo '<a href="index.php?as=dragonballs">'.$row['name'].' einsetzen ('.$row['anzahl'].')</a>';
					} else if(($row['id'] == 1 || $row['id'] == 2) && $row['anzahl'] > 0){
						// Potaras und Bohnen
						echo '<a href="index.php?as=sp_item&item_id='.$row['id'].'">'.$row['name'].' einsetzen ('.$row['anzahl'].')</a><br>';
					} else if($row['id'] == 404 || $row['id'] == 415){
						if($row['anzahl'] > 0){
							echo '<a href="index.php?as=sp_item&item_id='.$row['id'].'">'.$row['name'].' öffnen ('.$row['anzahl'].')</a><br>';
						}
					} else{
						echo $row['name'].' ('.$row['anzahl'].')<br>'."\n";
					}
				}
			?>
		</td>
	</tr>
	<tr><td><hr id="hrc"></td></tr>
	<tr><th>Teufelsfrucht benutzen</th></tr>
	<tr>
		<td width="491" height="25" align="center">
			<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="get">
				<input type="hidden" name="as" value="item">
				<input type="hidden" name="charm" value="6">
				<select id="input" name="char_id2">
					<option value="">Charakter ausw&auml;hlen</option>
						<?php
						// Speziell!!
						$char4 = mysql_query('SELECT id, name FROM chars WHERE besitzer='.$user_ida['id'].' AND type=\'Onepiece\' AND frucht is NULL');
						while ($row4 = mysql_fetch_array($char4)) {
							echo '<option value="'.$row4['id'].'">'.$row4['name'].'</option>';
						}
						?>
				</select>
				<br><br>
				<select id="input" name="sp_item">
						<?php
						$sp_item = mysql_query("SELECT w.id, i.item FROM wochen_ware w LEFT JOIN wochen_markt i ON(w.item=i.id) WHERE w.user='$user_ida[id]'");
						while ($row3 = mysql_fetch_array($sp_item)) {
							echo "<option value='$row3[id]'>$row3[item]";
						}
						?>
				</select>
				<br><br>
      			<input id="input" type=submit value="Teufels Frucht Benutzen">
			</form>
		</td>
	</tr>
	<tr><td><hr id="hrc"></td></tr>
	    <tr>
      <th align="center">Item verkaufen</th>
    </tr>
    <tr>
		<td width="491" height="50" align="center">
			<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get">
				<input type="hidden" name="as" value="item">
				<input type="hidden" name="charm" value="2">
				<select id="input" name=item_id>
					<option value="0">Verkaufen!</option>
					<?php
					while ($row = mysql_fetch_assoc($item1)) {
						$item_name = mysql_fetch_assoc(mysql_query('SELECT * FROM item WHERE id='.$row['item_id']));
						if($item_name['s_type'] != 'Trank'){
							echo '<option value="'.$row['id'].'">'.$item_name['name'].' (Typ: '.$item_name['s_type'].', Level: '.$item_name['level'].')</option>';
						} else{
							echo '<option value="'.$row['id'].'">'.$item_name['name'].'</option>';
						}
					}
					?>
				</select>
				<br><br>
				<input id="input" type="submit" value="Verkaufen">
			</form> 
		</td>
	</tr>
	
  </table>
  </center>
</div>