if (!isset($_GET['id'])) {
redirect('membersarea.php');
}
$pid = (int) $_GET['id'];
$uid = (int) $_SESSION['userid'];
$sqlUsername = cleanSql($_SESSION['username']);
include '_header.php';
printHeader('Start An Auction');
$query = mysql_query("SELECT * FROM `user_pokemon` WHERE `id`='{$pid}' AND `uid`='{$uid}'");
if (mysql_num_rows($query) == 0) {
echo '<div class="error">Not your pokemon!</div>';
include '_footer.php';
die;
}
$pokeRow = mysql_fetch_assoc($query);
if (in_array($pokeRow['id'], getUserTeamIds($uid))) {
echo '<div class="error">This pokemon is in your team,</div>';
include '_footer.php';
die;
}
if (isset($_POST['duration']) && in_array($_POST['duration'], range(0, 4))) {
$costs = array('0' => 200, '1' => 1000, '2' => 5000, '3' => 10000, '4' => 15000);
$cost = $costs[$_POST['duration']];
if (getUserMoney($uid) < $cost) {
echo '<div class="error">Not enough money.</div>';
} else {
$times = array('0' => 60 * 10, '1' => 60 * 60, '2' => 60 * 60 * 6, '3' => 60 * 60 * 24, '4' => 60 * 60 * 24 * 7);
$finishTime = time() + $times[$_POST['duration']];
$query = mysql_query("\n\t\t\tINSERT INTO `auction_pokemon`\n\t\t\t(\n\t\t\t\t`owner_id`,\n\t\t\t\t`owner_username`,\n\t\t\t\t`bidder_id`,\n\t\t\t\t`bidder_username`,\n\t\t\t\t`current_bid`,\n\t\t\t\t`name`,\n\t\t\t\t`exp`,\n\t\t\t\t`level`,\n\t\t\t\t`move1`,\n\t\t\t\t`move2`,\n\t\t\t\t`move3`,\n\t\t\t\t`move4`,\n\t\t\t\t`num_bids`,\n\t\t\t\t`gender`,\n\t\t\t\t`finish_time`\n\t\t\t) VALUES (\n\t\t\t\t'{$uid}',\n\t\t\t\t'{$sqlUsername}',\n\t\t\t\t'0',\n\t\t\t\t'',\n\t\t\t\t'1',\n\t\t\t\t'{$pokeRow['name']}',\n\t\t\t\t'{$pokeRow['exp']}',\n\t\t\t\t'{$pokeRow['level']}',\n\t\t\t\t'{$pokeRow['move1']}',\n\t\t\t\t'{$pokeRow['move2']}',\n\t\t\t\t'{$pokeRow['move3']}',\n\t\t\t\t'{$pokeRow['move4']}',\n\t\t\t\t'0',\n\t\t\t\t'{$pokeRow['gender']}',\n\t\t\t\t'{$finishTime}'\n\t\t\t)\n\t\t");
if ($query) {
mysql_query("DELETE FROM `user_pokemon` WHERE `id`='{$pid}' LIMIT 1");
<?php
die;
require_once 'config.php';
require_once 'functions.php';
if (!isLoggedIn()) {
redirect('login.php');
}
$uid = (int) $_SESSION['userid'];
include '_header.php';
$newTeamIds = array();
$oldTeamIds = getUserTeamIds($uid);
if (count($oldTeamIds) > 0) {
foreach ($oldTeamIds as $pid) {
if ($pid == 0) {
continue;
}
$query = mysql_query("SELECT * FROM `user_pokemon` WHERE `id`='{$pid}' AND `uid`='{$uid}'");
if (mysql_num_rows($query) == 1) {
$newTeamIds[] = $pid;
}
}
}
$query = mysql_query("SELECT * FROM `user_pokemon` WHERE `uid`='{$uid}' ORDER BY `exp` DESC");
if (mysql_num_rows($query) == 0) {
// they have no pokemon
$pid = giveUserPokemonByName($uid, 'Weedle', 5, '');
$newTeamIds[] = $pid;
} else {
if (mysql_num_rows($query) > count($newTeamIds)) {
// pad out their team with pokemon from their box
$nameOrder = $_GET['sort'] == 1 ? 2 : 1;
$expOrder = $_GET['sort'] == 4 ? 3 : 4;
echo '
<table class="pretty-table">
<tr>
<th width=25%><a href="view_box.php?sort=' . $nameOrder . '">Pokemon</a></th>
<th width=25%>Level</th>
<th width=25%><a href="view_box.php?sort=' . $expOrder . '">Exp</a></th>
<th width=25%>Moves</th>
';
echo isset($_GET['id']) ? '' : '<th>Options</th>';
echo '
</tr>
';
$teamIds = getUserTeamIds($uid);
$genders = array('1' => 'Male', '2' => 'Female', '3' => 'Genderless');
while ($pokemon = mysql_fetch_assoc($query)) {
if (!isset($_GET['id'])) {
if (in_array($pokemon['id'], $teamIds)) {
$tradeHtml = '<strike>Put Up For Trade</strike><br />';
$sellHtml = '<strike>Put Up For Sale</strike><br />';
$teamHtml = '<strike>Put In My Team</strike><br />';
$releaseHtml = '<strike>Release Pokemon</strike><br />';
$auctionHtml = '<strike>Auction Pokemon</strike><br />';
} else {
$tradeHtml = '<a href="trade.php?a=puft_process&id=' . $pokemon['id'] . '">Trade Pokemon</a><br />';
$sellHtml = '<a href="sell_pokemon.php?p=sell2&id=' . $pokemon['id'] . '">Sell Pokemon</a><br />';
$teamHtml = '<a href="change_team.php?id=' . $pokemon['id'] . '">Put In My Team</a><br />';
$releaseHtml = '<a href="release.php?id=' . $pokemon['id'] . '">Release Pokemon</a><br />';
$auctionHtml = '<a href="auction_start.php?id=' . $pokemon['id'] . '">Auction Pokemon</a><br />';
echo '<div class="error">You can not battle yourself!</div>';
include '_footer.php';
die;
}
/*
$bannedQuery = mysql_query("SELECT `banned` FROM `users` WHERE `banned` = '1'");
$banned = mysql_fetch_row($bannedQuery);
if ($banned->banned == 1) {
include '_header.php';
printHeader('ERROR');
echo '<div class="error">You can not battle with banned user!</div>';
include '_footer.php';
die();
}*/
$userTeam = getUserTeamIds($uid);
if ($userTeam == false) {
die;
}
$query = mysql_query("SELECT `username` FROM `users` WHERE `id`='{$uid}'");
$row = mysql_fetch_assoc($query);
$username = $row['username'];
$x = 0;
for ($i = 1; $i <= 6; $i++) {
$pid = $userTeam['poke' . $i];
if ($pid == 0) {
continue;
}
$pokeRow = getUserPokemon($pid);
$_SESSION['battle']['opponent'][$x] = $pokeRow;
$_SESSION['battle']['opponent'][$x]['maxhp'] = maxHp($pokeRow['name'], $pokeRow['level']);
