public function getNext()
{
global $config;
if (!$this->result) {
return FALSE;
}
$row = mysql_fetch_assoc($this->result);
if (!$row) {
return FALSE;
}
if ($this->result) {
$query = "SELECT AVG(price) AS MarketPrice FROM `" . $config['table prefix'] . "LogSales` WHERE " . "`itemId` = " . (int) $row['itemId'] . " AND " . "`itemDamage` = " . (int) $row['itemDamage'] . " AND " . "IFNULL (`enchantments`, '') = '" . mysql_san($row['enchantments']) . "' AND " . "`logType` = 'sale'" . "ORDER BY `id` DESC LIMIT 10";
$this->result_price = RunQuery($query, __FILE__, __LINE__);
}
if ($this->result_price) {
$row_price = mysql_fetch_assoc($this->result_price);
if ($row_price) {
$marketPrice = $row_price['MarketPrice'];
$marketPrice_total = $marketPrice * $row['qty'];
} else {
$marketPrice = "--";
$marketPrice_total = "--";
}
}
// new item dao
return new ItemDAO($row['id'], $row['itemId'], $row['itemDamage'], $row['itemData'], $row['qty'], FormatPrice($marketPrice), FormatPrice($marketPrice_total), $row['enchantments']);
}
public static function addLog($logType, $saleType, $sellerName, $buyerName, $Item, $price, $allowBids, $currentWinner, $alert = 0)
{
global $config;
$query = "INSERT INTO `" . $config['table prefix'] . "LogSales` ( " . "`logType`, `saleType`, `timestamp`, `itemType`, `itemId`, `itemDamage`, `itemTitle`, `enchantments`, `seller`, `buyer`, `qty`, `price`, `alert` ) VALUES ( " . ($logType == self::LOG_NEW || $logType == self::LOG_SALE || $logType == self::LOG_CANCEL ? "'" . mysql_san($logType) . "'" : 'NULL') . ", " . ($saleType == self::SALE_BUYNOW || $saleType == self::SALE_AUCTION ? "'" . mysql_san($saleType) . "'" : 'NULL') . ", " . "NOW(), " . "'" . mysql_san($Item->getItemType()) . "', " . (int) $Item->getItemId() . ", " . (int) $Item->getItemDamage() . ", " . "'" . mysql_san($Item->getItemTitle()) . "', " . "'" . mysql_san($Item->getEnchantmentsCompressed()) . "', " . ($sellerName == NULL ? 'NULL' : "'" . mysql_san($sellerName) . "'") . ", " . ($buyerName == NULL ? 'NULL' : "'" . mysql_san($buyerName) . "'") . ", " . (int) $Item->getItemQty() . ", " . (double) $price . ", " . (int) $alert . " )";
$result = RunQuery($query, __FILE__, __LINE__);
if (!$result || mysql_affected_rows() == 0) {
echo '<p style="color: red;">Error logging sale!</p>';
exit;
}
}
public static function CreateShop($id, $qty, $priceBuy, $priceSell)
{
global $config, $user;
// has isAdmin permissions
if (!$user->hasPerms('isAdmin')) {
$_SESSION['error'][] = 'You don\'t have permission to create a server shop.';
return FALSE;
}
// sanitize args
$id = (int) $id;
$qty = (int) $qty;
if ($id < 1) {
$_SESSION['error'][] = 'Invalid item id!';
return FALSE;
}
if ($qty < 0) {
$_SESSION['error'][] = 'Invalid qty!';
return FALSE;
}
$priceBuy = floor($priceBuy * 100.0) / 100.0;
$priceSell = floor($priceSell * 100.0) / 100.0;
if ($priceBuy <= 0.0 && $priceSell <= 0.0) {
$_SESSION['error'][] = 'Invalid price! Must provide either buy, sell, or both.';
return FALSE;
}
// check max price
$maxSellPrice = SettingsClass::getDouble('Max Sell Price');
if ($maxSellPrice > 0.0 && $priceBuy > $maxSellPrice) {
$_SESSION['error'][] = 'Over max buy price of ' . SettingsClass::getString('Currency Prefix') . $maxSellPrice . SettingsClass::getString('Currency Postfix') . ' !';
return FALSE;
}
if ($maxSellPrice > 0.0 && $priceSell > $maxSellPrice) {
$_SESSION['error'][] = 'Over max sell price of ' . SettingsClass::getString('Currency Prefix') . $maxSellPrice . SettingsClass::getString('Currency Postfix') . ' !';
return FALSE;
}
if (!empty($desc)) {
$desc = preg_replace('/<[^>]*>/', '', $desc);
$desc = preg_replace('/\\b(https?|ftp|file):\\/\\/[-A-Z0-9+&@#\\/%?=~_|$!:,.;]*[A-Z0-9+&@#\\/%=~_|$]/i', '', strip_tags($desc));
}
// query item
$Item = QueryItems::QuerySingle($user->getId(), $id);
if (!$Item) {
$_SESSION['error'][] = 'Item not found!';
return FALSE;
}
// create server shop
$query = "INSERT INTO `" . $config['table prefix'] . "ServerShops` (" . "`itemId`, `itemDamage`, `itemData`, `qty`, `enchantments`, `priceBuy`, `priceSell`, `created`, `itemTitle` )VALUES( " . (int) $Item->getItemId() . ", " . (int) $Item->getItemDamage() . ", " . "'" . mysql_san($Item->getItemData()) . "', " . (int) $qty . ", " . "'" . mysql_san($Item->getEnchantmentsCompressed()) . "', " . (double) $priceBuy . ", " . (double) $priceSell . ", " . "NOW(), " . "'" . mysql_san($Item->getItemTitle()) . "' )";
$result = RunQuery($query, __FILE__, __LINE__);
if (!$result) {
echo '<p style="color: red;">Error creating server shop!</p>';
exit;
}
return TRUE;
}
public static function QuerySingle($playerName, $id)
{
if (empty($playerName)) {
$this->result = FALSE;
return FALSE;
}
$class = new QueryItems();
$class->doQuery("LOWER(`playerName`) = '" . mysql_san(strtolower($playerName)) . "' AND `id` = " . (int) $id);
if (!$class->result) {
return FALSE;
}
return $class->getNext();
}
public static function SellFixed($id, $qty, $price, $desc)
{
global $config, $user;
// has canSell permissions
if (!$user->hasPerms('canSell')) {
$_SESSION['error'][] = 'You don\'t have permission to sell.';
return FALSE;
}
// sanitize args
$id = (int) $id;
if ($id < 1) {
$_SESSION['error'][] = 'Invalid item id!';
return FALSE;
}
$qty = floor((int) $qty);
$price = floor($price * 100.0) / 100.0;
if ($qty <= 0) {
$_SESSION['error'][] = 'Invalid qty!';
return FALSE;
}
if ($price <= 0.0) {
$_SESSION['error'][] = 'Invalid price!';
return FALSE;
}
if (!empty($desc)) {
$desc = preg_replace('/<[^>]*>/', '', $desc);
$desc = preg_replace('/\\b(https?|ftp|file):\\/\\/[-A-Z0-9+&@#\\/%?=~_|$!:,.;]*[A-Z0-9+&@#\\/%=~_|$]/i', '', strip_tags($desc));
}
// if (!itemAllowed($item->name, $item->damage)){
// $_SESSION['error'][] = $item->fullname.' is not allowed to be sold.';
// header("Location: ../myauctions.php");
// }
$maxSellPrice = SettingsClass::getDouble('Max Sell Price');
if ($maxSellPrice > 0.0 && $price > $maxSellPrice) {
$_SESSION['error'][] = 'Over max sell price of ' . SettingsClass::getString('Currency Prefix') . $maxSellPrice . SettingsClass::getString('Currency Postfix') . ' !';
return FALSE;
}
// query item
$Item = QueryItems::QuerySingle($user->getId(), $id);
if (!$Item) {
$_SESSION['error'][] = 'Item not found!';
return FALSE;
}
// check item blacklist
ItemFuncs::checkItemBlacklist($Item);
if ($qty > $Item->getItemQty()) {
$_SESSION['error'][] = 'You don\'t have that many!';
return FALSE;
}
// create auction
$query = "INSERT INTO `" . $config['table prefix'] . "Auctions` (" . "`playerId`, `itemId`, `itemDamage`, `itemData`, `qty`, `enchantments`, `itemTitle`, `price`, `created` )VALUES( " . "'" . mysql_san($user->getId()) . "', " . (int) $Item->getItemId() . ", " . (int) $Item->getItemDamage() . ", " . "'" . mysql_san($Item->getItemData()) . "', " . (int) $qty . ", " . "'" . mysql_san($Item->getEnchantmentsCompressed()) . "', " . "'" . mysql_san($Item->getItemTitle()) . "', " . (double) $price . ", NOW() )";
$result = RunQuery($query, __FILE__, __LINE__);
if (!$result) {
echo '<p style="color: red;">Error creating auction!</p>';
exit;
}
$auctionId = mysql_insert_id();
// update qty / remove item stack
if (!ItemFuncs::RemoveItem($Item->getTableRowId(), $qty < $Item->getItemQty() ? $qty : -1)) {
echo '<p style="color: red;">Error removing item stack quantity!</p>';
exit;
}
// add sale log
$Item->setItemQty($qty);
LogSales::addLog(LogSales::LOG_NEW, LogSales::SALE_BUYNOW, $user->getId(), NULL, $Item, $price, FALSE, '');
return TRUE;
}
public static function PaymentQuery($playerName, $playerUUID, $amount)
{
global $config;
if (toBoolean($config['iConomy']['use'])) {
$query = "UPDATE `" . mysql_san($config['iConomy']['table']) . "` SET " . "`balance` = `balance` + " . (double) $amount . " " . "WHERE LOWER(`username`)='" . mysql_san(strtolower($playerName)) . "' LIMIT 1;";
} else {
if (toBoolean($config['CC']['use'])) {
$query = "UPDATE `" . mysql_san($config['CC']['prefix']) . "_balance` JOIN " . mysql_san($config['CC']['prefix']) . "_account ON " . mysql_san($config['CC']['prefix']) . "_account.id = " . mysql_san($config['CC']['prefix']) . "_balance.username_id " . "SET " . mysql_san($config['CC']['prefix']) . "_balance.balance = " . mysql_san($config['CC']['prefix']) . "_balance.balance + " . (double) $amount . " " . "WHERE " . mysql_san($config['CC']['prefix']) . "_account.uuid = '" . mysql_san($playerUUID) . "' AND " . "LOWER(" . mysql_san($config['CC']['prefix']) . "_balance.currency_id) = '" . mysql_san(strtolower($config['CC']['currency'])) . "' " . "AND LOWER(" . mysql_san($config['CC']['prefix']) . "_balance.worldName) = '" . mysql_san(strtolower($config['CC']['group'])) . "' LIMIT 1;";
} else {
$query = "UPDATE `" . $config['table prefix'] . "Players` SET " . "`money` = `money` + " . (double) $amount . " " . "WHERE `uuid`='" . mysql_san($playerUUID) . "' LIMIT 1;";
}
}
$result = RunQuery($query, __FILE__, __LINE__);
global $db;
if (mysql_affected_rows($db) != 1) {
echo '<p>Failed to make payment to/from: ' . $playerName . '!</p>';
}
}
public static function PaymentQuery($playerName, $amount)
{
global $config;
if ($config['iConomy']['use'] === TRUE) {
$query = "UPDATE `" . mysql_san($config['iConomy']['table']) . "` SET " . "`balance` = `balance` + " . (double) $amount . " " . "WHERE LOWER(`username`)='" . mysql_san(strtolower($playerName)) . "' LIMIT 1";
} else {
$query = "UPDATE `" . $config['table prefix'] . "Players` SET " . "`money` = `money` + " . (double) $amount . " " . "WHERE LOWER(`playerName`)='" . mysql_san(strtolower($playerName)) . "' LIMIT 1";
}
$result = RunQuery($query, __FILE__, __LINE__);
global $db;
if (mysql_affected_rows($db) != 1) {
echo '<p>Failed to make payment to/from: ' . $playerName . '!</p>';
}
}
public function getNext()
{
global $config;
if (!$this->result) {
return FALSE;
}
$row = mysql_fetch_assoc($this->result);
if (!$row) {
return FALSE;
}
if ($this->result) {
$query_price = "SELECT AVG(price) AS MarketPrice FROM `" . $config['table prefix'] . "LogSales` WHERE " . "`itemId` = " . (int) $row['itemId'] . " AND " . "`itemDamage` = " . (int) $row['itemDamage'] . " AND " . "IFNULL (`enchantments`, '') = '" . mysql_san($row['enchantments']) . "' AND " . "`logType` = 'sale'" . "ORDER BY `id` DESC LIMIT 10";
$this->result_price = RunQuery($query_price, __FILE__, __LINE__);
}
if ($this->result_price) {
$row_price = mysql_fetch_assoc($this->result_price);
if ($row_price) {
$marketPrice = $row_price['MarketPrice'];
$marketPrice_total = $marketPrice * $row['qty'];
} else {
$marketPrice = "--";
$marketPrice_total = "--";
}
}
if (!isset($row['playerName'])) {
$row['playerName'] = '';
}
if (!isset($row['uuid'])) {
$row['uuid'] = '';
}
if (!isset($row['playerId'])) {
$row['playerId'] = '';
}
if (!isset($row['price'])) {
$row['price'] = 0.0;
}
if (!isset($row['priceBuy'])) {
$row['priceBuy'] = 0.0;
}
if (!isset($row['priceSell'])) {
$row['priceSell'] = 0.0;
}
if (!isset($row['allowBids'])) {
$row['allowBids'] = 0;
}
if (!isset($row['currentBid'])) {
$row['currentBid'] = '';
}
if (!isset($row['currentWinner'])) {
$row['currentWinner'] = '';
}
// new auction dao
return new AuctionDAO($row['id'], $row['playerName'], $row['uuid'], $row['playerId'], new ItemDAO(-1, $row['itemId'], $row['itemDamage'], $row['itemData'], $row['qty'], $marketPrice, $marketPrice_total, $row['enchantments']), $row['price'], $row['priceBuy'], $row['priceSell'], $row['created'], $row['allowBids'] != 0, $row['currentBid'], $row['currentWinner']);
}
public static function AddCreateItem($playerId, $Item)
{
global $config;
// find existing stack
$query = "SELECT `id` FROM `" . $config['table prefix'] . "Items` WHERE " . "`playerId`='" . mysql_san($playerId) . "' AND " . "`itemId` = " . (int) $Item->getItemId() . " AND " . "`itemDamage` = " . (int) $Item->getItemDamage() . " AND " . "`itemData` = '" . mysql_san($Item->getItemData()) . "' AND " . "IFNULL (`enchantments`, '') = '" . mysql_san($Item->getEnchantmentsCompressed()) . "' " . "LIMIT 1";
$result = RunQuery($query, __FILE__, __LINE__);
if (!$result) {
echo '<p style="color: red;">Error finding item stack!</p>';
exit;
}
if (mysql_num_rows($result) > 0) {
$row = mysql_fetch_assoc($result);
$tableRowId = (int) $row['id'];
// add qty to existing stack
$query = "UPDATE `" . $config['table prefix'] . "Items` SET " . "`qty`=`qty`+" . (int) $Item->getItemQty() . ", " . "`itemTitle` = '" . mysql_san($Item->getItemTitle()) . "' " . "WHERE `id` = " . (int) $tableRowId . " AND `playerId`='" . mysql_san($playerId) . "' LIMIT 1";
$result = RunQuery($query, __FILE__, __LINE__);
if (!$result) {
echo '<p style="color: red;">Error updating item stack!</p>';
exit;
}
return $tableRowId;
}
// create new stack
$query = "INSERT INTO `" . $config['table prefix'] . "Items` (" . "`playerId`, `itemId`, `itemDamage`, `itemData`, `qty`, `enchantments`, `itemTitle`) VALUES (" . "'" . mysql_san($playerId) . "', " . (int) $Item->getItemId() . ", " . (int) $Item->getItemDamage() . ", " . "'" . mysql_san($Item->getItemData()) . "', " . (int) $Item->getItemQty() . ", " . "'" . mysql_san($Item->getEnchantmentsCompressed()) . "', " . "'" . mysql_san($Item->getItemTitle()) . "')";
$result = RunQuery($query, __FILE__, __LINE__);
if (!$result) {
echo '<p style="color: red;">Error creating item stack!</p>';
exit;
}
$tableRowId = mysql_insert_id();
return $tableRowId;
}
protected function doQuery($WHERE = '')
{
global $config;
$query = "SELECT " . (getVar('ajax', 'bool') ? "SQL_CALC_FOUND_ROWS " : '') . "`id`, `playerName`, `itemId`, `itemDamage`, `qty`, `enchantments`, " . "`price`, UNIX_TIMESTAMP(`created`) AS `created`, `allowBids`, `currentBid`, `currentWinner` " . "FROM `" . $config['table prefix'] . "Auctions` ";
// where
if (is_array($WHERE)) {
$query_where = $WHERE;
} else {
$query_where = array();
if (!empty($WHERE)) {
$query_where[] = $WHERE;
}
}
// ajax search
$sSearch = getVar('sSearch');
if (!empty($sSearch)) {
$query_where[] = "(`itemTitle` LIKE '%" . mysql_san($sSearch) . "%' OR " . "`playerName` LIKE '%" . mysql_san($sSearch) . "%')";
}
// build where string
if (count($query_where) == 0) {
$query_where = '';
} else {
$query_where = 'WHERE ' . implode(' AND ', $query_where);
}
// ajax sorting
$query_order = '';
if (isset($_GET['iSortCol_0'])) {
$order_cols = array(0 => "`itemTitle`", 1 => "`playerName`", 2 => "`price`", 3 => "(`price` * `qty`)", 4 => "1", 5 => "`qty`");
$iSortingCols = getVar('iSortingCols', 'int');
for ($i = 0; $i < $iSortingCols; $i++) {
$iSortCol = getVar('iSortCol_' . $i, 'int');
if (!getVar('bSortable_' . $iSortCol, 'bool')) {
continue;
}
if (!isset($order_cols[$iSortCol])) {
continue;
}
if (!empty($query_order)) {
$query_order .= ', ';
}
$query_order .= $order_cols[$iSortCol] . ' ' . mysql_san(getVar('sSortDir_' . $i, 'str'));
}
}
if (empty($query_order)) {
$query_order = "`id` ASC";
}
$query_order = ' ORDER BY ' . $query_order;
// pagination
$query_limit = '';
if (isset($_GET['iDisplayStart'])) {
$start = getVar('iDisplayStart', 'int');
$length = getVar('iDisplayLength', 'int');
if ($length != -1) {
$query_limit = ' LIMIT ' . (int) $start . ', ' . (int) $length;
}
}
$query .= $query_where . $query_order . $query_limit;
$this->result = RunQuery($query, __FILE__, __LINE__);
}
