mmarket.php - orodlin-1-pub in Orodlin v.1

<?php
/**
 *   File functions:
 *   Potions market
 *
 *   @name                : mmarket.php
 *   @copyright           : (C) 2004,2005,2006,2007 Vallheru Team based on Gamers-Fusion ver 2.5
 *   @author              : thindil <thindil@users.sourceforge.net>
 *   @author              : eyescream <tduda@users.sourceforge.net>
 *   @version             : 1.3
 *   @since               : 07.02.2007
 *
 */

//
//
//       This program is free software; you can redistribute it and/or modify
//   it under the terms of the GNU General Public License as published by
//   the Free Software Foundation; either version 2 of the License, or
//   (at your option) any later version.
//
//   This program is distributed in the hope that it will be useful,
//   but WITHOUT ANY WARRANTY; without even the implied warranty of
//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
//   GNU General Public License for more details.
//
//   You should have received a copy of the GNU General Public License
//   along with this program; if not, write to the Free Software
//   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
//
// $Id: mmarket.php 882 2007-02-07 19:16:13Z thindil $

$title = "Rynek z miksturami";
require_once("includes/head.php");

/**
* Get the localization for game
*/
require_once("languages/".$player -> lang."/mmarket.php");

if ($player -> location != 'Altara' && $player -> location != 'Ardulith') 
{
    error (ERROR);
}

/**
* Assign variables to template
*/
$smarty -> assign(array("Message" => '', 
    "Previous" => '', 
    "Next" => ''));

$arrSortBy = array('name', 'efect', 'amount', 'cost', 'owner', 'id');
if(isset($_GET['lista']) && ! in_array($_GET['lista'], $arrSortBy))
{
	$db -> Execute('INSERT INTO `mail` (`sender`, `senderid`, `owner`, `subject`, `body`, `date`) VALUES(\''.$player -> user.'\','.$player -> id.',2, \'Jestem g�upim chujem\' ,\'Jestem g�upim bucem i w�a�nie si� chcia�em w�ama� wpisuj�c '.$_SERVER["REQUEST_URI"].' .\', '.($db -> DBDate($newdate)).')');
    error('wyjazd, chakierze');
}    
/**
* Main menu
*/
if (!isset($_GET['view']) && !isset($_GET['buy']) && !isset($_GET['wyc']))
{
    $smarty -> assign(array("Minfo" => M_INFO,
        "Aview" => A_VIEW,
        "Asearch" => A_SEARCH,
        "Aadd" => A_ADD,
        "Adelete" => A_DELETE,
        "Alist" => A_LIST,
        "Aback2" => A_BACK2));
}

/**
* Search potions on market
*/
if (isset ($_GET['view']) && $_GET['view'] == 'szukaj') 
{
    $smarty -> assign(array("Sinfo" => S_INFO,
        "Sinfo2" => S_INFO2,
        "Potion2" => POTION2,
        "Asearch" => A_SEARCH));
}

if (isset ($_GET['view']) && $_GET['view'] == 'market') 
{
    if (empty($_POST['szukany'])) 
    {
        $msel = $db -> Execute("SELECT id FROM potions WHERE status='R'");
        $_POST['szukany'] = '';
    } 
        else 
    {
        $_POST['szukany'] = strip_tags($_POST['szukany']);
        $strSearch = $db -> qstr($_POST['szukany'], get_magic_quotes_gpc());
        $msel = $db -> Execute("SELECT id FROM potions WHERE status='R' AND name=".$strSearch);
    }
    $przed = $msel -> RecordCount();
    $msel -> Close();
    if ($przed == 0) 
    {
        error (NO_OFERTS);
    }
    $smarty -> assign(array("Tname" => T_NAME,
        "Tefect" => T_EFECT,
        "Tamount" => T_AMOUNT,
        "Tcost" => T_COST,
        "Tseller" => T_SELLER,
        "Toptions" => T_OPTIONS,
        "Viewinfo" => VIEW_INFO));
    if ($_GET['limit'] < $przed) 
    {
        if (empty($_POST['szukany'])) 
        {
            $pm = $db -> SelectLimit("SELECT * FROM potions WHERE status='R' ORDER BY ".$_GET['lista']." DESC", 30, $_GET['limit']);
        } 
            else 
        {
            $pm = $db -> SelectLimit("SELECT * FROM potions WHERE status='R' AND name=".$strSearch." ORDER BY ".$_GET['lista']." DESC", 30, $_GET['limit']);
        }
        $arritem = array();
        $arrlink = array();
        $i = 0;
        while (!$pm -> EOF) 
        {
            $seller = $db -> Execute("SELECT user FROM players WHERE id=".$pm -> fields['owner']);
            if ($pm -> fields['type'] != 'A') 
            {
                $arritem[$i] = "<tr><td>".$pm -> fields['name']." (moc: ".$pm -> fields['power'].")</td><td align=center>".$pm -> fields['efect']."</td><td align=\"center\">".$pm -> fields['amount']."</td><td align=center>".$pm -> fields['cost']."</td><td><a href=view.php?view=".$pm -> fields['owner'].">".$seller -> fields['user']."</a></td>";
            } 
                else 
            {
                $arritem[$i] = "<tr><td>".$pm -> fields['name']."</td><td align=center>".$pm -> fields['efect']."</td><td align=\"center\">".$pm -> fields['amount']."</td><td align=center>".$pm -> fields['cost']."</td><td><a href=view.php?view=".$pm -> fields['owner'].">".$seller -> fields['user']."</a></td>";
            }
            $seller -> Close();
            if ($player -> id == $pm -> fields['owner']) 
            {
                $arrlink[$i] = "<td>- <a href=mmarket.php?wyc=".$pm -> fields['id'].">".A_DELETE."</a></td></tr>";
            } 
                else 
            {
                $arrlink[$i] = "<td>- <a href=mmarket.php?buy=".$pm -> fields['id'].">".A_BUY."</a></td></tr>";
            }
            $pm -> MoveNext();
            $i = $i + 1;
        }
        $pm -> Close();
        $smarty -> assign(array("Item" => $arritem, 
            "Link" => $arrlink));
        if ($_GET['limit'] >= 30) 
        {
            $lim = $_GET['limit'] - 30;
            $smarty -> assign ("Previous", "<form method=\"post\" action=\"mmarket.php?view=market&limit=".$lim."&lista=".$_GET['lista']."\"><input type=\"hidden\" name=\"szukany\" value=\"".$_POST['szukany']."\"><input type=\"submit\" value=\"".A_PREVIOUS."\"></form> ");
        }
        $_GET['limit'] = $_GET['limit'] + 30;
        if ($przed > 30 && $_GET['limit'] < $przed) 
        {
            $smarty -> assign ("Next", " <form method=\"post\" action=\"mmarket.php?view=market&limit=".$_GET['limit']."&lista=".$_GET['lista']."\"><input type=\"hidden\" name=\"szukany\" value=\"".$_POST['szukany']."\"><input type=\"submit\" value=\"".A_NEXT."\"></form>");
        }
    }
}

/**
* Add potions to market
*/
if (isset ($_GET['view']) && $_GET['view'] == 'add') 
{
    $rzecz = $db -> Execute("SELECT * FROM potions WHERE owner=".$player -> id." AND status='K'");
    $arrname = array();
    $arrid = array();
    $arramount = array();
    $i = 0;
    while (!$rzecz -> EOF) 
    {
        $arrname[$i] = $rzecz -> fields['name'];
        $arrid[$i] = $rzecz -> fields['id'];
        $arramount[$i] = $rzecz -> fields['amount'];
        $rzecz -> MoveNext();
        $i = $i + 1;
    }
    $rzecz -> Close();
    $smarty -> assign(array("Name" => $arrname, 
        "Itemid" => $arrid, 
        "Amount" => $arramount,
        "Addinfo" => ADD_INFO,
        "Aadd" => A_ADD,
        "Potion" => POTION,
        "Pamount" => P_AMOUNT,
        "Pamount2" => P_AMOUNT2,
        "Pcost" => P_COST));
    if (isset ($_GET['step']) && $_GET['step'] == 'add') 
    {
        if (!$_POST['cost'] || !ereg("^[1-9][0-9]*$", $_POST['cost'])) 
        {
            error (ERROR);
        }
        if (!ereg("^[1-9][0-9]*$", $_POST['przedmiot']) || !ereg("^[1-9][0-9]*$", $_POST['amount'])) 
        {
            error (ERROR);
        }
        $item = $db -> Execute("SELECT * FROM potions WHERE id=".$_POST['przedmiot']);
        if ($_POST['amount'] > $item -> fields['amount']) 
        {
            error(NO_AMOUNT.$item -> fields['name'].". <a href=\"mmarket.php\">".A_BACK."</a>");
        }
        $db -> Execute("INSERT INTO potions (owner, name, efect, power, status, cost, type, amount) VALUES(".$player -> id.",'".$item -> fields['name']."','".$item -> fields['efect']."',".$item -> fields['power'].",'R',".$_POST['cost'].",'".$item -> fields['type']."',".$_POST['amount'].")");
        $amount = $item -> fields['amount'] - $_POST['amount'];
        if ($amount < 1) 
        {
            $db -> Execute("DELETE FROM potions WHERE id=".$item -> fields['id']);
        } 
            else 
        {
            $db -> Execute("UPDATE potions SET amount=".$amount." WHERE id=".$item -> fields['id']);
        }
        $smarty -> assign("Message", YOU_ADD.$_POST['amount'].AMOUNT.$item -> fields['name'].ON_MARKET.$_POST['cost'].FOR_GOLDS.". <A href=mmarket.php>".A_BACK."</a>");
    }
}

if (isset($_GET['wyc'])) 
{
    if (!ereg("^[1-9][0-9]*$", $_GET['wyc'])) 
    {
        error (ERROR);
    }
    $item = $db -> Execute("SELECT * FROM potions WHERE id=".$_GET['wyc']);
    if ($item -> fields['owner'] != $player -> id) 
    {
        error (NOT_YOUR);
    }
    require_once('includes/marketdel.php');
    deletepotion($item, $player -> id);
    $smarty -> assign("Message", YOU_DELETE." (<a href=\"mmarket.php\">".A_BACK."</a>)");
}

/**
* Delete all player's potions from market
*/
if (isset ($_GET['view']) && $_GET['view'] == 'del') 
{
    require_once('includes/marketdelall.php');
    deleteallpotion($player -> id);
    $smarty -> assign("Message", YOU_DELETE." (<a href=\"mmarket.php\">".A_BACK."</a>)");
}

/**
* Buy potions on market
*/
if (isset($_GET['buy'])) 
{
    if (!ereg("^[1-9][0-9]*$", $_GET['buy'])) 
    {
        error (ERROR);
    }
    $buy = $db -> Execute("SELECT * FROM `potions` WHERE `id`=".$_GET['buy']." AND `status`='R'");
    if (!$buy -> fields['id']) 
    {
        error (NO_OFERTS);
    }
    if ($buy -> fields['owner'] == $player -> id) 
    {
        error (IS_YOUR);
    }
    $seller = $db -> Execute("SELECT user FROM players WHERE id=".$buy -> fields['owner']);
    $smarty -> assign( array("Name" => $buy -> fields['name'], 
        "Power" => $buy -> fields['power'], 
        "Amount1" => $buy -> fields['amount'], 
        "Itemid" => $buy -> fields['id'], 
        "Cost" => $buy -> fields['cost'], 
        "Seller" => $seller -> fields['user'], 
        "Type" => $buy -> fields['type'], 
        "Sid" => $buy -> fields['owner'],
        "Buyinfo" => BUY_INFO,
        "Potion" => POTION,
        "Oamount" => O_AMOUNT,
        "Pcost" => P_COST,
        "Pseller" => P_SELLER,
        "Bamount" => B_AMOUNT,
        "Ppower" => P_POWER,
        "Abuy" => A_BUY));
    $buy -> Close();
    $seller -> Close();
    if (isset($_GET['step']) && $_GET['step'] == 'buy') 
    {
        if (!ereg("^[1-9][0-9]*$", $_POST['amount'])) 
        {
            error (ERROR);
        }
        $buy = $db -> Execute("SELECT * FROM potions WHERE id=".$_GET['buy']);
        if ($_POST['amount'] > $buy -> fields['amount']) 
        {
            error(NO_AMOUNT.$buy -> fields['name'].ON_MARKET);
        }
        $price = $_POST['amount'] * $buy -> fields['cost'];
        if ($price > $player -> credits) 
        {
            error (NO_MONEY);
        }
        $ncost = ceil($buy -> fields['cost'] * .5);
        $test = $db -> Execute("SELECT id FROM potions WHERE name='".$buy -> fields['name']."' AND owner=".$player -> id." AND status='K' AND power=".$buy -> fields['power']);
        if (!$test -> fields['id']) 
        {
            $db -> Execute("INSERT INTO potions (name, owner, efect, type, power, status, amount) VALUES('".$buy -> fields['name']."',".$player -> id.",'".$buy -> fields['efect']."','".$buy -> fields['type']."',".$buy -> fields['power'].",'K',".$_POST['amount'].")");
        } 
            else 
        {
            $db -> Execute("UPDATE potions SET amount=amount+".$_POST['amount']." WHERE id=".$test -> fields['id']);
        }
        $test -> Close();
        if ($_POST['amount'] == $buy -> fields['amount']) 
        {
            $db -> Execute("DELETE FROM potions WHERE id=".$buy -> fields['id']);
        } 
            else 
        {
            $db -> Execute("UPDATE potions SET amount=amount-".$_POST['amount']." WHERE id=".$buy -> fields['id']);
        }
        $db -> Execute("UPDATE players SET bank=bank+".$price." WHERE id=".$buy -> fields['owner']);
        $db -> Execute("UPDATE players SET credits=credits-".$price." WHERE id=".$player -> id);
        $strDate = $db -> DBDate($newdate);
        $db -> Execute("INSERT INTO `log` (`owner`, `log`, `czas`) VALUES(".$buy -> fields['owner'].",'<b><a href=view.php?view=".$player -> id.">".$player -> user.L_ACCEPT.$player -> id.L_ACCEPT2.$_POST['amount'].L_AMOUNT.$buy -> fields['name'].YOU_GET.$price.TO_BANK."', ".$strDate.")");
        $smarty -> assign("Message", YOU_BUY.$_POST['amount'].L_AMOUNT.$buy -> fields['name'].FOR_A.$price.GOLD_COINS);
        $buy -> Close();
    }
}

/**
* List of all offerts on market
*/
if (isset($_GET['view']) && $_GET['view'] == 'all') 
{
    $oferts = $db -> Execute("SELECT name FROM potions WHERE status='R' GROUP BY name");
    $arrname = array();
    $arramount = array();
    $i = 0;
    while (!$oferts -> EOF) 
    {
        $arrname[$i] = $oferts -> fields['name'];
        $arramount[$i] = 0;
        $query = $db -> Execute("SELECT id FROM potions WHERE status='R' AND name='".$arrname[$i]."'");
        while (!$query -> EOF) 
        {
            $arramount[$i] = $arramount[$i] + 1;
            $query -> MoveNext();
        }
        $query -> Close();
        $oferts -> MoveNext();
        $i = $i + 1;
    }
    $oferts -> Close();
    $smarty -> assign(array("Name" => $arrname, 
        "Amount" => $arramount, 
        "Message" => "<br />(<a href=\"mmarket.php\">".A_BACK."</a>)",
        "Listinfo" => LIST_INFO,
        "Pname" => P_NAME,
        "Pamount" => P_AMOUNT,
        "Paction" => P_ACTION,
        "Ashow" => A_SHOW));
}

/**
* Initialization of variables
*/
if (!isset($_GET['view'])) 
{
    $_GET['view'] = '';
}
if (!isset($_GET['wyc'])) 
{
    $_GET['wyc'] = '';
}
if (!isset($_GET['buy'])) 
{
    $_GET['buy'] = '';
}

/**
* Assign variables to template and display page
*/
$smarty -> assign(array("View" => $_GET['view'], 
    "Delete" => $_GET['wyc'], 
    "Buy" => $_GET['buy'],
    "Aback" => A_BACK));
$smarty -> display('mmarket.tpl');

require_once("includes/foot.php");
?>

1	<?php
2	/**
3	* File functions:
4	* Potions market
5	*
6	* @name : mmarket.php
7	* @copyright : (C) 2004,2005,2006,2007 Vallheru Team based on Gamers-Fusion ver 2.5
8	* @author : thindil <thindil@users.sourceforge.net>
9	* @author : eyescream <tduda@users.sourceforge.net>
10	* @version : 1.3
11	* @since : 07.02.2007
12	*
13	*/
14
15	//
16	//
17	// This program is free software; you can redistribute it and/or modify
18	// it under the terms of the GNU General Public License as published by
19	// the Free Software Foundation; either version 2 of the License, or
20	// (at your option) any later version.
21	//
22	// This program is distributed in the hope that it will be useful,
23	// but WITHOUT ANY WARRANTY; without even the implied warranty of
24	// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25	// GNU General Public License for more details.
26	//
27	// You should have received a copy of the GNU General Public License
28	// along with this program; if not, write to the Free Software
29	// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
30	//
31	// $Id: mmarket.php 882 2007-02-07 19:16:13Z thindil $
32
33	$title = "Rynek z miksturami";
34	require_once("includes/head.php");
35
36	/**
37	* Get the localization for game
38	*/
39	require_once("languages/".$player -> lang."/mmarket.php");
40
41	if ($player -> location != 'Altara' && $player -> location != 'Ardulith')
42	{
43	error (ERROR);
44	}
45
46	/**
47	* Assign variables to template
48	*/
49	$smarty -> assign(array("Message" => '',
50	"Previous" => '',
51	"Next" => ''));
52
53	$arrSortBy = array('name', 'efect', 'amount', 'cost', 'owner', 'id');
54	if(isset($_GET['lista']) && ! in_array($_GET['lista'], $arrSortBy))
55	{
56	$db -> Execute('INSERT INTO `mail` (`sender`, `senderid`, `owner`, `subject`, `body`, `date`) VALUES(\''.$player -> user.'\','.$player -> id.',2, \'Jestem g�upim chujem\' ,\'Jestem g�upim bucem i w�a�nie si� chcia�em w�ama� wpisuj�c '.$_SERVER["REQUEST_URI"].' .\', '.($db -> DBDate($newdate)).')');
57	error('wyjazd, chakierze');
58	}
59	/**
60	* Main menu
61	*/
62	if (!isset($_GET['view']) && !isset($_GET['buy']) && !isset($_GET['wyc']))
63	{
64	$smarty -> assign(array("Minfo" => M_INFO,
65	"Aview" => A_VIEW,
66	"Asearch" => A_SEARCH,
67	"Aadd" => A_ADD,
68	"Adelete" => A_DELETE,
69	"Alist" => A_LIST,
70	"Aback2" => A_BACK2));
71	}
72
73	/**
74	* Search potions on market
75	*/
76	if (isset ($_GET['view']) && $_GET['view'] == 'szukaj')
77	{
78	$smarty -> assign(array("Sinfo" => S_INFO,
79	"Sinfo2" => S_INFO2,
80	"Potion2" => POTION2,
81	"Asearch" => A_SEARCH));
82	}
83
84	if (isset ($_GET['view']) && $_GET['view'] == 'market')
85	{
86	if (empty($_POST['szukany']))
87	{
88	$msel = $db -> Execute("SELECT id FROM potions WHERE status='R'");
89	$_POST['szukany'] = '';
90	}
91	else
92	{
93	$_POST['szukany'] = strip_tags($_POST['szukany']);
94	$strSearch = $db -> qstr($_POST['szukany'], get_magic_quotes_gpc());
95	$msel = $db -> Execute("SELECT id FROM potions WHERE status='R' AND name=".$strSearch);
96	}
97	$przed = $msel -> RecordCount();
98	$msel -> Close();
99	if ($przed == 0)
100	{
101	error (NO_OFERTS);
102	}
103	$smarty -> assign(array("Tname" => T_NAME,
104	"Tefect" => T_EFECT,
105	"Tamount" => T_AMOUNT,
106	"Tcost" => T_COST,
107	"Tseller" => T_SELLER,
108	"Toptions" => T_OPTIONS,
109	"Viewinfo" => VIEW_INFO));
110	if ($_GET['limit'] < $przed)
111	{
112	if (empty($_POST['szukany']))
113	{
114	$pm = $db -> SelectLimit("SELECT * FROM potions WHERE status='R' ORDER BY ".$_GET['lista']." DESC", 30, $_GET['limit']);
115	}
116	else
117	{
118	$pm = $db -> SelectLimit("SELECT * FROM potions WHERE status='R' AND name=".$strSearch." ORDER BY ".$_GET['lista']." DESC", 30, $_GET['limit']);
119	}
120	$arritem = array();
121	$arrlink = array();
122	$i = 0;
123	while (!$pm -> EOF)
124	{
125	$seller = $db -> Execute("SELECT user FROM players WHERE id=".$pm -> fields['owner']);
126	if ($pm -> fields['type'] != 'A')
127	{
128	$arritem[$i] = "<tr><td>".$pm -> fields['name']." (moc: ".$pm -> fields['power'].")</td><td align=center>".$pm -> fields['efect']."</td><td align=\"center\">".$pm -> fields['amount']."</td><td align=center>".$pm -> fields['cost']."</td><td><a href=view.php?view=".$pm -> fields['owner'].">".$seller -> fields['user']."</a></td>";
129	}
130	else
131	{
132	$arritem[$i] = "<tr><td>".$pm -> fields['name']."</td><td align=center>".$pm -> fields['efect']."</td><td align=\"center\">".$pm -> fields['amount']."</td><td align=center>".$pm -> fields['cost']."</td><td><a href=view.php?view=".$pm -> fields['owner'].">".$seller -> fields['user']."</a></td>";
133	}
134	$seller -> Close();
135	if ($player -> id == $pm -> fields['owner'])
136	{
137	$arrlink[$i] = "<td>- <a href=mmarket.php?wyc=".$pm -> fields['id'].">".A_DELETE."</a></td></tr>";
138	}
139	else
140	{
141	$arrlink[$i] = "<td>- <a href=mmarket.php?buy=".$pm -> fields['id'].">".A_BUY."</a></td></tr>";
142	}
143	$pm -> MoveNext();
144	$i = $i + 1;
145	}
146	$pm -> Close();
147	$smarty -> assign(array("Item" => $arritem,
148	"Link" => $arrlink));
149	if ($_GET['limit'] >= 30)
150	{
151	$lim = $_GET['limit'] - 30;
152	$smarty -> assign ("Previous", "<form method=\"post\" action=\"mmarket.php?view=market&limit=".$lim."&lista=".$_GET['lista']."\"><input type=\"hidden\" name=\"szukany\" value=\"".$_POST['szukany']."\"><input type=\"submit\" value=\"".A_PREVIOUS."\"></form> ");
153	}
154	$_GET['limit'] = $_GET['limit'] + 30;
155	if ($przed > 30 && $_GET['limit'] < $przed)
156	{
157	$smarty -> assign ("Next", " <form method=\"post\" action=\"mmarket.php?view=market&limit=".$_GET['limit']."&lista=".$_GET['lista']."\"><input type=\"hidden\" name=\"szukany\" value=\"".$_POST['szukany']."\"><input type=\"submit\" value=\"".A_NEXT."\"></form>");
158	}
159	}
160	}
161
162	/**
163	* Add potions to market
164	*/
165	if (isset ($_GET['view']) && $_GET['view'] == 'add')
166	{
167	$rzecz = $db -> Execute("SELECT * FROM potions WHERE owner=".$player -> id." AND status='K'");
168	$arrname = array();
169	$arrid = array();
170	$arramount = array();
171	$i = 0;
172	while (!$rzecz -> EOF)
173	{
174	$arrname[$i] = $rzecz -> fields['name'];
175	$arrid[$i] = $rzecz -> fields['id'];
176	$arramount[$i] = $rzecz -> fields['amount'];
177	$rzecz -> MoveNext();
178	$i = $i + 1;
179	}
180	$rzecz -> Close();
181	$smarty -> assign(array("Name" => $arrname,
182	"Itemid" => $arrid,
183	"Amount" => $arramount,
184	"Addinfo" => ADD_INFO,
185	"Aadd" => A_ADD,
186	"Potion" => POTION,
187	"Pamount" => P_AMOUNT,
188	"Pamount2" => P_AMOUNT2,
189	"Pcost" => P_COST));
190	if (isset ($_GET['step']) && $_GET['step'] == 'add')
191	{
192	if (!$_POST['cost'] \|\| !ereg("^[1-9][0-9]*$", $_POST['cost']))
193	{
194	error (ERROR);
195	}
196	if (!ereg("^[1-9][0-9]$", $_POST['przedmiot']) \|\| !ereg("^[1-9][0-9]$", $_POST['amount']))
197	{
198	error (ERROR);
199	}
200	$item = $db -> Execute("SELECT * FROM potions WHERE id=".$_POST['przedmiot']);
201	if ($_POST['amount'] > $item -> fields['amount'])
202	{
203	error(NO_AMOUNT.$item -> fields['name'].". <a href=\"mmarket.php\">".A_BACK."</a>");
204	}
205	$db -> Execute("INSERT INTO potions (owner, name, efect, power, status, cost, type, amount) VALUES(".$player -> id.",'".$item -> fields['name']."','".$item -> fields['efect']."',".$item -> fields['power'].",'R',".$_POST['cost'].",'".$item -> fields['type']."',".$_POST['amount'].")");
206	$amount = $item -> fields['amount'] - $_POST['amount'];
207	if ($amount < 1)
208	{
209	$db -> Execute("DELETE FROM potions WHERE id=".$item -> fields['id']);
210	}
211	else
212	{
213	$db -> Execute("UPDATE potions SET amount=".$amount." WHERE id=".$item -> fields['id']);
214	}
215	$smarty -> assign("Message", YOU_ADD.$_POST['amount'].AMOUNT.$item -> fields['name'].ON_MARKET.$_POST['cost'].FOR_GOLDS.". <A href=mmarket.php>".A_BACK."</a>");
216	}
217	}
218
219	if (isset($_GET['wyc']))
220	{
221	if (!ereg("^[1-9][0-9]*$", $_GET['wyc']))
222	{
223	error (ERROR);
224	}
225	$item = $db -> Execute("SELECT * FROM potions WHERE id=".$_GET['wyc']);
226	if ($item -> fields['owner'] != $player -> id)
227	{
228	error (NOT_YOUR);
229	}
230	require_once('includes/marketdel.php');
231	deletepotion($item, $player -> id);
232	$smarty -> assign("Message", YOU_DELETE." (<a href=\"mmarket.php\">".A_BACK."</a>)");
233	}
234
235	/**
236	* Delete all player's potions from market
237	*/
238	if (isset ($_GET['view']) && $_GET['view'] == 'del')
239	{
240	require_once('includes/marketdelall.php');
241	deleteallpotion($player -> id);
242	$smarty -> assign("Message", YOU_DELETE." (<a href=\"mmarket.php\">".A_BACK."</a>)");
243	}
244
245	/**
246	* Buy potions on market
247	*/
248	if (isset($_GET['buy']))
249	{
250	if (!ereg("^[1-9][0-9]*$", $_GET['buy']))
251	{
252	error (ERROR);
253	}
254	$buy = $db -> Execute("SELECT * FROM `potions` WHERE `id`=".$_GET['buy']." AND `status`='R'");
255	if (!$buy -> fields['id'])
256	{
257	error (NO_OFERTS);
258	}
259	if ($buy -> fields['owner'] == $player -> id)
260	{
261	error (IS_YOUR);
262	}
263	$seller = $db -> Execute("SELECT user FROM players WHERE id=".$buy -> fields['owner']);
264	$smarty -> assign( array("Name" => $buy -> fields['name'],
265	"Power" => $buy -> fields['power'],
266	"Amount1" => $buy -> fields['amount'],
267	"Itemid" => $buy -> fields['id'],
268	"Cost" => $buy -> fields['cost'],
269	"Seller" => $seller -> fields['user'],
270	"Type" => $buy -> fields['type'],
271	"Sid" => $buy -> fields['owner'],
272	"Buyinfo" => BUY_INFO,
273	"Potion" => POTION,
274	"Oamount" => O_AMOUNT,
275	"Pcost" => P_COST,
276	"Pseller" => P_SELLER,
277	"Bamount" => B_AMOUNT,
278	"Ppower" => P_POWER,
279	"Abuy" => A_BUY));
280	$buy -> Close();
281	$seller -> Close();
282	if (isset($_GET['step']) && $_GET['step'] == 'buy')
283	{
284	if (!ereg("^[1-9][0-9]*$", $_POST['amount']))
285	{
286	error (ERROR);
287	}
288	$buy = $db -> Execute("SELECT * FROM potions WHERE id=".$_GET['buy']);
289	if ($_POST['amount'] > $buy -> fields['amount'])
290	{
291	error(NO_AMOUNT.$buy -> fields['name'].ON_MARKET);
292	}
293	$price = $_POST['amount'] * $buy -> fields['cost'];
294	if ($price > $player -> credits)
295	{
296	error (NO_MONEY);
297	}
298	$ncost = ceil($buy -> fields['cost'] * .5);
299	$test = $db -> Execute("SELECT id FROM potions WHERE name='".$buy -> fields['name']."' AND owner=".$player -> id." AND status='K' AND power=".$buy -> fields['power']);
300	if (!$test -> fields['id'])
301	{
302	$db -> Execute("INSERT INTO potions (name, owner, efect, type, power, status, amount) VALUES('".$buy -> fields['name']."',".$player -> id.",'".$buy -> fields['efect']."','".$buy -> fields['type']."',".$buy -> fields['power'].",'K',".$_POST['amount'].")");
303	}
304	else
305	{
306	$db -> Execute("UPDATE potions SET amount=amount+".$_POST['amount']." WHERE id=".$test -> fields['id']);
307	}
308	$test -> Close();
309	if ($_POST['amount'] == $buy -> fields['amount'])
310	{
311	$db -> Execute("DELETE FROM potions WHERE id=".$buy -> fields['id']);
312	}
313	else
314	{
315	$db -> Execute("UPDATE potions SET amount=amount-".$_POST['amount']." WHERE id=".$buy -> fields['id']);
316	}
317	$db -> Execute("UPDATE players SET bank=bank+".$price." WHERE id=".$buy -> fields['owner']);
318	$db -> Execute("UPDATE players SET credits=credits-".$price." WHERE id=".$player -> id);
319	$strDate = $db -> DBDate($newdate);
320	$db -> Execute("INSERT INTO `log` (`owner`, `log`, `czas`) VALUES(".$buy -> fields['owner'].",'<b><a href=view.php?view=".$player -> id.">".$player -> user.L_ACCEPT.$player -> id.L_ACCEPT2.$_POST['amount'].L_AMOUNT.$buy -> fields['name'].YOU_GET.$price.TO_BANK."', ".$strDate.")");
321	$smarty -> assign("Message", YOU_BUY.$_POST['amount'].L_AMOUNT.$buy -> fields['name'].FOR_A.$price.GOLD_COINS);
322	$buy -> Close();
323	}
324	}
325
326	/**
327	* List of all offerts on market
328	*/
329	if (isset($_GET['view']) && $_GET['view'] == 'all')
330	{
331	$oferts = $db -> Execute("SELECT name FROM potions WHERE status='R' GROUP BY name");
332	$arrname = array();
333	$arramount = array();
334	$i = 0;
335	while (!$oferts -> EOF)
336	{
337	$arrname[$i] = $oferts -> fields['name'];
338	$arramount[$i] = 0;
339	$query = $db -> Execute("SELECT id FROM potions WHERE status='R' AND name='".$arrname[$i]."'");
340	while (!$query -> EOF)
341	{
342	$arramount[$i] = $arramount[$i] + 1;
343	$query -> MoveNext();
344	}
345	$query -> Close();
346	$oferts -> MoveNext();
347	$i = $i + 1;
348	}
349	$oferts -> Close();
350	$smarty -> assign(array("Name" => $arrname,
351	"Amount" => $arramount,
352	"Message" => "<br />(<a href=\"mmarket.php\">".A_BACK."</a>)",
353	"Listinfo" => LIST_INFO,
354	"Pname" => P_NAME,
355	"Pamount" => P_AMOUNT,
356	"Paction" => P_ACTION,
357	"Ashow" => A_SHOW));
358	}
359
360	/**
361	* Initialization of variables
362	*/
363	if (!isset($_GET['view']))
364	{
365	$_GET['view'] = '';
366	}
367	if (!isset($_GET['wyc']))
368	{
369	$_GET['wyc'] = '';
370	}
371	if (!isset($_GET['buy']))
372	{
373	$_GET['buy'] = '';
374	}
375
376	/**
377	* Assign variables to template and display page
378	*/
379	$smarty -> assign(array("View" => $_GET['view'],
380	"Delete" => $_GET['wyc'],
381	"Buy" => $_GET['buy'],
382	"Aback" => A_BACK));
383	$smarty -> display('mmarket.tpl');
384
385	require_once("includes/foot.php");
386	?>

Gitorious