Code: Select all
$inserts = array('textName', 'textDesc', 'textPrice', 'select', 'checkStartUp', 'checkBuy');
for($x=0; $x<count($inserts); $x++)
{
$inserts[$x] = mysql_real_escape_string($_POST[$inserts[$x]]);
}
$_SESSION['inserts'] = $inserts;
Moderator: General Moderators
Code: Select all
$inserts = array('textName', 'textDesc', 'textPrice', 'select', 'checkStartUp', 'checkBuy');
for($x=0; $x<count($inserts); $x++)
{
$inserts[$x] = mysql_real_escape_string($_POST[$inserts[$x]]);
}
$_SESSION['inserts'] = $inserts;
Code: Select all
<?php
session_start();
require "../config.php";
require "../libs/Smarty.class.php";
$smarty = new Smarty;
if($_SESSION['rpg_' .$game_name . 'userrank'] != 1)
{
die("You dont belong here");
}
//set template var
$smarty->assign("game", $game_name);
include "../miscvars.php";
if(isset($_POST['SubmitItem']))
{
$inserts = array('textName', 'textDesc', 'textPrice', 'select', 'checkStartUp', 'checkBuy');
for($x=0; $x<count($inserts); $x++)
{
$inserts[$x] = mysql_real_escape_string($_POST[$inserts[$x]]);
}
//start up
if($inserts[4] != "y")
{
$inserts[4] = "n";
}
//buyable
if($inserts[5] != "y")
{
$inserts[5] = "n";
}
//name
if(strlen($inserts[0]) == 0)
{
$msg = "Name can not to be blank...<BR>";
}
//desc
if(strlen($inserts[1]) == 0)
{
$msg .= "Description can not to be blank...<BR>";
}
///price
if(strlen($inserts[2]) == 0)
{
$msg .= "Price can not to be blank...<BR>";
}
//query
$result = mysql_query("SELECT id FROM items WHERE name='" . $inserts[0] . "'") or die(mysql_error());
//item name exists check
if(mysql_num_rows($result) == 1)
{
$msg .= "Item name allready exist...";
}
if(empty($msg))
{
//vars
$_SESSION['inserts'] = $inserts;
$smarty->assign("itemtype" , $inserts[3]);
//parse templates
$smarty->display('itemadd2.htm');
}
else
{
$smarty->assign("MSG" , $msg);
$smarty->display('itemadd.htm');
}
}
//final step of submitting item
if(isset($_POST['SubmitItemFinal']))
{
//some vars for easier checking
$inserts = array('textLvl', 'textAttack', 'textDef', 'textHP', 'textValue');
$level_check = array("Full", "Bot", "Top", "Weapon", "HuntingTool", "WoodTool", "FishingTool", "MiningTools", "Health");
$def_check = array("Full", "Bot", "Top");
$hp_check = array("Full", "Bot", "Top", "Health");
//file vars
$imageinfo = getimagesize($_FILES['file']['tmp_name']);
$file_typ = array();
$file_typ = explode('.',strtolower($_FILES["file"]["name"]));
$file_type = $file_typ[count($file_typ)-1];
for($x=0; $x<count($inserts); $x++)
{
$inserts[$x] = mysql_real_escape_string($_POST[$inserts[$x]]);
}
//if any of these types, check level field
if(in_array($_SESSION['inserts'][3], $level_check))
{
//level
if(strlen($inserts[0]) == 0)
{
$msg = "Level can not to be blank...<BR>";
}
}
else
{
$inserts[0] = 0;
}
//if weapon, check attack field
if($_SESSION['inserts'][3] == "Weapon")
{
//attack
if(strlen($inserts[1]) == 0)
{
$msg .= "Attack field not to be blank...<BR>";
}
}
else
{
$inserts[1] = 0;
}
//if any of these types, check defense field
if(in_array($_SESSION['inserts'][3], $def_check))
{
///defense
if(strlen($inserts[2]) == 0)
{
$msg .= "Defense field can not to be blank...<BR>";
}
}
else
{
$inserts[2] = 0;
}
//if any of these types check hp field
if(in_array($_SESSION['inserts'][3], $def_check))
{
///hp
if(strlen($inserts[3]) == 0)
{
$msg .= "HP field can not to be blank...<BR>";
}
}
else
{
$inserts[3] = 0;
}
///value
if(strlen($inserts[4]) == 0)
{
$msg .= "Value field can not to be blank...<BR>";
}
//no errors
if(empty($msg))
{
//if file type is right
if( ($file_type == "jpg" || $file_type == "png" || $file_type == "gif" || $imageinfo['mime'] == "image/gif") && ($imageinfo['mime'] == "image/jpg" || $imageinfo['mime'] == "image/jpeg" || $imageinfo['mime'] == "image/png") && isset($imageinfo) )
{
if(move_uploaded_file($_FILES["file"]["tmp_name"], "../../gamedata/$game_name/items/" . $_SESSION['inserts'][3] . '_' . str_replace(" ", '_',$_SESSION['inserts'][0]) . ".png"))
{
mysql_query("INSERT INTO items (
name,
ftype,
descr,
hp,
itemvalue,
itemtype,
itemprice,
itemstartup,
itembuyable,
itemAttack,
itemDefense,
itemLevelReq,
game
) VALUES (
'" . $_SESSION['inserts'][0] . "',
'" . $file_type . "',
'" . $_SESSION['inserts'][1] . "',
'" . $inserts[3] . "',
'" . $inserts[4] . "',
'" . $_SESSION['inserts'][3] . "',
'" . $_SESSION['inserts'][2] . "',
'" . $_SESSION['inserts'][4] . "',
'" . $_SESSION['inserts'][5] . "',
'" . $inserts[1] . "',
'" . $inserts[2] . "',
'" . $inserts[0] . "',
'" . $game_name . "')") or die(mysql_error());
$msg = "Item succesfully added...";
$smarty->assign("MSG" , $msg);
//parse templates
$smarty->display('itemadd.htm');
}
else
{
$msg = "Failed uploading file...";
$smarty->assign("MSG" , $msg);
//parse templates
$smarty->display('itemadd2.htm');
}
}
}
else
{
$smarty->assign("MSG" , $msg);
$smarty->display('itemadd2.htm');
}
}
//if we displaying available shops
if(!isset($_POST['SubmitItem']) || !empty($msg))
{
//query
$result = mysql_query("SELECT sID, sNAME FROM shops WHERE game='$game_name' ORDER BY sNAME ASC") or die(mysql_error());
//get all shops
while($shop = mysql_fetch_object($result))
{
$shopids[] = $shop->sID;
$shopnames[] = $shop->sNAME;
}
//set template vars
$smarty->assign("ShopIds", $shopids);
$smarty->assign("ShopNames", $shopnames);
//parse templates
$smarty->display('itemadd.htm');
}
?>