API tools faq
paste
Guest User

Untitled

a guest
Oct 11th, 2014
245
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 26.62 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3.  
  4. require_once('sglobals.php');
  5. //This contains item stuffs
  6. if (!isset($_GET['action']))
  7. {
  8. $_GET['action'] = '';
  9. }
  10. switch ($_GET['action'])
  11. {
  12. case 'newitem':
  13. new_item_form();
  14. break;
  15. case 'newitemsub':
  16. new_item_submit();
  17. break;
  18. case 'giveitem':
  19. give_item_form();
  20. break;
  21. case 'giveitemsub':
  22. give_item_submit();
  23. break;
  24. case 'killitem':
  25. kill_item_form();
  26. break;
  27. case 'killitemsub':
  28. kill_item_submit();
  29. break;
  30. case 'edititem':
  31. edit_item_begin();
  32. break;
  33. case 'edititemform':
  34. edit_item_form();
  35. break;
  36. case 'edititemsub':
  37. edit_item_sub();
  38. break;
  39. case 'newitemtype':
  40. newitemtype();
  41. break;
  42. default:
  43. echo "Error: This script requires an action.";
  44. break;
  45. }
  46.  
  47. function new_item_form()
  48. {
  49. global $db, $ir, $c;
  50. if ($ir['user_level'] != 2)
  51. {
  52. echo 'You cannot access this area.<br />
  53. &gt; <a href="staff.php">Go Back</a>';
  54. die($h->endpage());
  55. }
  56. $csrf = request_csrf_html('staff_newitem');
  57. echo "
  58. <h3>Adding an item to the game</h3>
  59. <form action='staff_items.php?action=newitemsub' method='post'>
  60. Item Name: <input type='text' name='itmname' value='' />
  61. <br />
  62. Item Desc.: <input type='text' name='itmdesc' value='' />
  63. <br />
  64. Item Type: " . itemtype_dropdown(NULL, 'itmtype')
  65. . "
  66. <br />
  67. Item Buyable: <input type='checkbox' name='itmbuyable' checked='checked' />
  68. <br />
  69. Item Price (Value have to be greater then -1): <input type='text' name='itmbuyprice' />
  70. <br />
  71. Item Sell Value: <input type='text' name='itmsellprice' />
  72. <br />
  73. <br />
  74. <hr />
  75. <b>Usage Form</b>";
  76. for ($i = 1; $i <= 3; $i++)
  77. {
  78. echo "<hr />
  79. <b><u>Effect {$i}</u></b>
  80. <br />
  81. On?
  82. <input type='radio' name='effect{$i}on' value='1' /> Yes
  83. <input type='radio' name='effect{$i}on' value='0' checked='checked' /> No
  84. <br />
  85. Stat: <select name='effect{$i}stat' type='dropdown'>
  86. <option value='energy'>Energy</option>
  87. <option value='will'>Will</option>
  88. <option value='brave'>Brave</option>
  89. <option value='hp'>Health</option>
  90. <option value='strength'>Strength</option>
  91. <option value='agility'>Agility</option>
  92. <option value='guard'>Guard</option>
  93. <option value='labour'>Labour</option>
  94. <option value='IQ'>IQ</option>
  95. <option value='hospital'>Hospital Time</option>
  96. <option value='jail'>Jail Time</option>
  97. <option value='money'>Money</option>
  98. <option value='coins'>Coins</option>
  99. <option value='cdays'>Education Days Left</option>
  100. <option value='bankmoney'>Bank money</option>
  101. <option value='cybermoney'>Cyber money</option>
  102. <option value='crimexp'>Crime XP</option>
  103. </select>
  104. Direction: <select name='effect{$i}dir' type='dropdown'>
  105. <option value='pos'>Increase</option>
  106. <option value='neg'>Decrease</option>
  107. </select>
  108. <br />
  109. Amount: <input type='text' name='effect{$i}amount' value='0' />
  110. <select name='effect{$i}type' type='dropdown'>
  111. <option value='figure'>Value</option>
  112. <option value='percent'>Percent</option>
  113. </select>";
  114. }
  115. echo "
  116. <hr />
  117. <b>Combat Usage</b>
  118. <br />
  119. Weapon Power: <input type='text' name='weapon' value='0' />
  120. <br />
  121. Armor Defence: <input type='text' name='armor' value='0' />
  122. <br />
  123. Shield Defence: <input type='text' name='shield' value='0' />
  124. <hr />
  125. {$csrf}
  126. <input type='submit' value='Add Item To Game' />
  127. </form>
  128. ";
  129. }
  130.  
  131. function new_item_submit()
  132. {
  133. global $db, $ir, $c, $h;
  134. if ($ir['user_level'] != 2)
  135. {
  136. echo 'You cannot access this area.<br />
  137. &gt; <a href="staff.php">Go Back</a>';
  138. die($h->endpage());
  139. }
  140. staff_csrf_stdverify('staff_newitem', 'staff_items.php?action=newitem');
  141.  
  142. $itmname =
  143. (isset($_POST['itmname']))
  144. ? $db->escape(strip_tags(stripslashes($_POST['itmname'])))
  145. : '';
  146. $itmdesc =
  147. (isset($_POST['itmdesc']))
  148. ? $db->escape(strip_tags(stripslashes($_POST['itmdesc'])))
  149. : '';
  150. $weapon =
  151. (isset($_POST['weapon']) && is_numeric($_POST['weapon']))
  152. ? abs(intval($_POST['weapon'])) : 0;
  153. $armor =
  154. (isset($_POST['armor']) && is_numeric($_POST['armor']))
  155. ? abs(intval($_POST['armor'])) : 0;
  156. $shield =
  157. (isset($_POST['shield']) && is_numeric($_POST['shield']))
  158. ? abs(intval($_POST['shield'])) : 0;
  159.  
  160. $_POST['itmtype'] =
  161. (isset($_POST['itmtype']) && is_numeric($_POST['itmtype']))
  162. ? abs(intval($_POST['itmtype'])) : '';
  163.  
  164. $_POST['itmbuyprice'] =
  165. (isset($_POST['itmbuyprice'])
  166. && is_numeric($_POST['itmbuyprice']))
  167. ? abs(intval($_POST['itmbuyprice'])) : '';
  168.  
  169. $_POST['itmsellprice'] =
  170. (isset($_POST['itmsellprice'])
  171. && is_numeric($_POST['itmsellprice']))
  172. ? abs(intval($_POST['itmsellprice'])) : '';
  173.  
  174. if (empty($itmname) || empty($itmdesc) || empty($_POST['itmtype'])
  175. || empty($_POST['itmsellprice']) || empty($_POST['itembuyprice']))
  176. {
  177. echo 'You missed one or more of the fields. Please go back and try again.<br />
  178. &gt; <a href="staff_items.php?action=newitem">Go Back</a>';
  179. pr_arr($_POST);
  180. die($h->endpage());
  181. }
  182. $itmbuy = ($_POST['itmbuyable'] == 'on') ? 1 : 0;
  183. $effects = array();
  184. for ($i = 1; $i <= 3; $i++)
  185. {
  186. $efxkey = "effect{$i}";
  187. $_POST[$efxkey . 'stat'] =
  188. (isset($_POST[$efxkey . 'stat'])
  189. && in_array($_POST[$efxkey . 'stat'],
  190. array('energy', 'will', 'brave', 'hp',
  191. 'strength', 'agility', 'guard',
  192. 'labour', 'IQ', 'hospital', 'jail',
  193. 'money', 'coins', 'cdays',
  194. 'bankmoney', 'cybermoney', 'crimexp')))
  195. ? $_POST[$efxkey . 'stat'] : 'energy';
  196. $_POST[$efxkey . 'dir'] =
  197. (isset($_POST[$efxkey . 'dir'])
  198. && in_array($_POST[$efxkey . 'dir'],
  199. array('pos', 'neg'))) ? $_POST[$efxkey . 'dir']
  200. : 'pos';
  201. $_POST[$efxkey . 'type'] =
  202. (isset($_POST[$efxkey . 'type'])
  203. && in_array($_POST[$efxkey . 'type'],
  204. array('figure', 'percent')))
  205. ? $_POST[$efxkey . 'type'] : 'figure';
  206. $_POST[$efxkey . 'amount'] =
  207. (isset($_POST[$efxkey . 'amount'])
  208. && is_numeric($_POST[$efxkey . 'amount']))
  209. ? abs(intval($_POST[$efxkey . 'amount'])) : 0;
  210. $_POST[$efxkey . 'on'] =
  211. (isset($_POST[$efxkey . 'on'])
  212. && in_array($_POST[$efxkey . 'on'], array('1', '0')))
  213. ? $_POST[$efxkey . 'on'] : 0;
  214. $effects[$i] =
  215. $db->escape(
  216. serialize(
  217. array("stat" => $_POST[$efxkey . 'stat'],
  218. "dir" => $_POST[$efxkey . 'dir'],
  219. "inc_type" => $_POST[$efxkey . 'type'],
  220. "inc_amount" => abs(
  221. (int) $_POST[$efxkey
  222. . 'amount']))));
  223. }
  224. $m =
  225. $db->query(
  226. "INSERT INTO `items`
  227. VALUES(NULL, {$_POST['itmtype']}, '$itmname', '$itmdesc',
  228. {$_POST['itmbuyprice']}, {$_POST['itmsellprice']},
  229. $itmbuy, '{$_POST['effect1on']}', '{$effects[1]}',
  230. '{$_POST['effect2on']}', '{$effects[2]}',
  231. '{$_POST['effect3on']}', '{$effects[3]}', $weapon,
  232. $armor, $shield)");
  233. stafflog_add("Created item {$_POST['itmname']}");
  234. echo 'The ' . $_POST['itmname']
  235. . ' Item was added to the game.<br />
  236. &gt; <a href="staff_items.php?action=newitem">Go Home</a>';
  237. die($h->endpage());
  238. }
  239.  
  240.  
  241.  
  242. function give_item_form()
  243. {
  244. global $db, $ir, $c;
  245. if (!in_array($ir['user_level'], array(2, 3)))
  246. {
  247. echo 'You cannot access this area.<br />
  248. &gt; <a href="staff.php">Go Back</a>';
  249. die($h->endpage());
  250. }
  251. $csrf = request_csrf_html('staff_giveitem');
  252. echo "
  253. <h3>Giving Item To User</h3>
  254. <form action='staff_items.php?action=giveitemsub' method='post'>
  255. User: " . user_dropdown(NULL, 'user') . "
  256. <br />
  257. Item: " . item_dropdown(NULL, 'item')
  258. . "
  259. <br />
  260. Quantity: <input type='text' name='qty' value='1' />
  261. <br />
  262. {$csrf}
  263. <input type='submit' value='Give Item' />
  264. </form>
  265. ";
  266. }
  267.  
  268. function give_item_submit()
  269. {
  270. global $db, $ir, $c, $h;
  271. if (!in_array($ir['user_level'], array(2, 3)))
  272. {
  273. echo 'You cannot access this area.<br />
  274. &gt; <a href="staff.php">Go Back</a>';
  275. die($h->endpage());
  276. }
  277. staff_csrf_stdverify('staff_giveitem', 'staff_items.php?action=giveitem');
  278. $_POST['item'] =
  279. (isset($_POST['item']) && is_numeric($_POST['item']))
  280. ? abs(intval($_POST['item'])) : '';
  281. $_POST['user'] =
  282. (isset($_POST['user']) && is_numeric($_POST['user']))
  283. ? abs(intval($_POST['user'])) : '';
  284. $_POST['qty'] =
  285. (isset($_POST['qty']) && is_numeric($_POST['qty']))
  286. ? abs(intval($_POST['qty'])) : '';
  287. if (empty($_POST['item']) || empty($_POST['user']) || empty($_POST['qty']))
  288. {
  289. echo 'Something was inputted incorrectly, please try again.<br />
  290. &gt; <a href="staff_items.php?action=giveitem">Go Back</a>';
  291. die($h->endpage());
  292. }
  293. $q =
  294. $db->query(
  295. 'SELECT COUNT(`itmid`)
  296. FROM `items`
  297. WHERE `itmid` = ' . $_POST['item']);
  298. $q2 =
  299. $db->query(
  300. 'SELECT COUNT(`userid`)
  301. FROM `users`
  302. WHERE `userid` = ' . $_POST['user']);
  303. if ($db->fetch_single($q) == 0 OR $db->fetch_single($q2) == 0)
  304. {
  305. $db->free_result($q);
  306. $db->free_result($q2);
  307. echo 'Item/User doesn\'t seem to exist.<br />
  308. &gt; <a href="staff_items.php?action=giveitem">Go Back</a>';
  309. die($h->endpage());
  310. }
  311. $db->free_result($q);
  312. $db->free_result($q2);
  313. item_add($_POST['user'], $_POST['item'], $_POST['qty']);
  314. stafflog_add(
  315. "Gave {$_POST['qty']} of item ID {$_POST['item']} to user ID {$_POST['user']}");
  316. echo 'You gave ' . $_POST['qty'] . ' of item ID ' . $_POST['item']
  317. . ' to user ID ' . $_POST['user']
  318. . '<br />
  319. &gt; <a href="staff.php">Go Back</a>';
  320. die($h->endpage());
  321. }
  322.  
  323. function kill_item_form()
  324. {
  325. global $db, $ir, $c, $h, $userid;
  326. if ($ir['user_level'] != 2)
  327. {
  328. echo 'You cannot access this area.<br />
  329. &gt; <a href="staff.php">Go Back</a>';
  330. die($h->endpage());
  331. }
  332. $csrf = request_csrf_html('staff_killitem');
  333. echo "
  334. <h3>Deleting Item</h3>
  335. The item will be permanently removed from the game.
  336. <br />
  337. <form action='staff_items.php?action=killitemsub' method='post'>
  338. Item: " . item_dropdown(NULL, 'item')
  339. . "
  340. <br />
  341. {$csrf}
  342. <input type='submit' value='Kill Item' />
  343. </form>
  344. ";
  345. }
  346.  
  347. function kill_item_submit()
  348. {
  349. global $db, $ir, $c, $h, $userid;
  350. if ($ir['user_level'] != 2)
  351. {
  352. echo 'You cannot access this area.<br />
  353. &gt; <a href="staff.php">Go Back</a>';
  354. die($h->endpage());
  355. }
  356. staff_csrf_stdverify('staff_killitem', 'staff_items.php?action=killitem');
  357. $_POST['item'] =
  358. (isset($_POST['item']) && is_numeric($_POST['item']))
  359. ? abs(intval($_POST['item'])) : '';
  360. if (empty($_POST['item']))
  361. {
  362. echo 'Invalid Item.<br />
  363. &gt; <a href="staff_items.php?action=killitem">Go Back</a>';
  364. die($h->endpage());
  365. }
  366. $d =
  367. $db->query(
  368. "SELECT `itmname`
  369. FROM `items`
  370. WHERE `itmid` = {$_POST['item']}");
  371. if ($db->num_rows($d) == 0)
  372. {
  373. $db->free_result($d);
  374. echo 'Item doesn\'t seem to exist.<br />
  375. &gt; <a href="staff_items.php?action=killitem">Go Back</a>';
  376. die($h->endpage());
  377. }
  378. $itemname = $db->fetch_single($d);
  379. $db->free_result($d);
  380. $db->query("DELETE FROM `items`
  381. WHERE `itmid` = {$_POST['item']}");
  382. $db->query(
  383. "DELETE FROM `shopitems`
  384. WHERE `sitemITEMID` = {$_POST['item']}");
  385. $db->query(
  386. "DELETE FROM `inventory`
  387. WHERE `inv_itemid` = {$_POST['item']}");
  388. $db->query(
  389. "DELETE FROM `itemmarket`
  390. WHERE `imITEM` = {$_POST['item']}");
  391. stafflog_add("Deleted item {$itemi['itmname']}");
  392. echo 'The ' . $itemi['itmname']
  393. . ' Item was removed from the game.<br />
  394. &gt; <a href="staff.php">Go Home</a>';
  395. die($h->endpage());
  396. }
  397.  
  398. function edit_item_begin()
  399. {
  400. global $db, $ir, $c, $h, $userid;
  401. if ($ir['user_level'] != 2)
  402. {
  403. echo 'You cannot access this area.<br />&gt; <a href="staff.php">Go Back</a>';
  404. die($h->endpage());
  405. }
  406. $csrf = request_csrf_html('staff_edititem1');
  407. echo "
  408. <h3>Editing Item</h3>
  409. You can edit any aspect of this item.<br />
  410. <form action='staff_items.php?action=edititemform' method='post'>
  411. Item: " . item_dropdown(NULL, 'item')
  412. . "
  413. <br />
  414. {$csrf}
  415. <input type='submit' value='Edit Item' />
  416. </form>
  417. ";
  418. }
  419.  
  420. function edit_item_form()
  421. {
  422. global $db, $ir, $c, $h;
  423. if ($ir['user_level'] != 2)
  424. {
  425. echo 'You cannot access this area.<br />
  426. &gt; <a href="staff.php">Go Back</a>';
  427. die($h->endpage());
  428. }
  429. staff_csrf_stdverify('staff_edititem1', 'staff_items.php?action=edititem');
  430. $_POST['item'] =
  431. (isset($_POST['item']) && is_numeric($_POST['item']))
  432. ? abs(intval($_POST['item'])) : '';
  433. if (empty($_POST['item']))
  434. {
  435. echo 'Invalid Item.<br />
  436. &gt; <a href="staff_items.php?action=killitem">Go Back</a>';
  437. die($h->endpage());
  438. }
  439. $d =
  440. $db->query(
  441. "SELECT *
  442. FROM `items`
  443. WHERE `itmid` = {$_POST['item']}");
  444. if ($db->num_rows($d) == 0)
  445. {
  446. $db->free_result($d);
  447. echo 'Item doesn\'t seem to exist.<br />
  448. &gt; <a href="staff_items.php?action=edititem">Go Back</a>';
  449. die($h->endpage());
  450. }
  451. $itemi = $db->fetch_row($d);
  452. $db->free_result($d);
  453. $csrf = request_csrf_html('staff_edititem2');
  454. $itmname = addslashes($itemi['itmname']);
  455. $itmdesc = addslashes($itemi['itmdesc']);
  456. echo "
  457. <h3>Editing Item</h3>
  458. <form action='staff_items.php?action=edititemsub' method='post'>
  459. <input type='hidden' name='itmid' value='{$_POST['item']}' />
  460. Item Name: <input type='text' name='itmname' value='{$itmname}' />
  461. <br />
  462. Item Desc.: <input type='text' name='itmdesc' value='{$itmdesc}' />
  463. <br />
  464. Item Type: " . itemtype_dropdown(NULL, 'itmtype', $itemi['itmtype'])
  465. . "
  466. <br />
  467. Item Buyable: <input type='checkbox' name='itmbuyable'
  468. " . (($itemi['itmbuyable']) ? "checked='checked'" : '')
  469. . "
  470. />
  471. <br />
  472. Item Price (Value have to be greater then -1): <input type='text' name='itmbuyprice' value='{$itemi['itmbuyprice']}' />
  473. <br />
  474. Item Sell Value: <input type='text' name='itmsellprice' value='{$itemi['itmsellprice']}' />
  475. <hr />
  476. <b>Usage Form</b>
  477. <hr />
  478. ";
  479. $stats =
  480. array("energy" => "Energy", "will" => "Will", "brave" => "Brave",
  481. "hp" => "Health", "strength" => "Strength",
  482. "agility" => "Agility", "guard" => "Guard",
  483. "labour" => "Labour", "IQ" => "IQ",
  484. "hospital" => "Hospital Time", "jail" => "Jail Time",
  485. "money" => "Money", "coins" => "Coins",
  486. "cdays" => "Education Days Left",
  487. "bankmoney" => "Bank money",
  488. "cybermoney" => "Cyber money", "crimexp" => "Crime XP");
  489. for ($i = 1; $i <= 3; $i++)
  490. {
  491. if (!empty($itemi["effect" . $i]))
  492. {
  493. $efx = unserialize($itemi["effect" . $i]);
  494. }
  495. else
  496. {
  497. $efx = array("inc_amount" => 0);
  498. }
  499. $switch1 =
  500. ($itemi['effect' . $i . '_on'] > 0) ? " checked='checked'" : "";
  501. $switch2 =
  502. ($itemi['effect' . $i . '_on'] > 0) ? "" : " checked='checked'";
  503. echo "
  504. <b><u>Effect {$i}</u></b>
  505. <br />
  506. On?
  507. <input type='radio' name='effect{$i}on' value='1'$switch1 /> Yes
  508. <input type='radio' name='effect{$i}on' value='0'$switch2 /> No
  509. <br />
  510. Stat: <select name='effect{$i}stat' type='dropdown'>
  511. ";
  512. foreach ($stats as $k => $v)
  513. {
  514. echo ($k == $efx['stat'])
  515. ? '<option value="' . $k . '" selected="selected">' . $v
  516. . '</option>'
  517. : '<option value="' . $k . '">' . $v . '</option>';
  518. }
  519. $str =
  520. ($efx['dir'] == "neg")
  521. ? '<option value="pos">Increase</option>
  522. <option value="neg" selected="selected">Decrease</option>'
  523. : '<option value="pos" selected="selected">Increase</option>
  524. <option value="neg">Decrease</option>';
  525. $str2 =
  526. ($efx['inc_type'] == "percent")
  527. ? '<option value="figure">Value</option>
  528. <option value="percent" selected="selected">Percent</option>'
  529. : '<option value="figure" selected="selected">Value</option>
  530. <option value="percent">Percent</option>';
  531.  
  532. echo "
  533. </select>
  534. Direction: <select name='effect{$i}dir' type='dropdown'> {$str} </select>
  535. <br />
  536. Amount: <input type='text' name='effect{$i}amount' value='{$efx['inc_amount']}' />
  537. <select name='effect{$i}type' type='dropdown'>{$str2}</select>
  538. <hr />
  539. ";
  540. }
  541. echo "
  542. <b>Combat Usage</b>
  543. <br />
  544. Weapon Power: <input type='text' name='weapon' value='{$itemi['weapon']}' />
  545. <br />
  546. Armor Defence: <input type='text' name='armor' value='{$itemi['armor']}' />
  547. <br />
  548. Shield Defence: <input type='text' name='shield' value='{$itemi['shield']}' />
  549. <hr />
  550. {$csrf}
  551. <input type='submit' value='Edit Item' />
  552. </form>
  553. ";
  554. }
  555.  
  556. function edit_item_sub()
  557. {
  558. global $db, $ir, $c, $h, $userid;
  559. if ($ir['user_level'] != 2)
  560. {
  561. echo 'You cannot access this area.<br />&gt; <a href="staff.php">Go Back</a>';
  562. die($h->endpage());
  563. }
  564. staff_csrf_stdverify('staff_edititem2', 'staff_items.php?action=edititem');
  565. $itmname =
  566. (isset($_POST['itmname']))
  567. ? $db->escape(strip_tags(stripslashes($_POST['itmname'])))
  568. : '';
  569.  
  570. $itmdesc =
  571. (isset($_POST['itmdesc']))
  572. ? $db->escape(strip_tags(stripslashes($_POST['itmdesc'])))
  573. : '';
  574. $weapon =
  575. (isset($_POST['weapon']) && is_numeric($_POST['weapon']))
  576. ? abs(intval($_POST['weapon'])) : 0;
  577. $armor =
  578. (isset($_POST['armor']) && is_numeric($_POST['armor']))
  579. ? abs(intval($_POST['armor'])) : 0;
  580. $shield =
  581. (isset($_POST['shield']) && is_numeric($_POST['shield']))
  582. ? abs(intval($_POST['shield'])) : 0;
  583. $_POST['itmtype'] =
  584. (isset($_POST['itmtype']) && is_numeric($_POST['itmtype']))
  585. ? abs(intval($_POST['itmtype'])) : '';
  586. $_POST['itmbuyprice'] =
  587. (isset($_POST['itmbuyprice'])
  588. && is_numeric($_POST['itmbuyprice']))
  589. ? abs(intval($_POST['itmbuyprice'])) : '';
  590.  
  591. $_POST['itmsellprice'] =
  592. (isset($_POST['itmsellprice'])
  593. && is_numeric($_POST['itmsellprice']))
  594. ? abs(intval($_POST['itmsellprice'])) : '';
  595. $_POST['itmid'] =
  596. (isset($_POST['itmid']) && is_numeric($_POST['itmid']))
  597. ? abs(intval($_POST['itmid'])) : '';
  598. if (empty($itmname) || empty($itmdesc) || empty($_POST['itmtype'])
  599. || empty($_POST['itmsellprice']) || empty($_POST['itmsellprice'])
  600. || empty($_POST['itmid']))
  601. {
  602. echo 'You missed one or more of the fields. Please go back and try again.<br />
  603. &gt; <a href="staff_items.php?action=edititem">Go Back</a>';
  604. die($h->endpage());
  605. }
  606. $q =
  607. $db->query(
  608. 'SELECT COUNT(`itmid`)
  609. FROM `items`
  610. WHERE `itmid` = ' . $_POST['itmid']);
  611. if ($db->fetch_single($q) == 0)
  612. {
  613. $db->free_result($q);
  614. echo 'Invalid item.<br />
  615. &gt; <a href="staff_items.php?action=edititem">Go Back</a>';
  616. die($h->endpage());
  617. }
  618. $db->free_result($q);
  619. $itmbuy = ($_POST['itmbuyable'] == 'on') ? 1 : 0;
  620. $effects = array();
  621. for ($i = 1; $i <= 3; $i++)
  622. {
  623. $efxkey = "effect{$i}";
  624. $_POST[$efxkey . 'stat'] =
  625. (isset($_POST[$efxkey . 'stat'])
  626. && in_array($_POST[$efxkey . 'stat'],
  627. array('energy', 'will', 'brave', 'hp',
  628. 'strength', 'agility', 'guard',
  629. 'labour', 'IQ', 'hospital', 'jail',
  630. 'money', 'coins', 'cdays',
  631. 'bankmoney', 'cybermoney', 'crimexp')))
  632. ? $_POST[$efxkey . 'stat'] : 'energy';
  633. $_POST[$efxkey . 'dir'] =
  634. (isset($_POST[$efxkey . 'dir'])
  635. && in_array($_POST[$efxkey . 'dir'],
  636. array('pos', 'neg'))) ? $_POST[$efxkey . 'dir']
  637. : 'pos';
  638. $_POST[$efxkey . 'type'] =
  639. (isset($_POST[$efxkey . 'type'])
  640. && in_array($_POST[$efxkey . 'type'],
  641. array('figure', 'percent')))
  642. ? $_POST[$efxkey . 'type'] : 'figure';
  643. $_POST[$efxkey . 'amount'] =
  644. (isset($_POST[$efxkey . 'amount'])
  645. && is_numeric($_POST[$efxkey . 'amount']))
  646. ? abs(intval($_POST[$efxkey . 'amount'])) : 0;
  647. $_POST[$efxkey . 'on'] =
  648. (isset($_POST[$efxkey . 'on'])
  649. && in_array($_POST[$efxkey . 'on'], array('1', '0')))
  650. ? $_POST[$efxkey . 'on'] : 0;
  651. $effects[$i] =
  652. $db->escape(
  653. serialize(
  654. array("stat" => $_POST[$efxkey . 'stat'],
  655. "dir" => $_POST[$efxkey . 'dir'],
  656. "inc_type" => $_POST[$efxkey . 'type'],
  657. "inc_amount" => abs(
  658. (int) $_POST[$efxkey
  659. . 'amount']))));
  660. }
  661. $db->query(
  662. 'UPDATE `items` SET `itmtype` = ' . $_POST['itmtype']
  663. . ',`itmname` = "' . $itmname . '",`itmdesc` = "'
  664. . $itmdesc . '",`itmbuyprice` = ' . $_POST['itmbuyprice']
  665. . ',`itmsellprice` = ' . $_POST['itmsellprice']
  666. . ',`itmbuyable` = ' . $itmbuy . ',`effect1_on` = "'
  667. . $_POST['effect1on'] . '",`effect1` = "' . $effects[1]
  668. . '",`effect2_on` = "' . $_POST['effect2on']
  669. . '",`effect2` = "' . $effects[2] . '",`effect3_on` = "'
  670. . $_POST['effect3on'] . '",`effect3` = "' . $effects[3]
  671. . '",`weapon` = ' . $weapon . ',`armor` = ' . $armor
  672. . ',`shield` = ' . $shield
  673. . ' WHERE `itmid` = ' . $_POST['itmid']);
  674. stafflog_add("Edited item {$_POST['itmname']}");
  675. echo 'The ' . $_POST['itmname']
  676. . ' Item was edited successfully.<br />
  677. &gt; <a href="staff.php">Go Home</a>';
  678. die($h->endpage());
  679. }
  680.  
  681. function newitemtype()
  682. {
  683. global $db, $ir, $c, $h, $userid;
  684. if ($ir['user_level'] != 2)
  685. {
  686. echo 'You cannot access this area.<br />
  687. &gt; <a href="staff.php">Go Back</a>';
  688. die($h->endpage());
  689. }
  690. $_POST['name'] =
  691. (isset($_POST['name'])
  692. && preg_match(
  693. "/^[a-z0-9_]+([\\s]{1}[a-z0-9_]|[a-z0-9_])+$/i",
  694. $_POST['name']))
  695. ? $db->escape(strip_tags(stripslashes($_POST['name'])))
  696. : '';
  697. if (!empty($_POST['name']))
  698. {
  699. staff_csrf_stdverify('staff_newitemtype',
  700. 'staff_items.php?action=newitemtype');
  701. $db->query(
  702. "INSERT INTO `itemtypes`
  703. VALUES(NULL, '{$_POST['name']}')");
  704. stafflog_add('Added item type ' . $_POST['name']);
  705. echo 'Item Type ' . $_POST['name']
  706. . ' added.<br />
  707. &gt; <a href="staff.php">Go Home</a>';
  708. die($h->endpage());
  709. }
  710. else
  711. {
  712. $csrf = request_csrf_html('staff_newitemtype');
  713. echo "
  714. <h3>Add Item Type</h3>
  715. <hr />
  716. <form action='staff_items.php?action=newitemtype' method='post'>
  717. Name: <input type='text' name='name' />
  718. <br />
  719. {$csrf}
  720. <input type='submit' value='Add Item Type' />
  721. </form>
  722. ";
  723. }
  724. }
  725. $h->endpage();
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!