exit; } if (isset($_GET["allow"])) { allow(); exit; } if (isset($_GET["deny"])) { allow(1); exit; } if (isset($_POST["value-del"])) { item_delete(); exit; } if (isset($_POST["value-add"])) { item_add(); exit; } if (isset($_GET["help"])) { help_page(); exit; } js(); function js() { $page = CurrentPageName(); $tpl = new templates(); $title = $tpl->_ENGINE_parse_body("{crossroads_access_control}"); $html = "YahooWin3(600,'{$page}?popup=yes','{$title}')"; echo $html; }
function item_gift2() { global $db, $ir, $c, $userid, $h; $q = $db->query("SELECT * FROM itemmarket im LEFT JOIN items i ON i.itmid=im.imITEM WHERE imID={$_POST['ID']}"); if (!$db->num_rows($q)) { print "Error, either this item does not exist, or it has already been bought.<br />\r\n<a href='itemmarket.php'>Back</a> </div><div><img src='images/generalinfo_btm.jpg' alt='' /></div><br></div></div></div></div></div> "; $h->endpage(); exit; } $r = $db->fetch_row($q); $curr = $r['imCURRENCY']; if ($r['imPRICE'] > $ir[$curr]) { print "Error, you do not have the funds to buy this item.<br />\r\n<a href='itemmarket.php'>Back</a></div><div><img src='images/generalinfo_btm.jpg' alt='' /></div><br></div></div></div></div></div>"; $h->endpage(); exit; } item_add($_POST['user'], $r['imITEM'], 1); $i = $db->insert_id() ? $db->insert_id() : 99999; $db->query("DELETE FROM itemmarket WHERE imID={$_POST['ID']}"); $db->query("UPDATE users SET {$curr}={$curr}-{$r['imPRICE']} where userid={$userid}"); $db->query("UPDATE users SET {$curr}={$curr}+{$r['imPRICE']} where userid={$r['imADDER']}"); if ($curr == "money") { event_add($r['imADDER'], "<a href='viewuser.php?u={$userid}'>{$ir['username']}</a> bought your {$r['itmname']} item from the market for \$" . number_format($r['imPRICE']) . ".", $c); event_add($_POST['user'], "<a href='viewuser.php?u={$userid}'>{$ir['username']}</a> bought you a {$r['itmname']} from the item market as a gift.", $c); $u = $db->query("SELECT username FROM users WHERE userid={$_POST['user']}"); $uname = $db->fetch_single($u); $db->query("INSERT INTO imbuylogs VALUES ('', {$r['imITEM']}, {$r['imADDER']}, {$userid}, {$r['imPRICE']}, {$r['imID']}, {$i}, unix_timestamp(), '{$ir['username']} bought a {$r['itmname']} from the item market for \${$r['imPRICE']} from user ID {$r['imADDER']} as a gift for {$uname} [{$_POST['user']}]')"); print "You bought the {$r['itmname']} from the market for \$" . number_format($r['imPRICE']) . " and sent the gift to {$uname}.<br />\r\n<a href='itemmarket.php'>Back</a></div><div><img src='images/generalinfo_btm.jpg' alt='' /></div><br></div></div></div></div></div>"; } else { event_add($r['imADDER'], "<a href='viewuser.php?u={$userid}'>{$ir['username']}</a> bought your {$r['itmname']} item from the market for " . number_format($r['imPRICE']) . " crystals.", $c); event_add($_POST['user'], "<a href='viewuser.php?u={$userid}'>{$ir['username']}</a> bought you a {$r['itmname']} from the item market as a gift.", $c); $u = $db->query("SELECT username FROM users WHERE userid={$_POST['user']}"); $uname = $db->fetch_single($u); $db->query("INSERT INTO imbuylogs VALUES ('', {$r['imITEM']}, {$r['imADDER']}, {$userid}, {$r['imPRICE']}, {$r['imID']}, {$i}, unix_timestamp(), '{$ir['username']} bought a {$r['itmname']} from the item market for {$r['imPRICE']} crystals from user ID {$r['imADDER']} as a gift for {$uname} [{$_POST['user']}]')"); print "You bought the {$r['itmname']} from the market for " . number_format($r['imPRICE']) . " crystals and sent the gift to {$uname}.<br />\r\n<a href='itemmarket.php'>Back</a></div><div><img src='images/generalinfo_btm.jpg' alt='' /></div><br></div></div></div></div></div>"; } }
$q = $db->query("SELECT * FROM compspecials WHERE csID={$_POST['ID']}"); if ($db->num_rows($q) == 0) { print "There is no Company Special with this ID!"; } else { $r = $db->fetch_row($q); if ($ir['comppoints'] < $r['csCOST']) { print "You don't have enough company points to get this reward!"; $h->endpage(); exit; } if ($r['csJOB'] != $cs['busClass']) { print "You are not in this type of Company!"; $h->endpage(); exit; } if ($r['csITEM']) { item_add($userid, $r['csITEM'], '1'); } $money = $r['csMONEY']; $crys = $r['csCRYSTALS']; $cost = $r['csCOST']; $endu = $r['csENDU']; $iq = $r['csIQ']; $lab = $r['csLABOUR']; $str = $r['csSTR']; $db->query(sprintf("UPDATE users SET money=money+%u, crystals=crystals+%u, comppoints=comppoints-%u WHERE userid=%u", $money, $crys, $cost, $userid)); $db->query(sprintf("UPDATE userstats SET strength=strength+%u,IQ=IQ+%u,labour=labour+%u WHERE userid=%u", $str, $iq, $lab, $userid)); print "You successfully redeemed the {$r['csNAME']} Special for {$r['csCOST']} Company Points."; } } $h->endpage();
include "globals.php"; $_GET['ID'] = abs((int) $_GET['ID']); $id = $db->query("SELECT iv.*,it.* FROM inventory iv LEFT JOIN items it ON iv.inv_itemid=it.itmid WHERE iv.inv_id={$_GET['ID']} AND iv.inv_userid={$userid} LIMIT 1"); if ($db->num_rows($id) == 0) { print "Invalid item ID\r\n<br />\r\n<a href='inventory.php'>Back</a>"; $h->endpage(); exit; } else { $r = $db->fetch_row($id); } if (!$r['weapon']) { print "This item cannot be equipped to this slot.\r\n<br />\r\n<a href='inventory.php'>Back</a>"; $h->endpage(); exit; } if ($_GET['type']) { if (!in_array($_GET['type'], array("equip_primary", "equip_secondary"))) { print "This slot ID is not valid.\r\n<br />\r\n<a href='inventory.php'>Back</a>"; $h->endpage(); exit; } if ($ir[$_GET['type']]) { item_add($userid, $ir[$_GET['type']], 1); } item_remove($userid, $r['itmid'], 1); $db->query("UPDATE users SET {$_GET['type']} = {$r['itmid']} WHERE userid={$userid}"); print "Item {$r['itmname']} equipped successfully.\r\n<br />\r\n<a href='inventory.php'>Back</a>"; } else { print "\r\n\r\n<div class='generalinfo_txt'>\r\n<div><img src='images/info_left.jpg' alt='' /></div>\r\n<div class='info_mid'><h2 style='padding-top:10px;'> Equip Weapon</h2></div>\r\n<div><img src='images/info_right.jpg' alt='' /></div> </div>\r\n<div class='generalinfo_simple'><br> <br><br>\r\n\r\n\r\n<form action='equip_weapon.php' method='get'>\r\n<input type='hidden' name='ID' value='{$_GET['ID']}' />\r\nPlease choose the slot to equip {$r['itmname']} to, if there is already a weapon in that slot, it will be removed back to your inventory.<br />\r\n<input type='radio' STYLE='color: black; background-color: white;' name='type' value='equip_primary' checked='checked' /> Primary<br />\r\n<input type='radio' STYLE='color: black; background-color: white;' name='type' value='equip_secondary' /> Secondary<br />\r\n<input type='submit' STYLE='color: black; background-color: white;' value='Equip Weapon' /></form> </div><div><img src='images/generalinfo_btm.jpg' alt='' /></div><br></div></div></div></div></div> "; } $h->endpage();
$_GET['quantity'] = mysql_real_escape_string($_GET['quantity']); $_GET['quantity'] = abs($_GET['quantity']); $getitemname = $db->query("select * from items where itmid={$im['itemid']}"); $itm = mysql_fetch_array($getitemname); $itemname = $itm['itmname']; $time = time(); if ($_GET['quantity'] > $im['quantity']) { die("There aren't {$_GET['quantity']} of this item available.\r\n<a href=\"javascript: history.go(-1)\">click here to go back</a>"); } if ($_GET['quantity'] == 0) { $_GET['quantity'] = 1; } $price = $_GET['quantity'] * $im['price']; $getuser = $db->query("select * from usershops where id={$im['shopid']}"); $u = mysql_fetch_array($getuser); item_add($userid, $im['itemid'], $_GET['quantity']); $db->query("update users set money=money-{$price} where userid={$userid}"); $db->query("insert into usershoplogs values('','{$userid}','{$u['userid']}','{$itemname}','{$price}','{$_GET['quantity']}','{$time}')"); event_add($shop['userid'], "{$ir['username']} has purchased {$_GET['quantity']} of your {$item['itmname']}'s from your shop!", $c, 'general'); print "<center>You have successfully purchased <b>{$_GET['quantity']}</b> <b>{$item['itmname']}(s)</b> for \${$price}.!</center>"; $db->query("update usershops set totalsold=totalsold+{$_GET['quantity']}, money=money+{$price} where id={$im['shopid']}"); $db->query("update usershopitems set quantity=quantity-{$_GET['quantity']} where id={$im['id']}"); $db->query("delete from usershopitems where quantity=0"); } else { if ($im['quantity'] > 1) { print "\r\n\r\n<div class='generalinfo_txt'>\r\n<div><img src='images/info_left.jpg' alt='' /></div>\r\n<div class='info_mid'><h2 style='padding-top:10px;'> Buy Items ...</h2></div>\r\n<div><img src='images/info_right.jpg' alt='' /></div> </div>\r\n<div class='generalinfo_simple'><br> <br><br>\r\n\r\n<center>How many <b>{$item['itmname']}'s</b> would you like to buy for \${$im['price']} each?\r\n<br>\r\nThere are {$im['quantity']} Available\r\n<br>\r\n<table class=table>\r\n<tr>\r\n<td>\r\n<form action=shopbuy.php method=get>\r\n<input type=hidden name=itemnum value='{$_GET['itemnum']}'>\r\n<input type=hidden name=yes value='1'>\r\nAmount: <input type=text name=quantity value='1'>\r\n<input type=submit value=Purchase>\r\n</form>\r\n</td>\r\n<td>\r\n<form action=\"javascript:history.go(-1)\"><input type=submit value=Nevermind></form>\r\n</td>\r\n</tr>\r\n</table></div><div><img src='images/generalinfo_btm.jpg' alt='' /></div><br></div></div></div></div></div>\r\n</center>"; } else { if ($im['quantity'] == 1) { print "\r\n\r\n<div class='generalinfo_txt'>\r\n<div><img src='images/info_left.jpg' alt='' /></div>\r\n<div class='info_mid'><h2 style='padding-top:10px;'> Buy Items ...</h2></div>\r\n<div><img src='images/info_right.jpg' alt='' /></div> </div>\r\n<div class='generalinfo_simple'><br> <br><br>\r\n\r\n\r\n<center>Are you sure you wish to buy the <b>{$item['itmname']}</b> for \${$im['price']}?\r\n<br>\r\n<table>\r\n<tr>\r\n<td>\r\n<form action=shopbuy.php method=get>\r\n<input type=hidden name=itemnum value='{$_GET['itemnum']}'>\r\n<input type=hidden name=yes value='1'>\r\n<input type=hidden name=quantity value=1>\r\n<input type=submit value=Yes>\r\n</form>\r\n</td>\r\n<td>\r\n<form action=\"javascript:history.go(-1)\"><input type=submit value=No></form>\r\n</td>\r\n</tr>\r\n</table></div><div><img src='images/generalinfo_btm.jpg' alt='' /></div><br></div></div></div></div></div>\r\n</center>"; } }
} else { $r = $db->fetch_row($id); $m = $db->query("SELECT * FROM users WHERE userid={$_GET['user']} LIMIT 1"); if ($_GET['qty'] > $r['inv_qty']) { print "\r\n\r\n<div id='mainOutput' style='text-align: center; color: red; width: 600px; border: 1px solid #222222; height: 70px;\r\nmargin: 0 auto 10px; clear: both; position: relative; left: -20px; padding: 8px'>\r\n\r\nYou are trying to send more than you have! <br><br>\r\n\r\n<a href='inventory.php'><font color='white'>Back To Inventory</font></a>\r\n\r\n</div></div> \r\n\r\n"; } else { if ($_GET['qty'] <= 0) { print "\r\n\r\n<div id='mainOutput' style='text-align: center; color: red; width: 600px; border: 1px solid #222222; height: 70px;\r\nmargin: 0 auto 10px; clear: both; position: relative; left: -20px; padding: 8px'>\r\n\r\nYou know, I'm not dumb, j00 cheating hacker. <br><br>\r\n\r\n<a href='inventory.php'><font color='white'>Back To Inventory</font></a>\r\n\r\n"; } else { if ($db->num_rows($m) == 0) { print "\r\n\r\n<div id='mainOutput' style='text-align: center; color: red; width: 600px; border: 1px solid #222222; height: 70px;\r\nmargin: 0 auto 10px; clear: both; position: relative; left: -20px; padding: 8px'>\r\n\r\nYou are trying to send to an invalid user! <br><br>\r\n\r\n<a href='inventory.php'><font color='white'>Back To Inventory</font></a>\r\n\r\n"; } else { $rm = $db->fetch_row($m); //are we sending it all item_remove($userid, $r['inv_itemid'], $_GET['qty']); item_add($_GET['user'], $r['inv_itemid'], $_GET['qty']); print "\r\n\r\n<div id='mainOutput' style='text-align: center; color: green; width: 600px; border: 1px solid #222222; height: 70px;\r\nmargin: 0 auto 10px; clear: both; position: relative; left: -20px; padding: 8px'>\r\n\r\nYou sent {$_GET['qty']} {$r['itmname']}(s) to {$rm['username']}\r\n\r\n<br><br>\r\n\r\n<a href='inventory.php'><font color='white'>Back To Inventory</font></a>\r\n\r\n"; event_add($_GET['user'], "You received {$_GET['qty']} {$r['itmname']}(s) from <a href='viewuser.php?u={$userid}'>{$ir['username']}</a>", $c); $db->query("INSERT INTO itemxferlogs VALUES('',{$userid},{$_GET['user']},{$r['itmid']},{$_GET['qty']},unix_timestamp(), '{$ir['lastip']}', '{$rm['lastip']}')"); } } } } } else { if ($_GET['ID']) { $id = $db->query("SELECT iv.*,it.* FROM inventory iv LEFT JOIN items it ON iv.inv_itemid=it.itmid WHERE iv.inv_id={$_GET['ID']} AND iv.inv_userid={$userid} LIMIT 1"); if ($db->num_rows($id) == 0) { print "\r\n<div id='mainOutput' style='text-align: center; color: red; width: 600px; border: 1px solid #222222; height: 70px;\r\nmargin: 0 auto 10px; clear: both; position: relative; left: -20px; padding: 8px'>\r\n\r\nInvalid item ID <br><br>\r\n\r\n<a href='inventory.php'><font color='white'>Back To Inventory</font></a>"; } else { $r = $db->fetch_row($id); print "\r\n\r\n\r\n<div class='generalinfo_txt'>\r\n<div><img src='images/info_left.jpg' alt='' /></div>\r\n<div class='info_mid'><h2 style='padding-top:10px;'> Send Items</h2></div>\r\n<div><img src='images/info_right.jpg' alt='' /></div> </div>\r\n<div class='generalinfo_simple'><br> <br><br>\r\n\r\n\r\n\r\n<b>Enter who you want to send {$r['itmname']} to and how many you want to send. You have {$r['inv_qty']} to send.</b><br />\r\n<form action='itemsend.php' method='get'>\r\n<input type='hidden' name='ID' value='{$_GET['ID']}' />User ID: <input type='text' STYLE='color: black; background-color: white;' name='user' value='' /><br />\r\nQuantity: <input type='text' STYLE='color: black; background-color: white;' name='qty' value='' /><br />\r\n<input type='submit' STYLE='color: black; background-color: white;' value='Send Items (no prompt so be sure!' /></form>\r\n</table></div><div><img src='images/generalinfo_btm.jpg' alt='' /></div><br></div></div></div></div></div>\r\n\r\n";
function removeitem() { global $ir, $c, $userid, $db, $us; $_GET['id'] = mysql_real_escape_string($_GET['id']); $getid = $db->query("select * from usershopitems where id='{$_GET['id']}'") or die(mysql_error()); if (mysql_num_rows($getid) == 0) { die("This item is not in your shop."); } $id = mysql_fetch_array($getid); if ($id['quantity'] > 1) { item_add($userid, $id['itemid'], $id['quantity']); } else { item_add($userid, $id['itemid'], 1); } $db->query("delete from usershopitems where id={$id['id']}") or die(mysql_error()); print "<center>The item has been removed from your shop.<br><a href=myshop.php?do=manage>Continue Managing Items</a></center>"; }
$q = mysql_query("SELECT * FROM crimes WHERE crimeID={$_GET['c']}", $c); $r = mysql_fetch_array($q); if ($ir['brave'] < $r['crimeBRAVE']) { print "\r\n\r\n<style type='text/css'>\r\n.style1 {\r\n color: #FF0000;\r\n}\r\n</style>\r\n\r\n\r\n<body class='style1'>\r\n\r\nYou do not have enough Brave to perform this crime. \r\n\r\n"; } else { $ec = "\$sucrate=" . str_replace(array("LEVEL", "CRIMEXP", "EXP", "WILL", "IQ"), array($ir['level'], $ir['crimexp'], $ir['exp'], $ir['will'], $ir['IQ']), $r['crimePERCFORM']) . ";"; eval($ec); print $r['crimeITEXT']; $ir['brave'] -= $r['crimeBRAVE']; mysql_query("UPDATE users SET brave={$ir['brave']} WHERE userid={$userid}", $c); if (rand(1, 100) <= $sucrate) { print str_replace("{money}", $r['crimeSUCCESSMUNY'], $r['crimeSTEXT']); $ir['money'] += $r['crimeSUCCESSMUNY']; $ir['crystals'] += $r['crimeSUCCESSCRYS']; $ir['exp'] += (int) ($r['crimeSUCCESSMUNY'] / 8); mysql_query("UPDATE users SET money={$ir['money']}, crystals={$ir['crystals']}, exp={$ir['exp']},crimexp=crimexp+{$r['crimeXP']} WHERE userid={$userid}", $c); if ($r['crimeSUCCESSITEM']) { item_add($userid, $r['crimeSUCCESSITEM'], 1); } } else { if (rand(1, 2) == 1) { print $r['crimeFTEXT']; } else { print $r['crimeJTEXT']; $db->query("UPDATE `users` SET `jail` = '{$r['crimeJAILTIME']}', `jail_reason` = '{$r['crimeJREASON']}' WHERE `userid` = '{$userid}'"); } } print "<br /><a href='docrime.php?c={$_GET['c']}'>Try Again</a><br />\r\n<a href='criminal.php'>Crimes</a>"; } } $h->endpage();
$_POST['qty'] = abs((int) $_POST['qty']); if (!$_GET['ID'] || !$_POST['qty']) { print "\r\n\r\n<div id='mainOutput' style='text-align: center; color: red; width: 600px; border: 1px solid #222222; height: 70px;\r\nmargin: 0 auto 10px; clear: both; position: relative; left: -20px; padding: 8px'>\r\n\r\nInvalid use of file <br><br>\r\n\r\n<a href='shops.php'><font color='white'>Back To Shops</font></a>\r\n\r\n</div></div> \r\n\r\n\r\n"; } else { if ($_POST['qty'] <= 0) { print "\r\n\r\n<div id='mainOutput' style='text-align: center; color: red; width: 600px; border: 1px solid #222222; height: 70px;\r\nmargin: 0 auto 10px; clear: both; position: relative; left: -20px; padding: 8px'>\r\n\r\nYou have been added to the delete list for trying to cheat the game. <br><br>\r\n\r\n<a href='shops.php'><font color='white'>Back To Shops</font></a>\r\n\r\n</div></div> \r\n\r\n\r\n"; } else { $q = $db->query("SELECT * FROM items WHERE itmid={$_GET['ID']}"); if (mysql_num_rows($q) == 0) { print "\r\n\r\n<div id='mainOutput' style='text-align: center; color: red; width: 600px; border: 1px solid #222222; height: 70px;\r\nmargin: 0 auto 10px; clear: both; position: relative; left: -20px; padding: 8px'>\r\n\r\nInvalid item ID\r\n\r\n<br><br>\r\n\r\n<a href='shops.php'><font color='white'>Back To Shops</font></a>\r\n\r\n</div></div> \r\n\r\n\r\n"; } else { $itemd = $db->fetch_row($q); if ($ir['money'] < $itemd['itmbuyprice'] * $_POST['qty']) { print "\r\n\r\n<div id='mainOutput' style='text-align: center; color: red; width: 600px; border: 1px solid #222222; height: 70px;\r\nmargin: 0 auto 10px; clear: both; position: relative; left: -20px; padding: 8px'>\r\n\r\n\r\nYou don't have enough money to buy this item!\r\n\r\n\r\n<br><br>\r\n\r\n<a href='shops.php'><font color='white'>Back To Shops</font></a>\r\n\r\n</div></div> \r\n\r\n"; $h->endpage(); exit; } if ($itemd['itmbuyable'] == 0) { print "\r\n\r\n<div id='mainOutput' style='text-align: center; color: red; width: 600px; border: 1px solid #222222; height: 70px;\r\nmargin: 0 auto 10px; clear: both; position: relative; left: -20px; padding: 8px'>\r\n\r\nThis item can't be bought!\r\n\r\n<br><br>\r\n\r\n<a href='shops.php'><font color='white'>Back To Shops</font></a>\r\n\r\n</div></div> \r\n\r\n"; $h->endpage(); exit; } $price = $itemd['itmbuyprice'] * $_POST['qty']; item_add($userid, $_GET['ID'], $_POST['qty']); $db->query("UPDATE users SET money=money-{$price} WHERE userid={$userid}"); $db->query("INSERT INTO itembuylogs VALUES ('', {$userid}, {$_GET['ID']}, {$price}, {$_POST['qty']}, unix_timestamp(), '{$ir['username']} bought {$_POST['qty']} {$itemd['itmname']}(s) for {$price}')"); print "\r\n\r\n<div id='mainOutput' style='text-align: center; color: green; width: 600px; border: 1px solid #222222; height: 70px;\r\nmargin: 0 auto 10px; clear: both; position: relative; left: -20px; padding: 8px'>\r\n\r\nYou bought {$_POST['qty']} {$itemd['itmname']}(s) for \${$price}\r\n\r\n\r\n<br><br>\r\n\r\n<a href='shops.php'><font color='white'>Back To Shops</font></a>\r\n\r\n</div></div> \r\n\r\n"; } } } $h->endpage();
} if ($pack == 1 && $payment_amount != "1.00") { fclose($fp); die(""); } if ($pack == 5 && $payment_amount != "4.50") { fclose($fp); die(""); } // grab IDs $buyer = $packr[3]; $for = $buyer; // all seems to be in order, credit it. if ($pack == 1) { item_add($for, $set['willp_item'], 1); } else { if ($pack == 5) { item_add($for, $set['willp_item'], 5); } } // process payment event_add($for, "Your \${$payment_amount} worth of Will Potions ({$pack}) has been successfully credited.", $c); $db->query("INSERT INTO willps_accepted VALUES('', {$buyer}, {$for}, '{$pack}', unix_timestamp(), '{$txn_id}')", $c); } else { if (strcmp($res, "INVALID") == 0) { fwrite($f, "Invalid?"); } } } fclose($fp); }