diff --git a/comission.php b/comission.php index 5e640a4..05f6980 100644 --- a/comission.php +++ b/comission.php @@ -18,18 +18,25 @@ if ($user['battle'] != 0) { $get = urldecode(filter_input(INPUT_SERVER, 'QUERY_STRING')); -if ($get == 'sale' && $_GET['kredit'] && $_GET['n']) { - $_GET['kredit'] = round($_GET['kredit'], 2); - if ((is_numeric($_GET['kredit']) && $_GET['kredit'] > 0) && (is_numeric($_GET['n']) && $_GET['n'] > 0)) { - $dress = mysql_fetch_array(mysql_query("SELECT * FROM `inventory` WHERE `dressed`=0 AND `id` = '{$_GET['n']}' AND `owner` = '{$_SESSION['uid']}' LIMIT 1;")); - if ($dress['id']) { - mysql_query("UPDATE `inventory` SET `setsale` = '" . $_GET['kredit'] . "' WHERE `id` = '{$_GET['n']}' AND `owner` = '{$_SESSION['uid']}' LIMIT 1;"); - mysql_query("INSERT INTO `delo` (`id` , `author` ,`pers`, `text`, `type`, `date`) VALUES ('','0','{$_SESSION['uid']}','\"" . $user['login'] . "\" сдал предмет: \"" . $dress['name'] . "\" id:(cap" . $dress['id'] . ") [" . $dress['duration'] . "/" . $dress['maxdur'] . "] в комиссионку за " . $_GET['kredit'] . " кр. ',1,'" . time() . "');"); - echo "Вы сдали в магазин \"{$dress['name']}\" за {$_GET['kredit']} кр."; - } - } else { - echo "Не надо так делать"; - } +$itemCost = filter_var($_GET['kredit'], FILTER_VALIDATE_INT, ['options' => ['min_range' => 1]]); +$itemId = filter_var($_GET['n'], FILTER_VALIDATE_INT, ['options' => ['min_range' => 1]]); +if ($get == 'sale' && $itemCost && $itemId) { + $commission = ceil($itemCost / 10); # 10% от суммы с округлением вверх. + if ($user['money'] > $commission) { + $dress = db::c()->query('SELECT `name`,`duration`,`maxdur` FROM `inventory` WHERE `dressed` = 0 AND `id` = ?i AND `owner` = ?i', $itemId, $_SESSION['uid'])->fetch_assoc(); + if (db::c()->getAffectedRows()) { + $deloText = "{$user['login']} выставил товар: «{$dress['name']}» id:({$itemId}) [{$dress['duration']}/{$dress['maxdur']}] на продажу в комиссионку за {$itemCost} кр. "; + addToDelo($deloText); + db::c()->query('UPDATE `inventory` SET `setsale` = ?i WHERE `id` = ?i AND `owner` = ?i', $itemCost, $itemId, $_SESSION['uid']); + db::c()->query('UPDATE `users` SET `money` = `money` - ?i WHERE `id` = ?i', $commission, $_SESSION['uid']); + $status = "Вы сдали в магазин «{$dress['name']}» за {$itemCost} кр. Вычтено за услуги магазина: {$commission} кр."; + } else $status = "Предмет не найден в инвентаре!"; + } else $status = "У вас не хватает " . $commission - $user['money'] . " кр. чтобы оплатить комиссию!"; +} + + +if ($get == 'unsale') { + return 1; } if ($_GET['back']) { @@ -201,6 +208,7 @@ switch ($shopCategoryTypeNumber) { location.href = "comission.php?sale=" + name + "&kredit=" + s + "&n=" + n; } } + function chsale(name, txt, id, category, kr) { var s = prompt("Сменить цену для предмета \"" + txt + "\". Укажите новую цену:", kr); if ((s != null) && (s !== '')) { @@ -225,66 +233,7 @@ switch ($shopCategoryTypeNumber) { Отдел "" + else echo $shopCategoryType; ?>" @@ -292,28 +241,27 @@ switch ($shopCategoryTypeNumber) { 0 ORDER by `setsale` ASC"); - while ($row = mysql_fetch_array($data)) { + $data = db::c()->query('SELECT * FROM `inventory` WHERE `dressed` = 0 AND `name` LIKE "?S" AND `setsale` > 0 ORDER BY `setsale` ASC', $_REQUEST['max'] . '%'); + + while ($row = $data->fetch_assoc()) { $row['cost'] = $row['setsale']; - echo " - -
Ваш товар - "; - showitem($row); - echo ""; + ?> + + + + + + "; - $data = mysql_query("SELECT * FROM `inventory` WHERE `setsale` = 0 AND `owner` = '{$_SESSION['uid']}' AND `dressed` = 0 AND `present` = '' ORDER by `update` DESC; "); - while ($row = mysql_fetch_array($data)) { + $data = db::c()->query('SELECT * FROM `inventory` WHERE `setsale` = 0 AND `dressed` = 0 AND `present` = "?s" AND `owner` = ?i ORDER BY `update` DESC ', '', $_SESSION['uid']); + + while ($row = $data->fetch_assoc()) { echo ""; } } elseif ($_REQUEST['unsale']) { - $data = mysql_query("SELECT * FROM `inventory` WHERE `setsale` > 0 AND `owner` = '{$_SESSION['uid']}' AND `dressed` = 0 ORDER by `update` DESC; "); - while ($row = mysql_fetch_array($data)) { + $data = db::c()->query('SELECT * FROM `inventory` WHERE `setsale` > 0 AND `dressed` = 0 AND `owner` = ?i ORDER BY `update` DESC', $_SESSION['uid']); + + while ($row = $data->fetch_assoc()) { echo "> + HREF="?&max=">подробнее
"; - if ($row['owner'] != $user['id']) { - ?> -
- купить
+
купить +
+ +
Комиссия за услуги магазина составляет 10% от цены, по которой вы предлагаете предмет.
"; ?>
@@ -326,11 +274,12 @@ switch ($shopCategoryTypeNumber) { echo "
"; ?> -
забрать за 1 кр. +
забрать
сменить цену
за 0.1 кр.
@@ -354,7 +303,7 @@ switch ($shopCategoryTypeNumber) { ?>

подробнее
(Масса: )