• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

Shop Offer Buying Item Error

Fyruz

★★★★★
Joined
Feb 7, 2009
Messages
556
Reaction score
19
Location
127.0.0.1
Hello everyone, i have an issue with my shop offer of modern aac, when u buy a vip account, you confirm the transaction and succefully - your points, but when you buy an item, when u click on confirm, appears a white windows with 3 links, and the people receive the item but did not - any points, i will pay if is necesary please, here is my confirmtransaction.php, and the item type

PHP:
<?php
///////////////////////////////////////
// Confirm Transaction
///////////////////////////////////////
// Make sure we're still logged in.
if(!$logged) {
	echo 'Please login first.';
	exit;
}
// If we are, then here we go!
else
	{
		$buy_id = (int) $_POST['buy_id'];
		$buy_name = $_POST['buy_name'];
		$buy_from = $_POST['buy_from'];
		if($buy_from == "")
			{
				$buy_from = 'Anonymous';
			}
		if(empty($buy_id))
			{
				echo 'Please <a href="/index.php/p/v/shop">select item</a> first.';
			}
		if(!check_name($buy_from))
				{
					echo 'Invalid nick ("from player") format. Please <a href="/index.php/p/v/shop/character_select">select other name</a> or contact an administrator.';
				}
		else {
			foreach($SQL->query('SELECT * FROM z_shop_offer WHERE id = '.$buy_id) as $buy_offer)
			if(isset($buy_offer['id'])) //item exist in database
				{
					if($premiumPoints >= $buy_offer['points'])
						{
							if(check_name($buy_name))
							{
								foreach($SQL->query('SELECT * FROM players WHERE name = "'.$buy_name.'"') as $buy_player)
								foreach($SQL->query('SELECT * FROM accounts WHERE id = "'.$buy_player["account_id"].'"') as $buy_account)
								$buy_player_account = $buy_account['name'];
								if($buy_player_account != "")
								{
									if($_SESSION['viewed_confirmation_page'] == 'yes')
									{
									if ($_POST['buy_confirmed'] == 'yes'){
										if($buy_offer['offer_type'] == 'pacc')
										{
											$player_premdays = $buy_account['premdays']; //$buy_player_account->getCustomField('premdays');
											$player_lastlogin = $buy_account['lastday']; //$buy_player_account->getCustomField('lastday');
											$save_transaction = 'INSERT INTO z_shop_history_pacc (id, to_name, to_account, from_nick, from_account, price, pacc_days, trans_state, trans_start, trans_real) VALUES (NULL, \''.$buy_player["name"].'\', \''.$buy_account["id"].'\', \''.$buy_from.'\',  \''.$loggedAccId.'\', \''.$buy_offer['points'].'\', \''.$buy_offer['count1'].'\', \'realized\', \''.time().'\', \''.time().'\');';
											$SQL->query($save_transaction);
											$newPremDays=$player_premdays + $buy_offer['count1'];
											$premiumPoints = $premiumPoints - $buy_offer['points'];
											$SQL->query("UPDATE accounts SET premdays='".$newPremDays."', premium_points='".$premiumPoints."' WHERE name='".$buy_player_account."';");
											if($player_premdays == 0)
											{
												$buy_player_account->setCustomField('lastday', time());
											}
											echo '<h2>PACC added!</h2><b>'.$buy_offer['count1'].' days</b> of Premium Account have been added to the account of <b>'.$buy_player["name"].'</b>.<br /> <b>'.$buy_offer['points'].' premium points</b> have been deducted from your account.<br />You now have <b>'.$premiumPoints.' premium points</b>.<br /><a href="/index.php/p/v/shop">GO TO MAIN SHOP SITE</a>';
										}
										elseif($buy_offer['offer_type'] == 'item')
										{
										$sql = 'INSERT INTO z_ots_comunication (id, name, type, action, param1, param2, param3, param4, param5, param6, param7, delete_it) VALUES (NULL, \''.$buy_player["name"].'\', \'login\', \'give_item\', \''.$buy_offer['itemid1'].'\', \''.$buy_offer['count1'].'\', \'\', \'\', \'item\', \''.$buy_offer['offer_name'].'\', \'\', \'1\');';
											$SQL->query($sql);
											$save_transaction = 'INSERT INTO z_shop_history_item (id, to_name, to_account, from_nick, from_account, price, offer_id, trans_state, trans_start, trans_real) VALUES ('.$SQL->lastInsertId().', \''.$buy_player["name"].'\', \''.$buy_account["id"].'\', \''.$buy_from.'\',  \''.$loggedAccId.'\', \''.$buy_offer['points'].'\', \''.$buy_offer['id'].'\', \'wait\', \''.time().'\', \'0\');';
											$SQL->query($save_transaction);
											$premiumPoints = $premiumPoints - $buy_offer['points'];
										$SQL->query("UPDATE `accounts` SET `premium_points`=".$premiumPoints." WHERE `id`=".$loggedAccId); 
											echo '<h2>Item added!</h2><b>'.$buy_offer["offer_name"].'</b> has been added to <b>'.$buy_player["name"].'</b>\'s items (they will get this item after relog).<br /> <b>'.$buy_offer["points"].' premium points</b> have been deducted from your account.<br />You now have <b>'.$premiumPoints.' premium points</b>.<br /><a href="/index.php/p/v/shop">GO TO MAIN SHOP SITE</a>';
										}
										elseif($buy_offer['offer_type'] == 'container')
										{
											$sql = 'INSERT INTO z_ots_comunication (id, name, type, action, param1, param2, param3, param4, param5, param6, param7, delete_it) VALUES (NULL, \''.$buy_player["name"].'\', \'login\', \'give_item\', \''.$buy_offer['itemid1'].'\', \''.$buy_offer['count1'].'\', \''.$buy_offer['itemid2'].'\', \''.$buy_offer['count2'].'\', \'container\', \''.$buy_offer['offer_name'].'\', \'\', \'1\');';
											$SQL->query($sql);
											$save_transaction = 'INSERT INTO z_shop_history_item (id, to_name, to_account, from_nick, from_account, price, offer_id, trans_state, trans_start, trans_real) VALUES ('.$SQL->lastInsertId().', \''.$buy_player["name"].'\', \''.$buy_account["id"].'\', \''.$buy_from.'\',  \''.$loggedAccOd.'\', \''.$buy_offer['points'].'\', \''.$buy_offer['id'].'\', \'wait\', \''.time().'\', \'0\');';
											$SQL->query($save_transaction);
											$premiumPoints = $premiumPoints - $buy_offer['points'];
											$SQL->query("UPDATE accounts SET premium_points=".$premiumPoints." WHERE name='".$buy_player_account."';");
											echo '<h2>Container of items added!</h2><b>'.$buy_offer['offer_name'].'</b> has been added to <b>'.$buy_player["name"].'</b>\'s items (they will get this container with items after relog).<br /> <b>'.$buy_offer['points'].' premium points</b> have been deducted from your account.<br />You now have <b>'.$premiumPoints.' premium points</b>.<br /><a href="/index.php/p/v/shop">GO TO MAIN SHOP SITE</a>';
										}
										elseif($buy_offer['offer_type'] == "special" || $buy_offer['offer_type'] == "other")
										{
											$save_transaction = 'INSERT INTO z_shop_history_item (id, to_name, to_account, from_nick, from_account, price, offer_id, trans_state, trans_start, trans_real) VALUES ('.$SQL->lastInsertId().', \''.$buy_player["name"].'\', \''.$buy_account["id"].'\', \''.$buy_from.'\',  \''.$loggedAccId.'\', \''.$buy_offer['points'].'\', \''.$buy_offer['id'].'\', \'wait\', \''.time().'\', \'0\');';
											$SQL->query($save_transaction);
											$adminTodo = 'INSERT INTO z_shop_admin_todo (id, to_name, to_account, from_nick, from_account, price, service, trans_state) VALUES ('.$SQL->lastInsertId().', \''.$buy_player["name"].'\', \''.$buy_account["id"].'\', \''.$buy_from.'\',  \''.$loggedAccId.'\', \''.$buy_offer['points'].'\', \''.$buy_offer['offer_name'].'\', \'Incomplete\');';
											$SQL->query($adminTodo);
											$premiumPoints = $premiumPoints - $buy_offer['points'];
											$SQL->query("UPDATE accounts SET premium_points=".$premiumPoints." WHERE name='".$buy_player_account."';");
											echo '<h2>Service added!</h2><b>'.$buy_offer["offer_name"].'</b> for <b>'.$buy_player["name"].'</b> will be completed by the administrator as soon as possible.<br /> <b>'.$buy_offer["points"].' premium points</b> have been deducted from your account.<br />You now have <b>'.$premiumPoints.' premium points</b>.<br /><a href="/index.php/p/v/shop">GO TO MAIN SHOP SITE</a>';
										}
									}
									}
									else
									{
										$set_session = TRUE;
										$_SESSION['viewed_confirmation_page'] = 'yes';
										echo '<h2>Confirm transaction</h2>
										<table border="0" cellpadding="1" cellspacing="1" width="100%">
										<tr bgcolor="'.$offerTypeBackgroundColor.'"><td colspan="3"><font color="'.$offerTypeTextColor.'" size="4"><b>Confirm transaction</b></font></td></tr>
										<tr bgcolor="'.$offerMainBackgroundColor.'"><td width="20%"><font color="'.$offerMainTextColor.'"><b>Name:</b></font></td><td width="80%" colspan="2"><font color="'.$offerMainTextColor.'">'.$buy_offer['offer_name'].'</font></td></tr>
										<tr bgcolor="'.$offerMainBackgroundColor.'"><td width="20%"><font color="'.$offerMainTextColor.'"><b>Description:</b></font></td><td width="80%" colspan="2"><font color="'.$offerMainTextColor.'">'.$buy_offer['offer_description'].'</font></td></tr>
										<tr bgcolor="'.$offerMainBackgroundColor.'"><td width="20%"><font color="'.$offerMainTextColor.'"><b>Cost:</b></font></td><td width="80%" colspan="2"><font color="'.$offerMainTextColor.'"><b>'.$buy_offer['points'].'</b> premium points</font></td></tr>
										<tr bgcolor="'.$offerMainBackgroundColor.'"><td width="20%"><font color="'.$offerMainTextColor.'"><b>For Player:</b></font></td><td width="80%" colspan="2"><font color="'.$finalTransForColor.'">'.$buy_player["name"].'</font></td></tr>
										<tr bgcolor="'.$offerMainBackgroundColor.'"><td width="20%"><font color="'.$offerMainTextColor.'"><b>From:</b></font></td><td width="80%" colspan="2"><font color="'.$finalTransFromColor.'">'.$buy_from.'</font></td></tr>
										<tr bgcolor="'.$finalTransBackgroundColor.'"><td width="20%"><font color="'.$finalTransTextColor.'"><b>Transaction?</b></font></td><td width="40%" align="left">
										<form action="/index.php/p/v/shop/confirm_transaction" method="POST"><input type="hidden" name="buy_confirmed" value="yes"><input type="hidden" name="buy_from" value="'.$buy_from.'"><input type="hidden" name="buy_id" value="'.$buy_id.'"><input type="hidden" name="buy_name" value="'.$buy_name.'"><input type="submit" value="Accept"></form></td>
										<td align="right"><form action="/index.php/p/v/shop" method="POST"><input type="submit" value="Cancel"></form></td></tr>
										</table> 
										';
									}
								}
								else
								{
									echo 'Player with name <b>'.$buy_name.'</b> doesn\'t exist. Please <a href="/index.php/p/v/shop">try again</a>.';
								}
							}
							else
							{
								echo 'Invalid name format. Please <a href="/index.php/p/v/shop">try again</a>.';
							}
						}
						else
						{
							echo 'For this item you need <b>'.$buy_offer['points'].'</b> points. You have only <b>'.$user_premium_points.'</b> premium points. Please <a href="/index.php/p/v/shop">select other item</a> or buy premium points.';
						}


}
}
}
?>

and this is the image that appears when i confirm the item buying
capturadepantalla201012m.png
[/URL][/IMG]
 
Last edited:
You can TRY on local PC replace:
PHP:
$SQL->query("UPDATE accounts SET premium_points=".$premiumPoints." WHERE name='".$buy_player_account."';");
with:
PHP:
$SQL->query("UPDATE `accounts` SET `premium_points`=".$premiumPoints." WHERE `id`=".$loggedAccId);
I don't know rest of script and can't check if that is right value :(

Add me/msg me at MSN: [email protected]

EDIT:
copy and paste on forum 70-75 lines of script sources/confirmtransaction.php
Error says that in line 73 is:
$loggedAccOd
or:
loggedAccOd
and it should be:
$loggedAccId
 
Yeye.. as I said. There was:
$loggedAccOd
Fixed code.
PHP:
<?php
///////////////////////////////////////
// Confirm Transaction
///////////////////////////////////////
// Make sure we're still logged in.
if(!$logged) {
    echo 'Please login first.';
    exit;
}
// If we are, then here we go!
else
    {
        $buy_id = (int) $_POST['buy_id'];
        $buy_name = $_POST['buy_name'];
        $buy_from = $_POST['buy_from'];
        if($buy_from == "")
            {
                $buy_from = 'Anonymous';
            }
        if(empty($buy_id))
            {
                echo 'Please <a href="/index.php/p/v/shop">select item</a> first.';
            }
        if(!check_name($buy_from))
                {
                    echo 'Invalid nick ("from player") format. Please <a href="/index.php/p/v/shop/character_select">select other name</a> or contact an administrator.';
                }
        else {
            foreach($SQL->query('SELECT * FROM z_shop_offer WHERE id = '.$buy_id) as $buy_offer)
            if(isset($buy_offer['id'])) //item exist in database
                {
                    if($premiumPoints >= $buy_offer['points'])
                        {
                            if(check_name($buy_name))
                            {
                                foreach($SQL->query('SELECT * FROM players WHERE name = "'.$buy_name.'"') as $buy_player)
                                foreach($SQL->query('SELECT * FROM accounts WHERE id = "'.$buy_player["account_id"].'"') as $buy_account)
                                $buy_player_account = $buy_account['name'];
                                if($buy_player_account != "")
                                {
                                    if($_SESSION['viewed_confirmation_page'] == 'yes')
                                    {
                                    if ($_POST['buy_confirmed'] == 'yes'){
                                        if($buy_offer['offer_type'] == 'pacc')
                                        {
                                            $player_premdays = $buy_account['premdays']; //$buy_player_account->getCustomField('premdays');
                                            $player_lastlogin = $buy_account['lastday']; //$buy_player_account->getCustomField('lastday');
                                            $save_transaction = 'INSERT INTO z_shop_history_pacc (id, to_name, to_account, from_nick, from_account, price, pacc_days, trans_state, trans_start, trans_real) VALUES (NULL, \''.$buy_player["name"].'\', \''.$buy_account["id"].'\', \''.$buy_from.'\',  \''.$loggedAccId.'\', \''.$buy_offer['points'].'\', \''.$buy_offer['count1'].'\', \'realized\', \''.time().'\', \''.time().'\');';
                                            $SQL->query($save_transaction);
                                            $newPremDays=$player_premdays + $buy_offer['count1'];
                                            $premiumPoints = $premiumPoints - $buy_offer['points'];
                                            $SQL->query("UPDATE accounts SET premdays='".$newPremDays."', premium_points='".$premiumPoints."' WHERE name='".$buy_player_account."';");
                                            if($player_premdays == 0)
                                            {
                                                $buy_player_account->setCustomField('lastday', time());
                                            }
                                            echo '<h2>PACC added!</h2><b>'.$buy_offer['count1'].' days</b> of Premium Account have been added to the account of <b>'.$buy_player["name"].'</b>.<br /> <b>'.$buy_offer['points'].' premium points</b> have been deducted from your account.<br />You now have <b>'.$premiumPoints.' premium points</b>.<br /><a href="/index.php/p/v/shop">GO TO MAIN SHOP SITE</a>';
                                        }
                                        elseif($buy_offer['offer_type'] == 'item')
                                        {
                                        $sql = 'INSERT INTO z_ots_comunication (id, name, type, action, param1, param2, param3, param4, param5, param6, param7, delete_it) VALUES (NULL, \''.$buy_player["name"].'\', \'login\', \'give_item\', \''.$buy_offer['itemid1'].'\', \''.$buy_offer['count1'].'\', \'\', \'\', \'item\', \''.$buy_offer['offer_name'].'\', \'\', \'1\');';
                                            $SQL->query($sql);
                                            $save_transaction = 'INSERT INTO z_shop_history_item (id, to_name, to_account, from_nick, from_account, price, offer_id, trans_state, trans_start, trans_real) VALUES ('.$SQL->lastInsertId().', \''.$buy_player["name"].'\', \''.$buy_account["id"].'\', \''.$buy_from.'\',  \''.$loggedAccId.'\', \''.$buy_offer['points'].'\', \''.$buy_offer['id'].'\', \'wait\', \''.time().'\', \'0\');';
                                            $SQL->query($save_transaction);
                                            $premiumPoints = $premiumPoints - $buy_offer['points'];
                                        $SQL->query("UPDATE `accounts` SET `premium_points`=".$premiumPoints." WHERE `id`=".$loggedAccId); 
                                            echo '<h2>Item added!</h2><b>'.$buy_offer["offer_name"].'</b> has been added to <b>'.$buy_player["name"].'</b>\'s items (they will get this item after relog).<br /> <b>'.$buy_offer["points"].' premium points</b> have been deducted from your account.<br />You now have <b>'.$premiumPoints.' premium points</b>.<br /><a href="/index.php/p/v/shop">GO TO MAIN SHOP SITE</a>';
                                        }
                                        elseif($buy_offer['offer_type'] == 'container')
                                        {
                                            $sql = 'INSERT INTO z_ots_comunication (id, name, type, action, param1, param2, param3, param4, param5, param6, param7, delete_it) VALUES (NULL, \''.$buy_player["name"].'\', \'login\', \'give_item\', \''.$buy_offer['itemid1'].'\', \''.$buy_offer['count1'].'\', \''.$buy_offer['itemid2'].'\', \''.$buy_offer['count2'].'\', \'container\', \''.$buy_offer['offer_name'].'\', \'\', \'1\');';
                                            $SQL->query($sql);
                                            $save_transaction = 'INSERT INTO z_shop_history_item (id, to_name, to_account, from_nick, from_account, price, offer_id, trans_state, trans_start, trans_real) VALUES ('.$SQL->lastInsertId().', \''.$buy_player["name"].'\', \''.$buy_account["id"].'\', \''.$buy_from.'\',  \''.$loggedAccId.'\', \''.$buy_offer['points'].'\', \''.$buy_offer['id'].'\', \'wait\', \''.time().'\', \'0\');';
                                            $SQL->query($save_transaction);
                                            $premiumPoints = $premiumPoints - $buy_offer['points'];
                                            $SQL->query("UPDATE accounts SET premium_points=".$premiumPoints." WHERE name='".$buy_player_account."';");
                                            echo '<h2>Container of items added!</h2><b>'.$buy_offer['offer_name'].'</b> has been added to <b>'.$buy_player["name"].'</b>\'s items (they will get this container with items after relog).<br /> <b>'.$buy_offer['points'].' premium points</b> have been deducted from your account.<br />You now have <b>'.$premiumPoints.' premium points</b>.<br /><a href="/index.php/p/v/shop">GO TO MAIN SHOP SITE</a>';
                                        }
                                        elseif($buy_offer['offer_type'] == "special" || $buy_offer['offer_type'] == "other")
                                        {
                                            $save_transaction = 'INSERT INTO z_shop_history_item (id, to_name, to_account, from_nick, from_account, price, offer_id, trans_state, trans_start, trans_real) VALUES ('.$SQL->lastInsertId().', \''.$buy_player["name"].'\', \''.$buy_account["id"].'\', \''.$buy_from.'\',  \''.$loggedAccId.'\', \''.$buy_offer['points'].'\', \''.$buy_offer['id'].'\', \'wait\', \''.time().'\', \'0\');';
                                            $SQL->query($save_transaction);
                                            $adminTodo = 'INSERT INTO z_shop_admin_todo (id, to_name, to_account, from_nick, from_account, price, service, trans_state) VALUES ('.$SQL->lastInsertId().', \''.$buy_player["name"].'\', \''.$buy_account["id"].'\', \''.$buy_from.'\',  \''.$loggedAccId.'\', \''.$buy_offer['points'].'\', \''.$buy_offer['offer_name'].'\', \'Incomplete\');';
                                            $SQL->query($adminTodo);
                                            $premiumPoints = $premiumPoints - $buy_offer['points'];
                                            $SQL->query("UPDATE accounts SET premium_points=".$premiumPoints." WHERE name='".$buy_player_account."';");
                                            echo '<h2>Service added!</h2><b>'.$buy_offer["offer_name"].'</b> for <b>'.$buy_player["name"].'</b> will be completed by the administrator as soon as possible.<br /> <b>'.$buy_offer["points"].' premium points</b> have been deducted from your account.<br />You now have <b>'.$premiumPoints.' premium points</b>.<br /><a href="/index.php/p/v/shop">GO TO MAIN SHOP SITE</a>';
                                        }
                                    }
                                    }
                                    else
                                    {
                                        $set_session = TRUE;
                                        $_SESSION['viewed_confirmation_page'] = 'yes';
                                        echo '<h2>Confirm transaction</h2>
                                        <table border="0" cellpadding="1" cellspacing="1" width="100%">
                                        <tr bgcolor="'.$offerTypeBackgroundColor.'"><td colspan="3"><font color="'.$offerTypeTextColor.'" size="4"><b>Confirm transaction</b></font></td></tr>
                                        <tr bgcolor="'.$offerMainBackgroundColor.'"><td width="20%"><font color="'.$offerMainTextColor.'"><b>Name:</b></font></td><td width="80%" colspan="2"><font color="'.$offerMainTextColor.'">'.$buy_offer['offer_name'].'</font></td></tr>
                                        <tr bgcolor="'.$offerMainBackgroundColor.'"><td width="20%"><font color="'.$offerMainTextColor.'"><b>Description:</b></font></td><td width="80%" colspan="2"><font color="'.$offerMainTextColor.'">'.$buy_offer['offer_description'].'</font></td></tr>
                                        <tr bgcolor="'.$offerMainBackgroundColor.'"><td width="20%"><font color="'.$offerMainTextColor.'"><b>Cost:</b></font></td><td width="80%" colspan="2"><font color="'.$offerMainTextColor.'"><b>'.$buy_offer['points'].'</b> premium points</font></td></tr>
                                        <tr bgcolor="'.$offerMainBackgroundColor.'"><td width="20%"><font color="'.$offerMainTextColor.'"><b>For Player:</b></font></td><td width="80%" colspan="2"><font color="'.$finalTransForColor.'">'.$buy_player["name"].'</font></td></tr>
                                        <tr bgcolor="'.$offerMainBackgroundColor.'"><td width="20%"><font color="'.$offerMainTextColor.'"><b>From:</b></font></td><td width="80%" colspan="2"><font color="'.$finalTransFromColor.'">'.$buy_from.'</font></td></tr>
                                        <tr bgcolor="'.$finalTransBackgroundColor.'"><td width="20%"><font color="'.$finalTransTextColor.'"><b>Transaction?</b></font></td><td width="40%" align="left">
                                        <form action="/index.php/p/v/shop/confirm_transaction" method="POST"><input type="hidden" name="buy_confirmed" value="yes"><input type="hidden" name="buy_from" value="'.$buy_from.'"><input type="hidden" name="buy_id" value="'.$buy_id.'"><input type="hidden" name="buy_name" value="'.$buy_name.'"><input type="submit" value="Accept"></form></td>
                                        <td align="right"><form action="/index.php/p/v/shop" method="POST"><input type="submit" value="Cancel"></form></td></tr>
                                        </table> 
                                        ';
                                    }
                                }
                                else
                                {
                                    echo 'Player with name <b>'.$buy_name.'</b> doesn\'t exist. Please <a href="/index.php/p/v/shop">try again</a>.';
                                }
                            }
                            else
                            {
                                echo 'Invalid name format. Please <a href="/index.php/p/v/shop">try again</a>.';
                            }
                        }
                        else
                        {
                            echo 'For this item you need <b>'.$buy_offer['points'].'</b> points. You have only <b>'.$user_premium_points.'</b> premium points. Please <a href="/index.php/p/v/shop">select other item</a> or buy premium points.';
                        }


}
}
}
?>
 
Can't help you here. You can have xxx bugs in configuration. Script that you posted use variable $buy_player_account as string and object and this variable is not definied in script that you posted.
Add me on MSN.
 
I don't know your MSN.
-------------------
I don't know what shop you use, but someone send me this ~3 weeks ago and it work for him (send item to player from other account did not work and I fixed it).
confirmtransaction.php
PHP:
<?php
///////////////////////////////////////
// Confirm Transaction
///////////////////////////////////////
// Make sure we're still logged in.
if(!$logged) {
	echo 'Please login first.';
	exit;
}
// If we are, then here we go!
else
	{
		$buy_id = (int) $_POST['buy_id'];
		$buy_name = $_POST['buy_name'];
		$buy_from = $_POST['buy_from'];
		if($buy_from == "")
			{
				$buy_from = 'Anonymous';
			}
		if(empty($buy_id))
			{
				echo 'Please <a href="/index.php/p/v/shop">select item</a> first.';
			}
		if(!check_name($buy_from))
		{
			echo 'Invalid nick "from player" format. Please <a href="/index.php/p/v/shop/character_select">select other name</a> or contact an administrator.';
		}
		else
		{
			$buy_offer = $SQL->query('SELECT * FROM `z_shop_offer` WHERE `id` = '.$buy_id)->fetch();
			if(isset($buy_offer['id'])) //item exist in database
				{
					if($premiumPoints >= $buy_offer['points'])
						{
							if(check_name($buy_name))
							{
								$buy_player = $SQL->query('SELECT * FROM `players` WHERE `name`='.$SQL->quote($buy_name))->fetch();
								$buy_account = $SQL->query('SELECT * FROM `accounts` WHERE `id`='.$SQL->quote($buy_player['account_id']))->fetch();
								$from_account = $SQL->query('SELECT * FROM `accounts` WHERE `name` = '.$SQL->quote($accountName))->fetch();
								if($buy_account['name'] != "")
								{
									if($_SESSION['viewed_confirmation_page'] == 'yes' && isset($_POST['buy_confirmed']) && $_POST['buy_confirmed'] == 'yes')
									{
											if($buy_offer['offer_type'] == 'pacc')
											{
												$player_premdays = $buy_account['premdays']; //$buy_account['name']->getCustomField('premdays');
												$save_transaction = 'INSERT INTO z_shop_history_pacc (id, to_name, to_account, from_nick, from_account, price, pacc_days, trans_state, trans_start, trans_real) VALUES (NULL, '.$SQL->quote($buy_player["name"]).', '.$SQL->quote($buy_account["id"]).', '.$SQL->quote($buy_from).',  '.$loggedAccId.', '.$buy_offer['points'].', '.$buy_offer['count1'].', \'realized\', \''.time().'\', \''.time().'\');';
												$SQL->query($save_transaction);
												$newPremDays=$player_premdays;
												$SQL->query("UPDATE `accounts` SET `premdays`=`premdays`+".$buy_offer['count1'].", `lastday` = ".time()." WHERE `name`=".$SQL->quote($buy_account['name']));
												$SQL->query('UPDATE `accounts` SET `premium_points`=`premium_points`-'.$buy_offer['points'].' WHERE `name` = '.$SQL->quote($from_account['name']));  
												echo '<h2>PACC added!</h2><b>'.$buy_offer['count1'].' days</b> of Premium Account have been added to the account of <b>'.$buy_player["name"].'</b>.<br /> <b>'.$buy_offer['points'].' premium points</b> have been deducted from your account.</b>.<br /><a href="/index.php/p/v/shop">GO TO MAIN SHOP SITE</a>';
											}
											elseif($buy_offer['offer_type'] == 'item')
											{
												$sql = 'INSERT INTO z_ots_comunication (id, name, type, action, param1, param2, param3, param4, param5, param6, param7, delete_it) VALUES (NULL, '.$SQL->quote($buy_player["name"]).', \'login\', \'give_item\', '.$buy_offer['itemid1'].', '.$buy_offer['count1'].', \'\', \'\', \'item\', '.$SQL->quote($buy_offer['offer_name']).', \'\', \'1\');';
												$SQL->query($sql);
												$save_transaction = 'INSERT INTO z_shop_history_item (id, to_name, to_account, from_nick, from_account, price, offer_id, trans_state, trans_start, trans_real) VALUES ('.$SQL->lastInsertId().', '.$SQL->quote($buy_player["name"]).', '.$SQL->quote($buy_account["id"]).', '.$SQL->quote($buy_from).',  '.$loggedAccId.', '.$buy_offer['points'].', '.$SQL->quote($buy_offer['id']).', \'wait\', \''.time().'\', \'0\');';
												$SQL->query($save_transaction);
												$SQL->query('UPDATE `accounts` SET `premium_points`=`premium_points`-'.$buy_offer['points'].' WHERE `name` = '.$SQL->quote($from_account['name']));  
												echo '<h2>Item added!</h2><b>'.$buy_offer["offer_name"].'</b> has been added to <b>'.$buy_player["name"].'</b>\'s items (they will get this item after relog).<br /> <b>'.$buy_offer["points"].' premium points</b> have been deducted from your account.</b><br /><a href="/index.php/p/v/shop">GO TO MAIN SHOP SITE</a>';
											}
											elseif($buy_offer['offer_type'] == 'container')
											{
												$sql = 'INSERT INTO z_ots_comunication (id, name, type, action, param1, param2, param3, param4, param5, param6, param7, delete_it) VALUES (NULL, '.$SQL->quote($buy_player["name"]).', \'login\', \'give_item\', '.$buy_offer['itemid1'].', '.$buy_offer['count1'].', \''.$buy_offer['itemid2'].'\', \''.$buy_offer['count2'].'\', \'container\', '.$SQL->quote($buy_offer['offer_name']).', \'\', \'1\');';
												$SQL->query($sql);
												$save_transaction = 'INSERT INTO z_shop_history_item (id, to_name, to_account, from_nick, from_account, price, offer_id, trans_state, trans_start, trans_real) VALUES ('.$SQL->lastInsertId().', '.$SQL->quote($buy_player["name"]).', '.$SQL->quote($buy_account["id"]).', '.$SQL->quote($buy_from).',  '.$loggedAccId.', '.$buy_offer['points'].', '.$SQL->quote($buy_offer['id']).', \'wait\', \''.time().'\', \'0\');';
												$SQL->query($save_transaction);
												$SQL->query('UPDATE `accounts` SET `premium_points`=`premium_points`-'.$buy_offer['points'].' WHERE `name` = '.$SQL->quote($from_account['name']));  
												echo '<h2>Container of items added!</h2><b>'.$buy_offer['offer_name'].'</b> has been added to <b>'.$buy_player["name"].'</b>\'s items (they will get this container with items after relog).<br /> <b>'.$buy_offer['points'].' premium points</b> have been deducted from your account.<br /><br /><a href="/index.php/p/v/shop">GO TO MAIN SHOP SITE</a>';
											}
											elseif($buy_offer['offer_type'] == "special" || $buy_offer['offer_type'] == "other")
											{
												$save_transaction = 'INSERT INTO z_shop_history_item (id, to_name, to_account, from_nick, from_account, price, offer_id, trans_state, trans_start, trans_real) VALUES ('.$SQL->lastInsertId().', '.$SQL->quote($buy_player["name"]).', '.$SQL->quote($buy_account["id"]).', '.$SQL->quote($buy_from).',  '.$loggedAccId.', '.$buy_offer['points'].', '.$SQL->quote($buy_offer['id']).', \'wait\', \''.time().'\', \'0\');';
												$SQL->query($save_transaction);
												$adminTodo = 'INSERT INTO z_shop_admin_todo (id, to_name, to_account, from_nick, from_account, price, service, trans_state) VALUES ('.$SQL->lastInsertId().', '.$SQL->quote($buy_player["name"]).', '.$SQL->quote($buy_account["id"]).', '.$SQL->quote($buy_from).',  '.$loggedAccId.', '.$buy_offer['points'].', '.$SQL->quote($buy_offer['offer_name']).', \'Incomplete\');';
												$SQL->query($adminTodo);
												$SQL->query('UPDATE `accounts` SET `premium_points`=`premium_points`-'.$buy_offer['points'].' WHERE `name` = '.$SQL->quote($from_account['name']));  
												echo '<h2>Service added!</h2><b>'.$buy_offer["offer_name"].'</b> for <b>'.$buy_player["name"].'</b> will be completed by the administrator as soon as possible.<br /> <b>'.$buy_offer["points"].' premium points</b> have been deducted from your account.</b><br /><a href="/index.php/p/v/shop">GO TO MAIN SHOP SITE</a>';
											}
											$_SESSION['viewed_confirmation_page'] = 'no';
									}
									else
									{
										$_SESSION['viewed_confirmation_page'] = 'yes';
										echo '<h2>Confirm transaction</h2>
										<table border="0" cellpadding="1" cellspacing="1" width="100%">
										<tr bgcolor="'.$offerTypeBackgroundColor.'"><td colspan="3"><font color="'.$offerTypeTextColor.'" size="4"><b>Confirm transaction</b></font></td></tr>
										<tr bgcolor="'.$offerMainBackgroundColor.'"><td width="20%"><font color="'.$offerMainTextColor.'"><b>Name:</b></font></td><td width="80%" colspan="2"><font color="'.$offerMainTextColor.'">'.$buy_offer['offer_name'].'</font></td></tr>
										<tr bgcolor="'.$offerMainBackgroundColor.'"><td width="20%"><font color="'.$offerMainTextColor.'"><b>Description:</b></font></td><td width="80%" colspan="2"><font color="'.$offerMainTextColor.'">'.$buy_offer['offer_description'].'</font></td></tr>
										<tr bgcolor="'.$offerMainBackgroundColor.'"><td width="20%"><font color="'.$offerMainTextColor.'"><b>Cost:</b></font></td><td width="80%" colspan="2"><font color="'.$offerMainTextColor.'"><b>'.$buy_offer['points'].'</b> premium points</font></td></tr>
										<tr bgcolor="'.$offerMainBackgroundColor.'"><td width="20%"><font color="'.$offerMainTextColor.'"><b>For Player:</b></font></td><td width="80%" colspan="2"><font color="'.$finalTransForColor.'">'.$buy_player["name"].'</font></td></tr>
										<tr bgcolor="'.$offerMainBackgroundColor.'"><td width="20%"><font color="'.$offerMainTextColor.'"><b>From:</b></font></td><td width="80%" colspan="2"><font color="'.$finalTransFromColor.'">'.$buy_from.'</font></td></tr>
										<tr bgcolor="'.$finalTransBackgroundColor.'"><td width="20%"><font color="'.$finalTransTextColor.'"><b>Transaction?</b></font></td><td width="40%" align="left">
										<form action="/index.php/p/v/shop/confirm_transaction" method="POST"><input type="hidden" name="buy_confirmed" value="yes"><input type="hidden" name="buy_from" value="'.$buy_from.'"><input type="hidden" name="buy_id" value="'.$buy_id.'"><input type="hidden" name="buy_name" value="'.$buy_name.'"><input type="submit" value="Accept"></form></td>
										<td align="right"><form action="/index.php/p/v/shop" method="POST"><input type="submit" value="Cancel"></form></td></tr>
										</table> 
										';
									}
								}
								else
								{
									echo 'Player with name <b>'.$buy_name.'</b> doesn\'t exist. Please <a href="/index.php/p/v/shop">try again</a>.';
								}
							}
							else
							{
								echo 'Invalid name format. Please <a href="/index.php/p/v/shop">try again</a>.';
							}
						}
						else
						{
							echo 'For this item you need <b>'.$buy_offer['points'].'</b> points. You have only <b>'.$user_premium_points.'</b> premium points. Please <a href="/index.php/p/v/shop">select other item</a> or buy premium points.';
						}


}
}
}
?>
 
Back
Top