forked from filler00/etcg
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtrade.php
168 lines (118 loc) · 6.45 KB
/
trade.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
<?php define('VALID_INC', TRUE); include_once 'func.php';
if ( isset($_POST['tradesubmit']) ) {
$database = new Database;
$sanitize = new Sanitize;
$name = $sanitize->for_db($_POST['name']);
$email = $sanitize->for_db($_POST['email']);
$website = $sanitize->for_db($_POST['website']);
$tcg = intval($_POST['tcg']);
$wants = $sanitize->for_db($_POST['wants']);
$offer = $sanitize->for_db($_POST['offer']);
$comments = $sanitize->for_db($_POST['comments']);
$validcards = true;
$wants = explode(',',$wants);
foreach ( $wants as $card ) {
if ( !preg_match("/[a-z0-9_-]/i", $card) ) { $validcards = false; }
}
$offer = explode(',',$offer);
foreach ( $offer as $card ) {
if ( !preg_match("/[a-z0-9_-]/i", $card) ) { $validcards = false; }
}
array_walk($wants, 'trim_value');
array_walk($offer, 'trim_value');
if ( $validcards === true ) {
foreach ( $wants as $givingcard ) {
unset($cardfound);
$result = $database->query("SELECT * FROM `cards` WHERE `tcg`='$tcg' AND `priority`!='3' ORDER BY `priority`");
while ( $row = mysqli_fetch_array($result) ) {
if ( !isset($cardfound) || $cardfound != true ) {
$cards = explode(',',$row['cards']);
array_walk($cards, 'trim_value');
$i = 0;
foreach ( $cards as $card ) {
if ( preg_match("/^$givingcard$/i", $card) && !isset($cardfound) ) {
$foundcards[] = $card;
$cardfound = true;
}
$i++;
}
}
}
}
if ( isset($foundcards) ) {
array_walk($foundcards, 'trim_value');
$foundcards = implode(',',$foundcards);
}
$wants = implode(',',$wants);
if ( $foundcards === $wants ) { $cardsfound = true; } else { $cardsfound = false; }
}
if ( $name == '' || $email == ''|| $website == '' || $website == 'http://' || $tcg == ''|| $wants == ''|| $offer == '' ) { $error[] = 'Please fill out the form completely. All fields are mandatory except for the comments field.'; }
else if ( !filter_var($email, FILTER_VALIDATE_EMAIL) ) { $error[] = 'The supplied email was invalid.'; }
else if ( !filter_var($website, FILTER_VALIDATE_URL) ) { $error[] = 'The supplied URL was invalid. Make sure you include <em>http://</em>.'; }
else if ( $validcards === false ) { $error[] = "One or more cards is invalid. Check that you're separating card names with commas, and that cardnames are spelled out and formatted correctly (cardname00)."; }
else if ( $cardsfound !== true ) { $error[] = "One or more cards that you requested were not found in my collection. Please check your spelling, and make sure you're requesting cards from categories marked as <em>trading</em>. If you're unsure, leave a note about it in the comments field."; }
else {
$wants = explode(',',$wants);
foreach ( $wants as $givingcard ) {
unset($cardfound);
$result = $database->query("SELECT * FROM `cards` WHERE `tcg`='$tcg' AND `priority`!='3' ORDER BY `priority`");
$x = 0;
while ( $row = mysqli_fetch_array($result) ) {
if ( !isset($cardfound) || $cardfound != true ) {
$cards = explode(',',$row['cards']);
array_walk($cards, 'trim_value');
$i = 0;
foreach ( $cards as $card ) {
if ( preg_match('/^'.$givingcard.'$/i', $card) && !isset($cardfound) ) {
if ( $removedcards[$x] == '' ) { $removedcards[$x] = $card; } else { $removedcards[$x] = ''.$removedcards[$x].', '.$card.''; }
$removedcats[$x] = $row['category'];
$cards[$i] = '';
$cardfound = true;
}
$i++;
}
$cards = array_filter($cards);
sort($cards);
$cards = implode(', ',$cards);
$categid = $row['id'];
$resultt = $database->query("UPDATE `cards` SET `cards`='$cards' WHERE `id`='$categid'");
if ( !$resultt ) { $error[] = "Error updating cards from category ".$row['category'].""; }
}
$x++;
}
}
$offer = implode(', ',$offer);
$wants = implode(', ',$wants);
$giving = implode('; ',$removedcards);
$givingcats = implode(', ',$removedcats);
$today = date("Y-m-d");
$result = $database->query("INSERT INTO `trades` (`tcg`,`trader`,`email`,`giving`,`givingcat`,`receiving`,`receivingcat`,`type`,`date`) VALUE ('$tcg','$name','$email','$giving','$givingcats','$offer','','incoming','$today')");
if ( !$result ) { $error[] = "Could not add the new trade. ".$database->error().""; }
$youremail = $database->get_assoc("SELECT `value` FROM `settings` WHERE `setting` = 'email'");
$youremail = $youremail['value'];
$etcgurl = $database->get_assoc("SELECT `value` FROM `settings` WHERE `setting` = 'etcgurl'");
$etcgurl = $etcgurl['value'];
$tcgname = $database->get_assoc("SELECT `name` FROM `tcgs` WHERE `id`='$tcg'");
$tcgname = $tcgname['name'];
$headers = "From: $name \r\n";
$headers.= "Reply-To: $email";
$message = "New Incoming Trade Request for $tcgname: \n\nName: $name \nEmail: $email \nWebsite: $website \nTCG: $tcgname \nCards Wanted: $wants \nCards Offered: $offer \nComments: $comments \n\nManage $tcgname Trades: ".$etcgurl."trades.php?id=$tcg";
if ( mail($youremail,"Trade Request: $tcgname",$message,$headers) ) { $success = true; } else { $error[] = "There was an error sending your form. Please try again, or send an email directly to <em>$youremail</em>."; }
}
}
?>
<?php
if ( $success ) { echo "<h1>Trade Me</h1><p><strong>Your form was submitted successfully!</strong> Any cards that you requested should have been moved to my pending cards section. I will get back to you as soon as possible, but please allow at least a week for a response to your trade request before resubmitting/withdrawing your offer. <em>Thank you!</em></p><p>» <a href=\"index.php\">Return to Index</a><br />» <a href=\"trade.php\">Return to Trade Form</a></p>"; }
else {
$database = new Database;
$youremail = $database->get_assoc("SELECT `value` FROM `settings` WHERE `setting` = 'email'");
$youremail = $youremail['value'];
?>
<h1>Trade Me</h1>
<div align="center"><ul>
<li>Please allow at least <em>7 days</em> for a response to your trade request.</li>
<li>If the form doesn't work, feel free to email me: <strong><?php echo str_replace('@','[at]',$youremail); ?></strong></li>
<li><strong>Please spell out card names COMPLETELY.</strong> (ie. do NOT type cardname01/02; DO type cardname01, cardname02)</li>
</ul></div>
<br />
<?php include 'tradeform.php'; } ?>