Hmm, well I've just been hit with a job, it will last a few days, so I'll just post the code up.
This is not finished, it's just there is someone wants to finish it up before I get back...
SQL's
CREATE TABLE IF NOT EXISTS `business` (
`ID` int(11) NOT NULL auto_increment,
`userID` int(11) NOT NULL,
`owner` text NOT NULL,
`name` varchar(30) NOT NULL,
`description` varchar(225) NOT NULL,
`members` int(11) NOT NULL,
PRIMARY KEY (`ID`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
CREATE TABLE IF NOT EXISTS `Orders` (
`ID` int(11) NOT NULL auto_increment,
`business` int(11) NOT NULL,
`userID` int(11) NOT NULL,
`username` varchar(255) NOT NULL,
`target` varchar(255) NOT NULL,
`amount` int(11) NOT NULL,
PRIMARY KEY (`ID`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
ALTER TABLE users ADD business INT( 11 ) NOT NULL DEFAULT '0';
hitman.php
<?php
require('globals.php');
$funtions = array('index','create','order','owner','accept','decline');
if(!in_array($_GET['page'] , $funtions))
{
die('<strong>What are you doing here...?</strong>');
}
$_GET['page'] = isset($_GET['page']) && is_string($_GET['page']) ? strtolower(trim($_GET['page'])) : "";
switch($_GET['page'])
{
case 'index' : index(); break;
case 'create' : create(); break;
case 'order' : order(); break;
case 'owner' : owner(); break;
case 'accept' : accept(); break;
case 'decline' : decline(); break;
}
function index()
{
global $db , $userid;
echo '<strong>Welcome to the local hitman advertising center, have a look around, take your choice from our fine selection of businesses.</strong><br /><br />';
$select = $db->query("SELECT `ID` , `name` , `description` , `owner` , `members` FROM `business` ");
echo '
<table border = "1" cellspacing ="1" width = "90%">
<tr>
<th>Business Name</th>
<th>Description</th>
<th>Owner</th>
<th>Members</th>
<th>Order<th>
</tr><tr>';
while($row = $db->fetch_row($select))
{
echo '
<td>'.htmlentities($row['name']).'</td>
<td>'.htmlentities($row['description']).'</td>
<td>'.htmlentities($row['owner']).'</td>
<td>'.intval($row['members']).'</td>
<td><a href = "/hitman.php?page=order&ID='.$row['ID'].'">Place Order</a></td></tr>';
}
}
function create()
{
global $db, $userid , $ir;
$id = $db->query("SELECT `userID` , `ID` FROM `business` WHERE(userID = $userid)");
$row = $db->fetch_row($id);
if($db->fetch_row($id)) die('You already have a business...');
if(!$db->fetch_row($id))
{
echo 'Welcome to the <strong>Hitman</strong> Buisness creation center. <br />Do <strong>You</strong> have what it takes to thrive in the world of assassination?<br /><br />';
echo '
<form action = "/hitman.php?page=create" method = "post">
Buisness Name:<br /> <input type = "text" name = "name"><br />
Description: <br /><textarea rows = "5" cols = "20" name = "description"></textarea><br />
<strong>Please be aware, that it costs $10,000 to make a buisness.</strong><br />
<input type = "submit" value = "Continue">
</form>';
if(isset($_POST['name']) && isset($_POST['description']))
{
if(empty($_POST['name']) OR empty($_POST['description'])) die('<strong>You have failed to fill the form in correctly...</strong>');
// Just some basic parameters, change to your liking...
if(strlen($_POST['name']) > 30) die('Your name is too long, 30 characters is the max length.');
if(strlen($_POST['description']) > 50) die('Your description is too long, 50 characters is the max length.');
if($ir['money'] < 10000) die('Sorry, you need $10,000 to complete your request.');
$insert = sprintf("INSERT INTO `business` VALUES ('', %u , '%s' ,'%s' , '%s',1) ", abs(@intval($ir['userid'])) , mysql_real_escape_string($ir['username']) , mysql_real_escape_string($_POST['name']) , mysql_real_escape_string($_POST['description']));
$db->query($insert);
$db->query("UPDATE `users` SET `business` = ".$row['ID']." , `money` = `money` - 10000 WHERE(userid = $userid) ");
echo '
You have successfully created your business!, details will follow below...<br /><br />
Name: <strong>'.stripslashes(htmlentities($_POST['name'])).'</strong><br />
Description: <strong>'.stripslashes(htmlentities($_POST['description'])).'</strong>';
}
}
}
function order()
{
global $db , $userid , $ir;
$select = $db->query("SELECT `ID` FROM `business` WHERE (ID = ".$_GET['ID'].")");
$row = $db->fetch_row($select);
echo '<strong>So you want to place a "Hit" on someone heh?, well I guess this is the right place to be...</strong><br /><br />
<form action = "/hitman.php?page=order&ID='.$row['ID'].'" method = "post">
Target #ID:<br /><input type = "text" name = "target"><br />
Amount your willing to pay...:<br /><input type = "text" name = "pay"><br />
<input type = "submit" value = "Continue"><br /><br />
<strong>Please Note: The owner will either accept or decline your order, you will be notified of any decision.</strong><br /> <br />';
}
if(isset($_POST['target']) && isset($_POST['pay']))
{
if(empty($_POST['target']) OR empty($_POST['pay'])) die('You have failed to complete the form correctly...');
if(!is_numeric($_POST['target']) OR !is_numeric($_POST['pay'])) die('Only numbers are allowed to be entered,');
$do = sprintf("INSERT INTO `Orders` VALUES('', %u , %u ,'%s' , %u , %u)" ,abs(@intval($_GET['ID'])) , abs(@intval($ir['userid'])) , mysql_real_escape_string($ir['username']) , abs(@intval($_POST['target'])) , abs(@intval($_POST['pay'])));
$db->query($do);
echo 'You have successfully ordered a hit on, #<strong>'.abs(@intval($_POST['target'])).'</strong>, The owner will now decide whether to take the job or not.';
}
function owner()
{
global $db, $ir, $userid;
$select = $db->query("SELECT * FROM `business` WHERE (userID = $userid)");
$row = $db->fetch_row($select);
if($ir['userid'] != $row['userID']) die('You do not own a business, go away before I call security!.');
echo '<strong>Owner Panel</strong><br />
<table border = "1" cellspacing = "1" width = "50%">
<tr><th>Links</th></tr>
<tr><td><a href = "/hitman.php?page=owner&action=recruit">Recruit Members</a></td></tr>
<tr><td><a href = "/hitman.php?page=owner&action=pending">Pending Orders</a></td></tr>
</table><br /><br />';
if($_GET['action'] === recruit)
{
echo '<strong>To recruit a player, simply type there ID number in the box, they will then either accept or decline recruitment.</strong><br /><br />
<form action = "/hitman.php?page=owner&action=recruit" method = "post">
ID#:<br /><input type = "text" name = "id"><br />
<input type = "submit" value = "Send">
</form>';
if(isset($_POST['id']))
{
if(empty($_POST['id'])) die('You have failed to complete the form correctly...');
if(!is_numeric($_POST['id'])) die('You must enter a number in the "ID" form.');
event_add(abs(@intval($_POST['id'])) , '<strong>'.$ir['username'].'</strong> has attempted to recruit you, for his business, click <a href = "/hitman.php?page=accept&ID='.$row['ID'].'">HERE</a> to accept or click <a href = "/hitman.php?page=decline&ID='.$row['ID'].'">HERE</a> to decline.');
}
}
if($_GET['action'] === pending)
{
$order = $db->query("SELECT * FROM `Orders` WHERE (business = ".$row['ID'].") ");
echo '<strong>Here you can see all pending orders.</strong><br /><br />
<table border = "1" cellspacing = "1" width = "90%">
<tr>
<th>User ID</th>
<th>Username</th>
<th>Target ID</th>
<th>Wants to pay..</th>
<th>Actions</th>
</tr><tr>';
while($row = $db->fetch_row($order))
{
echo '
<td>'.intval($row['userID']).'</td>
<td><a href = "/viewuser.php?u='.$row['userID'].'">'.htmlentities($row['username']).'</a></td>
<td><a href = "/viewuser.php?u='.$row['target'].'">'.$row['target'].'</a></td>
<td>'.number_format($row['amount']).'</td>
<td><a href = "/hitman.php?page=accept&order='.$row['ID'].'">Accept|</a><a href ="/hitman.php?page=decline&order='.$row['ID'].'">Decline</a></td></tr>';
}
echo '</table>';
}
//orders
$orders = $db->query("SELECT `ID` FROM `Orders`");
$order = $db->fetch_row($orders);
if($_GET['ID'] === $order['ID'])
{
$money = $db->query("SELECT * FROM `Orders` WHERE (ID = ".abs(@intval($_GET['ID'])).")");
$mine = $db->fetch_row($money);
echo '<strong>You have accepted the task, please complete swiftly...</strong>';
event_add($mine['userID'] , 'Your order for the hit on '.$mine['target'].' has been accepted, payment has been taken from your on-hand cash, or if not, your bank.');
}
}
function accept()
{
global $db , $userid , $ir;
$select = $db->query("SELECT `ID` FROM `business`");
$row = $db->fetch_row($select);
if($_GET['ID'] === $row['ID'])
{
if($ir['business']) die('Your already in a business, leave your current one to join another.');
$user = sprintf("UPDATE `users` SET `business` = %u WHERE (userid = %u) " , abs(@intval($_GET['ID'])) , $userid);
$db->query($user);
echo '<strong>You have successfully joined a business, you can now access this by clicking the "Business" link.</strong>';
}
else
die('You have clicked an invalid link, please report to an administrator.');
}
function decline()
{
global $db , $ir;
$select = $db->query("SELECT `ID` FROM `business`");
$row = $db->fetch_row($select);
if($_GET['ID'] === $row['ID'])
{
echo '<strong>You have declined the recruitment offer.</strong>';
$owner = $db->query("SELECT `userID` FROM `business` WHERE (ID = ".abs(@intval($_GET['ID'])).")");
$no = $db->fetch_row($owner);
event_add($no['userID'], ''.htmlentities($ir['username']).' has declined your recruitment offer.');
}
else
die('You have clicked an invalid link, please report to an administrator.');
}
?>
Sorry about the messy code, didn't get around to indenting it lol, I don't think there's any bugs so far.
