$givingcat = $_POST['tradingcat'];
array_walk($giving, 'sanitize');
array_walk($givingcat, 'sanitize');
$exists = $database->num_rows("SELECT `trader` FROM `trades` WHERE `id` = '{$tradeid}'");
$exists2 = $database->num_rows("SELECT `name` FROM `tcgs` WHERE `id` = '{$tcgid}'");
if ($exists == 0) {
$error[] = 'This trade no longer exists.';
}
if ($exists2 == 0) {
$error[] = 'The TCG does not exist.';
}
if (!isset($error)) {
if (trim(implode(',', array_filter($giving))) !== '') {
$i = 0;
foreach ($giving as $cardgroup) {
$catinfo = $database->get_assoc("SELECT `cards` FROM `cards` WHERE `tcg`='{$tcgid}' AND `category`='" . $givingcat[$i] . "'");
$catcards = $catinfo['cards'];
if ($catcards === '') {
$catcards = $cardgroup;
} else {
$catcards = '' . $catcards . ', ' . $cardgroup . '';
}
$catcards = explode(',', $catcards);
array_walk($catcards, 'trim_value');
sort($catcards);
$catcards = implode(', ', $catcards);
$result = $database->query("UPDATE `cards` SET `cards`='{$catcards}' WHERE `tcg`='{$tcgid}' AND `category`='" . $givingcat[$i] . "'");
if (!$result) {
$error[] = "Could not replace cards ({$cardgroup}) in category '" . $givingcat[$i] . "'. " . mysqli_error() . "";
} else {
$success[] = "Replaced {$cardgroup} in category " . $givingcat[$i] . ".";
<?php
if ($enablelogin) {
if (isset($_POST['lostpass'])) {
$database = new Database();
$sanitize = new Sanitize();
$settings = $database->get_assoc("SELECT `value` FROM `settings` WHERE `setting`='email'");
$email = $settings['value'];
if ($sanitize->for_db($_POST['email']) === $email) {
$passwordNew = md5(time());
$passwordHash = sha1("{$passwordNew}" . Config::DB_SALT . "");
$result = $database->query("UPDATE `settings` SET `value`='" . $passwordHash . "' WHERE `setting`='password' LIMIT 1");
if (!$result) {
$error[] = "Could not update the password. " . mysqli_error() . "";
} else {
$message = "Your EasyTCG password has been reset! \n\nNew Password: {$passwordNew}";
$headers = "From: EasyTCG";
if (!mail($email, 'EasyTCG - Password Reset', $message, $headers)) {
$error[] = "Could not send the email.";
} else {
$success[] = "Your password has been reset! The new password has been sent to your email address.";
}
}
} else {
$error[] = "Wrong email address!";
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
function cardcount($tcg, $type = '', $cat = '')
{
$database = new Database();
$tcginfo = $database->get_assoc("SELECT * FROM `tcgs` WHERE `name`='{$tcg}' LIMIT 1");
$tcgid = $tcginfo['id'];
// Count categories
$result = $database->query("SELECT `category`,`cards`,`worth` FROM `cards` WHERE `tcg`='{$tcgid}'");
while ($row = mysqli_fetch_assoc($result)) {
$categories[] = $row['category'];
if ($row['cards'] === '') {
${$row}['category'] = 0;
} else {
$cards = explode(',', $row['cards']);
${$row}['category'] = count($cards);
}
if ($type === 'worth') {
${$row}['category'] = ${$row}['category'] * $row['worth'];
}
$total = $total + ${$row}['category'];
}
// Count collecting
$result = $database->query("SELECT `cards`,`worth` FROM `collecting` WHERE `tcg`='{$tcgid}' AND `mastered`='0'");
while ($row = mysqli_fetch_assoc($result)) {
if ($row['cards'] !== '') {
$cards = explode(',', $row['cards']);
if ($type === 'worth') {
$collecting = $collecting + count($cards) * $row['worth'];
} else {
$collecting = $collecting + count($cards);
}
}
}
$total = $total + $collecting;
// Count mastered
$result = $database->query("SELECT `cards`,`worth` FROM `collecting` WHERE `tcg`='{$tcgid}' AND `mastered`='1'");
while ($row = mysqli_fetch_assoc($result)) {
if ($row['cards'] !== '') {
$cards = explode(',', $row['cards']);
if ($type === 'worth') {
$mastered = $mastered + count($cards) * $row['worth'];
} else {
$mastered = $mastered + count($cards);
}
}
}
$total = $total + $mastered;
// Count pending
$result = $database->query("SELECT `giving`,`givingcat` FROM `trades` WHERE `tcg`='{$tcgid}'");
while ($row = mysqli_fetch_assoc($result)) {
if ($row['giving'] !== '') {
$cardgroups = explode(';', $row['giving']);
$cardcats = explode(',', $row['givingcat']);
array_walk($cardcats, 'trim_value');
$i = 0;
foreach ($cardgroups as $group) {
$group = explode(',', $group);
array_walk($group, 'trim_value');
if ($cardcats[$i] === 'collecting') {
$exists = $database->num_rows("SELECT `worth` FROM `collecting` WHERE `tcg`='{$tcgid}' AND `mastered`='0' AND `deck` LIKE '%" . $group[0] . "%'");
if ($exists > 0) {
$groupworth = $database->get_assoc("SELECT `worth` FROM `collecting` WHERE `tcg`='{$tcgid}' AND `mastered`='0' AND `deck` LIKE '%" . $group[0] . "%' LIMIT 1");
if ($type === 'worth') {
$pending = $pending + count($group) * $groupworth['worth'];
} else {
$pending = $pending + count($group);
}
} else {
$pending = $pending + count($group);
}
} else {
$groupworth = $database->get_assoc("SELECT `worth` FROM `cards` WHERE `tcg`='{$tcgid}' AND `category`='" . $cardcats[$i] . "'");
if ($type === 'worth') {
$pending = $pending + count($group) * $groupworth['worth'];
} else {
$pending = $pending + count($group);
}
}
$i++;
}
}
}
$total = $total + $pending;
if ($cat === '') {
return $total;
} else {
return ${$cat};
}
}
include 'header.php';
if (!isset($_GET['id']) || $_GET['id'] == '') {
?>
<div class="content col-12 col-sm-12 col-lg-12">
<h1>Manage Cards</h1>
</div>
<?php
} else {
if ($_GET['id'] != '') {
$id = intval($_GET['id']);
$database = new Database();
$upload = new Upload();
$tcginfo = $database->get_assoc("SELECT * FROM `tcgs` WHERE `id`='{$id}' LIMIT 1");
$altname = strtolower(str_replace(' ', '', $tcginfo['name']));
if (isset($_POST['update'])) {
$sanitize = new Sanitize();
$catid = intval($_POST['id']);
$category = $sanitize->for_db($_POST['category']);
$cards = $sanitize->for_db($_POST['cards']);
$worth = intval($_POST['worth']);
$auto = intval($_POST['auto']);
$priority = intval($_POST['priority']);
$autourl = $sanitize->for_db($_POST['autourl']);
$format = $sanitize->for_db($_POST['format']);
if ($autourl != 'default' && $autourl != '' && substr($autourl, -1) != '/') {
$autourl = "{$autourl}/";
}
if ($autourl == '') {
<div class="content col-12 col-sm-12 col-lg-12">
<h1>Collecting Cards</h1>
</div>
<?php
} else {
if ($_GET['id'] != '') {
function trim_value(&$value)
{
$value = trim($value);
}
$id = intval($_GET['id']);
$database = new Database();
$upload = new Upload();
$tcginfo = $database->get_assoc("SELECT * FROM `tcgs` WHERE `id`='{$id}' LIMIT 1");
$altname = strtolower(str_replace(' ', '', $tcginfo['name']));
if (isset($_POST['update'])) {
$sanitize = new Sanitize();
$catid = intval($_POST['id']);
$sort = intval($_POST['sort']);
$cards = $sanitize->for_db($_POST['cards']);
$worth = intval($_POST['worth']);
$count = intval($_POST['count']);
$break = intval($_POST['break']);
$filler = $sanitize->for_db($_POST['filler']);
$pending = $sanitize->for_db($_POST['pending']);
$puzzle = intval($_POST['puzzle']);
$auto = intval($_POST['auto']);
$autourl = $sanitize->for_db($_POST['autourl']);
$format = $sanitize->for_db($_POST['format']);
}
echo '</div>';
} else {
if ($_GET['id'] != '') {
$database = new Database();
$upload = new Upload();
function trim_value(&$value)
{
$value = trim($value);
}
$id = intval($_GET['id']);
if ($database->num_rows("SELECT * FROM `tcgs` WHERE `id`='{$id}'") == 0) {
echo "This TCG does not exist.";
} else {
if (isset($_POST['update'])) {
$tcginfo = $database->get_assoc("SELECT * FROM `tcgs` WHERE `id`='{$id}' LIMIT 1");
$sanitize = new Sanitize();
function sanitize(&$value)
{
$sanitize = new Sanitize();
$value = trim($value);
$value = $sanitize->for_db($value);
}
$logentry = $sanitize->for_db($_POST['logentry']);
$logtype = $sanitize->for_db($_POST['logtype']);
if ($logtype !== 'activity' && $logtype !== 'trade') {
$logtype = 'activity';
}
$newcards = $_POST['newcards'];
$cardscat = $_POST['cardscat'];
$activitylog = $sanitize->for_db($_POST['activitylog']);
} else {
if (!filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED) || !filter_var($cardsurl, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED)) {
$error[] = "Invalid URL. Please include <em>http://</em>.";
} else {
if ($defaultauto != '' && $defaultauto != '/' && $defaultauto != 'http://' && !filter_var($defaultauto, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED)) {
$error[] = "Invalid URL. Please include <em>http://</em>.";
} else {
if ($autoupload != '0' && $autoupload != '1') {
$error[] = "Invalid value for the Auto Upload field.";
} else {
$today = date("Y-m-d");
$result = $database->query("INSERT INTO `tcgs` (`name`,`url`,`cardsurl`,`cardspath`,`defaultauto`,`autoupload`,`lastupdated`,`status`,`format`) VALUE ('{$name}','{$url}','{$cardsurl}','{$cardspath}','{$defaultauto}','{$autoupload}','{$today}','{$status}','{$format}')");
if (!$result) {
$error[] = "Error inserting row. " . mysqli_error() . "";
} else {
$tcginfo = $database->get_assoc("SELECT * FROM `tcgs` WHERE `name`='{$name}' LIMIT 1");
$tcgid = $tcginfo['id'];
if ($additional != "") {
$additional = explode(',', $additional);
foreach ($additional as $field) {
if (!isset($error)) {
$field = str_replace(' ', '', trim($field));
$numrows = $database->num_rows("SELECT * FROM `additional` WHERE `name`='{$field}' AND `tcg`='{$tcgid}'");
if ($numrows == 0) {
$result = $database->query("INSERT INTO `additional` (`name`,`tcg`) VALUE ('{$field}','{$tcgid}')");
if (!$result) {
$error[] = "Error inserting row. " . mysqli_error() . "";
}
} else {
$error[] = "Error adding additional fields. Fields can't share the same name.";
}
<td align="right">Website</td>
<td><input name="website" type="text" id="website" value="<?php
if (isset($_POST['tradesubmit'])) {
echo $_POST['website'];
} else {
echo 'http://';
}
?>
"></td>
</tr>
<tr>
<td align="right">TCG</td>
<td><select name="tcg" id="tcg">
<?php
$database = new Database();
$hiatustrading = $database->get_assoc("SELECT `value` FROM `settings` WHERE `setting`='hiatustrading' LIMIT 1");
$hiatustrading = $hiatustrading['value'];
$inactivetrading = $database->get_assoc("SELECT `value` FROM `settings` WHERE `setting`='inactivetrading' LIMIT 1");
$inactivetrading = $inactivetrading['value'];
if ($hiatustrading == 0 && $inactivetrading == 0) {
$result = $database->query("SELECT `id`,`name` FROM `tcgs` WHERE `status`='active' ORDER BY `name`");
} else {
if ($hiatustrading == 1 && $inactivetrading == 1) {
$result = $database->query("SELECT `id`,`name` FROM `tcgs` ORDER BY `name`");
} else {
if ($hiatustrading == 1) {
$result = $database->query("SELECT `id`,`name` FROM `tcgs` WHERE `status`='active' OR `status`='hiatus' ORDER BY `name`");
} else {
if ($inactivetrading == 1) {
$result = $database->query("SELECT `id`,`name` FROM `tcgs` WHERE `status`='active' OR `status`='inactive' ORDER BY `name`");
}
} else {
echo '<p class="text-info">You haven\'t set up any TCGs yet.</p>';
}
?>
</div>
<?php
} else {
if ($_GET['id'] != '') {
$id = intval($_GET['id']);
$database = new Database();
if ($database->num_rows("SELECT * FROM `tcgs` WHERE `id`='{$id}'") == 0) {
echo '<div class="content col-12 col-sm-12 col-lg-12">This TCG does not exist.</div>';
} else {
$tcginfo = $database->get_assoc("SELECT * FROM `tcgs` WHERE `id`='{$id}' LIMIT 1");
$altname = strtolower(str_replace(' ', '', $tcginfo['name']));
if (isset($_POST['update'])) {
$sanitize = new Sanitize();
$logtype = $sanitize->for_db($_POST['logtype']);
$log = $sanitize->for_db($_POST['log']);
if ($logtype == 'activity' || $logtype == 'trade' || $logtype == 'activityarch' || $logtype == 'tradearch') {
if ($logtype == 'activity') {
$result = $database->query("UPDATE `tcgs` SET `activitylog`='{$log}' WHERE `id`='{$id}'");
}
if ($logtype == 'trade') {
$result = $database->query("UPDATE `tcgs` SET `tradelog`='{$log}' WHERE `id`='{$id}'");
}
if ($logtype == 'activityarch') {
$result = $database->query("UPDATE `tcgs` SET `activitylogarch`='{$log}' WHERE `id`='{$id}'");
}
function auto($memid, $subject, $message, $type, $check = 1)
{
$database = new Database();
$tcgname = $database->get_assoc("SELECT * FROM `settings` WHERE `setting` = 'tcg_name'");
$tcgname = $tcgname['value'];
$tcgemail = $database->get_assoc("SELECT * FROM `settings` WHERE `setting` = 'tcg_email'");
$tcgemail = $tcgemail['value'];
$tcgurl = $database->get_assoc("SELECT * FROM `settings` WHERE `setting` = 'tcg_url'");
$tcgurl = $tcgurl['value'];
$meminfo = $database->get_assoc("SELECT `{$type}`, `email`, `username` FROM `members` WHERE `id`='{$memid}'");
$message = str_replace('{mem_name}', $meminfo['username'], $message);
$message = str_replace('{tcg_name}', $tcgname, $message);
$message = str_replace('{tcg_url}', $tcgurl, $message);
if ($meminfo[$type] == 1 && $check == 1 || $check == 0) {
$headers = "From: {$tcgname} <{$tcgemail}> \r\n";
$headers .= "Reply-To: {$tcgemail}";
if (mail($meminfo['email'], "{$tcgname}: {$subject}", $message, $headers)) {
return true;
} else {
return false;
}
} else {
return true;
}
}
$result = $database->query("UPDATE `settings` SET `value`='" . ${$setting} . "' WHERE `setting`='{$setting}' LIMIT 1");
if (!$result) {
$error[] = "Could not update {$setting}. " . mysqli_error() . "";
}
}
if ($username !== $_SESSION['username']) {
$_SESSION['username'] = $username;
$success[] = "Your username has been changed.";
}
if (!isset($error)) {
$success[] = "Settings have been updated.";
}
}
}
foreach ($settings as $setting) {
$settingsinfo = $database->get_assoc("SELECT `value` FROM `settings` WHERE `setting`='{$setting}'");
${$setting} = $settingsinfo['value'];
}
?>
<div class="content col-12 col-sm-12 col-lg-12">
<h1>EasyTCG Settings</h1>
<p>These are the settings for your EasyTCG installation. To manage the settings for your TCGs, select a TCG from the dropdown menu on the right.</p>
<?php
if (isset($error)) {
foreach ($error as $msg) {
?>
<div class="alert alert-danger alert-dismissible" role="alert">
<button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button>
<strong>Error!</strong> <?php
echo $msg;
