if($_GET['noheader']==1) {
header('Location: /history.php');
}else{
header('Location: users.php');
}
exit();
}
if(array_get($_GET, 'noheader')==1) {
page_header(0);
}else{
page_header();
}
$db=new DBConnection();
$userDetails=$db->getRow('users','user_account_num="'.$_GET['uid'].'"','user_email, user_firstname, user_lastname, user_username, user_account_num, user_balance');
if(isset($_GET['buyref'])) {
$query='SELECT mail_templates_id FROM mail_templates mt LEFT JOIN global_settings gs ON mt.mail_templates_id=gs.variable_value WHERE variable="Buy Confirmation"';
$res=$db->rq($query);
$num_rows=$db->num_rows($res);
if($num_rows>0) {
$row=$db->fetch($res);
$_POST['mail_templates_id']=$row['mail_templates_id'];
}
}elseif(isset($_GET['sellref'])) {
$query='SELECT mail_templates_id FROM mail_templates mt LEFT JOIN global_settings gs ON mt.mail_templates_id=gs.variable_value WHERE variable="Sell Confirmation"';
$res=$db->rq($query);
$num_rows=$db->num_rows($res);
if($num_rows>0) {
$row=$db->fetch($res);
$_POST['mail_templates_id']=$row['mail_templates_id'];
$query='UPDATE stock_trades SET trade_shares_left=0, trade_status=4 WHERE trades_id='.($row['trades_id']+0).'';
$db->rq($query);
}
if ($_POST['trade_status']==1){
$fixPostValue=str_replace(',', '', $_POST['trade_invoiced']);
$query='UPDATE users SET user_balance=(user_balance+'.($fixPostValue+0).'), user_lastupdate="'.date('Y-m-d H:i:s', CUSTOMTIME).'" WHERE user_account_num="'.$_POST['user_account_num'].'"';
$db->rq($query);
}
$query='INSERT INTO trades_related SET trade_ref='.($tradeRef+0).', trade_ref_relatedto='.($row['trade_ref']+0).'';
$db->rq($query);
$link='sellref='.$tradeRef;
$uDetails=$db->getRow('users','user_account_num="'.$_POST['user_account_num'].'"','user_firstname, user_lastname, user_account_num');
addLog('Back-end','Stock Trades',''.$uDetails['user_firstname'].' '.$uDetails['user_lastname'].' ('.$uDetails['user_account_num'].')',''.$_SESSION['admin']['name'].' ('.$_SESSION['admin']['refnum'].')','Sell added '.($tradeRef+0).' ('.$tradesSellStatuses[$_POST['trade_status']].')');
}else{
//EDIT SELL ORDER
$mysql_fields='';
$mysql_fields.='user_account_num="'.($row['user_account_num']+0).'", ';
$mysql_fields.='trade_shares="'.$_POST['trade_shares'].'", ';
$mysql_fields.='trade_shares_left="'.$_POST['trade_shares'].'", ';
$mysql_fields.='trade_details="'.$_POST['trade_details'].'", ';
$mysql_fields.='trade_price_share="'.str_replace(',', '', $_POST['trade_price_share']).'", ';
$mysql_fields.='trade_value="'.str_replace(',', '', $_POST['trade_value']).'", ';
$mysql_fields.='trade_fees="'.str_replace(',', '', $_POST['trade_fees']).'", ';
$mysql_fields.='trade_invoiced="'.str_replace(',', '', $_POST['trade_invoiced']).'", ';
$mysql_fields.='trade_date="'.$_POST['trade_date'].'", ';
$mysql_fields.='trade_status="'.$_POST['trade_status'].'", ';
function addNewTradeSell($tradesSell_id=0) {
$db=new DBConnection();
if ($tradesSell_id&&!$_POST['_form_submit']){
$query='SELECT * FROM trades WHERE trade_ref="'.$tradesSell_id.'"';
$res=$db->rq($query);
$_POST=$db->fetch($res);
$_SESSION['admin']['uedit']=$_POST['trades_id'];
}
$JSCripts=' onchange="setDetails(0);"';
$JSCriptsPremium=' onchange="setDetails(1);"';
if ($_POST['trade_date']=='') $_POST['trade_date']=date('Y-m-d', CUSTOMTIME);
global $tradesSellStatuses;
global $tradesBuyOptions;
$pcontent='';
$pcontent.='
<div class="mainHolder">
<div class="hintHolder ui-state-default"><b>'.(($_GET['action']=='new_sell')?'Adding new':'Editing').' SELL Order</b></div>
<script type="text/javascript" src="../js/jquery.metadata.js"></script>
<script type="text/javascript" src="../js/jquery.validate.js"></script>
<script type="text/javascript" src="js/forms/tradesSell.js"></script>
<script type="text/javascript">
jQuery(document).ready(
function($) {
var sliderValue = '.$_POST['trade_positions_left'].';
$("#slider").slider( {
min : 1,
max : '.$_POST['trade_positions_left'].',
step : 1,
value : [ sliderValue ],
slide : function(event, ui) {
$("#sliderVal").val(ui.value);
}
});
$("#sliderVal").attr("value", sliderValue);
$("#sliderVal").keyup(function() {
var sliderValue = +this.value;
if (sliderValue >= 1 && sliderValue <= '.$_POST['trade_positions_left'].') {
$("#slider").slider("value", sliderValue);
} else {
alert("Please enter a value between 1 and '.$_POST['trade_positions_left'].'");
$("#slider").slider("value", 1);
$("#sliderVal").attr("value", 1);
}
});
$("#slider, #sliderVal").bind("mousedown mouseup mousemove mouseout mouseover", function() {
setDetails();
});
setDetails();
});
</script>
<form name="addNewTradeBuy" method="POST" id="MainForms" action="">
<div class="left">
<fieldset class="mainFormHolder left">
<legend>Account</legend>
<div class="formsRight">
<select name="user_account_num" id="user_account_num" class="text-input-big" title="Please select user account!" validate="required:true">';
$query='SELECT user_account_num, user_firstname, user_lastname, user_balance FROM users WHERE user_account_num="'.$_POST['user_account_num'].'" LIMIT 1';
$res=$db->rq($query);
while (($row=$db->fetch($res))!=FALSE){
$pcontent.='<option value="'.$row['user_account_num'].'">'.$row['user_account_num'].' ('.$row['user_firstname'].' '.$row['user_lastname'].', $'.$row['user_balance'].')</option>';
}
$pcontent.='
</select>
</div>
</fieldset>
<div class="clear"></div>
<fieldset class="mainFormHolder left">
<legend>Contract</legend>
<div class="formsLeft">Trade Order:</div>
<div class="formsRight">SELL</div>
<br />
<div class="formsLeft">Position(s):</div>
<div class="formsRight">
<div id="slider"><a href="#"></a></div> <input type="text" class="text-input-smallest left" id="sliderVal" name="trade_positions"'.$JSCripts.' />
</div>
<br /><br />
<div class="formsLeft">Option:</div>
<div class="formsRight"><input class="text-input ui-state-default" type="text" name="trade_option" id="trade_option" value="'.$tradesBuyOptions[$_POST['trade_option']].'"></div>
<br />
<div class="formsLeft">Commodity:</div>
<div class="formsRight">';
$query='SELECT * FROM commodities WHERE commodities_id='.($_POST['commodities_id']+0).' LIMIT 1';
$res=$db->rq($query);
$row=$db->fetch($res);
$strToUse=strtotime($_POST['trade_expiry_date']);
$pcontent.='
<input class="text-input ui-state-default" type="text" name="commodities_id" id="commodities_id" value="'.$row['commodities_symbol'].' ('.$row['commodities_name'].')">
</div>
<br />
<div class="formsLeft">Expiry Date:</div>
<div class="formsRight">
<div class="formsRight"><input class="text-input ui-state-default" type="text" name="trade_expiry_date" id="trade_expiry_date" value="'.date('d M y', $strToUse).'"></div>
</div>
<br />
<div class="formsLeft">Strike Price:</div>
<div class="formsRight">
<input class="text-input align-right" type="text" name="trade_strikeprice" id="trade_strikeprice" value="'.$_POST['trade_strikeprice'].'"'.$JSCripts.' />
</div><br />
<div class="formsLeft">Notes:</div>
<div class="formsRight">
<input type="text" class="text-input left" name="trade_notes" value="'.$_POST['trade_notes'].'"'.$JSCripts.' />
</div>
</fieldset>
<div class="clear"></div>
<fieldset class="mainFormHolder left">
<legend>Trade Details</legend>
<input class="ui-state-default trade-details" type="text" name="trade_details" id="trade_details" value="'.(($_POST['trade_details']!='')?''.$_POST['trade_details'].'':'BUY').'" readonly />
</fieldset>
<div class="clear"></div>';
$totalRelated=0;
$query2='SELECT trade_ref_relatedto FROM trades_related WHERE trade_ref="'.$_POST['trade_ref'].'"';
$res2=$db->rq($query2);
$totalRelated=$db->num_rows($res2);
if ($totalRelated>0){
$row2=$db->fetch($res2);
$getRelatedInfo=$db->getRow('trades','trade_ref="'.$row2['trade_ref_relatedto'].'"','trade_ref, trade_details');
$pcontent.='
<fieldset class="mainFormHolder left">
<legend>Related Trades</legend><br />
<div class="ui-state-default trade-details"><a href="trades.php?action=edit_buy&tref='.$getRelatedInfo['trade_ref'].'" style="display:block;">'.$getRelatedInfo['trade_details'].'</a></div><br />
</fieldset>';
}
$pcontent.='
</div>
<div class="left">
<fieldset class="mainFormHolder left">
<legend>Prices</legend>
<div class="formsLeft">Premium:</div>
<div class="formsRight">
<input class="text-input align-right" type="text" name="trade_premium_price" id="trade_premium_price" value="'.$_POST['trade_premium_price'].'"'.$JSCriptsPremium.' />
</div>
<br />
<div class="formsLeft">Contract Size:</div>
<div class="formsRight">
<input class="text-input align-right ui-state-default" type="text" name="trade_contract_size" id="trade_contract_size" value="'.$_POST['trade_contract_size'].'" readonly />
</div>
<br />
<div class="formsLeft">Price/contract:</div>
<div class="formsRight">
<input class="text-input align-right" type="text" name="trade_price_contract" id="trade_price_contract" value="'.$_POST['trade_price_contract'].'"'.$JSCripts.' />
</div>
<br />
<div class="formsLeft">Trade Value:</div>
<div class="formsRight">
<input class="text-input align-right ui-state-default" type="text" name="trade_value" id="trade_value" value="'.$_POST['trade_value'].'" readonly />
</div>
<br />
<div class="formsLeft">Fees:</div>
<div class="formsRight">
<input class="text-input align-right" type="text" name="trade_fees" id="trade_fees" value="'.$_POST['trade_fees'].'"'.$JSCripts.' />
</div>
<br />
<div class="formsLeft">Total Invoiced:</div>
<div class="formsRight">
<input class="text-input align-right ui-state-default" type="text" name="trade_invoiced" id="trade_invoiced" value="'.$_POST['trade_invoiced'].'" />
</div>
</fieldset>
<div class="clear"></div>
<fieldset class="mainFormHolder left">
<legend>Settings</legend>
<div class="formsLeft">Value date:</div>
<div class="formsRight"><input class="text-input" type="text" name="trade_date" id="trade_date" value="'.$_POST['trade_date'].'" /></div>
<br />
<div class="formsLeft">Status:</div>
<div class="formsRight">
<select name="trade_status" class="text-input">';
foreach ($tradesSellStatuses as $StatusID=>$StatusName){
$pcontent.='<option value="'.$StatusID.'"'.(($StatusID==$_POST['trade_status'])?' selected':'').'>'.$StatusName.'</option>';
}
$pcontent.='
</select>
</div>
</fieldset>
<div class="clear"></div>
<div class="mainFormHolder left btnsHolder">
<input type="hidden" name="_form_submit" value="1" />
<input type="hidden" name="_add_sell" value="1" />
<input type="hidden" name="trid" value="'.$tradesSell_id.'">
<input type="submit" name="_submit" value="'.getLang('sform_savebtn').'" class="submitBtn ui-state-default" />
<input type="button" name="_delete" value="'.getLang('sform_delbtn').'" class="submitBtn ui-state-default" onclick="if(confirm(\'Are you sure you want to delete this SELL?\')) location=\'?action=delete_sell&sellid='.($_POST['trade_ref']).'\';" />
<input type="button" name="_cancel" value="'.getLang('sform_backbtn').'" class="submitBtn ui-state-default" onclick="location=\'trades.php\';" />
</div>
</div>
</form>
</div>';
$db->close();
return $pcontent;
}
exit();
}else {
$page_content=addNewUser($_GET['uid']);
}
break;
case 'delete' :
if($_SESSION['admin']['is_logged']==1) {
$exp="/[^a-zA-Z0-9]/i";
$check=preg_match($exp, $_GET['uid']);
if(($check+0)==1) {
header('Location: users.php');
exit();
}
$db=new DBConnection();
$uDetails=$db->getRow('users','user_uid="'.$_GET['uid'].'"','user_firstname, user_lastname, user_account_num');
$query='SELECT * FROM trades WHERE user_account_num="'.$uDetails['user_account_num'].'"';
$res=$db->rq($query);
$num_rows=$db->num_rows($res);
if($num_rows>0) {
while(($row=$db->fetch($res)) != FALSE) {
$query2='DELETE FROM trades_related WHERE trade_ref="'.$row['trade_ref'].'" OR trade_ref_relatedto="'.$row['trade_ref'].'"';
$db->rq($query2);
}
}
$query='DELETE FROM trades WHERE user_account_num="'.$uDetails['user_account_num'].'"';
$db->rq($query);
$query='DELETE FROM transfers WHERE user_account_num="'.$uDetails['user_account_num'].'"';
$db->rq($query);
exit();
}else{
$page_content=addNewWithdraw($_GET['ref']);
}
break;
case 'delete_withdraw' :
if ($_SESSION['admin']['is_logged']==1){
$exp="/[^a-zA-Z0-9]/i";
$check=preg_match($exp, $_GET['wtrid']);
if (($check+0)==1){
header('Location: transfers.php');
exit();
}
$db=new DBConnection();
$getCurrentData=$db->getRow('transfers', 'tr_ref="'.$_GET['wtrid'].'"');
/*** FIX USERS's BALANCE IF CURRENT STATUS IS TRANSFERED ***/
if ($getCurrentData['tr_status']==1){ // if new status is Transfered
$query='UPDATE users SET user_balance=(user_balance+'.($getCurrentData['tr_total']+0).'), user_lastupdate="'.date('Y-m-d H:i:s', CUSTOMTIME).'" WHERE user_account_num="'.$getCurrentData['user_account_num'].'"';
$db->rq($query);
}
$query='DELETE FROM transfers WHERE tr_ref="'.$_GET['wtrid'].'"';
$db->rq($query);
global $depositOptions;
$uDetails=$db->getRow('users','user_account_num="'.$getCurrentData['user_account_num'].'"','user_firstname, user_lastname, user_account_num');
addLog('Back-end','Transfers',''.$uDetails['user_firstname'].' '.$uDetails['user_lastname'].' ('.$uDetails['user_account_num'].')',''.$_SESSION['admin']['name'].' ('.$_SESSION['admin']['refnum'].')','Withdraw deleted '.($_GET['wtrid']+0).' ('.$depositOptions[$getCurrentData['tr_status']].')');
$db->close();
$cmd='';
}
if (isset($_POST['_back'])) $cmd='';
$page_content='';
switch ($cmd) {
case 'new':
$page_content=addNewCommodityGroup();
break;
case 'edit':
$page_content=addNewCommodityGroup($_GET['cgid']+0);
break;
case 'delete' :
if($_SESSION['admin']['is_logged']==1) {
$db=new DBConnection();
$currentInfo=$db->getRow('commodities_groups','commodities_groups_id='.($_GET['cgid']+0).'');
$query='DELETE FROM commodities_groups WHERE commodities_groups_id='.($_GET['cgid']+0);
$db->rq($query);
addLog('Back-end','Back-end Settings, Commodities - groups',0,''.$_SESSION['admin']['name'].' ('.$_SESSION['admin']['refnum'].')','Commodity group deleted ('.$currentInfo['commodities_groups_name'].')');
$db->close();
header('Location: commodities_groups.php');
exit();
}
break;
default :
$page_content=listCommoditiesGroup();
break;
}
$cmd='';
}
if (isset($_POST['_back'])) $cmd='';
$page_content='';
switch ($cmd) {
case 'new':
$page_content=addNewExpDate();
break;
case 'edit':
$page_content=addNewExpDate($_GET['edid']+0);
break;
case 'delete' :
if($_SESSION['admin']['is_logged']==1) {
$db=new DBConnection();
$currentInfo=$db->getRow('expiry_dates','expiry_dates_id='.($_GET['edid']+0).'');
$query='DELETE FROM expiry_dates WHERE expiry_dates_id='.($_GET['edid']+0);
$db->rq($query);
addLog('Back-end','Back-end Settings, Commodities - exp. dates',0,''.$_SESSION['admin']['name'].' ('.$_SESSION['admin']['refnum'].')','Commodity expiry date deleted ('.$currentInfo['expiry_date'].')');
$db->close();
header('Location: expiry_dates.php');
exit();
}
break;
default :
$page_content=listExpDates();
break;
}
function addNewValue($details_id=0) {
$JSCripts=' onchange="setDetails();"';
$db=new DBConnection();
$pcontent='';
$pcontent.='
<div class="mainHolder">
<div class="hintHolder ui-state-default"><b>Adding New Stock Values</b></div>
<script type="text/javascript" src="../js/jquery.validate.js"></script>
<script type="text/javascript" src="js/forms/stockValues.js"></script>
<form name="addNewStockValue" method="POST" id="MainForms" action="">';
$query='SELECT * FROM stocks ORDER BY stocks_name ASC';
$res=$db->rq($query);
$num = 1;
$pcontent.='<div class="left">';
while (($row=$db->fetch($res))!=FALSE){
if($details_id > 0) {
$details_id = $db->string_escape($details_id);
$curval = $db->getRow('stock_details','stocks_id="'.$row['stocks_id'].'" AND details_ref="'.$details_id.'"','value, volume, date');
} else {
$curval = $db->getRow('stock_details','stocks_id="'.$row['stocks_id'].'" ORDER BY date DESC','value, volume');
}
if($curval){
$date = array_get($curval, 'date');
$pcontent.='<fieldset class="mainFormHolder">
<legend>Share</legend>
<div class="formsLeft">Share:</div>
<div class="formsRight">
<select name="stocks_id_'.$num.'" id="stocks_id_'.$num.'" class="text-input">';
$pcontent.='<option value="'.$row['stocks_id'].'">'.$row['stocks_symbol'].' ('.$row['stocks_name'].')</option>';
$pcontent.='
</select>
</div><br />
<div class="formsLeft">Value:</div>
<div class="formsRight">
<input class="required text-input align-right" type="text" name="value_'.$num.'" id="value_'.$num.'" value="'.$curval['value'].'"'.$JSCripts.' />
</div>
<br />
<div class="formsLeft">Volume:</div>
<div class="formsRight">
<input class="text-input align-right" type="text" name="volume_'.$num.'" id="volume_'.$num.'" value="'.$curval['volume'].'"'.$JSCripts.' />
</div><br />
</fieldset>';
}
$num++;
}
$pcontent.='</div><div class="left"><fieldset class="mainFormHolder">
<legend>Date</legend>
<div class="formsLeft">Value date:</div>
<div class="formsRight"><input class="text-input" type="text" name="date_value" id="date_value" value="'.$date.'" /></div>
<br />';
if($details_id) {
$pcontent.='<input type="hidden" name="trade_ref" value="'.$details_id.'" />';
$pcontent.='<input type="button" name="_delete" value="'.getLang('sform_delbtn').'" class="submitBtn ui-state-default" onclick="if(confirm(\'Are you sure you want to delete the values from this date?\')) location=\'?action=delete_values&sid='.($details_id).'\';" />';
}
$pcontent.='<input type="hidden" name="_form_submit" value="1" />
<input type="hidden" name="_new_value" value="1" />
<input type="submit" name="_submit" value="'.getLang('sform_savebtn').'" class="submitBtn ui-state-default" />
';
$pcontent.='
<input type="button" name="_cancel" value="'.getLang('sform_backbtn').'" class="submitBtn ui-state-default" onclick="location=\'stocks.php\';" />
</fieldset></div>
</form>
</div>';
return $pcontent;
}
}
$db=new DBConnection();
$query='SELECT * FROM stock_trades WHERE trade_ref="'.($_GET['sellid']+0).'"';
$res=$db->rq($query);
$row=$db->fetch($res);
$query2='SELECT * FROM trades_related WHERE trade_ref="'.($_GET['sellid']+0).'"';
$res2=$db->rq($query2);
$row2=$db->fetch($res2);
$query3='UPDATE stock_trades SET trade_shares_left=(trade_shares_left+'.($row['trade_shares']+0).')
WHERE trade_ref="'.$row2['trade_ref_relatedto'].'"';
$db->rq($query3);
$checkPositions=$db->getRow('stock_trades','trade_ref="'.$row2['trade_ref_relatedto'].'"','trade_shares_left');
if($checkPositions['trade_shares_left']>0) {
$query4='UPDATE stock_trades SET trade_status=1 WHERE trade_ref="'.$row2['trade_ref_relatedto'].'"';
$db->rq($query4);
}
if ($row['trade_type']==2&&$row['trade_status']==1){
$query='UPDATE users SET user_balance=(user_balance-'.($row['trade_invoiced']+0).'), user_lastupdate="'.date('Y-m-d H:i:s', CUSTOMTIME).'" WHERE user_account_num="'.$row['user_account_num'].'"';
$db->rq($query);
}
$query='DELETE FROM trades_related WHERE trade_ref="'.$_GET['sellid'].'"';
$db->rq($query);
$query='DELETE FROM stock_trades WHERE trade_ref="'.$_GET['sellid'].'"';
$db->rq($query);
$page_content=addNewAdvisor();
break;
case 'edit' :
if ($_GET['ref']!=''&&($_GET['advid']+0)==0){
$db=new DBConnection();
$query='SELECT users_advisors_id FROM users_advisors WHERE advisor_ref="'.$db->string_escape($_GET['ref']).'" LIMIT 1';
$res=$db->rq($query);
$row=$db->fetch($res);
$_GET['advid']=($row['users_advisors_id']+0);
}
$page_content=addNewAdvisor($_GET['advid']+0);
break;
case 'delete' :
if ($_SESSION['admin']['is_logged']==1){
$db=new DBConnection();
$getCurrentData=$db->getRow('users_advisors', 'users_advisors_id="'.$_GET['advid'].'"');
$query='DELETE FROM users_advisors WHERE users_advisors_id='.($_GET['advid']+0);
$db->rq($query);
addLog('Back-end','Advisors',''.$getCurrentData['advisor_names'].' ('.$getCurrentData['advisor_ref'].')',''.$_SESSION['admin']['name'].' ('.$_SESSION['admin']['refnum'].')','Advisor deleted');
$db->close();
header('Location: users_advisors.php');
exit();
}
break;
default :
$page_content=listAdvisors();
break;
}
break;
case 'edit' :
if (isset($_GET['username']) && array_get($_GET, 'aid', 0) == 0){
$db = new DBConnection();
$query = 'SELECT id FROM ul_logins WHERE username="******" LIMIT 1';
$res = $db->rq($query);
$row = $db->fetch($res);
$_GET['aid'] = $row['id'];
}
$page_content = addNewAdmin($_GET['aid']+0);
break;
case 'delete' :
if (isAppLoggedIn()){
$db = new DBConnection();
$currentData = $db->getRow('ul_logins', 'id='.($_GET['aid']+0).'');
$ulogin->DeleteUser($_GET['aid']);
addLog('Back-end','Back-end users',''.$currentData['name'].' ('.$currentData['ref'].')',''.$_SESSION['admin']['name'].' ('.$_SESSION['admin']['refnum'].')','Admin deleted');
$db->close();
header('Location: users_admins.php');
exit();
}
break;
default :
$page_content = listAdmins();
break;
}
global $tradesBuyOptions;
if (!$_POST['tref']){
$tradeRef=hexdec(substr(uniqid(''), 0, 10))-81208208208;
$query='INSERT INTO stock_trades SET '.$mysql_fields.', trade_shares_left='.($_POST['trade_shares']+0).', trade_type=4, trades_id="'.NID.'", trade_ref='.($tradeRef+0); //.', trade_date="'.date('Y-m-d H:i:s', CUSTOMTIME).'"'
$db->rq($query);
if ($_POST['trade_status']==1){
$fixPostValue=str_replace(',', '', $_POST['trade_invoiced']);
$query='UPDATE users SET user_balance=(user_balance+'.($fixPostValue+0).'), user_lastupdate="'.date('Y-m-d H:i:s', CUSTOMTIME).'",
user_trades=(user_trades+1) WHERE user_account_num="'.$_POST['user_account_num'].'"';
$db->rq($query);
}
$link='buyref='.$tradeRef;
$uDetails=$db->getRow('users','user_account_num="'.$_POST['user_account_num'].'"','user_firstname, user_lastname, user_account_num');
addLog('Back-end','Stock Trades',''.$uDetails['user_firstname'].' '.$uDetails['user_lastname'].' ('.$uDetails['user_account_num'].')',''.$_SESSION['admin']['name'].' ('.$_SESSION['admin']['refnum'].')','Short Sell added '.($tradeRef+0).' ('.$tradesBuyOptions[$_POST['trade_option']].' @ '.$tradesStatuses[$_POST['trade_status']].')');
}else{
$query='SELECT * FROM stock_trades WHERE trade_ref="'.$_POST['tref'].'" LIMIT 1';
$res=$db->rq($query);
$row=$db->fetch($res);
$query='UPDATE stock_trades SET '.$mysql_fields.', trade_shares_left=0, trade_type=4
WHERE trade_ref="'.$_POST['tref'].'"'; //, trade_date="'.date('Y-m-d H:i:s', CUSTOMTIME).'"
$db->rq($query);
$fixPostValue=str_replace(',', '', $_POST['trade_invoiced']);
/*** FIX USERS's BALANCE IF NEEDED ***/
if($fixPostValue==$row['trade_invoiced']&&$_POST['trade_status']!=$row['trade_status']){ // if new total and old total are same, but status is different
if ($_POST['trade_status']==1&&$row['trade_status']!=1&&$row['trade_status']!=4){
