<?php/******************************************* Flyff Earthquake v4.0

1. <?php
2. /*****************************************
3. **          Flyff Earthquake v4.0       **
4. **           inc/functions.php          **
5. **         Created by Treachery.        **
6. *****************************************/
7. require_once("inc/config.php");
8.  
9. if(stristr($_SERVER['PHP_SELF'], "functions.php"))
10.     header("Location: ../");
11.  
12. session_start();
13.  
14. if (!$enable_shop)
15.     die("<p style='text-align: center; color: #FF0000; padding-top: 30%; font-weight: bold'>The shop is currently unavailable.<br/>Please try again later.</p>");
16.    
17. $mssql_con = mssql_connect($mssql_server, $mssql_username, $mssql_password); //Attempt connection to MSSQL server using above server location.
18. if (!$mssql_con)
19.     die("Cannot connect to MSSQL Server."); //die, stating it could not connect.
20.  
21. if (isset($_POST['user_id']))
22. {
23.     session_destroy();
24.     session_start();
25. }
26.  
27. $account =  (isset($_SESSION['ifs_account'])) ? strtolower($_SESSION['ifs_account']) : strtolower($_POST['user_id']);
28. $player =   (isset($_SESSION['ifs_player'])) ? $_SESSION['ifs_player'] : addZeroes($_POST['m_idPlayer']);
29. $sindex =   (isset($_SESSION['ifs_sindex'])) ? $_SESSION['ifs_sindex'] : "0".$_POST['server_index'];
30. $passwd =   (isset($_SESSION['ifs_passwd'])) ? $_SESSION['ifs_passwd'] : $_POST['check'];
31.  
32. $accountcheck = $account ? true : false;
33.  
34. $account2 = $account;
35. $account = clean($account);
36.  
37. if (!isset($_SESSION['ifs_account']))
38. {
39.     if ($accountcheck)
40.     {
41.         $account_query=mssql_query("SELECT * FROM [{$mssql_db['account']}].dbo.[ACCOUNT_TBL] WHERE account = {$account}");
42.         $account_row=mssql_fetch_array($account_query);
43.         if (mssql_num_rows($account_query))
44.         {
45.             if ($account_row['password']==$passwd)
46.             {
47.                 $character_query=mssql_query("SELECT * FROM [{$mssql_db['character']}].dbo.[CHARACTER_TBL] WHERE m_idPlayer = '{$player}' AND isblock!='D' AND account = {$account}");
48.                 $character_row=mssql_fetch_array($character_query);
49.                 if (mssql_num_rows($character_query))
50.                 {
51.                     $_SESSION['ifs_account'] = $account;
52.                     $_SESSION['ifs_player'] = $player;
53.                     $_SESSION['ifs_sindex'] = $sindex;
54.                     $_SESSION['ifs_passwd'] = $passwd;
55.                 }
56.                 else
57.                     header("Location: login.php?error=4"); //die("Invalid access (4)."); //Character not found or doesn't belong to the owner.
58.             }
59.             else
60.                 header("Location: login.php?error=3"); //die("Invalid access (3)."); //Invalid account password hashed.
61.         }
62.         else
63.             header("Location: login.php?error=2"); //die("Invalid access (2)."); //Account does not exist.
64.     }
65.     else
66.         header("Location: login.php?error=1"); //die("Invalid access (1)."); //Account not entered.
67. }
68.  
69. $cash_query=mssql_query("SELECT * FROM [{$mssql_db['account']}].[dbo].[ACCOUNT_TBL] WHERE account = {$account}");
70. $cash_row_array=mssql_fetch_array($cash_query);
71. $cash_count=$cash_row_array[$cash_row];
72.  
73. mssql_select_db($mssql_db['character']);
74.  
75. $page = (isset($_GET['page'])) ? clean(abs($_GET['page'])) : 1;
76.     if ($page < 1) $page = 1;
77. $page_max = $page*$max_items;
78. $page_limit = $page_max-$max_items;
79.  
80. function clean($var)
81. {
82.     if (is_int($var))
83.     {
84.         $var = $var;
85.     }
86.     else
87.     if (is_array($var))
88.     {
89.         foreach($var as $key => $value)
90.         {
91.             $var[$key] = clean($value);
92.         }
93.     }
94.     else
95.     {
96.         $unpacked = unpack('H*hex',$var);
97.         $hex = '0x'.$unpacked['hex'];
98.         $var = $hex;
99.     }
100.    
101.     return $var;
102. }
103.  
104. function addZeroes($num)
105. {
106.     $max_len=7;
107.     $cur_len=strlen($num);
108.    
109.     while ($cur_len < $max_len)
110.     {
111.         $num="0".$num;
112.         $cur_len++;
113.     }
114.    
115.     return $num;
116. }
117.  
118. function item_query($itemid)
119. {
120.     global $popular;
121.     switch($itemid)
122.     {
123.         case "popular":
124.             if ($popular==0)
125.                 $item_query="SELECT TOP 1 * FROM PREMIUM_SHOP_TBL WHERE forsale = 1 ORDER BY purchases DESC";
126.             else
127.                 $item_query="SELECT TOP 1 * FROM PREMIUM_SHOP_TBL WHERE id= {$popular} AND forsale = 1";
128.         break;
129.        
130.         default:
131.             $item_query="SELECT TOP 1 * FROM PREMIUM_SHOP_TBL WHERE id = {$itemid} AND forsale = 1";
132.             $item_result=mssql_query($item_query);
133.             if(!mssql_num_rows($item_result))
134.                 $item_query="SELECT TOP 1 * FROM PREMIUM_SHOP_TBL WHERE forsale = 1 ORDER BY purchases DESC";
135.     }
136.    
137.     return $item_query;
138. }
139.  
140. function roundUp( $value, $precision=0 )
141. {
142.    if ( $precision == 0 ) {
143.        $precisionFactor = 1;
144.    }
145.    else {
146.        $precisionFactor = pow( 10, $precision );
147.    }
148.    return ceil( $value * $precisionFactor )/$precisionFactor;
149. }
150.  
151. function br($text)
152. {
153.     $text=str_replace("\\r\\n","<br />",$text);
154.     $text=str_replace("\n","<br />",$text);
155.     return $text;
156. }
157.  
158. function friends()
159. {
160.     global $player, $sindex;
161.     $stmt = mssql_init('shopMessengerList');
162.  
163.     mssql_bind($stmt, '@pserverindex',  $sindex,    SQLCHAR);
164.     mssql_bind($stmt, '@pPlayerID',     $player,    SQLCHAR);
165.  
166.     $result = mssql_execute($stmt);
167.    
168.     while ($row = mssql_fetch_assoc($result)) {
169.         $return.= '<option value="'.$row['idFriend'].'">'.$row['m_szName'].'</option>';
170.     }
171.  
172.     mssql_free_statement($stmt);
173.    
174.     return $return;
175. }
176.  
177. function updateCash($new_cash)
178. {
179.     global $account, $cash_row, $mssql_db;
180.     $new_cash = abs($new_cash);
181.    
182.     $query = "UPDATE [{$mssql_db['account']}].[dbo].[ACCOUNT_TBL] SET [{$cash_row}] = {$new_cash} WHERE account = {$account}";
183.     $result=mssql_query($query);
184.    
185.     if ($result)
186.         return true;
187.     else
188.         return false;
189. }
190.  
191. function giftBundle($item1_id, $item1_name, $item1_count, $item2_id, $item2_name, $item2_count, $item3_id, $item3_name, $item3_count, $item4_id, $item4_name, $item4_count, $player)
192. {
193.     global $sindex;
194.    
195.     if ($item1_id&&$item1_name&&$item1_count)
196.         $return = giftItem($item1_id, $item1_name, $item1_count, $player);
197.    
198.     if ($item2_id&&$item2_name&&$item2_count&&$return)
199.         $return = giftItem($item2_id, $item2_name, $item2_count, $player);
200.    
201.     if ($item3_id&&$item3_name&&$item3_count&&$return)
202.         $return = giftItem($item3_id, $item3_name, $item3_count, $player);
203.    
204.     if ($item4_id&&$item4_name&&$item4_count&&$return)
205.         $return = giftItem($item4_id, $item4_name, $item4_count, $player);
206.    
207.     if (!isset($return))
208.         $return = 0;
209.    
210.     return $return;
211. }
212.  
213. function giftItem($itemid, $itemname, $itemcount, $player_to)
214. {
215.     global $sindex, $player, $mssql_db;
216.     mssql_select_db($mssql_db['character']);
217.     $stmt = mssql_init('shopSendItem');
218.  
219.     mssql_bind($stmt, '@m_idPlayer',    $player_to, SQLCHAR);
220.     mssql_bind($stmt, '@serverindex',   $sindex,    SQLCHAR);
221.     mssql_bind($stmt, '@item_name',     $itemname,  SQLTEXT);
222.     mssql_bind($stmt, '@item_count',    $itemcount, SQLINT1);
223.     mssql_bind($stmt, '@item_id',       $itemid,    SQLINT1);
224.     mssql_bind($stmt, '@m_idSender',    $player,    SQLCHAR);
225.  
226.     $return = mssql_execute($stmt);
227.  
228.     mssql_free_statement($stmt);
229.    
230.     return $return;
231. }
232.  
233. function sendBundle($item1_id, $item1_name, $item1_count, $item2_id, $item2_name, $item2_count, $item3_id, $item3_name, $item3_count, $item4_id, $item4_name, $item4_count) {
234.     global $player, $sindex;
235.     mssql_select_db($mssql_db['character']);
236.    
237.     if ($item1_id&&$item1_name&&$item1_count)
238.         $return = sendItem($item1_id, $item1_name, $item1_count);
239.    
240.     if ($item2_id&&$item2_name&&$item2_count&&$return)
241.         $return = sendItem($item2_id, $item2_name, $item2_count);
242.    
243.     if ($item3_id&&$item3_name&&$item3_count&&$return)
244.         $return = sendItem($item3_id, $item3_name, $item3_count);
245.    
246.     if ($item4_id&&$item4_name&&$item4_count&&$return)
247.         $return = sendItem($item4_id, $item4_name, $item4_count);
248.    
249.     if (!isset($return))
250.         $return = 0;
251.    
252.     return $return;
253. }
254.  
255. function sendItem($itemid, $itemname, $itemcount)
256. {
257.     global $player, $sindex, $mssql_db;
258.     mssql_select_db($mssql_db['character']);
259.     $stmt = mssql_init('shopSendItem');
260.  
261.     mssql_bind($stmt, '@m_idPlayer',    $player,    SQLCHAR);
262.     mssql_bind($stmt, '@serverindex',   $sindex,    SQLCHAR);
263.     mssql_bind($stmt, '@item_name',     $itemname,  SQLTEXT);
264.     mssql_bind($stmt, '@item_count',    $itemcount, SQLINT1);
265.     mssql_bind($stmt, '@item_id',       $itemid,    SQLINT1);
266.  
267.     $return = mssql_execute($stmt);
268.  
269.     mssql_free_statement($stmt);
270.    
271.     return $return;
272. }
273.  
274. function PurchaseCount($itemid)
275. {
276.     global $mssql_db;
277.     if (is_int($itemid))
278.         return mssql_query("UPDATE [{$mssql_db['character']}].dbo.[PREMIUM_SHOP_TBL] SET purchases = purchases + 1 WHERE id = {$itemid}");
279. }
280.  
281. function getLastID()
282. {
283.     global $mssql_db;
284.     $result = mssql_query("SELECT id FROM [{$mssql_db['character']}].dbo.[PREMIUM_SHOP_TBL] ORDER BY id DESC");
285.     $row = mssql_fetch_array($result);
286.     return $row['id'];
287. }
288.  
289. function tableArray($query)
290. {
291.     $array = array();
292.     $result = mssql_query($query);
293.    
294.     for($i=0;$i<mssql_num_rows($result);$i++)
295.     {
296.         $mini_array = array();
297.         for($n=0;$n<mssql_num_fields($result);$n++)
298.         {
299.             $field = mssql_field_name($result, $n);
300.             $mini_array[$field] = mssql_result($result, $i, $field);
301.         }
302.        
303.         $array[$i] = $mini_array;
304.     }
305.    
306.     return $array;
307. }
308.    
309. function page_list($totalPages, $function)
310. {
311.     global $max_list, $page;
312.    
313.     $partial = ceil($max_list/2);
314.  
315.     $cP = 1;
316.     if ($page > $partial)
317.     {
318.         $cP = $page - $partial + 1;
319.     }
320.  
321.     if ($cP+$max_list > $totalPages+1)
322.     {
323.         while($cP+$max_list > $totalPages+1)
324.         {
325.             $cP--;
326.         }
327.     }
328.    
329.     if ($cP < 1)
330.         $cP = 1;
331.    
332.     $prev = ($page - 1 > 0) ? $page - 1 : 1;
333.     $next = ($page + 1 > $totalPages) ? $totalPages : $page + 1;
334.  
335.     echo "<a href=\"javascript:{$function}1);\">[First]</a> ";
336.     echo "<a href=\"javascript:{$function}{$prev});\">[Prev]</a> ";
337.     $i2=0;
338.     for($i=$cP;($i2<$max_list)&&($i<=$totalPages);$i++)
339.     {
340.         echo ($i==$page) ? "<span>" : "<a href=\"javascript:{$function}{$i});\">[";
341.             echo $i;
342.         echo ($i==$page) ? "</span>" : "]</a>";
343.        
344.         echo " ";
345.         $i2++;
346.     }
347.     echo "<a href=\"javascript:{$function}{$next});\">[Next]</a> ";
348.     echo "<a href=\"javascript:{$function}{$totalPages});\">[Last]</a>";
349. }
350.  
351. function likeClean($str)
352. {                                          
353.     return preg_replace('/(?!\s)(\W)/', '', $str);
354. }
355.  
356. function fail($itemid = "popular", $giftflag = 1)
357. {
358.     return '<script type="text/javascript">
359. $(document).ready(function() {
360.     PurchaseFail('.$itemid.','.$giftflag.');
361. });
362. </script>';
363. }
364.  
365. function success($itemid, $giftflag = 1)
366. {
367.     return '<script type="text/javascript">
368. $(document).ready(function() {
369.     PurchaseSuccess('.$itemid.','.$giftflag.');
370. });
371. </script>';
372. }
373.  
374. function success2($itemid, $giftflag = 1)
375. {
376.     return '<script type="text/javascript">
377. $(document).ready(function() {
378.     PurchaseSuccess2('.$itemid.','.$giftflag.');
379. });
380. </script>';
381. }
382. ?>