function sell($stock, $quantity)
{
// check if player has enough of the stock
$holding = $this->game->getStockQuantityBelongToPlayer($session_data['name'], $stock);
if ($holding >= $quantity) {
// check game state = ready or open
$status = $this->getStatus();
if ($status->state == 2 || $status->state == 3) {
$fields = array("team" => 'S10', "token" => $this->session->token, "player" => $session_data['name'], "stock" => $stock, "quantity" => $quantity, "certificate" => $this->session->certificate);
$response = $this->sendPost("http://bsx.jlparry.com/sell", $fields);
// add sold amount to player's fund
$price = $this->game->getStockCost($stock);
// get cost of single stock
$price *= $quantity;
$this->player->updateFund($session_data['name'], $price);
// update user holding for this stock
$this->game->updateStockQuantityBelongToPlayer($session_data['name'], $stock, -$quantity);
// save transaction into db
recordTransaction($session_data['name'], $stock, $quantity, 'sell');
return 1;
}
}
return 0;
}
} else {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// validate submission
if (empty($_POST["symbol"])) {
apologize("You must enter a stock symbol to purchase.");
}
if (!preg_match("/^\\d+\$/", $_POST["buyshares"]) || $_POST["buyshares"] == 0) {
apologize("Please enter a valid number of shares to purchase.");
}
// lookup the stock price
$stock = lookup($_POST["symbol"]);
$cost = $stock["price"] * $_POST["buyshares"];
$user = query("SELECT cash FROM users WHERE id = ?", $_SESSION["id"]);
if ($stock != false && $user !== false) {
// does user have enough cash for purchase?
if ($cost <= $user[0]["cash"]) {
// add shares to holdings
query("INSERT INTO holdings (id, symbol, shares) VALUES (?, ?, ?) ON DUPLICATE KEY UPDATE shares = shares + ?", $_SESSION["id"], strtoupper($_POST["symbol"]), $_POST["buyshares"], $_POST["buyshares"]);
// deduct purchase price from cash
query("UPDATE users SET cash = cash - ? WHERE id = ?", $cost, $_SESSION["id"]);
// add to transaction history
recordTransaction(TRANS_BUY, strtoupper($_POST["symbol"]), $_POST["buyshares"], $stock["price"], $cost);
redirect("history.php");
} else {
apologize("You can afford to buy at most " . number_format(floor($user[0]["cash"] / $stock["price"])) . " full shares of " . strtoupper($_POST["symbol"]) . " at the current price of \$" . number_format($stock["price"], 2) . "/share.");
}
} else {
apologize("Unable to retrieve stock/cash values.");
}
}
}
<?php
// configuration
require "../includes/config.php";
// if user reached page via GET (as by clicking a link or via redirect)
if ($_SERVER["REQUEST_METHOD"] == "GET") {
// get cash balance and go to deposit form
$user = query("SELECT cash FROM users WHERE id = ?", $_SESSION["id"]);
render("deposit_form.php", ["title" => TITLE_DEPOSIT, "user" => $user]);
} else {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// validate submission
if (!preg_match("/^\\d+\\.\\d\\d\$/", $_POST["funds"]) || $_POST["funds"] <= 0) {
apologize("Please enter a positive amount of funds to deposit in your account, including cents.");
}
// add funds to cash balance
query("UPDATE users SET cash = cash + ? WHERE id = ?", $_POST["funds"], $_SESSION["id"]);
// add to transaction history
recordTransaction(TRANS_DEPOSIT, null, null, null, $_POST["funds"]);
redirect("history.php");
}
}
require "../includes/config.php";
// if user reached page via GET (as by clicking a link or via redirect)
if ($_SERVER["REQUEST_METHOD"] == "GET") {
// set up all portfolio data
require "../includes/portfolio_data.php";
// render portfolio
render("sell_form.php", ["title" => TITLE_SELL, "user" => $user, "positions" => $positions, "totalStockValue" => $totalStockValue, "totalPortfolioValue" => $totalPortfolioValue]);
} else {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// validate submission
if (empty($_POST["sellstock"])) {
apologize("You must select a stock in order to sell it.");
}
// get the latest stock price
$stock = lookup($_POST["sellstock"]);
// get the user's holdings for that stock
$holdings = query("SELECT shares FROM holdings WHERE id = ? and symbol = ?", $_SESSION["id"], $_POST["sellstock"]);
if ($stock !== false && $holdings !== false) {
// delete, or "sell" the stock
query("DELETE FROM holdings WHERE id = ? AND symbol = ?", $_SESSION["id"], $_POST["sellstock"]);
// update cash balance
query("UPDATE users SET cash = cash + ? WHERE id = ?", $stock["price"] * $holdings[0]["shares"], $_SESSION["id"]);
// add to transaction history
recordTransaction(TRANS_SELL, strtoupper($_POST["sellstock"]), $holdings[0]["shares"], $stock["price"], $stock["price"] * $holdings[0]["shares"]);
} else {
apologize("Database Error: unable to get stock price/user's holdings.");
}
// redirect to history for transaction confirmation
redirect("history.php");
}
}
} else {
if (empty($_POST["confirmation"])) {
apologize("You must confirm your password before a new account can be created.");
} else {
if ($_POST["password"] != $_POST["confirmation"]) {
apologize("Your password and confirmation do not match.");
}
}
}
}
// insert new user into database
$result = query("INSERT \n INTO users \n (username, hash, cash) \n VALUES (?, ?, ?)", $_POST["username"], crypt($_POST["password"]), START_CASH);
// log user in automatically if successful
if ($result !== false) {
$rows = query("SELECT LAST_INSERT_ID() AS id");
if ($rows !== false) {
$_SESSION["id"] = $rows[0]["id"];
// add initial deposit to transaction history
if (START_CASH > 0) {
recordTransaction(TRANS_DEPOSIT, null, null, null, START_CASH);
}
// redirect to portfolio
redirect("/");
} else {
apologize("Unable to log in with new account.");
}
} else {
apologize("Database error - account not created.");
}
}
}