public function getNext() { global $config; if (!$this->result) { return FALSE; } $row = mysql_fetch_assoc($this->result); if (!$row) { return FALSE; } if ($this->result) { $query = "SELECT AVG(price) AS MarketPrice FROM `" . $config['table prefix'] . "LogSales` WHERE " . "`itemId` = " . (int) $row['itemId'] . " AND " . "`itemDamage` = " . (int) $row['itemDamage'] . " AND " . "IFNULL (`enchantments`, '') = '" . mysql_san($row['enchantments']) . "' AND " . "`logType` = 'sale'" . "ORDER BY `id` DESC LIMIT 10"; $this->result_price = RunQuery($query, __FILE__, __LINE__); } if ($this->result_price) { $row_price = mysql_fetch_assoc($this->result_price); if ($row_price) { $marketPrice = $row_price['MarketPrice']; $marketPrice_total = $marketPrice * $row['qty']; } else { $marketPrice = "--"; $marketPrice_total = "--"; } } // new item dao return new ItemDAO($row['id'], $row['itemId'], $row['itemDamage'], $row['itemData'], $row['qty'], FormatPrice($marketPrice), FormatPrice($marketPrice_total), $row['enchantments']); }
public static function addLog($logType, $saleType, $sellerName, $buyerName, $Item, $price, $allowBids, $currentWinner, $alert = 0) { global $config; $query = "INSERT INTO `" . $config['table prefix'] . "LogSales` ( " . "`logType`, `saleType`, `timestamp`, `itemType`, `itemId`, `itemDamage`, `itemTitle`, `enchantments`, `seller`, `buyer`, `qty`, `price`, `alert` ) VALUES ( " . ($logType == self::LOG_NEW || $logType == self::LOG_SALE || $logType == self::LOG_CANCEL ? "'" . mysql_san($logType) . "'" : 'NULL') . ", " . ($saleType == self::SALE_BUYNOW || $saleType == self::SALE_AUCTION ? "'" . mysql_san($saleType) . "'" : 'NULL') . ", " . "NOW(), " . "'" . mysql_san($Item->getItemType()) . "', " . (int) $Item->getItemId() . ", " . (int) $Item->getItemDamage() . ", " . "'" . mysql_san($Item->getItemTitle()) . "', " . "'" . mysql_san($Item->getEnchantmentsCompressed()) . "', " . ($sellerName == NULL ? 'NULL' : "'" . mysql_san($sellerName) . "'") . ", " . ($buyerName == NULL ? 'NULL' : "'" . mysql_san($buyerName) . "'") . ", " . (int) $Item->getItemQty() . ", " . (double) $price . ", " . (int) $alert . " )"; $result = RunQuery($query, __FILE__, __LINE__); if (!$result || mysql_affected_rows() == 0) { echo '<p style="color: red;">Error logging sale!</p>'; exit; } }
public static function CreateShop($id, $qty, $priceBuy, $priceSell) { global $config, $user; // has isAdmin permissions if (!$user->hasPerms('isAdmin')) { $_SESSION['error'][] = 'You don\'t have permission to create a server shop.'; return FALSE; } // sanitize args $id = (int) $id; $qty = (int) $qty; if ($id < 1) { $_SESSION['error'][] = 'Invalid item id!'; return FALSE; } if ($qty < 0) { $_SESSION['error'][] = 'Invalid qty!'; return FALSE; } $priceBuy = floor($priceBuy * 100.0) / 100.0; $priceSell = floor($priceSell * 100.0) / 100.0; if ($priceBuy <= 0.0 && $priceSell <= 0.0) { $_SESSION['error'][] = 'Invalid price! Must provide either buy, sell, or both.'; return FALSE; } // check max price $maxSellPrice = SettingsClass::getDouble('Max Sell Price'); if ($maxSellPrice > 0.0 && $priceBuy > $maxSellPrice) { $_SESSION['error'][] = 'Over max buy price of ' . SettingsClass::getString('Currency Prefix') . $maxSellPrice . SettingsClass::getString('Currency Postfix') . ' !'; return FALSE; } if ($maxSellPrice > 0.0 && $priceSell > $maxSellPrice) { $_SESSION['error'][] = 'Over max sell price of ' . SettingsClass::getString('Currency Prefix') . $maxSellPrice . SettingsClass::getString('Currency Postfix') . ' !'; return FALSE; } if (!empty($desc)) { $desc = preg_replace('/<[^>]*>/', '', $desc); $desc = preg_replace('/\\b(https?|ftp|file):\\/\\/[-A-Z0-9+&@#\\/%?=~_|$!:,.;]*[A-Z0-9+&@#\\/%=~_|$]/i', '', strip_tags($desc)); } // query item $Item = QueryItems::QuerySingle($user->getId(), $id); if (!$Item) { $_SESSION['error'][] = 'Item not found!'; return FALSE; } // create server shop $query = "INSERT INTO `" . $config['table prefix'] . "ServerShops` (" . "`itemId`, `itemDamage`, `itemData`, `qty`, `enchantments`, `priceBuy`, `priceSell`, `created`, `itemTitle` )VALUES( " . (int) $Item->getItemId() . ", " . (int) $Item->getItemDamage() . ", " . "'" . mysql_san($Item->getItemData()) . "', " . (int) $qty . ", " . "'" . mysql_san($Item->getEnchantmentsCompressed()) . "', " . (double) $priceBuy . ", " . (double) $priceSell . ", " . "NOW(), " . "'" . mysql_san($Item->getItemTitle()) . "' )"; $result = RunQuery($query, __FILE__, __LINE__); if (!$result) { echo '<p style="color: red;">Error creating server shop!</p>'; exit; } return TRUE; }
public static function QuerySingle($playerName, $id) { if (empty($playerName)) { $this->result = FALSE; return FALSE; } $class = new QueryItems(); $class->doQuery("LOWER(`playerName`) = '" . mysql_san(strtolower($playerName)) . "' AND `id` = " . (int) $id); if (!$class->result) { return FALSE; } return $class->getNext(); }
public static function SellFixed($id, $qty, $price, $desc) { global $config, $user; // has canSell permissions if (!$user->hasPerms('canSell')) { $_SESSION['error'][] = 'You don\'t have permission to sell.'; return FALSE; } // sanitize args $id = (int) $id; if ($id < 1) { $_SESSION['error'][] = 'Invalid item id!'; return FALSE; } $qty = floor((int) $qty); $price = floor($price * 100.0) / 100.0; if ($qty <= 0) { $_SESSION['error'][] = 'Invalid qty!'; return FALSE; } if ($price <= 0.0) { $_SESSION['error'][] = 'Invalid price!'; return FALSE; } if (!empty($desc)) { $desc = preg_replace('/<[^>]*>/', '', $desc); $desc = preg_replace('/\\b(https?|ftp|file):\\/\\/[-A-Z0-9+&@#\\/%?=~_|$!:,.;]*[A-Z0-9+&@#\\/%=~_|$]/i', '', strip_tags($desc)); } // if (!itemAllowed($item->name, $item->damage)){ // $_SESSION['error'][] = $item->fullname.' is not allowed to be sold.'; // header("Location: ../myauctions.php"); // } $maxSellPrice = SettingsClass::getDouble('Max Sell Price'); if ($maxSellPrice > 0.0 && $price > $maxSellPrice) { $_SESSION['error'][] = 'Over max sell price of ' . SettingsClass::getString('Currency Prefix') . $maxSellPrice . SettingsClass::getString('Currency Postfix') . ' !'; return FALSE; } // query item $Item = QueryItems::QuerySingle($user->getId(), $id); if (!$Item) { $_SESSION['error'][] = 'Item not found!'; return FALSE; } // check item blacklist ItemFuncs::checkItemBlacklist($Item); if ($qty > $Item->getItemQty()) { $_SESSION['error'][] = 'You don\'t have that many!'; return FALSE; } // create auction $query = "INSERT INTO `" . $config['table prefix'] . "Auctions` (" . "`playerId`, `itemId`, `itemDamage`, `itemData`, `qty`, `enchantments`, `itemTitle`, `price`, `created` )VALUES( " . "'" . mysql_san($user->getId()) . "', " . (int) $Item->getItemId() . ", " . (int) $Item->getItemDamage() . ", " . "'" . mysql_san($Item->getItemData()) . "', " . (int) $qty . ", " . "'" . mysql_san($Item->getEnchantmentsCompressed()) . "', " . "'" . mysql_san($Item->getItemTitle()) . "', " . (double) $price . ", NOW() )"; $result = RunQuery($query, __FILE__, __LINE__); if (!$result) { echo '<p style="color: red;">Error creating auction!</p>'; exit; } $auctionId = mysql_insert_id(); // update qty / remove item stack if (!ItemFuncs::RemoveItem($Item->getTableRowId(), $qty < $Item->getItemQty() ? $qty : -1)) { echo '<p style="color: red;">Error removing item stack quantity!</p>'; exit; } // add sale log $Item->setItemQty($qty); LogSales::addLog(LogSales::LOG_NEW, LogSales::SALE_BUYNOW, $user->getId(), NULL, $Item, $price, FALSE, ''); return TRUE; }
public static function PaymentQuery($playerName, $playerUUID, $amount) { global $config; if (toBoolean($config['iConomy']['use'])) { $query = "UPDATE `" . mysql_san($config['iConomy']['table']) . "` SET " . "`balance` = `balance` + " . (double) $amount . " " . "WHERE LOWER(`username`)='" . mysql_san(strtolower($playerName)) . "' LIMIT 1;"; } else { if (toBoolean($config['CC']['use'])) { $query = "UPDATE `" . mysql_san($config['CC']['prefix']) . "_balance` JOIN " . mysql_san($config['CC']['prefix']) . "_account ON " . mysql_san($config['CC']['prefix']) . "_account.id = " . mysql_san($config['CC']['prefix']) . "_balance.username_id " . "SET " . mysql_san($config['CC']['prefix']) . "_balance.balance = " . mysql_san($config['CC']['prefix']) . "_balance.balance + " . (double) $amount . " " . "WHERE " . mysql_san($config['CC']['prefix']) . "_account.uuid = '" . mysql_san($playerUUID) . "' AND " . "LOWER(" . mysql_san($config['CC']['prefix']) . "_balance.currency_id) = '" . mysql_san(strtolower($config['CC']['currency'])) . "' " . "AND LOWER(" . mysql_san($config['CC']['prefix']) . "_balance.worldName) = '" . mysql_san(strtolower($config['CC']['group'])) . "' LIMIT 1;"; } else { $query = "UPDATE `" . $config['table prefix'] . "Players` SET " . "`money` = `money` + " . (double) $amount . " " . "WHERE `uuid`='" . mysql_san($playerUUID) . "' LIMIT 1;"; } } $result = RunQuery($query, __FILE__, __LINE__); global $db; if (mysql_affected_rows($db) != 1) { echo '<p>Failed to make payment to/from: ' . $playerName . '!</p>'; } }
public static function PaymentQuery($playerName, $amount) { global $config; if ($config['iConomy']['use'] === TRUE) { $query = "UPDATE `" . mysql_san($config['iConomy']['table']) . "` SET " . "`balance` = `balance` + " . (double) $amount . " " . "WHERE LOWER(`username`)='" . mysql_san(strtolower($playerName)) . "' LIMIT 1"; } else { $query = "UPDATE `" . $config['table prefix'] . "Players` SET " . "`money` = `money` + " . (double) $amount . " " . "WHERE LOWER(`playerName`)='" . mysql_san(strtolower($playerName)) . "' LIMIT 1"; } $result = RunQuery($query, __FILE__, __LINE__); global $db; if (mysql_affected_rows($db) != 1) { echo '<p>Failed to make payment to/from: ' . $playerName . '!</p>'; } }
public function getNext() { global $config; if (!$this->result) { return FALSE; } $row = mysql_fetch_assoc($this->result); if (!$row) { return FALSE; } if ($this->result) { $query_price = "SELECT AVG(price) AS MarketPrice FROM `" . $config['table prefix'] . "LogSales` WHERE " . "`itemId` = " . (int) $row['itemId'] . " AND " . "`itemDamage` = " . (int) $row['itemDamage'] . " AND " . "IFNULL (`enchantments`, '') = '" . mysql_san($row['enchantments']) . "' AND " . "`logType` = 'sale'" . "ORDER BY `id` DESC LIMIT 10"; $this->result_price = RunQuery($query_price, __FILE__, __LINE__); } if ($this->result_price) { $row_price = mysql_fetch_assoc($this->result_price); if ($row_price) { $marketPrice = $row_price['MarketPrice']; $marketPrice_total = $marketPrice * $row['qty']; } else { $marketPrice = "--"; $marketPrice_total = "--"; } } if (!isset($row['playerName'])) { $row['playerName'] = ''; } if (!isset($row['uuid'])) { $row['uuid'] = ''; } if (!isset($row['playerId'])) { $row['playerId'] = ''; } if (!isset($row['price'])) { $row['price'] = 0.0; } if (!isset($row['priceBuy'])) { $row['priceBuy'] = 0.0; } if (!isset($row['priceSell'])) { $row['priceSell'] = 0.0; } if (!isset($row['allowBids'])) { $row['allowBids'] = 0; } if (!isset($row['currentBid'])) { $row['currentBid'] = ''; } if (!isset($row['currentWinner'])) { $row['currentWinner'] = ''; } // new auction dao return new AuctionDAO($row['id'], $row['playerName'], $row['uuid'], $row['playerId'], new ItemDAO(-1, $row['itemId'], $row['itemDamage'], $row['itemData'], $row['qty'], $marketPrice, $marketPrice_total, $row['enchantments']), $row['price'], $row['priceBuy'], $row['priceSell'], $row['created'], $row['allowBids'] != 0, $row['currentBid'], $row['currentWinner']); }
public static function AddCreateItem($playerId, $Item) { global $config; // find existing stack $query = "SELECT `id` FROM `" . $config['table prefix'] . "Items` WHERE " . "`playerId`='" . mysql_san($playerId) . "' AND " . "`itemId` = " . (int) $Item->getItemId() . " AND " . "`itemDamage` = " . (int) $Item->getItemDamage() . " AND " . "`itemData` = '" . mysql_san($Item->getItemData()) . "' AND " . "IFNULL (`enchantments`, '') = '" . mysql_san($Item->getEnchantmentsCompressed()) . "' " . "LIMIT 1"; $result = RunQuery($query, __FILE__, __LINE__); if (!$result) { echo '<p style="color: red;">Error finding item stack!</p>'; exit; } if (mysql_num_rows($result) > 0) { $row = mysql_fetch_assoc($result); $tableRowId = (int) $row['id']; // add qty to existing stack $query = "UPDATE `" . $config['table prefix'] . "Items` SET " . "`qty`=`qty`+" . (int) $Item->getItemQty() . ", " . "`itemTitle` = '" . mysql_san($Item->getItemTitle()) . "' " . "WHERE `id` = " . (int) $tableRowId . " AND `playerId`='" . mysql_san($playerId) . "' LIMIT 1"; $result = RunQuery($query, __FILE__, __LINE__); if (!$result) { echo '<p style="color: red;">Error updating item stack!</p>'; exit; } return $tableRowId; } // create new stack $query = "INSERT INTO `" . $config['table prefix'] . "Items` (" . "`playerId`, `itemId`, `itemDamage`, `itemData`, `qty`, `enchantments`, `itemTitle`) VALUES (" . "'" . mysql_san($playerId) . "', " . (int) $Item->getItemId() . ", " . (int) $Item->getItemDamage() . ", " . "'" . mysql_san($Item->getItemData()) . "', " . (int) $Item->getItemQty() . ", " . "'" . mysql_san($Item->getEnchantmentsCompressed()) . "', " . "'" . mysql_san($Item->getItemTitle()) . "')"; $result = RunQuery($query, __FILE__, __LINE__); if (!$result) { echo '<p style="color: red;">Error creating item stack!</p>'; exit; } $tableRowId = mysql_insert_id(); return $tableRowId; }
protected function doQuery($WHERE = '') { global $config; $query = "SELECT " . (getVar('ajax', 'bool') ? "SQL_CALC_FOUND_ROWS " : '') . "`id`, `playerName`, `itemId`, `itemDamage`, `qty`, `enchantments`, " . "`price`, UNIX_TIMESTAMP(`created`) AS `created`, `allowBids`, `currentBid`, `currentWinner` " . "FROM `" . $config['table prefix'] . "Auctions` "; // where if (is_array($WHERE)) { $query_where = $WHERE; } else { $query_where = array(); if (!empty($WHERE)) { $query_where[] = $WHERE; } } // ajax search $sSearch = getVar('sSearch'); if (!empty($sSearch)) { $query_where[] = "(`itemTitle` LIKE '%" . mysql_san($sSearch) . "%' OR " . "`playerName` LIKE '%" . mysql_san($sSearch) . "%')"; } // build where string if (count($query_where) == 0) { $query_where = ''; } else { $query_where = 'WHERE ' . implode(' AND ', $query_where); } // ajax sorting $query_order = ''; if (isset($_GET['iSortCol_0'])) { $order_cols = array(0 => "`itemTitle`", 1 => "`playerName`", 2 => "`price`", 3 => "(`price` * `qty`)", 4 => "1", 5 => "`qty`"); $iSortingCols = getVar('iSortingCols', 'int'); for ($i = 0; $i < $iSortingCols; $i++) { $iSortCol = getVar('iSortCol_' . $i, 'int'); if (!getVar('bSortable_' . $iSortCol, 'bool')) { continue; } if (!isset($order_cols[$iSortCol])) { continue; } if (!empty($query_order)) { $query_order .= ', '; } $query_order .= $order_cols[$iSortCol] . ' ' . mysql_san(getVar('sSortDir_' . $i, 'str')); } } if (empty($query_order)) { $query_order = "`id` ASC"; } $query_order = ' ORDER BY ' . $query_order; // pagination $query_limit = ''; if (isset($_GET['iDisplayStart'])) { $start = getVar('iDisplayStart', 'int'); $length = getVar('iDisplayLength', 'int'); if ($length != -1) { $query_limit = ' LIMIT ' . (int) $start . ', ' . (int) $length; } } $query .= $query_where . $query_order . $query_limit; $this->result = RunQuery($query, __FILE__, __LINE__); }