PageRenderTime 50ms CodeModel.GetById 21ms RepoModel.GetById 0ms app.codeStats 0ms

/backend/backend_buyermarketplace.php

https://gitlab.com/Toldierone/ReClop
PHP | 288 lines | 288 code | 0 blank | 0 comment | 92 complexity | a4893b6b8bcb2de63566d0779ba56f61 MD5 | raw file
    

  1. <?php
    2. 

  2. include_once("allfunctions.php");
    3. 

  3. $nationinfo = needsnation();
    4. 

  4. $getpost = array_merge($_GET, $_POST);
    5. 

  5. foreach ($getpost as $key => $value) {
    6. 

  6.     $mysql[$key] = $GLOBALS['mysqli']->real_escape_string($value);
    7. 

  7. }
    8. 

  8. if ($getpost['mode'] == "weapons") {
    9. 

  9.     $mode = "weapons";
    10. 

  10.     $buyermarketplace = "weaponsbuyermarketplace";
    11. 

  11.     $resourcesname = "weapons";
    12. 

  12.     $resourcedefs = "weapondefs";
    13. 

  13.     $resource_id = "weapon_id";
    14. 

  14.     $tradeable1 = "";
    15. 

  15.     $tradeable2 = "";
    16. 

  16. } else if ($getpost['mode'] == "armor") {
    17. 

  17.     $mode = "armor";
    18. 

  18.     $buyermarketplace = "armorbuyermarketplace";
    19. 

  19.     $resourcesname = "armor";
    20. 

  20.     $resourcedefs = "armordefs";
    21. 

  21.     $resource_id = "armor_id";
    22. 

  22.     $tradeable1 = "";
    23. 

  23.     $tradeable2 = "";
    24. 

  24. } else {
    25. 

  25.     $mode = "";
    26. 

  26.     $buyermarketplace = "buyermarketplace";
    27. 

  27.     $resourcesname = "resources";
    28. 

  28.     $resourcedefs = "resourcedefs";
    29. 

  29.     $resource_id = "resource_id";
    30. 

  30.     $tradeable1 = "AND rd.is_tradeable = 1";
    31. 

  31.     $tradeable2 = "WHERE rd.is_tradeable = 1";
    32. 

  32. }
    33. 

  33. $resources = array();
    34. 

  34. $deals = array();
    35. 

  35. $embargoed = array();
    36. 

  36. $buyingmultiplier = getbuyingmultiplier($_SESSION['nation_id']);
    37. 

  37. $displaybuyingmultiplier = ($buyingmultiplier - 1) * 100;
    38. 

  38. $sellingmultiplier = getsellingmultiplier($_SESSION['nation_id']);
    39. 

  39. $displaysellingmultiplier = (1 - $sellingmultiplier) * 100;
    40. 

  40. if ($mysql['amount'] && $mysql['price'] && (!ctype_digit($mysql['amount']) || !ctype_digit($mysql['price']))) {
    41. 

  41.     $errors[] = "Digits only- no commas, periods, or other markers.";
    42. 

  42. }
    43. 

  43. $mysql['resource_id'] = (int)$mysql['resource_id'];
    44. 

  44. $mysql['amount'] = (int)$mysql['amount'];
    45. 

  45. $mysql['price'] = (int)$mysql['price'];
    46. 

  46. if ($_POST && (($_POST["token_{$buyermarketplace}"] == "") || ($_POST["token_{$buyermarketplace}"] != $_SESSION["token_{$buyermarketplace}"]))) {
    47. 

  47.     $errors[] = "Try again.";
    48. 

  48. }
    49. 

  49. if ($_POST || ($_SESSION["token_{$buyermarketplace}"] == "")) {
    50. 

  50.     $_SESSION["token_{$buyermarketplace}"] = sha1(rand() . $_SESSION["token_{$buyermarketplace}"]);
    51. 

  51. }
    52. 

  52. if (!$errors) {
    53. 

  53. if ($_POST['offer']) {
    54. 

  54.     if ($nationinfo['government'] == "Oppression") {
    55. 

  55.         $errors[] = "Your Oppressive government cannot buy nor sell.";
    56. 

  56.     }
    57. 

  57.     if ($mysql['price'] < 1000) {
    58. 

  58. 		$errors[] = "Price must be at least 1000.";
    59. 

  59. 	}
    60. 

  60. 	if ($mysql['amount'] < 1) {
    61. 

  61.         $errors[] = "Amount must be above zero.";
    62. 

  62.     }
    63. 

  63.     $sql =<<<EOSQL
    64. 

  64. 	SELECT SUM(price * amount) AS totalamount FROM {$buyermarketplace}
    65. 

  65. 	WHERE nation_id = {$_SESSION['nation_id']}
    66. 

  66. EOSQL;
    67. 

  67. 	$currenttotal = onelinequery($sql);
    68. 

  68. 	$cost = floor($mysql['price'] * $mysql['amount'] * $buyingmultiplier);
    69. 

  69. 	$displaycost = commas($cost);
    70. 

  70.     if ($nationinfo['funds'] < $cost) {
    71. 

  71.         $errors[] = "You cannot afford to make that offer.";
    72. 

  72.     }
    73. 

  73. 	$sql=<<<EOSQL
    74. 

  74. 	SELECT name FROM {$resourcedefs} rd WHERE {$resource_id} = {$mysql['resource_id']} {$tradeable1}
    75. 

  75. EOSQL;
    76. 

  76. 	$item = onelinequery($sql);
    77. 

  77. 	if (!$item['name']) {
    78. 

  78. 		$errors[] = "No item selected.";
    79. 

  79. 	}
    80. 

  80.     if (empty($errors)) {
    81. 

  81.         $sql =<<<EOSQL
    82. 

  82.         INSERT INTO {$buyermarketplace} (nation_id, {$resource_id}, amount, price) VALUES ({$_SESSION['nation_id']}, {$mysql['resource_id']}, {$mysql['amount']}, {$mysql['price']})
    83. 

  83.         ON DUPLICATE KEY UPDATE amount = amount + '{$mysql['amount']}'
    84. 

  84. EOSQL;
    85. 

  85.         $GLOBALS['mysqli']->query($sql);
    86. 

  86. 		$sql=<<<EOSQL
    87. 

  87. 		UPDATE nations SET funds = funds - {$cost} WHERE nation_id = '{$_SESSION['nation_id']}'
    88. 

  88. EOSQL;
    89. 

  89. 		$GLOBALS['mysqli']->query($sql);
    90. 

  90. 		$nationinfo['funds'] -= $cost;
    91. 

  91.         $infos[] = "You have requested to buy {$mysql['amount']} {$item['name']} for {$displaycost} bits.";
    92. 

  92.     }
    93. 

  93. }
    94. 

  94. if ($_POST) {
    95. 

  95. 	$sql = "SELECT u.user_id FROM embargoes e INNER JOIN users u ON e.embargoee = u.user_id WHERE e.embargoer = '{$_SESSION['user_id']}'";
    96. 

  96.     $sth = $GLOBALS['mysqli']->query($sql);
    97. 

  97.     if ($sth) {
    98. 

  98.     while ($rs = mysqli_fetch_array($sth)) {
    99. 

  99.         $embargoed[$rs['user_id']] = $rs['user_id'];
    100. 

  100.     }
    101. 

  101.     }
    102. 

  102.     $sql = "SELECT u.user_id FROM embargoes e INNER JOIN users u ON e.embargoer = u.user_id WHERE e.embargoee = '{$_SESSION['user_id']}'";
    103. 

  103.     $sth = $GLOBALS['mysqli']->query($sql);
    104. 

  104.     if ($sth) {
    105. 

  105.     while ($rs = mysqli_fetch_array($sth)) {
    106. 

  106.         $embargoed[$rs['user_id']] = $rs['user_id'];
    107. 

  107.     }
    108. 

  108.     }
    109. 

  109. }
    110. 

  110. if ($_POST['remove']) {
    111. 

  111.     if ($mysql['sellingto_id'] != $_SESSION['nation_id']) {
    112. 

  112.         $errors[] = "C'mon, you really didn't think I'd check for THIS?";
    113. 

  113.     } else {
    114. 

  114.         $sql = "SELECT m.price, m.amount, rd.name FROM {$buyermarketplace} m INNER JOIN {$resourcedefs} rd ON m.{$resource_id} = rd.{$resource_id}
    115. 

  115.         WHERE m.nation_id = '{$mysql['sellingto_id']}' AND m.{$resource_id} = '{$mysql['resource_id']}' AND m.price = '{$mysql['price']}'";
    116. 

  116.         $rs = onelinequery($sql);
    117. 

  117.         if (!$rs) {
    118. 

  118.             $errors[] = "Too late, somepony sold it to you already.";
    119. 

  119.         } else {
    120. 

  120.             $sql = "DELETE FROM {$buyermarketplace} WHERE nation_id = '{$mysql['sellingto_id']}' AND {$resource_id} = '{$mysql['resource_id']}' AND price = '{$mysql['price']}'";
    121. 

  121.             $GLOBALS['mysqli']->query($sql);
    122. 

  122.             $returnfunds = floor(getbuyingmultiplier($_SESSION['nation_id']) * $rs['price'] * $rs['amount']);
    123. 

  123. 			$nationinfo['funds'] += $returnfunds;
    124. 

  124.             $sql=<<<EOSQL
    125. 

  125. 			UPDATE nations SET funds = funds + {$returnfunds} WHERE nation_id = '{$_SESSION['nation_id']}'
    126. 

  126. EOSQL;
    127. 

  127.             $GLOBALS['mysqli']->query($sql);
    128. 

  128.             $infos[] = "You have removed your request of {$rs['amount']} {$rs['name']} from the market.";
    129. 

  129.         }
    130. 

  130.     }
    131. 

  131. }
    132. 

  132. if ($_POST['sellone'] || $_POST['sellall'] || $_POST['sellamount']) {
    133. 

  133.     //todo: locking tables
    134. 

  134.     $sql = "SELECT u.user_id, u.alliance_id, n.government FROM nations n INNER JOIN users u ON u.user_id = n.user_id WHERE n.nation_id = '{$mysql['sellingto_id']}'";
    135. 

  135.     $rs = onelinequery($sql);
    136. 

  136.     if ($rs['alliance_id'] && $rs['alliance_id'] == $nationinfo['alliance_id']) {
    137. 

  137.         $samealliance = true;
    138. 

  138.     } else {
    139. 

  139.         $samealliance = false;
    140. 

  140.     }
    141. 

  141.     if (in_array($rs['user_id'], $embargoed)) {
    142. 

  142.         $errors[] = "There's an embargo prohibiting that!";
    143. 

  143.     } else if ($nationinfo['government'] == "Oppression") {
    144. 

  144.         $errors[] = "Your Oppressive government cannot buy nor sell.";
    145. 

  145.     } else if ($nationinfo['government'] == "Authoritarianism" && !$samealliance) {
    146. 

  146.         $errors[] = "Your Authoritarian government cannot sell to someone not in your alliance!";
    147. 

  147.     } else if ($rs['government'] == "Authoritarianism" && !$samealliance) {
    148. 

  148.         $errors[] = "That Authoritarian government will not buy from you, as you are not in its alliance!";
    149. 

  149.     } else if ($_SESSION['user_id'] == $rs['user_id']) {
    150. 

  150.         $errors[] = "You cannot sell to another of your nations. Use Empire Transfers instead.";
    151. 

  151.     } else {
    152. 

  152.         $sql = "SELECT m.amount, rd.name, n.name AS nationname FROM {$buyermarketplace} m INNER JOIN {$resourcedefs} rd ON m.{$resource_id} = rd.{$resource_id}
    153. 

  153.         INNER JOIN nations n ON n.nation_id = m.nation_id
    154. 

  154.         WHERE m.nation_id = '{$mysql['sellingto_id']}' AND m.{$resource_id} = '{$mysql['resource_id']}' AND m.price = '{$mysql['price']}'";
    155. 

  155.         $rs = onelinequery($sql);
    156. 

  156.         if (!$rs['amount']) {
    157. 

  157.             $errors[] = "Somepony else fulfilled this order!";
    158. 

  158.         } else {
    159. 

  159.             if ($_POST['sellone']) {
    160. 

  160.                 $sellingamount = 1;
    161. 

  161.             } else if ($_POST['sellall']) {
    162. 

  162.                 $sellingamount = $mysql['quantity'];
    163. 

  163.             } else if ($_POST['sellamount']) {
    164. 

  164.                 $sellingamount = (int)$mysql['sellingamount'];
    165. 

  165.                 if ($sellingamount < 1) {
    166. 

  166.                     $errors[] = "Whole numbers greater than 0.";
    167. 

  167.                 } else if ($sellingamount > $rs['amount']) {
    168. 

  168.                     $errors[] = "That buyer doesn't want that many!";
    169. 

  169.                 }
    170. 

  170.             }
    171. 

  171.             if (empty($errors)) {
    172. 

  172. 			$sql = "SELECT r.amount, rd.name FROM {$resourcesname} r INNER JOIN {$resourcedefs} rd ON r.{$resource_id} = rd.{$resource_id}
    173. 

  173. 			WHERE r.nation_id = '{$_SESSION['nation_id']}' AND r.{$resource_id} = '{$mysql['resource_id']}'";
    174. 

  174. 			$have = onelinequery($sql);
    175. 

  175.             if ($have['amount'] < $sellingamount) {
    176. 

  176.                 $errors[] = "You don't have that many to sell!";
    177. 

  177.             } else {
    178. 

  178.                 if ($sellingamount < $rs['amount']) {
    179. 

  179.                     $sql = "UPDATE {$buyermarketplace} SET amount = amount - {$sellingamount} WHERE nation_id = '{$mysql['sellingto_id']}' AND {$resource_id} = '{$mysql['resource_id']}' AND price = '{$mysql['price']}'";
    180. 

  180.                     $GLOBALS['mysqli']->query($sql);
    181. 

  181.                 } else {
    182. 

  182.                     $sql = "DELETE FROM {$buyermarketplace} WHERE nation_id = '{$mysql['sellingto_id']}' AND {$resource_id} = '{$mysql['resource_id']}' AND price = '{$mysql['price']}'";
    183. 

  183.                     $GLOBALS['mysqli']->query($sql);
    184. 

  184.                 }
    185. 

  185.                 $sql = "INSERT INTO {$resourcesname} (nation_id, {$resource_id}, amount) VALUES ({$mysql['sellingto_id']}, {$mysql['resource_id']}, {$sellingamount})
    186. 

  186.                 ON DUPLICATE KEY UPDATE amount = amount + {$sellingamount}";
    187. 

  187.                 $GLOBALS['mysqli']->query($sql);
    188. 

  188. 				if ($have['amount'] == $sellingamount) {
    189. 

  189. 					$sql = "DELETE FROM {$resourcesname} WHERE {$resource_id} = '{$mysql['resource_id']}' AND nation_id = '{$_SESSION['nation_id']}'";
    190. 

  190. 				} else {
    191. 

  191. 					$sql = "UPDATE {$resourcesname} SET amount = amount - '{$sellingamount}' WHERE {$resource_id} = '{$mysql['resource_id']}' AND nation_id = '{$_SESSION['nation_id']}'";
    192. 

  192. 				}
    193. 

  193. 				$GLOBALS['mysqli']->query($sql);
    194. 

  194.                 $newfunds = floor($mysql['price'] * $sellingamount * getsellingmultiplier($_SESSION['nation_id']));
    195. 

  195.                 $displaynewfunds = commas($newfunds);
    196. 

  196. 				$cost = floor($mysql['price'] * $sellingamount * getbuyingmultiplier($mysql['sellingto_id']));
    197. 

  197.                 $displaycost = commas($cost);
    198. 

  198. 		$displayprice = commas($mysql['price']);
    199. 

  199.                 if ($samealliance) {
    200. 

  200.                 $buyermessage =<<<EOFORM
    201. 

  201. You bought {$sellingamount} {$rs['name']} from <a href="viewnation.php?nation_id={$_SESSION['nation_id']}"><span class="text-success">{$nationinfo['name']}</span></a> for {$displaycost} bits @{$displayprice} a piece.
    202. 

  202. EOFORM;
    203. 

  203.                 } else {
    204. 

  204.                 $buyermessage =<<<EOFORM
    205. 

  205. You bought {$sellingamount} {$rs['name']} from <a href="viewnation.php?nation_id={$_SESSION['nation_id']}">{$nationinfo['name']}</a> for {$displaycost} bits @{$displayprice} a piece.
    206. 

  206. EOFORM;
    207. 

  207.                 }
    208. 

  208.                 $mysql['buyermessage'] = $GLOBALS['mysqli']->real_escape_string($buyermessage);
    209. 

  209.                 $sql = "INSERT INTO reports (nation_id, report, time) VALUES ({$mysql['sellingto_id']}, '{$mysql['buyermessage']}', NOW())";
    210. 

  210.                 $GLOBALS['mysqli']->query($sql);
    211. 

  211.                 $displayfunds = commas($nationinfo['funds']);
    212. 

  212.                 $infos[] =<<<EOFORM
    213. 

  213. You sold {$sellingamount} {$rs['name']} to <a href="viewnation.php?nation_id={$mysql['sellingto_id']}">{$rs['nationname']}</a> for {$displayprice} bits a piece and made {$displaynewfunds} bits.
    214. 

  214. EOFORM;
    215. 

  215.                 if ($samealliance) {
    216. 

  216.                 $sellermessage =<<<EOFORM
    217. 

  217. You sold {$sellingamount} {$rs['name']} to <a href="viewnation.php?nation_id={$mysql['sellingto_id']}"><span class="text-success">{$rs['nationname']}</span></a> for {$displayprice} bits a piece and made {$displaynewfunds} bits.
    218. 

  218. EOFORM;
    219. 

  219.                 } else {
    220. 

  220.                 $sellermessage =<<<EOFORM
    221. 

  221. You sold {$sellingamount} {$rs['name']} to <a href="viewnation.php?nation_id={$mysql['sellingto_id']}">{$rs['nationname']}</a> for {$displayprice} bits a piece and made {$displaynewfunds} bits.
    222. 

  222. EOFORM;
    223. 

  223.                 }
    224. 

  224. 				$nationinfo['funds'] += $newfunds;
    225. 

  225.                 $sql = "UPDATE nations SET funds = funds + {$newfunds} WHERE nation_id = '{$_SESSION['nation_id']}'";
    226. 

  226.                 $GLOBALS['mysqli']->query($sql);
    227. 

  227.                 $mysql['sellermessage'] = $GLOBALS['mysqli']->real_escape_string($sellermessage);
    228. 

  228.                 $sql = "INSERT INTO reports (nation_id, report, time) VALUES ({$_SESSION['nation_id']}, '{$mysql['sellermessage']}', NOW())";
    229. 

  229.                 $GLOBALS['mysqli']->query($sql);
    230. 

  230.             }
    231. 

  231.             }
    232. 

  232.         }
    233. 

  233.     }
    234. 

  234. }
    235. 

  235. if ($_POST) {
    236. 

  236.     $sql = "SELECT m.*, n.nation_id, n.name, u.user_id, u.alliance_id FROM {$buyermarketplace} m INNER JOIN nations n ON n.nation_id = m.nation_id
    237. 

  237.     INNER JOIN users u ON u.user_id = n.user_id WHERE m.{$resource_id} = '{$mysql['resource_id']}' ORDER BY m.price DESC, n.nation_id DESC";
    238. 

  238.     $sth = $GLOBALS['mysqli']->query($sql);
    239. 

  239.     if ($sth) {
    240. 

  240.         while ($rs = mysqli_fetch_array($sth)) {
    241. 

  241.             if (!in_array($rs['user_id'], $embargoed)) {
    242. 

  242.                 $rs['resource_id'] = $rs[$resource_id];
    243. 

  243.                 $deals[] = $rs;
    244. 

  244.             }
    245. 

  245.         }
    246. 

  246.     }
    247. 

  247. }
    248. 

  248. }
    249. 

  249. if ($mode) {
    250. 

  250. $sql = "SELECT rd.{$resource_id}, rd.name, r.amount from {$resourcedefs} rd LEFT JOIN {$resourcesname} r ON r.{$resource_id} = rd.{$resource_id} AND r.nation_id = '{$_SESSION['nation_id']}' {$tradeable2} ORDER BY name";
    251. 

  251. $sth = $GLOBALS['mysqli']->query($sql);
    252. 

  252. while ($rs = mysqli_fetch_array($sth)) {
    253. 

  253.     $resourceoptions[$rs["{$resource_id}"]]['resource_id'] = $rs["{$resource_id}"];
    254. 

  254.     $resourceoptions[$rs["{$resource_id}"]]['name'] = $rs['name'];
    255. 

  255.     if ($rs['amount']) {
    256. 

  256.         $resourceoptions[$rs["{$resource_id}"]]['optionslistname'] = $rs['name'] . " (Have {$rs['amount']})";
    257. 

  257.     } else {
    258. 

  258.         $resourceoptions[$rs["{$resource_id}"]]['optionslistname'] = $rs['name'];
    259. 

  259.     }
    260. 

  260. }
    261. 

  261. } else {
    262. 

  262. $sql = "SELECT rd.{$resource_id}, rd.name, r.amount from {$resourcedefs} rd LEFT JOIN {$resourcesname} r ON r.{$resource_id} = rd.{$resource_id} AND r.nation_id = '{$_SESSION['nation_id']}' {$tradeable2}
    263. 

  263. AND name NOT LIKE 'DNA%' ORDER BY name";
    264. 

  264. $sth = $GLOBALS['mysqli']->query($sql);
    265. 

  265. while ($rs = mysqli_fetch_array($sth)) {
    266. 

  266.     $resourceoptions[$rs["{$resource_id}"]]['resource_id'] = $rs["{$resource_id}"];
    267. 

  267.     $resourceoptions[$rs["{$resource_id}"]]['name'] = $rs['name'];
    268. 

  268.     if ($rs['amount']) {
    269. 

  269.         $resourceoptions[$rs["{$resource_id}"]]['optionslistname'] = $rs['name'] . " (Have {$rs['amount']})";
    270. 

  270.     } else {
    271. 

  271.         $resourceoptions[$rs["{$resource_id}"]]['optionslistname'] = $rs['name'];
    272. 

  272.     }
    273. 

  273. }
    274. 

  274. $sql = "SELECT rd.{$resource_id}, rd.name, r.amount from {$resourcedefs} rd LEFT JOIN {$resourcesname} r ON r.{$resource_id} = rd.{$resource_id} AND r.nation_id = '{$_SESSION['nation_id']}' {$tradeable2}
    275. 

  275. AND name LIKE 'DNA%' ORDER BY name";
    276. 

  276. $sth = $GLOBALS['mysqli']->query($sql);
    277. 

  277. while ($rs = mysqli_fetch_array($sth)) {
    278. 

  278.     $resourceoptions[$rs["{$resource_id}"]]['resource_id'] = $rs["{$resource_id}"];
    279. 

  279.     $resourceoptions[$rs["{$resource_id}"]]['name'] = $rs['name'];
    280. 

  280.     if ($rs['amount']) {
    281. 

  281.         $resourceoptions[$rs["{$resource_id}"]]['optionslistname'] = $rs['name'] . " (Have {$rs['amount']})";
    282. 

  282.     } else {
    283. 

  283.         $resourceoptions[$rs["{$resource_id}"]]['optionslistname'] = $rs['name'];
    284. 

  284.     }
    285. 

  285. }
    286. 

  286. }
    287. 

  287. $displayfunds = commas($nationinfo['funds']);
    288. 

  288. ?>
    289.