$givingcat = $_POST['tradingcat']; array_walk($giving, 'sanitize'); array_walk($givingcat, 'sanitize'); $exists = $database->num_rows("SELECT `trader` FROM `trades` WHERE `id` = '{$tradeid}'"); $exists2 = $database->num_rows("SELECT `name` FROM `tcgs` WHERE `id` = '{$tcgid}'"); if ($exists == 0) { $error[] = 'This trade no longer exists.'; } if ($exists2 == 0) { $error[] = 'The TCG does not exist.'; } if (!isset($error)) { if (trim(implode(',', array_filter($giving))) !== '') { $i = 0; foreach ($giving as $cardgroup) { $catinfo = $database->get_assoc("SELECT `cards` FROM `cards` WHERE `tcg`='{$tcgid}' AND `category`='" . $givingcat[$i] . "'"); $catcards = $catinfo['cards']; if ($catcards === '') { $catcards = $cardgroup; } else { $catcards = '' . $catcards . ', ' . $cardgroup . ''; } $catcards = explode(',', $catcards); array_walk($catcards, 'trim_value'); sort($catcards); $catcards = implode(', ', $catcards); $result = $database->query("UPDATE `cards` SET `cards`='{$catcards}' WHERE `tcg`='{$tcgid}' AND `category`='" . $givingcat[$i] . "'"); if (!$result) { $error[] = "Could not replace cards ({$cardgroup}) in category '" . $givingcat[$i] . "'. " . mysqli_error() . ""; } else { $success[] = "Replaced {$cardgroup} in category " . $givingcat[$i] . ".";
<?php if ($enablelogin) { if (isset($_POST['lostpass'])) { $database = new Database(); $sanitize = new Sanitize(); $settings = $database->get_assoc("SELECT `value` FROM `settings` WHERE `setting`='email'"); $email = $settings['value']; if ($sanitize->for_db($_POST['email']) === $email) { $passwordNew = md5(time()); $passwordHash = sha1("{$passwordNew}" . Config::DB_SALT . ""); $result = $database->query("UPDATE `settings` SET `value`='" . $passwordHash . "' WHERE `setting`='password' LIMIT 1"); if (!$result) { $error[] = "Could not update the password. " . mysqli_error() . ""; } else { $message = "Your EasyTCG password has been reset! \n\nNew Password: {$passwordNew}"; $headers = "From: EasyTCG"; if (!mail($email, 'EasyTCG - Password Reset', $message, $headers)) { $error[] = "Could not send the email."; } else { $success[] = "Your password has been reset! The new password has been sent to your email address."; } } } else { $error[] = "Wrong email address!"; } } ?> <!DOCTYPE html> <html lang="en"> <head>
function cardcount($tcg, $type = '', $cat = '') { $database = new Database(); $tcginfo = $database->get_assoc("SELECT * FROM `tcgs` WHERE `name`='{$tcg}' LIMIT 1"); $tcgid = $tcginfo['id']; // Count categories $result = $database->query("SELECT `category`,`cards`,`worth` FROM `cards` WHERE `tcg`='{$tcgid}'"); while ($row = mysqli_fetch_assoc($result)) { $categories[] = $row['category']; if ($row['cards'] === '') { ${$row}['category'] = 0; } else { $cards = explode(',', $row['cards']); ${$row}['category'] = count($cards); } if ($type === 'worth') { ${$row}['category'] = ${$row}['category'] * $row['worth']; } $total = $total + ${$row}['category']; } // Count collecting $result = $database->query("SELECT `cards`,`worth` FROM `collecting` WHERE `tcg`='{$tcgid}' AND `mastered`='0'"); while ($row = mysqli_fetch_assoc($result)) { if ($row['cards'] !== '') { $cards = explode(',', $row['cards']); if ($type === 'worth') { $collecting = $collecting + count($cards) * $row['worth']; } else { $collecting = $collecting + count($cards); } } } $total = $total + $collecting; // Count mastered $result = $database->query("SELECT `cards`,`worth` FROM `collecting` WHERE `tcg`='{$tcgid}' AND `mastered`='1'"); while ($row = mysqli_fetch_assoc($result)) { if ($row['cards'] !== '') { $cards = explode(',', $row['cards']); if ($type === 'worth') { $mastered = $mastered + count($cards) * $row['worth']; } else { $mastered = $mastered + count($cards); } } } $total = $total + $mastered; // Count pending $result = $database->query("SELECT `giving`,`givingcat` FROM `trades` WHERE `tcg`='{$tcgid}'"); while ($row = mysqli_fetch_assoc($result)) { if ($row['giving'] !== '') { $cardgroups = explode(';', $row['giving']); $cardcats = explode(',', $row['givingcat']); array_walk($cardcats, 'trim_value'); $i = 0; foreach ($cardgroups as $group) { $group = explode(',', $group); array_walk($group, 'trim_value'); if ($cardcats[$i] === 'collecting') { $exists = $database->num_rows("SELECT `worth` FROM `collecting` WHERE `tcg`='{$tcgid}' AND `mastered`='0' AND `deck` LIKE '%" . $group[0] . "%'"); if ($exists > 0) { $groupworth = $database->get_assoc("SELECT `worth` FROM `collecting` WHERE `tcg`='{$tcgid}' AND `mastered`='0' AND `deck` LIKE '%" . $group[0] . "%' LIMIT 1"); if ($type === 'worth') { $pending = $pending + count($group) * $groupworth['worth']; } else { $pending = $pending + count($group); } } else { $pending = $pending + count($group); } } else { $groupworth = $database->get_assoc("SELECT `worth` FROM `cards` WHERE `tcg`='{$tcgid}' AND `category`='" . $cardcats[$i] . "'"); if ($type === 'worth') { $pending = $pending + count($group) * $groupworth['worth']; } else { $pending = $pending + count($group); } } $i++; } } } $total = $total + $pending; if ($cat === '') { return $total; } else { return ${$cat}; } }
include 'header.php'; if (!isset($_GET['id']) || $_GET['id'] == '') { ?> <div class="content col-12 col-sm-12 col-lg-12"> <h1>Manage Cards</h1> </div> <?php } else { if ($_GET['id'] != '') { $id = intval($_GET['id']); $database = new Database(); $upload = new Upload(); $tcginfo = $database->get_assoc("SELECT * FROM `tcgs` WHERE `id`='{$id}' LIMIT 1"); $altname = strtolower(str_replace(' ', '', $tcginfo['name'])); if (isset($_POST['update'])) { $sanitize = new Sanitize(); $catid = intval($_POST['id']); $category = $sanitize->for_db($_POST['category']); $cards = $sanitize->for_db($_POST['cards']); $worth = intval($_POST['worth']); $auto = intval($_POST['auto']); $priority = intval($_POST['priority']); $autourl = $sanitize->for_db($_POST['autourl']); $format = $sanitize->for_db($_POST['format']); if ($autourl != 'default' && $autourl != '' && substr($autourl, -1) != '/') { $autourl = "{$autourl}/"; } if ($autourl == '') {
<div class="content col-12 col-sm-12 col-lg-12"> <h1>Collecting Cards</h1> </div> <?php } else { if ($_GET['id'] != '') { function trim_value(&$value) { $value = trim($value); } $id = intval($_GET['id']); $database = new Database(); $upload = new Upload(); $tcginfo = $database->get_assoc("SELECT * FROM `tcgs` WHERE `id`='{$id}' LIMIT 1"); $altname = strtolower(str_replace(' ', '', $tcginfo['name'])); if (isset($_POST['update'])) { $sanitize = new Sanitize(); $catid = intval($_POST['id']); $sort = intval($_POST['sort']); $cards = $sanitize->for_db($_POST['cards']); $worth = intval($_POST['worth']); $count = intval($_POST['count']); $break = intval($_POST['break']); $filler = $sanitize->for_db($_POST['filler']); $pending = $sanitize->for_db($_POST['pending']); $puzzle = intval($_POST['puzzle']); $auto = intval($_POST['auto']); $autourl = $sanitize->for_db($_POST['autourl']); $format = $sanitize->for_db($_POST['format']);
} echo '</div>'; } else { if ($_GET['id'] != '') { $database = new Database(); $upload = new Upload(); function trim_value(&$value) { $value = trim($value); } $id = intval($_GET['id']); if ($database->num_rows("SELECT * FROM `tcgs` WHERE `id`='{$id}'") == 0) { echo "This TCG does not exist."; } else { if (isset($_POST['update'])) { $tcginfo = $database->get_assoc("SELECT * FROM `tcgs` WHERE `id`='{$id}' LIMIT 1"); $sanitize = new Sanitize(); function sanitize(&$value) { $sanitize = new Sanitize(); $value = trim($value); $value = $sanitize->for_db($value); } $logentry = $sanitize->for_db($_POST['logentry']); $logtype = $sanitize->for_db($_POST['logtype']); if ($logtype !== 'activity' && $logtype !== 'trade') { $logtype = 'activity'; } $newcards = $_POST['newcards']; $cardscat = $_POST['cardscat']; $activitylog = $sanitize->for_db($_POST['activitylog']);
} else { if (!filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED) || !filter_var($cardsurl, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED)) { $error[] = "Invalid URL. Please include <em>http://</em>."; } else { if ($defaultauto != '' && $defaultauto != '/' && $defaultauto != 'http://' && !filter_var($defaultauto, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED)) { $error[] = "Invalid URL. Please include <em>http://</em>."; } else { if ($autoupload != '0' && $autoupload != '1') { $error[] = "Invalid value for the Auto Upload field."; } else { $today = date("Y-m-d"); $result = $database->query("INSERT INTO `tcgs` (`name`,`url`,`cardsurl`,`cardspath`,`defaultauto`,`autoupload`,`lastupdated`,`status`,`format`) VALUE ('{$name}','{$url}','{$cardsurl}','{$cardspath}','{$defaultauto}','{$autoupload}','{$today}','{$status}','{$format}')"); if (!$result) { $error[] = "Error inserting row. " . mysqli_error() . ""; } else { $tcginfo = $database->get_assoc("SELECT * FROM `tcgs` WHERE `name`='{$name}' LIMIT 1"); $tcgid = $tcginfo['id']; if ($additional != "") { $additional = explode(',', $additional); foreach ($additional as $field) { if (!isset($error)) { $field = str_replace(' ', '', trim($field)); $numrows = $database->num_rows("SELECT * FROM `additional` WHERE `name`='{$field}' AND `tcg`='{$tcgid}'"); if ($numrows == 0) { $result = $database->query("INSERT INTO `additional` (`name`,`tcg`) VALUE ('{$field}','{$tcgid}')"); if (!$result) { $error[] = "Error inserting row. " . mysqli_error() . ""; } } else { $error[] = "Error adding additional fields. Fields can't share the same name."; }
<td align="right">Website</td> <td><input name="website" type="text" id="website" value="<?php if (isset($_POST['tradesubmit'])) { echo $_POST['website']; } else { echo 'http://'; } ?> "></td> </tr> <tr> <td align="right">TCG</td> <td><select name="tcg" id="tcg"> <?php $database = new Database(); $hiatustrading = $database->get_assoc("SELECT `value` FROM `settings` WHERE `setting`='hiatustrading' LIMIT 1"); $hiatustrading = $hiatustrading['value']; $inactivetrading = $database->get_assoc("SELECT `value` FROM `settings` WHERE `setting`='inactivetrading' LIMIT 1"); $inactivetrading = $inactivetrading['value']; if ($hiatustrading == 0 && $inactivetrading == 0) { $result = $database->query("SELECT `id`,`name` FROM `tcgs` WHERE `status`='active' ORDER BY `name`"); } else { if ($hiatustrading == 1 && $inactivetrading == 1) { $result = $database->query("SELECT `id`,`name` FROM `tcgs` ORDER BY `name`"); } else { if ($hiatustrading == 1) { $result = $database->query("SELECT `id`,`name` FROM `tcgs` WHERE `status`='active' OR `status`='hiatus' ORDER BY `name`"); } else { if ($inactivetrading == 1) { $result = $database->query("SELECT `id`,`name` FROM `tcgs` WHERE `status`='active' OR `status`='inactive' ORDER BY `name`"); }
} else { echo '<p class="text-info">You haven\'t set up any TCGs yet.</p>'; } ?> </div> <?php } else { if ($_GET['id'] != '') { $id = intval($_GET['id']); $database = new Database(); if ($database->num_rows("SELECT * FROM `tcgs` WHERE `id`='{$id}'") == 0) { echo '<div class="content col-12 col-sm-12 col-lg-12">This TCG does not exist.</div>'; } else { $tcginfo = $database->get_assoc("SELECT * FROM `tcgs` WHERE `id`='{$id}' LIMIT 1"); $altname = strtolower(str_replace(' ', '', $tcginfo['name'])); if (isset($_POST['update'])) { $sanitize = new Sanitize(); $logtype = $sanitize->for_db($_POST['logtype']); $log = $sanitize->for_db($_POST['log']); if ($logtype == 'activity' || $logtype == 'trade' || $logtype == 'activityarch' || $logtype == 'tradearch') { if ($logtype == 'activity') { $result = $database->query("UPDATE `tcgs` SET `activitylog`='{$log}' WHERE `id`='{$id}'"); } if ($logtype == 'trade') { $result = $database->query("UPDATE `tcgs` SET `tradelog`='{$log}' WHERE `id`='{$id}'"); } if ($logtype == 'activityarch') { $result = $database->query("UPDATE `tcgs` SET `activitylogarch`='{$log}' WHERE `id`='{$id}'"); }
function auto($memid, $subject, $message, $type, $check = 1) { $database = new Database(); $tcgname = $database->get_assoc("SELECT * FROM `settings` WHERE `setting` = 'tcg_name'"); $tcgname = $tcgname['value']; $tcgemail = $database->get_assoc("SELECT * FROM `settings` WHERE `setting` = 'tcg_email'"); $tcgemail = $tcgemail['value']; $tcgurl = $database->get_assoc("SELECT * FROM `settings` WHERE `setting` = 'tcg_url'"); $tcgurl = $tcgurl['value']; $meminfo = $database->get_assoc("SELECT `{$type}`, `email`, `username` FROM `members` WHERE `id`='{$memid}'"); $message = str_replace('{mem_name}', $meminfo['username'], $message); $message = str_replace('{tcg_name}', $tcgname, $message); $message = str_replace('{tcg_url}', $tcgurl, $message); if ($meminfo[$type] == 1 && $check == 1 || $check == 0) { $headers = "From: {$tcgname} <{$tcgemail}> \r\n"; $headers .= "Reply-To: {$tcgemail}"; if (mail($meminfo['email'], "{$tcgname}: {$subject}", $message, $headers)) { return true; } else { return false; } } else { return true; } }
$result = $database->query("UPDATE `settings` SET `value`='" . ${$setting} . "' WHERE `setting`='{$setting}' LIMIT 1"); if (!$result) { $error[] = "Could not update {$setting}. " . mysqli_error() . ""; } } if ($username !== $_SESSION['username']) { $_SESSION['username'] = $username; $success[] = "Your username has been changed."; } if (!isset($error)) { $success[] = "Settings have been updated."; } } } foreach ($settings as $setting) { $settingsinfo = $database->get_assoc("SELECT `value` FROM `settings` WHERE `setting`='{$setting}'"); ${$setting} = $settingsinfo['value']; } ?> <div class="content col-12 col-sm-12 col-lg-12"> <h1>EasyTCG Settings</h1> <p>These are the settings for your EasyTCG installation. To manage the settings for your TCGs, select a TCG from the dropdown menu on the right.</p> <?php if (isset($error)) { foreach ($error as $msg) { ?> <div class="alert alert-danger alert-dismissible" role="alert"> <button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button> <strong>Error!</strong> <?php echo $msg;