-
Notifications
You must be signed in to change notification settings - Fork 4
/
droplist.php
121 lines (101 loc) · 5.97 KB
/
droplist.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
<?PHP
require_once("./init.php");
if (!defined('is_florensia')) die('Hacking attempt');
$flolang->load("droplist");
if (!$mybb->user['uid']) { $florensia->output_page($flouser->noaccess($flolang->droplist_updateentry_error_notloggedin)); }
$flolang->load("item");
$flolang->load("npc");
###
$notyetincludedworkaround = "AND !(".$florensia->get_columnname("attackmax", "npc")."='0' && ".$florensia->get_columnname("attackmin", "npc")."='0' && ".$florensia->get_columnname("level", "npc")."='1' && ".$florensia->get_columnname("hppoints", "npc")."='0' && ".$florensia->get_columnname("manapoints", "npc")."='0' && ".$florensia->get_columnname("exp", "npc")."='0')";
###
if (($_GET['itemid'] && MYSQL_NUM_ROWS(MYSQL_QUERY("SELECT itemid FROM server_item_idtable WHERE itemid='".mysql_real_escape_string($_GET['itemid'])."' LIMIT 1"))) OR ($_GET['npcid'] && MYSQL_NUM_ROWS(MYSQL_QUERY("SELECT ".$florensia->get_columnname("npcid", "npc")." FROM server_npc WHERE ".$florensia->get_columnname("npcid", "npc")."='".mysql_real_escape_string($_GET['npcid'])."' LIMIT 1")))) {
if (strlen($_GET['search'])==0) {
if ($_GET['itemid']) header("Location: ".$florensia->outlink(array("itemdetails", $_GET['itemid'], $stringtable->get_string($_GET['itemid'])), array(), array("escape"=>FALSE)));
else header("Location: ".$florensia->outlink(array("npcdetails", $_GET['npcid'], $stringtable->get_string($_GET['npcid'])), array(), array("escape"=>FALSE)));
}
if ($_GET['itemid']) {
$item = new floclass_item($_GET['itemid']);
$addtoentry = $item->shortinfo();
foreach (explode(" ", $_GET['search']) as $keyword) {
$searchstring[] = "name_{$stringtable->language} LIKE '%".get_searchstring($keyword,0)."%'";
}
$querystring = "SELECT ".$florensia->get_columnname("npcid", "npc")." FROM server_npc WHERE ".join(" AND ", $searchstring)." $notyetincludedworkaround AND npc_file='MonsterChar' ORDER BY name_{$stringtable->language}";
$formlink = $florensia->outlink(array("itemdetails", $_GET['itemid'], $stringtable->get_string($_GET['itemid'])), array(), array("anchor"=>"droplist"));
$dropentryaddtolist = "
<input type='hidden' value='".$florensia->escape($_GET['itemid'])."' name='itemid'>
<input type='submit' value='{$flolang->droplist_search_npc}'>
";
}
else {
$npc = new floclass_npc($_GET['npcid']);
$addtoentry = $npc->shortinfo();
foreach (explode(" ", $_GET['search']) as $keyword) {
$searchstring[] = "name_{$stringtable->language} LIKE '%".get_searchstring($keyword,0)."%'";
}
#ignore cashshoptables
$querystring = "SELECT itemid FROM server_item_idtable WHERE tableid!='cloakitem' AND tableid!='hatitem' AND tableid!='upgradehelpitem' AND tableid!='sealhelpbreakitem' AND ".join(" AND ", $searchstring)." ORDER BY name_{$stringtable->language}";
$formlink = $florensia->outlink(array("npcdetails", $_GET['npcid'], $stringtable->get_string($_GET['npcid'])), array(), array("anchor"=>"droplist"));
$dropentryaddtolist = "
<input type='hidden' value='".$florensia->escape($_GET['npcid'])."' name='npcid'>
<input type='submit' value='{$flolang->droplist_search_item}'>
";
}
$querystringlist = MYSQL_QUERY($querystring);
for ($i=1; $entrylist = MYSQL_FETCH_ARRAY($querystringlist); $i++) {
if ($_GET['itemid']) {
list($amount) = MYSQL_FETCH_ARRAY(MYSQL_QUERY("SELECT COUNT(d.dropid) FROM flobase_droplist as d, flobase_droplist_ratings as r WHERE d.dropid=r.dropid AND d.npcid='".$entrylist[$florensia->get_columnname("npcid", "npc")]."' AND d.itemid='".mysql_real_escape_string($_GET['itemid'])."' AND r.userid='{$flouser->userid}'"));
if ($amount) continue;
$npc = new floclass_npc($entrylist[$florensia->get_columnname("npcid", "npc")]);
$entryshortinfo = $npc->shortinfo();
$checkbox = "droplist_thumpsup_".$florensia->escape($_GET['itemid'])."_".$entrylist[$florensia->get_columnname("npcid", "npc")]."_x";
}
else {
list($amount) = MYSQL_FETCH_ARRAY(MYSQL_QUERY("SELECT COUNT(d.dropid) FROM flobase_droplist as d, flobase_droplist_ratings as r WHERE d.dropid=r.dropid AND d.npcid='".mysql_real_escape_string($_GET['npcid'])."' AND d.itemid='".$entrylist['itemid']."' AND r.userid='{$flouser->userid}'"));
if ($amount) continue;
$item = new floclass_item($entrylist['itemid']);
$entryshortinfo = $item->shortinfo();
$checkbox = "droplist_thumpsup_".$entrylist['itemid']."_".$florensia->escape($_GET['npcid'])."_x";
}
$content .= $florensia->adsense(10);
$colorchange = $florensia->change();
$content .="
<div style='margin-bottom:5px;'>
<table style='width:100%' class='small'>
<tr>
<td class='shortinfo_{$colorchange}' style='text-align:center; vertical-align:middle; width:50px;'>
<input type='checkbox' value='1' name='{$checkbox}'>
</td>
<td style='width:10px;'></td>
<td class='shortinfo_{$colorchange}' style='vertical-align:top;'>
{$entryshortinfo}
</td>
</tr>
</table>
</div>
";
if ($i>30) {
$content .= "<div style='text-align:center' class='warning'>{$flolang->droplist_addform_toomanyresults}</div>";
break;
}
}
if (!$content) { $content = "<div style='text-align:center' class='warning'>{$flolang->droplist_addform_noentrys}</div>"; }
$content = "
<div class='bordered' style='margin-bottom:15px;'>{$addtoentry}</div>
<div class='bordered small' style='text-align:right'>
<form action='{$florensia->root}/droplist.php' method='get'>
<input type='text' name='search' value='".$florensia->escape($_GET['search'])."'>
<input type='hidden' value='{$stringtable->language}' name='names'>
{$dropentryaddtolist}
</form>
</div>
<div class='subtitle' style='margin-bottom:5px; margin-top:5px; height:5px;'></div>
<form action='{$formlink}' method='post'>
$content
<div><input type='submit' value='{$flolang->droplist_addform_doverify}' name='do_verify'></div>
</form>
";
}
else { header("Location: {$florensia->root}"); }
$florensia->sitetitle("Add to droplist");
$florensia->output_page($content);
?>