setlog(true); // enable/disable to create an information stream of who bought what $item_mall->setaccount_id( ( isset($_SESSION['user_account_id']) ) ? $_SESSION['user_account_id'] : -1 ); // set the users account ID $item_mall->setalevel(100); // set the users access level // A tiny login screen! if ( ($_SERVER['REQUEST_METHOD'] == 'POST') ) { $sql = "SELECT id FROM accounts WHERE username = '%s' AND password = '%s';"; $sql = sprintf($sql, mysql_real_escape_string($_POST['user_name']), md5($_POST['password'])); $res = @mysql_query($sql); if ( $res === false ) { echo '
Problem with loggin in
'; } elseif ( mysql_num_rows($res) == 0 ) { echo 'Invalid combination username/password
'; } else { echo 'Valid login
'; $_SESSION['user_account_id'] = mysql_result($res, 0); } } if ( isset($_SESSION['user_account_id']) ) { #echo 'Welcome: ' . $_SESSION['user_account_id'] . 'You are not logged in.
'; return false; } if ( $type == 'D' ) { $sql = "SELECT donation FROM accounts WHERE id=%d;"; } else { $sql = "SELECT zulystorage FROM accounts WHERE id=%d;"; } $sql = sprintf($sql,$this->account_id); $res = @mysql_query($sql); if ( $res === false ) { echo 'There has been a problem with adding your item.
'; $this->dbError('Database error, ' .mysql_error(). ' in ' . nl2br($sql) .'You have not enough money to purchase this item.
'; else { if ( $type == 'D' ) { $sql = "UPDATE accounts SET donation=donation-%d WHERE id=%d AND online=0;"; } else { $sql = "UPDATE accounts SET zulystorage=zulystorage-%d WHERE id=%d AND online=0;"; } $sql = sprintf($sql,$amount, $this->account_id); $res = @mysql_query($sql); if ( $res === false ) { echo 'Please make sure you are logged out the game!
'; $this->dbError('Database error, ' .mysql_error(). ' in ' . nl2br($sql) .'Could not purchase your item, please make sure you are logged out of the game!
'; } return false; } } } /* * @update 23/01/2009 * @desc make a breadcrum so the users can easly hit the 'back' button' * @param int $i_cid * @return void */ function breadcrum($i_cid) { $b = NULL; //$b = ''.$this->getBreadcrumName($i_cid).' »'; echo $this->getBreadcrums($i_cid); $m = count( $this->breadcrum )-1; echo 'The given item doesn not exist anymore.
'; } else { $r = mysql_fetch_assoc($res); $slotnum = $this->getFreeSlot(); if ( $slotnum == 0 || $slotnum > 160 ) { echo 'You have no free storage slot(s) available.
'; } else { if ( $this->decreaseMoney($r['payment'],$r['price']) === true ) { $sql = "INSERT INTO storage (owner,itemnum,itemtype,refine,slotnum,socketed,count) VALUES (%d,%d,%d,%d,%d,%d,%d);"; $sql = sprintf($sql,$this->account_id,$r['item_id'],$r['item_type'],$this->gradeToServerGrade($r['ref_able']),$slotnum,$r['soc_able'],$r['quantity']); $res = @mysql_query($sql); if ( $res === false ) { echo 'Adding your item to your shoping cast has failed.
'; $this->dbError('Database error, ' .mysql_error(). ' in ' . nl2br($sql) .''.$r['item_name'] . ' has been added to your storage
'; $sql = "INSERT INTO mall_log (date_purchased,owner,itemname,itemid,itemtype,quantity,price,payment,socket,refine,slot) VALUES (NOW(),%d,'%s',%d,%d,%d,%d,'%s',%d,%d,%d);"; $sql = sprintf($sql,$this->account_id,$r['item_name'],$r['item_id'],$r['item_type'],$r['quantity'],$r['price'],$r['payment'],$r['soc_able'],$r['ref_able'],$slotnum); mysql_query($sql); } else { echo '
Your item is not added to your storage.
'; $this->decreaseMoney($r['payment'],-$r['price']); // re-adding the money to the account when failed. } } } } } /* * @update 04/02/2009 * @desc Get a free slot * @param void * @return int */ function getFreeSlot() { $slotnum = 0; $sql = "SELECT slotnum FROM storage WHERE owner=%d;"; $sql = sprintf($sql,$this->account_id); $res = mysql_query($sql); if ( !($res === false) ) { if ( mysql_num_rows($res) > 0 ) { while ( $r = mysql_fetch_assoc($res) ) { $slots[] = $r['slotnum']; } } } for ( $x = 159; $x >= 1; $x--) { if ( !@in_array($x,$slots) ) { $slotnum = $x; break; } } return $slotnum; } /* * @update 22/01/2009 * @desc show content of a category * @param int $cid * @return void */ function getItems($cid) { $sql = "SELECT fs.sid, fs.price, fs.payment, fs.price, fs.quantity, fs.ref_able, fs.soc_able, i.image, i.item_type, i.item_id, i.item_name, i.item_desc FROM mall_forsale AS fs Inner Join mall_items AS i ON i.iid = fs.iid WHERE fs.cid = %d ; "; $sql = sprintf($sql,$cid); $res = @mysql_query($sql); if ( $res === false ) { $this->dbError('Database error, ' .mysql_error(). ' in ' . nl2br($sql) .'Sorry there are no items available for the selected category.
'; } else { // maken van table $tbl_cat = new table($this->table_prefs); $tbl_cat->table_header( array("Item name", "Quantity", "Socket", "Refine", "Payment", "Price", NULL) ); while ( $r = mysql_fetch_assoc($res) ) { // Keep the header layout in mind or your table will be screwed up... I could built in a check for that but that would just make it havier :) if ( $r['price'] > 0 ) { $params = "'".htmlentities($r['item_name'])."', '".htmlentities($r['quantity'])."', '".htmlentities(number_format($r['price']).' '.$r['payment'])."'"; $values = array($r['item_name']. ' ('.$r['item_desc']. ')', $r['quantity'], ( $r['soc_able'] == 1 ) ? 'Y' : 'N', ($r['ref_able'] > 0 ) ? 'Grade '.$r['ref_able'] : 'N', number_format($r['price']).$r['payment'], 'Purchase' ); $tbl_cat->add_values($values, array('valign' => 'top', 'class' => 'type_'.$r['item_id']) ); } } $tbl_cat->printTable(); } } /* * @update 22/01/2009 * @desc Getting categories and sub categories. * @param int $cid * @return void */ function getCategory($cid = -1) { if ( !is_numeric($cid) ) { echo 'Your (sub)category id is invalid.
'; } else { $sql = "SELECT c.cid, c.ctitle, c.cdesc, c.cparent FROM mall_category as c WHERE c.cparent = %d AND c.cminlevel <= %d AND c.chidden = 0; "; $sql = sprintf($sql,$cid,$this->alevel); $res = @mysql_query($sql); // error subpression if ( $res === false ) { $this->dbError('Database error, ' .mysql_error(). ' in ' . nl2br($sql) .'Sorry there are no categories available for the selected category.
'; else $this->getItems($cid); } else { $tbl_cat = new table($this->table_prefs); $tbl_cat->table_header( array("Category name", "Sub Categories", "Options") ); while ( $r = mysql_fetch_assoc($res) ) { // Keep the header layout in mind or your table will be screwed up... I could built in a check for that but that would just make it havier :) $values = array( $r['ctitle']. ' ('.$r['cdesc']. ')', $this->deep_out($r['cid']), 'View' ); $tbl_cat->add_values($values, array('valign' => 'top') ); } $tbl_cat->printTable(); } } } /* * @update 22/01/2009 * @desc Deep out a category * @param int $cid * @return string $c */ function deep_out($cid) { $c = Null; $sql = "SELECT c.cid, c.ctitle, c.cparent FROM mall_category as c WHERE c.cparent = %d AND c.cminlevel <= %d AND c.chidden = 0; "; $sql = sprintf($sql,$cid,$this->alevel); $res = @mysql_query($sql); // error subpression if ( $res === false ) { // ah shame, but no hard feelings acutaly } elseif ( mysql_num_rows($res) == 0 ) { // already set $c = 'None available'; } else { while ( $r = mysql_fetch_assoc($res) ) { $c .= ''.$r['ctitle'].'DB ERROR: ' .$msg .'
'; } } ?>