Newbie Spellweaver
- Joined
- Jul 15, 2011
- Messages
- 78
- Reaction score
- 0
this module is a web gunz that I have, this module is used to give away items from the webshop
This is an php code to give a event item or donate by web , is deactivated to send by character name
just send by setting the userid
the problem is that the user does not matter, always says "userid does not exist"
someone could review it and tell me what is wrong , sorry my bad english :*:
module:
link download
This is an php code to give a event item or donate by web , is deactivated to send by character name
just send by setting the userid
the problem is that the user does not matter, always says "userid does not exist"
someone could review it and tell me what is wrong , sorry my bad english :*:
module:
PHP:
<?
} }
if(!function_exists("showgiftitem")){
function showgiftitem(){
if($_SESSION['AID'] == ""){
re_dir("index.php");
}
$item2 = clean($_GET['itemid']);
$res = mssql_query_logged("SELECT * FROM EVCashShop WHERE CSID = '$item2'");
$item = mssql_fetch_assoc($res);
$res2 = mssql_query_logged("SELECT ECoins FROM Account WHERE AID = '".$_SESSION['AID']."'");
$acc = mssql_fetch_assoc($res2);
if (isset($_POST['submit'])){
$type = clean($_POST['type']);
$id = clean($_POST['id']);
$reason = clean($_POST['reason']);
$custom = clean($_POST['cstom']);
$itemid = clean($_POST['ItemID']);
$item2 = clean($_GET['itemid']);
//--
if($reason == 1){
$reason = $custom;
$custom = str_replace("
","</br>",$custom);
}
//--
if ($type == 1){
$res = mssql_query_logged("SELECT * FROM Account WHERE UserID = '$id'");
if(mssql_num_rows($res) == 0){
alertbox("UserID $id doesnt exist","index.php?gunz=eshop&sub=listallitems&type=2");
die();
}else{
$data = mssql_fetch_assoc($res);
$userID = $data['UserID'];
$UserAID = $data['AID'];
$res = mssql_query_logged("SELECT * FROM EVCashShop WHERE CSID = '$itemid'");
$item = mssql_fetch_assoc($res);
$res2 = mssql_query_logged("SELECT ECoins FROM Account WHERE AID = '".$_SESSION['AID']."'");
$acc = mssql_fetch_assoc($res2);
$aid = $_SESSION['AID'];
$updatecoins = $acc['ECoins'] - $item['CashPrice'];
$zitemid = $item['ItemID'];
if($updatecoins < 0){
die("No Bug here :)");
}
mssql_query_logged("INSERT INTO AccountItem ([ShopItemID], [AID], [ItemID], [RentDate], [Cnt])VALUES('$itemid', '$UserAID', '$zitemid', GETDATE(), 1)");
mssql_query_logged("UPDATE Account SET ECoins = '$updatecoins' WHERE AID = '$aid'");
alertbox("Item purchased and gifted correctly, your friend can get it in Central bank","index.php?gunz=eshop&sub=listallitems&type=2");
die();
}
}else{
$res = mssql_query_logged("SELECT * FROM Character WHERE Name = '$id'");
if(mssql_num_rows($res) == 0){
alertbox("The character $id doesnt exist","index.php?gunz=eshop&sub=listallitems&type=2");
die();
}else{
$res = mssql_query_logged("SELECT * FROM Character WHERE Name = '$id'");
$data = mssql_fetch_assoc($res);
$UserAID = $data['AID'];
$res = mssql_query_logged("SELECT * FROM EVCashShop WHERE CSID = '$item2'");
$item = mssql_fetch_assoc($res);
$res2 = mssql_query_logged("SELECT Coins FROM Account WHERE AID = '".$_SESSION['AID']."'");
$acc = mssql_fetch_assoc($res2);
$res = mssql_query_logged("SELECT * FROM EVCashShop WHERE CSID = '$itemid'");
$item = mssql_fetch_assoc($res);
$res2 = mssql_query_logged("SELECT ECoins FROM Account WHERE AID = '".$_SESSION['AID']."'");
$acc = mssql_fetch_assoc($res2);
$aid = $_SESSION['AID'];
$updatecoins = $acc['ECoins'] - $item['CashPrice'];
$zitemid = $item['ItemID'];
if($updatecoins < 0){
die("No Bug here :)");
}
mssql_query_logged("INSERT INTO AccountItem ([ShopItemID], [AID], [ItemID], [RentDate], [Cnt])VALUES('$itemid', '$UserAID', '$zitemid', GETDATE(), 1)");
mssql_query_logged("UPDATE Account SET ECoins = '$updatecoins' WHERE AID = '$aid'");
alertbox("Item purchased and gifted correctly, your friend can get it in Central bank","index.php?gunz=eshop&sub=listallitems&type=2");
die();
}
}
}
?>
<table width="570" border="0" align="center">
<tr>
<td align="center"><table width="450" border="0" class="login4">
<tr>
<td width="274" align="left" class="estilo5">name of item: </td>
<td width="266" align="left" class="estilo5"><b>
<?=$item['Name']?>
</b></td>
</tr>
<tr>
<td align="left" class="estilo5">Current Bill: </td>
<td align="left" class="estilo5"><b>
<?=$_SESSION['UserID']?>
</b></td>
</tr>
<tr>
<td align="left" class="estilo5"><select size="1" name="type" class="login">
<option value="1" selected>[gift] UserID </option>
<option value="2">[gift]Name Character </option>
</select></td>
<td align="left" class="estilo5"><input type="text" name="id" size="26" class="login"></td>
</tr>
<tr>
<td align="left" class="estilo5">Price:</td>
<td align="left" class="estilo5"><b>
<?=$item['CashPrice']?>
</b></td>
</tr>
<tr>
<td align="left" class="estilo5">ECoins That has: </td>
<td align="left" class="estilo5"><b>
<?=$acc['ECoins']?>
</b></td>
</tr>
<tr>
<td align="left" class="estilo5">ECoins That will remain: </td>
<td align="left" class="estilo5"><b>
<?
$result = $acc['ECoins']-$item['CashPrice'];
if($result < 0){
$boton = "<b>Insufficient ECoins</b>";
}else{
$boton = "<input type='submit' value='Buy Item' name='submit' class='login'>";
}
echo $acc['ECoins']-$item['CashPrice'];?>
</b></td>
</tr>
<tr>
<td height="20" colspan="2" align="left" class="estilo5"></td>
</tr>
<tr>
<td colspan="2" align="center" class="estilo5"><form method="POST" action="index.php?gunz=eshop&sub=giftitem">
<?=$boton?>
<input type="hidden" value="<?=$_GET['itemid']?>" name="ItemID2">
</form></td>
</tr>
</table></td>
</tr>
</table>
link download
You must be registered to see links