black bullets

<?php

session_start();

include "includes/db_connect.php";

include "includes/functions.php";

logincheck();

$username=$_SESSION['username'];

$query=mysql_query("SELECT * FROM users WHERE username='$username' LIMIT 1");
$info = mysql_fetch_object($query);
$query1=mysql_query("SELECT * FROM users WHERE username='$username' LIMIT 1");
$fetch2 = mysql_fetch_object($query1);

$fetch=mysql_query("SECLET * FROM users WHERE username='$username'");
$username=$_SESSION['username'];

$date = gmdate('Y-m-d h:i:s');


if (strip_tags($_POST['sellbulletssubmit']) && strip_tags($_POST['sellbulletsamount']) && strip_tags($_POST['sellbulletsprice']) && strip_tags($_POST['sellbulletstype'])){

$sellbulletsamount = strip_tags($_POST['sellbulletsamount']);

$sellbulletstype = strip_tags($_POST['sellbulletstype']);

$sellbulletsprice = strip_tags($_POST['sellbulletsprice']);

$jhppriceselllow = $sellbulletsamount * 4000;
$jhppricesellhigh = $sellbulletsamount * 4500;
$fmjpriceselllow = $sellbulletsamount * 4500;
$fmjpricesellhigh = $sellbulletsamount * 5000;

if($info->$sellbulletstype < $sellbulletsamount){
echo "<table border=0 bordercolor=black align=center cellpadding=2 cellspacing=0><tr><td class=notice align=center><center><font color=red>You havent got enough $sellbulletstype!</font></td></tr></table><br>";

}elseif($sellbulletsamount < "1"){
echo "<table border=0 bordercolor=black align=center cellpadding=2 cellspacing=0><tr><td class=notice align=center><center><font color=red>You cannot sell less than one $sellbulletstype!</font></td></tr></table><br>";

}elseif($sellbulletstype == "JHP" && $sellbulletsprice < $jhppriceselllow){

echo"<table border=0 bordercolor=black align=center cellpadding=2 cellspacing=0><tr><td class=notice align=center><center><font color=red>The minimum price for JHP is &pound;4,000!</font></td></tr></table><br>";

}elseif($sellbulletstype == "JHP" && $sellbulletsprice > $jhppricesellhigh){

echo"<table border=0 bordercolor=black align=center cellpadding=2 cellspacing=0><tr><td class=notice align=center><center><font color=red>The maximum price for JHP is &pound;4,500!</font></td></tr></table><br>";

}elseif($sellbulletstype == "FMJ" && $sellbulletsprice < $fmjpriceselllow){

echo"<table border=0 bordercolor=black align=center cellpadding=2 cellspacing=0><tr><td class=notice align=center><center><font color=red>The maximum price for FMJ is &pound;5,000!</font></td></tr></table><br>";

}elseif($sellbulletstype == "FMJ" && $sellbulletsprice > $fmjpricesellhigh){

echo"<table border=0 bordercolor=black align=center cellpadding=2 cellspacing=0><tr><td class=notice align=center><center><font color=red>The minimum price for FMJ is &pound;4,500!</font></td></tr></table><br>";

}else{

$newbullets=$info->$sellbulletstype - $sellbulletsamount;

mysql_query("UPDATE users SET $sellbulletstype='$newbullets' WHERE username='$username'");

mysql_query("INSERT INTO `blackmarket_bullets` ( `id` , `username` , `amount` , `cost` , `type` , `date` )

VALUES ('', '$username', '$sellbulletsamount', '$sellbulletsprice', '$sellbulletstype', '$date')");

echo "<table border=0 bordercolor=black align=center cellpadding=2 cellspacing=0><tr><td class=notice align=center><center><font color=green>Your $sellbulletstype has been added to the blackmarket!</td></tr></table><br>";

}}

//////////////////////////////////////////////////

  $buysellbullets=strip_tags($_GET['option']);
  $buy=strip_tags($_GET['buy']);
  $remove=strip_tags($_GET['remove']);

if ($buy){
$buybullets=mysql_fetch_object(mysql_query("SELECT * FROM blackmarket_bullets WHERE id= '$buy'"));

$Bulletstype=$buybullets->type;

if($buybullets->username == $username){

echo"<table border=0 bordercolor=black align=center cellpadding=2 cellspacing=0><tr><td class=notice align=center><center><font color=red>You cannot buy your own $Bulletstype!</td></tr></table><br>"; }

elseif($buybullets->cost-1 >= $fetch2->money){

echo"<table border=0 bordercolor=black align=center cellpadding=2 cellspacing=0><tr><td class=notice align=center><center><font color=red>You dont have enough money to buy those $Bulletstype!</td></tr></table><br>";

}elseif($buybullets->username != $username && $buybullets->cost <= $fetch2->money){

$buyerbulletsamount=$buybullets->amount;
$buyernewbullets=$fetch2->$Bulletstype + $buyerbulletsamount;
mysql_query("UPDATE users SET $Bulletstype='$buyernewbullets' WHERE username='$username'");

$buyerbulletscost=$buybullets->cost;
$buyernewmoney=$fetch2->money - $buyerbulletscost;
mysql_query("UPDATE users SET money='$buyernewmoney' WHERE username='$username'");


$bulletsseller=mysql_fetch_object(mysql_query("SELECT * FROM users WHERE username='$buybullets->username'"));

$sellerbulletscost=$buybullets->cost;
$sellernewmoney=$bulletsseller->money+$buybullets->cost;

mysql_query("UPDATE users SET money='$sellernewmoney' WHERE username='$buybullets->username'");

mysql_query("DELETE FROM blackmarket_bullets WHERE id='$buy'");

mysql_query("INSERT INTO `blackmarket_logs` ( `id` , `seller` , `buyer` , `amount` , `type` , `amount` , `date` )

VALUES ('', '$buybullets->username', '$username', '$buybullets->amount', '$Bulletstype', '$buybullets->cost', '$date')");

echo"<table border=0 bordercolor=black align=center cellpadding=2 cellspacing=0><tr><td class=notice align=center><center><font color=green>You successfully brought those $Bulletstype!</td></tr></table><br>";

}}


if($remove){
$removebullets=mysql_fetch_object(mysql_query("SELECT * FROM `blackmarket_bullets` WHERE id= '$remove'"));
$fetchbulletsowner=mysql_fetch_object(mysql_query("SELECT * FROM users WHERE username= '$removebullets->username'"));

$BULLETStype=$removebullets->type;

if($removebullets->username == $username){

mysql_query("DELETE FROM blackmarket_bullets WHERE id='$remove' AND username='$username'");

$plusbullets=$removebullets->amount;
$newbullets=$fetch2->$BULLETStype+$plusbullets;
mysql_query("UPDATE users SET $BULLETStype='$newbullets' WHERE username='$username'");
echo"<table border=0 bordercolor=black align=center cellpadding=2 cellspacing=0><tr><td class=notice align=center><center><font color=green>You successfully removed your $BULLETStype!</td></tr></table><br>";

}elseif($info->userlevel == "3"){

mysql_query("DELETE FROM blackmarket_bullets WHERE id='$remove' AND username='$removebullets->username'");

$plusbullets=$removebullets->amount;
$newbullets=$fetchbulletsowner->$BULLETStype+$plusbullets;
mysql_query("UPDATE users SET $BULLETStype='$newbullets' WHERE username='$removebullets->username'");

mysql_query("INSERT INTO `inbox` (`id`, `subject`, `to`, `from`, `message`, `date`, `read`) VALUES ('', 'Blackmarket', '$removecredits->username', 'MH Staff', 'Your bullets have been removed from the blackmarket by a member of staff. This may be because of several different reasons, usually it is because you have set the price as an un-reasonable amount.', '$date', '0');") or die (mysql_error());

echo"<table border=0 bordercolor=black align=center cellpadding=2 cellspacing=0><tr><td class=notice align=center><center><font color=green>You successfully removed those $BULLETStype! The owner has been notified.</td></tr></table><br>";

}else{ echo"<table border=0 bordercolor=black align=center cellpadding=2 cellspacing=0><tr><td class=notice align=center><center><font color=red>You cannot remove those!</td></tr></table><br>"; }}

//////////////////////////////////////////////////
?>

<html>

<head>

<link href="style.css" rel="stylesheet" type="text/css">
<script type="text/javascript" src="js/jquery.js"></script>
<script type="text/javascript" src="js/jquery.tooltip.js"></script>
<script type="text/javascript">
$(document).ready(function(){
	tooltip('hover', 'class');
});
	function checkAll(theElement) {
     var theForm = theElement.form, z = 0;
	 for(z=0; z<theForm.length;z++){
      if(theForm[z].type == 'checkbox' && theForm[z].name != 'checkall'){
	  theForm[z].checked = theElement.checked;
	  }
     }
    }

</script>
<style type="text/css">
#tooltip {
	position: absolute;
	z-index: 3000;
	border: 1px solid #333333;
	background-color: #222222;
	color: #FFFFFF;
	font: 11px Verdana, Arial, Helvetica, sans-serif;
	padding: 5px;
	opacity: 0.85;
	max-width: 310px;
}
#tooltip h3, #tooltip div { margin: 0; }
#tooltip h3 {
	color: #FFFFFF;
	font-size: 12px;
	font-weight: normal;
}

.pagenumbers {
background-color: #222222;
padding: 4px 0;
}

.bar_cont {
	display: inline-block;
	vertical-align:middle;
}
.bar {
	position: relative;
	width: 150px;
	line-height: 11px;
	border: 1px solid #000;
	color: #000000;
	background: url('images/crimebg/red.jpg');
	background-repeat: repeat-x;
}
.rg {
	position: relative;
	height: 11px;
	background-image: url('images/crimebg/green.jpg');
	background-repeat: repeat-x;
	z-index: 2;
}

.textinput{
	background-color: #222222;
	color: #999999;
	font: 11px Verdana, Arial, Helvetica, sans-serif;
	height: 22px;
	width: 150px;
	border: 1px solid #333333;
}

.menubox {
	text-align: left;
	margin-left: 5px;
	margin-right: 5px;
	margin-bottom: 5px;
	border: 1px solid #333333;
	background-color: #111111;
	padding: 5px 5px 5px 5px;
}

.menubox a {
	color: #CCCCCC;
	text-decoration: none;
	display: block;
	width: 50px;
}
.menubox .unselected_link {
	border: 1px solid #505050;
	cursor: pointer;
	margin: 6px;
	padding: 5px 0px 5px 0px;
	vertical-align: middle;
	color: #cccccc;
	background: url(images/subhead.png) repeat-x;
	font: 11px Tahoma, Verdana, Arial, Helvetica, sans-serif;
}
.menubox .selected_link {
	border: 1px solid #505050;
	cursor: pointer;
	margin:	6px;
	padding: 5px 0px 5px 0px;
	vertical-align: middle;
	color: #cccccc;
	background: url(images/selected_box.png) repeat-x;
	font: 11px Tahoma, Verdana, Arial, Helvetica, sans-serif;
}

.img {
	                    border: 1px solid #000000; }

</style>


</head>

<body>
		<center><table class='menubox' align='center' style='border-radius: 20px; border: 0px;'>
			<tr>
				<td align='center'>
				<div style='float:left;'><a href='blackmarket.php' class='unselected_link' style='width: 120px;'><u>Credits</u></a></div>
				<div style='float:left;'><a href='blackmarket_bullets.php' class='selected_link' style='width: 120px;'><u>Bullets</u></a></div>

				</td>
            </tr>
		</table></center><br><br>
<div id=overDiv style="position:absolute; visibility:hidden; z-index:1000;"></div>
<form name="form" method="post" action="">
<table border="0" width="650" align="center" cellpadding="0" cellspacing="0" class="table">
<tr class="header">
<td colspan="7" align="center">Black Market</td>
</tr>
<tr>
<td width="150" class='subhead' align="center">Username</td>
<td width="150" class='subhead' align="center">Offer</td>
<td width="150" class='subhead' align="center">Cost</td>
<td width="50" class='subhead' align="center">&nbsp;</td>
<td width="50" class='subhead' align="center">&nbsp;</td>
</tr>
<?

$whatpage=$_GET['page'];

$getTopics = mysql_query("SELECT * FROM `blackmarket_bullets`");

$totalTopics = mysql_num_rows($getTopics);


$topics_per_page = 10;

$offset = (int)$_GET['page'] * $topics_per_page;

$pages = ceil($totalTopics / $topics_per_page);

for ($i=0;$i<$pages;$i++)

{

$n = $i+1;

if ($_GET['page'] == $i)

{

$page .= "<b style='padding:4px; background-color: #173478; border-radius:20px;'>$n</b> ";

}

else

{

$page .= "<a href='blackmarket_bullets.php?page=$i' style='padding:4px; background-color: #111111; border-radius:20px; text-decoration: none;'>$n</a> ";

}}


$queryshow=mysql_query("SELECT * FROM blackmarket_bullets ORDER BY id DESC LIMIT $offset, $topics_per_page");

$num=mysql_num_rows($queryshow);

  while($coolshow = mysql_fetch_object($queryshow)){


 echo "

<tr><td align=center height='40'><a href=profile.php?viewuser=$coolshow->username><b>$coolshow->username</b></a></td>

<td align=center height='40'><b>".makecomma($coolshow->amount)." $coolshow->type</b></td>

<td align=center height='40'><b>&pound;".makecomma($coolshow->cost)."</b></td>

<td align=center height='40'><a href=?buy=$coolshow->id><img src='images/acc.png'></a></td>

<td align=center height='40'><a href=?remove=$coolshow->id><img src='images/del.png'></a></td>

</td>

</tr>";


  }

if ($num == "0"){

echo"<tr><td height='40' colspan=10 align=center>There are no current offers on the black market!</td></tr>";

}

 ?>
<tr><td colspan='6' align='center' class='pagenumbers'>
<? echo "$page"; ?>
</td></tr>
</table>
</form>

<br />
<form method="post" action="">

<div align=center><table width="250" align="center" cellpadding="0" cellspacing="0" bordercolor="" class="table" border='0'>

<tr>
<td class='header' colspan='5'><div align='center'>Add Offer</td>
</tr>

<tr><td colspan='5'>&nbsp;</td></tr>

<tr>

<td align="right">Bullets:</td>

<td colspan='2' align="center"><input name='sellbulletsamount' type='text' class=textinput size='30' style='height:20' onkeyup="this.value=this.value.replace(/[^0-9]/g, '');" autocomplete="off"></td>

</tr>

<tr><td colspan='5'>&nbsp;</td></tr>

<tr>

<td align="right">Type:</td>

<td align="center"><input type="radio" name="sellbulletstype" id="select" value="JHP">JHP <input type="radio" name="sellbulletstype" id="select" value="FMJ">FMJ</td>

</tr>

<tr><td>&nbsp;</td></tr>

<tr>

<td align="right">Amount:</td>

<td align="center"><input name='sellbulletsprice' type='text' class=textinput size='30' style='height:20' onkeyup="this.value=this.value.replace(/[^0-9]/g, '');" autocomplete="off"></td>

</tr>

<tr><td>&nbsp;</td></tr>

<tr>

<td align=center colspan=3><input type="submit" name="sellbulletssubmit" value="Add" class="button"></td>

</tr></table>

</form>