echo '<div class="error">This pokemon is in your team,</div>';
include '_footer.php';
die;
}
if (isset($_POST['duration']) && in_array($_POST['duration'], range(0, 4))) {
$costs = array('0' => 200, '1' => 1000, '2' => 5000, '3' => 10000, '4' => 15000);
$cost = $costs[$_POST['duration']];
if (getUserMoney($uid) < $cost) {
echo '<div class="error">Not enough money.</div>';
} else {
$times = array('0' => 60 * 10, '1' => 60 * 60, '2' => 60 * 60 * 6, '3' => 60 * 60 * 24, '4' => 60 * 60 * 24 * 7);
$finishTime = time() + $times[$_POST['duration']];
$query = mysql_query("\n\t\t\tINSERT INTO `auction_pokemon`\n\t\t\t(\n\t\t\t\t`owner_id`,\n\t\t\t\t`owner_username`,\n\t\t\t\t`bidder_id`,\n\t\t\t\t`bidder_username`,\n\t\t\t\t`current_bid`,\n\t\t\t\t`name`,\n\t\t\t\t`exp`,\n\t\t\t\t`level`,\n\t\t\t\t`move1`,\n\t\t\t\t`move2`,\n\t\t\t\t`move3`,\n\t\t\t\t`move4`,\n\t\t\t\t`num_bids`,\n\t\t\t\t`gender`,\n\t\t\t\t`finish_time`\n\t\t\t) VALUES (\n\t\t\t\t'{$uid}',\n\t\t\t\t'{$sqlUsername}',\n\t\t\t\t'0',\n\t\t\t\t'',\n\t\t\t\t'1',\n\t\t\t\t'{$pokeRow['name']}',\n\t\t\t\t'{$pokeRow['exp']}',\n\t\t\t\t'{$pokeRow['level']}',\n\t\t\t\t'{$pokeRow['move1']}',\n\t\t\t\t'{$pokeRow['move2']}',\n\t\t\t\t'{$pokeRow['move3']}',\n\t\t\t\t'{$pokeRow['move4']}',\n\t\t\t\t'0',\n\t\t\t\t'{$pokeRow['gender']}',\n\t\t\t\t'{$finishTime}'\n\t\t\t)\n\t\t");
if ($query) {
mysql_query("DELETE FROM `user_pokemon` WHERE `id`='{$pid}' LIMIT 1");
updateUserMoney($uid, getUserMoney($uid) - $cost);
}
echo '<div class="notice">Your pokemon is now up for auction!</div>';
include '_footer.php';
die;
}
}
echo '
<img src="images/pokemon/' . $pokeRow['name'] . '.png" /><br />
' . $pokeRow['name'] . '<br />
Level: ' . $pokeRow['level'] . '<br />
Exp: ' . $pokeRow['exp'] . '<br />
<br /><hr /><br />
<form action="" method="post">
<h3>How long do you want the auction to last?</h3><br />
<input type="radio" name="duration" value="0" /> 10 Minutes (Cost $200)<br />
} else {
if ($amount > $userMoney) {
$message = '<div class="error">You do not have that much money!</div>';
} else {
if ($amount <= 0) {
$message = '<div class="error">The lowest amount of money you can send is $1.</div>';
} else {
if ($uni_username === $_SESSION['username']) {
$message = '<div class="error">Why would you want to send money to your self?</div>';
} else {
if (isset($_SESSION['send_money_token']) && $_SESSION['send_money_token'] != $_POST['token']) {
$message = '<div class="error">Your tokens do not match!</div>';
} else {
$recUid = mysql_fetch_assoc($query);
$recUid = $recUid['id'];
$recMoney = getUserMoney($recUid) + $amount;
$userMoney -= $amount;
$time = time();
updateUserMoney($recUid, $recMoney);
updateUserMoney($uid, $userMoney);
mysql_query("\n\t\t\tINSERT INTO `send_money_history` (\n\t\t\t\t`sender_uid`, `recipient_uid`, `sender`, `recipient`, `amount`, `timestamp`\n\t\t\t) VALUES (\n\t\t\t\t'{$uid}', '{$recUid}', '{$sqlMyUsername}', '{$sqlUsername}', '{$amount}', '{$time}'\n\t\t\t)\n\t\t");
$_SESSION['message'] = '<div class="notice">You have sent $' . $amount . ' to ' . cleanHtml($uni_username) . '.</div>';
if (isset($_GET['id'])) {
$id = (int) $_GET['id'];
redirect('send_money.php?id=' . $id);
} else {
redirect('send_money.php');
}
}
}
}
$errors = array();
$pid = (int) $_POST['pid'];
$bid = (int) $_POST['bid'];
$query = mysql_query("SELECT * FROM `auction_pokemon` WHERE `id`='{$pid}'");
if (mysql_num_rows($query) == 0) {
$errors[] = 'Auction does not exist.';
} else {
$auctionRow = mysql_fetch_assoc($query);
$time = time();
if ($auctionRow['finish_time'] < $time) {
$errors[] = 'This auction has finished.';
}
if ($bid <= $auctionRow['current_bid']) {
$errors[] = 'Your bid is too low.';
}
if (getUserMoney($uid) - $bid < 0) {
$errors[] = 'You do not have that much money!';
}
if ($uid == $auctionRow['owner_id']) {
$errors[] = 'You can not bid on your own auction!';
}
}
if (count($errors) != 0) {
echo '<div class="error">' . implode('</div><div class="error">', $errors) . '</div>';
} else {
if ($auctionRow['bidder_id'] != 0) {
$lastBid = $auctionRow['current_bid'];
$bidId = $auctionRow['bidder_id'];
mysql_query("UPDATE `users` SET `money`=`money`+{$lastBid} WHERE `id`='{$bidId}' LIMIT 1");
}
mysql_query("UPDATE `auction_pokemon` SET `bidder_id`='{$uid}', `bidder_username`='{$sqlUsername}', `current_bid`='{$bid}', `num_bids`=`num_bids`+1 WHERE `id`='{$pid}' LIMIT 1");
<?php
die;
require_once 'config.php';
require_once 'functions.php';
if (!isLoggedIn()) {
redirect('login.php');
}
$uid = (int) $_SESSION['userid'];
$userMoney = getUserMoney($uid);
switch ($_GET['type']) {
case 'shiny':
$type = 'Shiny ';
break;
case 'planet':
$type = 'Planet ';
break;
default:
$type = '';
break;
}
$defaultPrice = 5000000;
$salePokemon = array('Eevee' => 10000, 'Jolteon' => 10000, 'Gible' => 20000, 'Gothitelle' => 100000, 'Articuno' => 150000, 'Halloween Magikarp' => 150000);
if ($_GET['type'] == 'planet') {
$defaultPrice = 1000000;
$salePokemon = array('Jirachi' => $defaultPrice);
}
if ($_GET['type'] == 'shiny') {
$defaultPrice = 500000;
$salePokemon = array('Blastoise' => 200000, 'Arcanine' => 200000, 'Gyarados' => 200000, 'Latios' => 200000, 'Latias' => 550000, 'Deoxys' => 200000, 'Electivire' => 250000, 'Lickilicky' => 250000, 'Halloween Magikarp' => 200000);
}
if (!isset($_SESSION['releaseToken'][$pid])) {
echo '<div class="error">Token not set.</div>';
} else {
if ($_SESSION['releaseToken'][$pid] != $_GET['token']) {
echo '<div class="error">Tokens do not match.</div>';
} else {
echo '
<div style="text-align: center;">
<div class="notice">You have released ' . $pokeInfo['name'] . '!</div>
<img src="images/pokemon/' . $pokeInfo['name'] . '.png" alt="' . $pokeInfo['name'] . '" /><br />
<a href="view_box.php">Back to your box.</a><br /><br />
</div>
';
mysql_query("DELETE FROM `user_pokemon` WHERE `uid`='{$uid}' AND `id`='{$pid}'");
mysql_query("UPDATE `users` SET `released`=`released`+1 WHERE `id`='{$uid}'");
updateUserMoney($uid, getUserMoney($uid) + $releaseReward);
unset($_SESSION['releaseToken'][$pid]);
}
}
} else {
$token = md5(rand(1000, 5000));
$_SESSION['releaseToken'][$pid] = $token;
echo '
<p>
Are you sure you want to release ' . $pokeInfo['name'] . '?<br />
<img src="images/pokemon/' . $pokeInfo['name'] . '.png" alt="' . $pokeInfo['name'] . '" /><br />
<a href="release.php?id=' . $pid . '&token=' . $token . '&sure">Yes</a> •
<a href="view_box.php">No</a><br /><br />
</p>
';
if ($releaseReward != 0) {
