function process_post()
{
/* We switch according to the $_POST[action] variable, which is a hidden
* submit formfield in each <form>. see html/add*.txt for more information.
*/
switch ("{$_POST['action']}") {
/*
* Add new user. We wont touch that here. Let auth() handle that.
*/
case "newuser":
addNewUser();
break;
/*
* Update to the about box in profiles.
*/
/*
* Update to the about box in profiles.
*/
case "modprofile":
modProfile();
break;
/*
* Change password. We wont touch that here. Let auth() handle that.
*/
/*
* Change password. We wont touch that here. Let auth() handle that.
*/
case "changepw":
changePassword();
break;
/*
* Change email.
*/
/*
* Change email.
*/
case "changeemail":
changeEmail();
break;
/*
* Change can view preferences.
*/
/*
* Change can view preferences.
*/
case "changecanpage":
changeCanPrefs();
break;
/*
* Update API Key
*/
/*
* Update API Key
*/
case "update_api":
global $MySelf;
$api = new api($MySelf->getID());
if ($_POST[deleteKey]) {
// Delete api Key
$api->deleteApiKey();
makeNotice("Your API key has been delete from the database.", "notice", "API Key wipe success", "index.php?action=preferences");
} else {
// Update api key
$api->setApiKey($_POST[apiID], $_POST[apiKey]);
makeNotice("Your new API key has been stored.", "notice", "API Key update success", "index.php?action=preferences");
}
break;
/*
* Add a Rank
*/
/*
* Add a Rank
*/
case "addnewrank":
addRank();
break;
/*
* Edit the ranks
*/
/*
* Edit the ranks
*/
case "editranks":
editRanks();
break;
/*
* Change opt-in status.
*/
/*
* Change opt-in status.
*/
case "optIn":
toggleOptIn();
break;
/*
* Change See Inoffical Runs Setting (sir)
*/
/*
* Change See Inoffical Runs Setting (sir)
*/
case "sirchange":
sirchange();
break;
/*
* Submiting a template change form
*/
/*
* Submiting a template change form
*/
case "editTemplate":
editTemplate();
break;
/*
* Change ore value.
*/
/*
* Change ore value.
*/
case "changeore":
changeOreValue();
break;
/*
* Change ship value.
*/
/*
* Change ship value.
*/
case "changeship":
changeShipValue();
break;
/*
* Delete pending payout request
*/
/*
* Delete pending payout request
*/
case "deleteRequest":
deletePayoutRequest();
break;
/*
* Modify online time.
*/
/*
* Modify online time.
*/
case "modonlinetime":
modOnlineTime();
break;
/*
* Modify site settings.
*/
/*
* Modify site settings.
*/
case "configuration":
modConfiguration();
break;
/*
* Add an event to the DB
*/
/*
* Add an event to the DB
*/
case "addevent":
addEventToDB();
break;
/*
* Request payout.
*/
/*
* Request payout.
*/
case "requestPayout":
requestPayout();
break;
/*
* Transfer Money
*/
/*
* Transfer Money
*/
case "transferMoney":
transferMoney();
break;
/*
* Do the payouts
*/
/*
* Do the payouts
*/
case "payout":
doPayout();
break;
/*
* Create a new can in the Database.
*/
/*
* Create a new can in the Database.
*/
case "addcan":
addCanToDatabase();
break;
/*
* Admin request to change a user.
*/
/*
* Admin request to change a user.
*/
case "edituser":
editUser();
break;
/*
* AddRun
* This adds a new run to the database.
*/
/*
* AddRun
* This adds a new run to the database.
*/
case "addrun":
addRun();
break;
/*
* Analog to AddRun, just for Hauls.
*/
/*
* Analog to AddRun, just for Hauls.
*/
case "addhaul":
addHaul();
break;
/*
* Create a new transaction.
*/
/*
* Create a new transaction.
*/
case "transaction":
createTransaction();
break;
/*
* Lotto stuff
*/
/*
* Lotto stuff
*/
case "editLottoTickets":
lotto_editCreditsInDB();
break;
case "createDrawing":
lotto_createDrawing();
break;
case "lottoBuyCredits":
lotto_buyTickets();
break;
}
}
function giveMoney($userid, $amount, $itemtype = 'post', $comment_org = '', $autopm = true)
{
if ($amount == 0) {
return false;
}
global $vbulletin;
transferMoney(0, $userid, $amount, '', null, false, $autopm, KBANK_NO_TAX, true, 0, array('banklogs_itemname' => $itemtype));
if ($itemtype == 'admindonate') {
logTransfer(0, $userid, $amount, array('adminid' => $vbulletin->userinfo['userid'], 'comment' => $comment_org), $autopm);
}
}
function ap_doHistory($postid, $points, $reason)
{
if (!is_numeric($postid) or $postid <= 0) {
exit;
}
//Error free!
global $vbulletin, $vbphrase, $messages;
$more_query = array('to' => '', 'from' => '');
//Get user's profile
$user = $vbulletin->db->query_first("\n\t\tSELECT \n\t\t\tpost.userid AS userid, \n\t\t\tuser.username AS username,\n\t\t\tuser.{$vbulletin->kbank['field']} AS total, \n\t\t\tuser.usergroupid AS usergroupid,\n\t\t\tuser.membergroupids AS membergroupids,\n\t\t\tuser.displaygroupid AS displaygroupid,\n\t\t\tuser.usertitle AS usertitle,\n\t\t\tuser.customtitle AS customtitle\n\t\tFROM `" . TABLE_PREFIX . "post` AS post\n\t\tINNER JOIN `" . TABLE_PREFIX . "user` AS user ON (user.userid = post.userid)\n\t\tWHERE postid = '{$postid}';");
DEVDEBUG('[kBank Award] ap_doHistory query the database');
//Check for new usergroup moving
$newug = 0;
foreach ($vbulletin->kbank['award']['listMove2GroupIDs'] as $rule) {
$tmp = explode(':', $rule);
$result_tmp = 12345;
@eval('$result_tmp = (' . ($user['total'] + $points) . $tmp[0] . ');');
if ($result_tmp !== 12345) {
if ($result_tmp !== true and $result_tmp !== false) {
$result_tmp = 12345;
@eval('$result_tmp = (' . ($user['total'] + $points) . '<' . $tmp[0] . ');');
if ($result_tmp === 12345 or $result_tmp !== true or $result_tmp !== false) {
$result_tmp = false;
}
}
} else {
$result_tmp = false;
}
if ($result_tmp) {
$newug = $tmp[1];
}
}
if ($newug != 0 and !is_member_of($user, $vbulletin->kbank['award']['permCanRemoveGroupIDs']) and !is_member_of($user, $newug)) {
$more_query['to'] .= " ,usergroupid = {$newug}";
} else {
$newug = 0;
}
//Done with finding new usergroup
//Add ban record if needed (if new group is a ban group)
if ($newug) {
//Find 'is ban group' groups
$querygroups = array();
foreach ($vbulletin->usergroupcache as $usergroupid => $usergroup) {
if (!($usergroup['genericoptions'] & $vbulletin->bf_ugp_genericoptions['isnotbannedgroup'])) {
$querygroups[] = $usergroupid;
}
}
if (in_array($newug, $querygroups)) {
$adminid = $vbulletin->userinfo['userid'];
if (!$vbulletin->db->query_first("\n\t\t\t\t\tSELECT * FROM `" . TABLE_PREFIX . "userban`\n\t\t\t\t\tWHERE userid = {$user['userid']}\n\t\t\t\t")) {
$vbulletin->db->query("\n\t\t\t\t\tINSERT INTO `" . TABLE_PREFIX . "userban`\n\t\t\t\t\t(userid, usergroupid, displaygroupid, usertitle, customtitle, adminid, bandate, liftdate, reason)\n\t\t\t\t\tVALUES (\n\t\t\t\t\t\t{$user['userid']}\n\t\t\t\t\t\t,{$user['usergroupid']}\n\t\t\t\t\t\t,{$user['displaygroupid']}\n\t\t\t\t\t\t,'{$user['usertitle']}'\n\t\t\t\t\t\t,{$user['customtitle']}\n\t\t\t\t\t\t,{$adminid}\n\t\t\t\t\t\t," . TIMENOW . "\n\t\t\t\t\t\t,0\n\t\t\t\t\t\t,'{$vbphrase['kbank_award_bank_rupted']}'\n\t\t\t\t\t);");
DEVDEBUG('[kBank Award] ap_doHistory query the database 2 times');
}
$more_query['to'] .= " ,usertitle = '{$vbphrase['kbank_award_bank_rupted']}'";
}
}
//Adjust counter
$more_query['to'] .= iif($reason != AWARD_REMOVE, " ,{$vbulletin->kbank['award']['awardedtimes']} = {$vbulletin->kbank['award']['awardedtimes']} + 1", " ,{$vbulletin->kbank['award']['awardedtimes']} = {$vbulletin->kbank['award']['awardedtimes']} - 1") . " ,{$vbulletin->kbank['award']['awardedamount']} = {$vbulletin->kbank['award']['awardedamount']} + {$points}";
//Specified itemname for banklogs
$more_query['banklogs'] = array('itemname' => 'post');
//Update database
$result = transferMoney(0, $user['userid'], $points, array('adminid' => $vbulletin->userinfo['userid'], 'comment' => $reason), null, true, false, KBANK_NO_TAX, false, $postid, $more_query);
//Send PM to user (if action done successfully)
if ($result === true and $vbulletin->kbank['award']['sendPM']) {
//build title,message
$url = $vbulletin->options['bburl'];
if ($reason != AWARD_REMOVE) {
$title = $vbphrase['kbank_award_PM_title'];
$text = construct_phrase($vbphrase['kbank_award_PM_text'], "{$url}/showthread.php?p={$postid}", $points, $reason, "{$url}/member.php?u={$vbulletin->userinfo['userid']}", $vbulletin->userinfo['username'], $vbulletin->kbank['name']);
} else {
$title = $vbphrase['kbank_award_PM_title_deleted'];
$text = construct_phrase($vbphrase['kbank_award_PM_text_deleted'], "{$url}/showthread.php?p={$postid}", "{$url}/member.php?u={$vbulletin->userinfo['userid']}", $vbulletin->userinfo['username']);
}
if ($newug != 0) {
$text .= construct_phrase($vbphrase['kbank_award_usergroup_moved'], $newug);
$messages[] = construct_phrase($vbphrase['kbank_award_usergroup_moved_for_admin'], $newug, $user['username']);
}
$result = kbank_sendPM($vbulletin->userinfo, $user, $title, $text, false);
}
return $result;
}
$errors[$itemid][] = KBANK_ERROR_NO_PERM;
continue;
}
$need2update['warningitem'] = true;
}
$taxrate = false;
if ($item['userid'] == 0) {
$taxrate = KBANK_NO_TAX;
} else {
if ($item['userid'] and $to = $vbulletin->db->query_first("\n\t\t\t\tSELECT username, usergroupid, membergroupids\n\t\t\t\tFROM `" . TABLE_PREFIX . "user`\n\t\t\t\tWHERE userid = {$item['userid']}\n\t\t\t") and havePerm($to, KBANK_PERM_COMPANY, true)) {
//Seller is a Company, apply Item Tax
$taxrate = $vbulletin->kbank['ItemTax'];
//If not, apply tax as normal Donate Tax
}
}
$result = transferMoney($userinfo['userid'], $item['userid'], $item['price'], "buy_item_{$item['itemid']}", $userinfo[$vbulletin->kbank['field']], true, false, $taxrate, false, 0, array('banklogs_itemname' => iif($item['userid'] == 0, 'items', 'other')));
if ($result === true) {
if ($to) {
//send PM
$myitems_links = $vbulletin->options['bburl'] . '/' . $vbulletin->kbank['phpfile'] . '?do=myitems';
$from = $userinfo;
$message = construct_phrase($vbphrase['kbank_buy_pm_message'], $item['name'], $item['price'], $userinfo['username'], $myitems_link);
$subject = $vbphrase['kbank_buy_pm_subject'];
$pm_result = kbank_sendPM($from, $to, $subject, $message, false);
if ($pm_result !== true) {
$errors[$itemid][] = $pm_result;
}
}
} else {
$errors[$itemid][] = $result;
continue;
function doAction($action)
{
global $vbulletin, $vbphrase, $userinfo;
//to be override
if (!$userinfo) {
$userinfo =& $vbulletin->userinfo;
}
if ($action == 'buy') {
if ($olditem = $vbulletin->db->query_first("\n\t\t\t\t\tSELECT *\n\t\t\t\t\tFROM `" . TABLE_PREFIX . "kbank_items`\n\t\t\t\t\tWHERE type = {$this->data['type']}\n\t\t\t\t\t\tAND userid = {$userinfo['userid']}\n\t\t\t\t\t\tAND (status > " . KBANK_ITEM_AVAILABLE . "\n\t\t\t\t\t\t\tOR status = " . KBANK_ITEM_DELETED . ")\n\t\t\t\t\tORDER BY create_time DESC\n\t\t\t\t\tLIMIT 1\n\t\t\t\t")) {
//Search for an old item with same itemtype have been used/enabled or even deleted
$options = unserialize($olditem['options']);
if (is_array($options)) {
foreach ($options as $key => $value) {
if (!in_array($key, array('duration', 'bids', 'expire_time_bidding', 'approved', 'edit_time')) and !isset($this->data['options'][$key])) {
$this->data['options'][$key] = $value;
}
}
}
$this->data['options']['enabled'] = null;
}
if (isset($this->data['options']['sold_counter'])) {
$this->data['options']['sold_counter'] = null;
//clear sold counter
}
if (isset($this->data['options']['receiver'])) {
$this->data['options']['receiver'] = null;
//clear receiver
}
if (is_array($this->data['options'])) {
$this->data['options'] = serialize($this->data['options']);
}
$this->data['status'] = KBANK_ITEM_AVAILABLE;
//IMPORTANT!
$this->data['userid'] = $userinfo['userid'];
//IMPORTANT!
}
if ($action == 'bid') {
//This action change database directly
//Permission checking
if ($this->data['status'] != KBANK_ITEM_BIDDING or !havePerm($userinfo, KBANK_PERM_COMPANY, true) or $this->data['expire_time'] < TIMENOW) {
return KBANK_ERROR_NO_PERM;
}
$bid = $vbulletin->GPC['bid'][$this->data['itemid']];
$highestBid = $this->highestBid();
if ($bid <= $this->data['price']) {
//User place bid lower than what we have got
if ($bid == $this->data['price'] and !count($highestBid)) {
//if this is the first, he/she can bid with amount of default bid
} else {
return fetch_error('kbank_item_bid_lower', vb_number_format($this->data['price'], $vbulletin->kbank['roundup']), $vbulletin->kbank['name']);
}
}
if (count($highestBid) and $bid - $highestBid['bid'] < $vbulletin->kbank['bidStep']) {
return fetch_error('kbank_item_bid_step', vb_number_format($highestBid['bid'], $vbulletin->kbank['roundup']), vb_number_format($vbulletin->kbank['bidStep'], $vbulletin->kbank['roundup']), $vbulletin->kbank['name']);
}
if (!isset($this->data['options']['bids'])) {
$this->data['options']['bids'] = array();
}
//Calculating bidding-fee
$paid = 0;
$fee = calcTransferTax($bid, $vbulletin->kbank['ItemBidFee']);
foreach ($this->data['options']['bids'] as $record) {
if ($record['userid'] == $userinfo['userid']) {
$paid += $record['paid'];
}
}
$need2paid = $fee - $paid;
$result = transferMoney($userinfo['userid'], $this->data['userid'], $need2paid, 'bid_' . $this->data['itemid'], $userinfo[$vbulletin->kbank['field']], true, false, KBANK_NO_TAX, false, 0, array('banklogs_itemname' => iif($this->data['userid'] == 0, 'items', 'other')));
if ($result !== true) {
return $result;
}
$this->data['options']['bids'][] = array('userid' => $userinfo['userid'], 'username' => $userinfo['username'], 'bid' => $bid, 'bid_time' => TIMENOW, 'paid' => $need2paid);
$item_new = array('price' => $bid, 'options' => serialize($this->data['options']));
//Do database change
$vbulletin->db->query_write(fetch_query_sql($item_new, 'kbank_items', "WHERE itemid = {$this->data[itemid]}"));
//updateWarningItem(); - done by main script
return true;
}
if ($action == 'bid_expired') {
//Bidding expired
//Permission check - for safe
if ($this->data['status'] == KBANK_ITEM_BIDDING and $this->data['expire_time'] < TIMENOW) {
if (($vbulletin->kbank['BidWinnerBuyAfter'] === false or TIMENOW < $this->data['expire_time'] + $vbulletin->kbank['BidWinnerBuyAfter']) and count($this->highestBid())) {
//If there is a highest bid we will specified receiver!
$this->data['options']['receiver'] = array($this->highestBid());
}
$this->data['status'] = KBANK_ITEM_SELLING;
if ($this->data['options']['expire_time_bidding'] > 0) {
$this->data['expire_time'] = $this->data['expire_time'] + $this->data['options']['expire_time_bidding'];
} else {
$this->data['expire_time'] = $this->data['options']['expire_time_bidding'];
}
//We have to update old info
$this->getExtraInfoReceiver();
$this->getExtraInfoExpire();
} else {
return false;
}
}
if ($action == 'approve') {
//This action change database directly
$kBankAdmin =& $vbulletin->userinfo;
//One more permission check - just for safe
if (THIS_SCRIPT != 'kbankadmin' or !havePerm($kBankAdmin, KBANK_PERM_ADMIN) or $this->data['status'] != KBANK_ITEM_PENDING) {
print_stop_message('kbank_no_permission');
}
if (isset($this->data['options']['approved'][$kBankAdmin['userid']])) {
$do_approved = false;
} else {
$do_approved = true;
$this->data['options']['approved'][$kBankAdmin['userid']] = $kBankAdmin['username'];
}
$approved = array();
foreach ($this->data['options']['approved'] as $userid => $username) {
if (in_array($userid, $vbulletin->kbank['AdminIDs']) and !in_array($userid, $approved)) {
$approved[] = $userid;
}
}
if (count($approved) >= $vbulletin->kbank['requestApproval'] or count($approved) == count($vbulletin->kbank['AdminIDs'])) {
//Great! Approved
$item_new = array('status' => $this->data['options']['status_pending'], 'options' => serialize($this->data['options']));
} else {
if ($do_approved) {
//Okay but we need more
$item_new = array('options' => serialize($this->data['options']));
}
}
if ($item_new) {
//Do database change
$vbulletin->db->query_write(fetch_query_sql($item_new, 'kbank_items', "WHERE itemid = {$this->data[itemid]}"));
}
logkBankAction('admin_item_approve', $this->data['itemid']);
updateWarningItem();
define('CP_REDIRECT', 'kbankadmin.php?do=item_man');
print_stop_message('kbank_item_approved');
}
return true;
}