tradeid = $tradeid; } function confirm_trade() { global $_POST,$_REQUEST,$vbulletin; // validate user id $query = "SELECT count(*) as count FROM ".TABLE_PREFIX."tm_trade a, ".TABLE_PREFIX."tm_trade_user_detail b WHERE a.tradeid=b.tradeid AND a.tradeid=".$this->tradeid." AND b.recuserid=".$vbulletin->userinfo[userid]." AND a.completiondate=0"; echo $query; $count = $vbulletin->db->query_read($query); $count = $vbulletin->db->fetch_array($count); if ($count[count] == 0) { $this->errors[$this->errorindex] = "You may not confirm this trade."; $this->errorindex++; } if ($this->errorindex == 0) { $query = "UPDATE ".TABLE_PREFIX."tm_trade_user_detail SET confirmdate=".TIMENOW." WHERE tradeid=".$this->tradeid." AND userid=".$vbulletin->userinfo[userid]; $vbulletin->db->query_write($query); $query = "UPDATE ".TABLE_PREFIX."tm_trade SET statusid=1, status='Confirmed' WHERE tradeid=".$this->tradeid; $vbulletin->db->query_write($query); $query = "SELECT userid, username, recuserid, recusername FROM ".TABLE_PREFIX."tm_trade_detail WHERE tradeid=".$this->tradeid; $users = $vbulletin->db->query_first_slave($query); if ($users['userid'] == $vbulletin->userinfo[userid]) { send_confirmed_notification($this->tradeid,$users['username'],$users['recuserid'],$users['recusername']); } if ($users['recuserid'] == $vbulletin->userinfo[userid]) { send_confirmed_notification($this->tradeid,$users['recusername'],$users['userid'],$users['username']); } } } function reject_trade() { global $vbulletin; // validate user id $query = "SELECT count(*) as count FROM ".TABLE_PREFIX."tm_trade a, ".TABLE_PREFIX."tm_trade_user_detail b WHERE a.tradeid=b.tradeid AND a.tradeid=".$this->tradeid." AND (b.userid=".$vbulletin->userinfo[userid]." OR b.recuserid=".$vbulletin->userinfo[userid].") AND a.postedbyuserid <>".$vbulletin->userinfo[userid]." AND a.statusid = 0 AND a.completiondate=0"; $count = $vbulletin->db->query_read($query); $count = $vbulletin->db->fetch_array($count); if ($count[count] == 0) { $this->errors[$this->errorindex] = "You may not reject this trade."; $this->errorindex++; } if ($this->errorindex == 0) { $query = "UPDATE ".TABLE_PREFIX."tm_trade SET statusid = 3, status = 'Rejected', completiondate = ".TIMENOW." WHERE tradeid = ".$this->tradeid; $vbulletin->db->query_write($query); $query = "SELECT userid, username, recuserid, recusername FROM ".TABLE_PREFIX."tm_trade_detail WHERE tradeid=".$this->tradeid; $users = $vbulletin->db->query_first_slave($query); if ($users['userid'] == $vbulletin->userinfo[userid]) { send_rejected_notification($this->tradeid,$users['username'],$users['recuserid'],$users['recusername']); } if ($users['recuserid'] == $vbulletin->userinfo[userid]) { send_rejected_notification($this->tradeid,$users['recusername'],$users['userid'],$users['username']); } } } function received_trade() { global $_POST,$_REQUEST,$vbulletin; $traderid = $vbulletin->input->clean_gpc('p','traderid',TYPE_UINT); $packaging = $vbulletin->input->clean_gpc('p','packaging',TYPE_UINT); $time = $vbulletin->input->clean_gpc('p','time',TYPE_UINT); $communication = $vbulletin->input->clean_gpc('p','communication',TYPE_UINT); $condition = $vbulletin->input->clean_gpc('p','condition',TYPE_UINT); $query = "SELECT count(*) as count FROM ".TABLE_PREFIX."tm_trade a, ".TABLE_PREFIX."tm_trade_detail b WHERE a.tradeid=b.tradeid AND a.tradeid=".$this->tradeid." AND b.userid=$traderid AND b.recuserid=".$vbulletin->userinfo[userid]." AND a.completiondate=0"; $count = $vbulletin->db->query_read($query); $count = $vbulletin->db->fetch_array($count); if ($count[count] == 0) { $this->errors[$this->errorindex] = "You may not indicate you have received this trade."; $this->errorindex++; } if ($this->errorindex == 0) { $query = "UPDATE ".TABLE_PREFIX."tm_trade_user_detail SET receiveddate=".TIMENOW." WHERE tradeid=".$this->tradeid." AND userid=".$vbulletin->userinfo[userid]; $vbulletin->db->query_write($query); $query = "SELECT statusid, postedbyuserid FROM ".TABLE_PREFIX."tm_trade WHERE tradeid=".$this->tradeid; $details = $vbulletin->db->query_first_slave($query); if ($details['statusid'] == 0 && $details['postedbyuserid'] <> $vbulletin->userinfo[userid]) { $query = "UPDATE ".TABLE_PREFIX."tm_trade SET statusid=1, status='Confirmed' WHERE tradeid=".$this->tradeid; $vbulletin->db->query_write($query); $query = "UPDATE ".TABLE_PREFIX."tm_trade_user_detail SET confirmdate = ".TIMENOW." WHERE tradeid=".$this->tradeid." AND userid=".$vbulletin->userinfo[userid]; $vbulletin->db->query_write($query); } $query = "SELECT userid, username, recuserid, recusername FROM ".TABLE_PREFIX."tm_trade_detail WHERE tradeid=".$this->tradeid; $users = $vbulletin->db->query_first_slave($query); if ($users['userid'] == $vbulletin->userinfo[userid]) { send_received_notification($this->tradeid,$users['username'],$users['recuserid'],$users['recusername']); } if ($users['recuserid'] == $vbulletin->userinfo[userid]) { send_received_notification($this->tradeid,$users['recusername'],$users['userid'],$users['username']); } if ($packaging > 0 && $time > 0 && $communication > 0 && $condition > 0) { $total = $packaging + $time + $communication + $condition; $query = "INSERT INTO ".TABLE_PREFIX."tm_trade_rating (tradeid, traderid, userid, packaging, delivery, communication, `condition`, total) VALUES ($this->tradeid, $traderid, ".$vbulletin->userinfo[userid].", $packaging, $time, $communication, $condition, $total) ON DUPLICATE KEY UPDATE packaging=$packaging, delivery=$time, communication=$communication, `condition`=$condition, total=$total"; $vbulletin->db->query_write($query); } else if ($time > 0 && $communication > 0) { $total = 2 * ($time + $communication); $query = "INSERT INTO ".TABLE_PREFIX."tm_trade_rating (tradeid, traderid, userid, packaging, delivery, communication, `condition`, total) VALUES ($this->tradeid, $traderid, ".$vbulletin->userinfo[userid].", 0, $time, $communication, 0, $total) ON DUPLICATE KEY UPDATE packaging=0, delivery=$time, communication=$communication, `condition`=0, total=$total"; $vbulletin->db->query_write($query); } $query = "INSERT INTO ".TABLE_PREFIX."tm_update_rating (userid) VALUES ($traderid)"; $vbulletin->db->query_write($query); } } function init_cancel_trade() { global $vbulletin; // verify this trader has the rights to report this trade if (checkTrader($this->tradeid) == 0) { $this->errors[$this->errorindex] = "You cannot request this trade be cancelled because it is either complete or you are not a participant,"; $this->errorindex++; } else { // check to see if previously reported $query = "SELECT count(*) as count FROM ".TABLE_PREFIX."tm_cancel_request WHERE tradeid=".$this->tradeid." AND rejected=0 AND userid=".$vbulletin->userinfo[userid]; $count = $vbulletin->db->query_read($query); $count = $vbulletin->db->fetch_array($count); if ($count[count] > 0) { $this->errors[$this->errorindex] = "You have already requested that this trade be cancelled."; $this->errorindex++; } } if ($this->errorindex == 0) { $query = "SELECT createdate, postedbyuserid, postedbyusername, status, nontrade, selleruserid FROM ".TABLE_PREFIX."tm_trade WHERE tradeid = ".$this->tradeid; $trade = $vbulletin->db->query_first_slave($query); $this->trade['createdate'] = vbdate($vbulletin->options['dateformat'],$trade['createdate']); $this->trade['status'] = $trade['status']; $this->trade['postedby'] = $trade['postedbyusername']; if ($trade['nontrade'] > 0) { $this->trade['type'] = "Free Cards"; } else if ($trade['selleruserid'] > 0) { $this->trade['type'] = "Sale"; } else { $this->trade['type'] = "Trade"; } $query = "SELECT a.userid, a.username, a.recuserid, a.recusername, b.confirmdate, b.receiveddate FROM ".TABLE_PREFIX."tm_trade_detail a LEFT JOIN ".TABLE_PREFIX."tm_trade_user_detail b ON a.tradeid=b.tradeid AND a.userid=b.userid WHERE a.tradeid=".$this->tradeid; $details = $vbulletin->db->query_read_slave($query); $recgap = 3; while ($detail = $vbulletin->db->fetch_array($details)) { if ($detail['receiveddate'] > 0) { $detail['receiveddate'] = vbdate($vbulletin->options['dateformat'],$detail['receiveddate']); } else { $detail['receiveddate'] = " "; } $recgap = 1; if ($this->trade['postedby'] == $detail['username']) { $this->trade['traders'] = $detail['recusername']; } else if ($this->trade['postedby'] == $detail['recusername']) { $this->trade['traders'] = $detail['username']; if ($detail['confirmdate'] == null) { $this->trade['confirmdate'] = " "; } else { $this->trade['confirmdate'] = vbdate($vbulletin->options['dateformat'],$detail['confirmdate']); } } } } } function do_cancel_request() { global $_POST,$_REQUEST,$vbulletin; $this->reason = $vbulletin->input->clean_gpc('p','reason',TYPE_STR); // verify this trader has the rights to cancel this trade if (checkTrader($this->tradeid) == 0) { $this->errors[$this->errorindex] = "You cannot request to cancel this trade because it is either complete or you are not a participant,"; $this->errorindex++; } // verify requested $temp = check_length($this->reason,"reason",1000); if ($temp <> "") { $this->errors[$this->errorindex] = $temp; $this->errorindex++; } // check to see if previously reported if ($this->errorindex == 0) { $query = "SELECT count(*) as count FROM ".TABLE_PREFIX."tm_cancel_request WHERE tradeid=".$this->tradeid." AND rejected=0 AND userid=".$vbulletin->userinfo[userid]; $count = $vbulletin->db->query_read($query); $count = $vbulletin->db->fetch_array($count); if ($count[count] > 0) { $this->errors[$this->errorindex] = "You have already requested that this trade be cancelled."; $this->errorindex++; } } // add to db if ($this->errorindex == 0) { $query = "REPLACE INTO ".TABLE_PREFIX."tm_cancel_request (tradeid, userid, username, requestdate, reason) VALUES (".$this->tradeid.", ".$vbulletin->userinfo[userid].", '".addslashes($vbulletin->userinfo[username])."', ".TIMENOW.", '".addslashes($this->reason)."')"; $vbulletin->db->query_write($query); } } function init_bad_trade() { global $vbulletin; // verify this trader has the rights to report this trade if (checkTrader($this->tradeid) == 0) { $errors[$errorindex] = "You cannot report this trade because it is either complete or you are not a participant,"; $errorindex++; } else { // check to see if previously reported $count = $vbulletin->db->query_read(" SELECT count(*) as count FROM ".TABLE_PREFIX."tm_bad_trade WHERE tradeid=".$this->tradeid." AND userid=".$vbulletin->userinfo[userid]); $count = $vbulletin->db->fetch_array($count); if ($count[count] > 0) { $errors[$errorindex] = "You have already reported this trade to the TGB team."; $errorindex++; } } if ($this->errorindex == 0) { $query = "SELECT createdate, postedbyuserid, postedbyusername, status, nontrade, selleruserid FROM ".TABLE_PREFIX."tm_trade WHERE tradeid = ".$this->tradeid; $trade = $vbulletin->db->query_first_slave($query); $this->trade['createdate'] = vbdate($vbulletin->options['dateformat'],$trade['createdate']); $this->trade['status'] = $trade['status']; $this->trade['postedby'] = $trade['postedbyusername']; if ($trade['nontrade'] > 0) { $this->trade['type'] = "Free Cards"; } else if ($trade['selleruserid'] > 0) { $this->trade['type'] = "Sale"; } else { $this->trade['type'] = "Trade"; } $query = "SELECT a.userid, a.username, a.recuserid, a.recusername, b.confirmdate, b.receiveddate FROM ".TABLE_PREFIX."tm_trade_detail a LEFT JOIN ".TABLE_PREFIX."tm_trade_user_detail b ON a.tradeid=b.tradeid AND a.userid=b.userid WHERE a.tradeid=".$this->tradeid; $details = $vbulletin->db->query_read_slave($query); $recgap = 3; while ($detail = $vbulletin->db->fetch_array($details)) { if ($detail['receiveddate'] > 0) { $detail['receiveddate'] = vbdate($vbulletin->options['dateformat'],$detail['receiveddate']); } else { $detail['receiveddate'] = " "; } $recgap = 1; if ($this->trade['postedby'] == $detail['username']) { $this->trade['traders'] = $detail['recusername']; } else if ($this->trade['postedby'] == $detail['recusername']) { $this->trade['traders'] = $detail['username']; if ($detail['confirmdate'] == null) { $this->trade['confirmdate'] = " "; } else { $this->trade['confirmdate'] = vbdate($vbulletin->options['dateformat'],$detail['confirmdate']); } } } } } function do_bad_trade() { global $_POST,$_REQUEST,$vbulletin,$foruminfo; $this->reason = $vbulletin->input->clean_gpc('p','reason',TYPE_STR); // verify this trader has the rights to cancel this trade if (checkTrader($this->tradeid) == 0) { $this->errors[$this->errorindex] = "You cannot request to report this trade because it is either complete or you are not a participant,"; $this->errorindex++; } // verify requested $temp = check_length($this->reason,"reason",1000); if ($temp <> "") { $this->errors[$this->errorindex] = $temp; $this->errorindex++; } // check to see if previously reported if ($this->errorindex == 0) { $query = "SELECT count(*) as count FROM ".TABLE_PREFIX."tm_bad_trade WHERE tradeid=".$this->tradeid." AND userid=".$vbulletin->userinfo[userid]; $count = $vbulletin->db->query_read($query); $count = $vbulletin->db->fetch_array($count); if ($count[count] > 0) { $this->errors[$this->errorindex] = "You have already reported this trade."; $this->errorindex++; } } // add to db if ($this->errorindex == 0) { $query = "INSERT IGNORE INTO ".TABLE_PREFIX."tm_bad_trade (tradeid, userid, username, complaintdate, complaint) VALUES (".$this->tradeid.", ".$vbulletin->userinfo[userid].", '".addslashes($vbulletin->userinfo[username])."', ".TIMENOW.", '".addslashes($this->reason)."')"; $vbulletin->db->query_write($query); // help desk stuff $query = "SELECT userid, username FROM tm_trade_detail WHERE tradeid=".$this->tradeid." UNION SELECT recuserid as userid, recusername as username FROM tm_trade_detail WHERE tradeid=".$this->tradeid; $traders = $vbulletin->db->query_read_slave($query); while ($trader = $vbulletin->db->fetch_array($traders)) { $names .= " / ".$trader['username']; } $names = substr($names,2); $message = $vbulletin->userinfo[username]." reported the following trade:\n\n"; $message .= "[url]http://www.thebenchtrading.com/trader.php?action=viewtrade&tid="; $message .= $this->tradeid."[/url]\n\n"; $message .= "Explanation:\n"; $message .= $this->reason; $title = "TGB: Trade #".$this->tradeid." ".$names; $title = addslashes($title); $poster = "Trade Mod"; $threaddm = &datamanager_init('Thread_FirstPost',$vbulletin,ERRTYPE_ARRAY,'threadpost'); // Set some variable and information $forumid = 50; // The id of the forum we are posting to $userid = 1934; // The user id of the person posting $pagetext = $message; $allowsmilie = '1'; // Are we allowing smilies in our post $visible = '1'; // If the post visible (ie, moderated or not) // Parse, retrieve and process the information we need to post $foruminfo = fetch_foruminfo($forumid); $threadinfo = array(); $user = htmlspecialchars_uni(fetch_userinfo($userid)); $threaddm->set_info('forum',$foruminfo); $threaddm->set_info('thread',$threadinfo); $threaddm->setr('forumid',$forumid); $threaddm->setr('userid',$userid); $threaddm->setr('pagetext',$pagetext); $threaddm->setr('title',$title); $threaddm->set('allowsmilie',$allowsmilie); $threaddm->set('visible',$visible); // Lets see what happens if we save the page $threaddm->pre_save(); if (count($threaddm->errors) < 1) { // Basically if the page will save without errors then let do it for real this time $threadid = $threaddm->save(); unset($threaddm); } else { die('hackattempt'); } // create ticket with Help Desk $query = "INSERT INTO ".TABLE_PREFIX."ticket( title, departmentid, postusername, postuserid, lastposter, lastupdate, dateline ) VALUES ( '".addslashes($title)."', 1, '".addslashes($vbulletin->userinfo['username'])."', '".intval($vbulletin->userinfo['userid'])."', '".addslashes($vbulletin->userinfo['username'])."', ".TIMENOW.", ".TIMENOW.")"; $vbulletin->db->query_write($query); $this->ticketid = $vbulletin->db->insert_id(); $query = "INSERT INTO ".TABLE_PREFIX."ticketreply( ticketid, username, userid, dateline, pagetext, ipaddress ) VALUES ( ".intval($this->ticketid).", '".addslashes($vbulletin->userinfo['username'])."', ".intval($vbulletin->userinfo[userid]).", ".TIMENOW.", '".addslashes($this->reason)."', '".addslashes(IPADDRESS)."')"; $vbulletin->db->query_write($query); } } function save_tracker() { global $vbulletin; $maildate = $vbulletin->input->clean_gpc('p','maildate',TYPE_STR); $dcnumber = $vbulletin->input->clean_gpc('p','dcnumber',TYPE_STR); $notes = $vbulletin->input->clean_gpc('p','notes',TYPE_STR); $temp = check_length($notes,"notes",1000,true); if ($temp <> "") { $this->errors[$this->errorindex] = $temp; $this->errorindex++; } $temp = check_length($maildate,"mail date",15,true); if ($temp <> "") { $this->errors[$this->errorindex] = $temp; $this->errorindex++; } $temp = check_length($maildate,"DC number",25,true); if ($temp <> "") { $this->errors[$this->errorindex] = $temp; $this->errorindex++; } if ($errorindex == 0) { $query = "UPDATE ".TABLE_PREFIX."tm_trade_user_detail SET maildate='".addslashes($maildate)."', dcnumber='".addslashes($dcnumber)."', notes='".addslashes($notes)."' WHERE tradeid=".$this->tradeid." AND userid=".$vbulletin->userinfo[userid]; $vbulletin->db->query_write($query); } } function received_free_card() { global $_POST,$_REQUEST,$vbulletin; $query = "SELECT count(*) as count FROM ".TABLE_PREFIX."tm_trade a, ".TABLE_PREFIX."tm_trade_detail b WHERE a.tradeid=b.tradeid AND a.tradeid=".$this->tradeid." AND b.recuserid=".$vbulletin->userinfo[userid]." AND a.completiondate=0"; $count = $vbulletin->db->query_read($query); $count = $vbulletin->db->fetch_array($count); if ($count[count] == 0) { $this->errors[$this->errorindex] = "You may not indicate you have received this trade."; $this->errorindex++; } if ($this->errorindex == 0) { $query = "UPDATE ".TABLE_PREFIX."tm_trade_user_detail SET receiveddate=".TIMENOW." WHERE tradeid=".$this->tradeid." AND userid=".$vbulletin->userinfo[userid]; $vbulletin->db->query_write($query); $query = "SELECT statusid, postedbyuserid FROM ".TABLE_PREFIX."tm_trade WHERE tradeid=".$this->tradeid; $details = $vbulletin->db->query_first_slave($query); if ($details['statusid'] == 0 && $details['postedbyuserid'] <> $vbulletin->userinfo[userid]) { $query = "UPDATE ".TABLE_PREFIX."tm_trade SET statusid=1, status='Confirmed' WHERE tradeid=".$this->tradeid; $vbulletin->db->query_write($query); $query = "UPDATE ".TABLE_PREFIX."tm_trade_user_detail SET confirmdate = ".TIMENOW." WHERE tradeid=".$this->tradeid." AND userid=".$vbulletin->userinfo[userid]; $vbulletin->db->query_write($query); } //$passiveuser = get_passive_user($tradeid); //send_received_notification($tradeid, $vbulletin->userinfo[username], $passiveuser[passiveuserid], $passiveuser[passiveusername]); } } function add_chat() { global $_POST,$_REQUEST,$vbulletin; $message = $vbulletin->input->clean_gpc('p','message',TYPE_STR); $temp = check_length($message,"message",500,false); if ($temp <> "") { $this->errors[$this->errorindex] = $temp; $this->errorindex++; } if ($errorindex == 0) { $message = mysql_escape_string($message); $query = "INSERT INTO ".TABLE_PREFIX."tm_messages (userid, tradeid, message, timesent) VALUES ('".$vbulletin->userinfo[userid]."', ".$this->tradeid.", '".$message."', ".TIMENOW.")"; $vbulletin->db->query_write($query); $query = "SELECT userid, username, recuserid, recusername FROM ".TABLE_PREFIX."tm_trade_detail WHERE tradeid=".$this->tradeid; $users = $vbulletin->db->query_first_slave($query); if ($users['userid'] != $vbulletin->userinfo[userid]) { send_messages_notification($this->tradeid,$users['recusername'],$users['userid'],$users['username']); } if ($users['recuserid'] != $vbulletin->userinfo[userid]) { send_messages_notification($this->tradeid,$users['username'],$users['recuserid'],$users['recusername']); } } } function check_trader_name($trader,$tradecheck,$type = "trade") { global $vbulletin; $traderlength = vbstrlen($trader); if ($traderlength == 0) { $this->errors[$this->errorindex] = "The member name is empty."; $this->errorindex++; } else { $traderinfo = get_trader($trader); } if ($traderinfo['userid'] == "") { $this->errors[$this->errorindex] = $trader." is not a registered user. Please double check the user name."; $this->errorindex++; } else if ($tradecheck) { if ($traderinfo['userid'] == $vbulletin->userinfo[userid]) { $this->errors[$this->errorindex] = " You cannot post a $type with yourself."; $this->errorindex++; } else if ($traderinfo['usergroupid'] == 10) { $this->errors[$this->errorindex] = " You cannot post a $type with suspended members."; $this->errorindex++; } else if ($traderinfo['usergroupid'] == 11) { $this->errors[$this->errorindex] = " You cannot post a $type with banned members."; $this->errorindex++; } else if ($traderinfo['usergroupid'] == 12) { $this->errors[$this->errorindex] = " You cannot post a $type with inactive members."; $this->errorindex++; } } return $traderinfo; } } ?> tradeid = $vbulletin->input->clean_gpc('p','tradeid',TYPE_UINT); $this->isadmin = checkAdmin(); } function init_admin_cancel() { global $vbulletin; if (!$this->isadmin) { $this->errors[$this->errorindex] = "You may not cancel this trade."; $this->errorindex++; } if ($this->errorindex == 0) { $query = "SELECT status FROM tm_trade WHERE tradeid=".$this->tradeid; $trade = $vbulletin->db->query_first_slave($query); if ($trade['status'] == 'Cancelled') { $this->errors[$this->errorindex] = "This trade has already been cancelled."; $this->errorindex++; } $query = "SELECT userid, username FROM tm_trade_detail WHERE tradeid=".$this->tradeid." UNION SELECT recuserid as userid, recusername as username FROM tm_trade_detail WHERE tradeid=".$this->tradeid; $traders = $vbulletin->db->query_read_slave($query); } } function do_admin_cancel() { global $_POST,$vbulletin; if (!$this->isadmin) { $this->errors[$this->errorindex] = "You may not cancel this trade."; $this->errorindex++; } if ($this->errorindex == 0) { $traderlist = $_POST['traders']; $traderlist = $vbulletin->input->clean($traderlist,TYPE_ARRAY_UINT); foreach ($traderlist as $key => $value) { $query = "INSERT INTO ".TABLE_PREFIX."tm_trade_rating (tradeid, traderid, userid, packaging, delivery, communication, `condition`, total) VALUES ($this->tradeid, $value, ".$vbulletin->userinfo[userid].", 0, 1, 1, 0, 4) ON DUPLICATE KEY UPDATE packaging=0, delivery=1, communication=1, `condition`=1, total=4"; $vbulletin->db->query_write($query); } $query = "UPDATE ".TABLE_PREFIX."tm_trade SET statusid=4, status='Cancelled', completiondate=".TIMENOW.", cancelledbyuserid=".$vbulletin->userinfo[userid]." WHERE tradeid=".$this->tradeid; $vbulletin->db->query_write($query); } // notifications $query = "SELECT userid, username, recuserid, recusername FROM ".TABLE_PREFIX."tm_trade_detail WHERE tradeid=".$this->tradeid; $users = $vbulletin->db->query_first_slave($query); send_cancelled_notification($this->tradeid,$users['userid'],$users['username']); send_cancelled_notification($this->tradeid,$users['recuserid'],$users['recusername']); } function init_change_type() { global $vbulletin; if (!$this->isadmin) { $this->errors[$this->errorindex] = "You may not change this trade."; $this->errorindex++; } if ($this->errorindex == 0) { $query = "SELECT nontrade, selleruserid FROM tm_trade WHERE tradeid=".$this->tradeid; $trade = $vbulletin->db->query_first_slave($query); $tradetype = get_trade_type($trade['nontrade'],$trade['selleruserid']); $query = "SELECT userid, username FROM tm_trade_detail WHERE tradeid=".$this->tradeid." UNION SELECT recuserid as userid, recusername as username FROM tm_trade_detail WHERE tradeid=".$this->tradeid; $options = ""; $traders = $vbulletin->db->query_read_slave($query); while ($trader = $vbulletin->db->fetch_array($traders)) { $options .= ''; if ($trade['selleruserid'] > 0 && $trade['selleruserid'] != $trader['userid']) { $buyeruserid = $trader['userid']; } } $this->return = $options; echo $options; $this->buyeruserid = $buyeruserid; } } function do_change_rating() { global $vbulletin; $traderid = $vbulletin->input->clean_gpc('p','traderid',TYPE_UINT); $buyeruserid = $vbulletin->input->clean_gpc('p','buyeruserid',TYPE_UINT); $packaging = $vbulletin->input->clean_gpc('p','packaging',TYPE_UINT); $time = $vbulletin->input->clean_gpc('p','time',TYPE_UINT); if ($traderid != $buyeruserid) { $communication = $vbulletin->input->clean_gpc('p','communication',TYPE_UINT); $condition = $vbulletin->input->clean_gpc('p','condition',TYPE_UINT); $total = $packaging + $time + $communication + $condition; } else { $communication = 0; $condition = 0; $total = $packaging + $packaging + $time + $time; } if (!$this->isadmin) { $this->errors[$this->errorindex] = "You may not change the rating for this trade."; $this->errorindex++; } else if ($vbulletin->userinfo[userid] == $traderid) { $this->errors[$this->errorindex] = "You may not rate yourself."; $this->errorindex++; } if ($this->errorindex == 0) { $query = "INSERT INTO ".TABLE_PREFIX."tm_trade_rating (tradeid, traderid, userid, packaging, delivery, communication, `condition`, total) VALUES ($this->tradeid, $traderid, ".$vbulletin->userinfo[userid].", $packaging, $time, $communication, $condition, $total) ON DUPLICATE KEY UPDATE packaging=$packaging, delivery=$time, communication=$communication, `condition`=$condition, total=$total"; $vbulletin->db->query_write($query); } } function do_message() { global $vbulletin; $subject = $vbulletin->input->clean_gpc('p','subject',TYPE_STR); $message = $vbulletin->input->clean_gpc('p','message',TYPE_STR); $traderlist = $_POST['traders']; foreach ($traderlist as $key => $value) { sendPM($subject,$message,$value,$vbulletin->userinfo[userid],$vbulletin->userinfo[username]); } } } ?> trader = $vbulletin->input->clean_gpc('p', 'trader', TYPE_STR); $this->offered = $vbulletin->input->clean_gpc('p', 'offered', TYPE_STR); $this->requested = $vbulletin->input->clean_gpc('p', 'requested', TYPE_STR); require_once(DIR . '/includes/class_tm2_general.php'); $general = new tm2_general(); $this->traderinfo = $general->check_trader_name($this->trader, true); $this->errorindex = $general->errorindex; $this->errors = $general->errors; $this->check_cards($this->offered, "cards you are offering"); $this->check_cards($this->requested, "cards you are receiving"); } function post_trade() { global $_POST, $_REQUEST, $vbulletin; // get trader id $nontrade = 0; // add to db if ($this->errorindex == 0) { $this->tradeid = $this->create_trade($nontrade); $this->create_trade_details($this->tradeid, $vbulletin->userinfo[userid], $vbulletin->userinfo[username], $this->traderinfo[userid], $this->traderinfo[username], $this->offered); $this->create_trade_details($this->tradeid, $this->traderinfo[userid], $this->traderinfo[username], $vbulletin->userinfo[userid], $vbulletin->userinfo[username], $this->requested); send_posted_notification($this->tradeid, $vbulletin->userinfo[username], $this->traderinfo[userid], $this->traderinfo[username]); } } function send_free() { global $_POST, $_REQUEST, $vbulletin; // get trader id $nontrade = 1; // add to db if ($this->errorindex == 0) { $this->tradeid = $this->create_trade($nontrade); $this->create_trade_details($this->tradeid, $vbulletin->userinfo[userid], $vbulletin->userinfo[username], $this->traderinfo[userid], $this->traderinfo[username], $this->offered); send_posted_notification($this->tradeid, $vbulletin->userinfo[username], $this->traderinfo[userid], $this->traderinfo[username]); } } function send_free_with_sase() { global $_POST, $_REQUEST, $vbulletin; // get trader id $nontrade = 1; // add to db if ($this->errorindex == 0) { $this->tradeid = $this->create_trade($nontrade); $this->create_trade_details($this->tradeid, $vbulletin->userinfo[userid], $vbulletin->userinfo[username], $this->traderinfo[userid], $this->traderinfo[username], $this->offered); $this->create_trade_details($this->tradeid, $this->traderinfo[userid], $this->traderinfo[username], $vbulletin->userinfo[userid], $vbulletin->userinfo[username], $this->requested); send_posted_notification($tradeid, $vbulletin->userinfo[username], $this->traderinfo[userid], $this->traderinfo[username]); } } function get_free() { global $_POST, $_REQUEST, $vbulletin; // get trader id $nontrade = 1; // add to db if ($this->errorindex == 0) { $this->tradeid = $this->create_trade($nontrade); $this->create_trade_details($this->tradeid, $this->traderinfo[userid], $this->traderinfo[username], $vbulletin->userinfo[userid], $vbulletin->userinfo[username], $this->requested); send_posted_notification($tradeid, $vbulletin->userinfo[username], $this->traderinfo[userid], $this->traderinfo[username]); } } function get_free_for_sase() { global $_POST, $_REQUEST, $vbulletin; // get trader id $nontrade = 1; // add to db if ($this->errorindex == 0) { $this->tradeid = $this->create_trade($nontrade); $this->create_trade_details($this->tradeid, $vbulletin->userinfo[userid], $vbulletin->userinfo[username], $this->traderinfo[userid], $this->traderinfo[username], $this->offered); $this->create_trade_details($this->tradeid, $this->traderinfo[userid], $this->traderinfo[username], $vbulletin->userinfo[userid], $vbulletin->userinfo[username], $this->requested); // notifications send_posted_notification($this->tradeid, $vbulletin->userinfo[username], $this->traderinfo[userid], $this->traderinfo[username]); } } function post_sale() { global $_POST, $_REQUEST, $vbulletin, $errorlist, $errorindex; // get trader id $nontrade = 0; // verify user selected buyer/seller if (!isset($_POST['position'])) { $this->errors[$this->errorindex] = "Please indicate if you are the buyer or seller."; $this->errorindex++; } else { $this->isbuyer = ($_POST['position'] == 'buyer'); } if ($this->errorindex == 0) { if ($this->isbuyer) { $query = "SELECT usergroupid FROM user WHERE userid=" . $this->traderinfo[userid]; $trader = $vbulletin->db->query_first_slave($query); if ($trader[usergroupid] == 23) { $this->errors[$this->errorindex] = "New members cannot make sales."; $this->errorindex++; } } else { if ($vbulletin->userinfo[usergroupid] == 23) { $this->errors[$this->errorindex] = "New members cannot make sales."; $this->errorindex++; } } } // add to db if ($this->errorindex == 0) { if ($this->isbuyer) { $this->tradeid = $this->create_sale($this->traderinfo[userid]); $this->create_trade_details($this->tradeid, $vbulletin->userinfo[userid], $vbulletin->userinfo[username], $this->traderinfo[userid], $this->traderinfo[username], $this->requested); $this->create_trade_details($this->tradeid, $this->traderinfo[userid], $this->traderinfo[username], $vbulletin->userinfo[userid], $vbulletin->userinfo[username], $this->offered); } else { $this->tradeid = $this->create_sale($vbulletin->userinfo[userid]); $this->create_trade_details($this->tradeid, $vbulletin->userinfo[userid], $vbulletin->userinfo[username], $this->traderinfo[userid], $this->traderinfo[username], $this->offered); $this->create_trade_details($this->tradeid, $this->traderinfo[userid], $this->traderinfo[username], $vbulletin->userinfo[userid], $vbulletin->userinfo[username], $this->requested); } send_posted_notification($this->tradeid, $vbulletin->userinfo[username], $this->traderinfo[userid], $this->traderinfo[username]); } } function check_cards($cards, $description) { global $vbulletin, $errors, $errorindex; $cardlength = vbstrlen($cards); if ($cardlength == 0) { $this->errors[$this->errorindex] = "The $description is empty."; $this->errorindex++; } else if ($cardlength > 2000) { $this->errors[$this->errorindex] = "The $description exceeds 2000 characters. It is currently " . $cardlength; $this->errorindex++; } } function create_trade($nontrade=0) { global $vbulletin; $createdate = TIMENOW; $query = "INSERT INTO " . TABLE_PREFIX . "tm_trade (postedbyuserid, postedbyusername, createdate, nontrade) VALUES (" . $vbulletin->userinfo[userid] . ", '" . addslashes($vbulletin->userinfo[username]) . "', $createdate, $nontrade)"; $vbulletin->db->query_write($query); $query = "SELECT tradeid FROM " . TABLE_PREFIX . "tm_trade WHERE postedbyuserid=" . $vbulletin->userinfo[userid] . " AND createdate=$createdate ORDER BY tradeid DESC"; $trade = $vbulletin->db->query_first_slave($query); $query = "INSERT INTO " . TABLE_PREFIX . "tm_trade_user_detail (tradeid, userid, username, recuserid, recusername, confirmdate) VALUES (" . $trade['tradeid'] . ", " . $vbulletin->userinfo[userid] . ", '" . addslashes($vbulletin->userinfo[username]) . "', " . $this->traderinfo[userid] . ", '" . addslashes($this->traderinfo[username]) . "', $createdate)"; $vbulletin->db->query_write($query); $query = "INSERT INTO " . TABLE_PREFIX . "tm_trade_user_detail (tradeid, userid, username, recuserid, recusername) VALUES (" . $trade['tradeid'] . ", " . $this->traderinfo[userid] . ", '" . addslashes($this->traderinfo[username]) . "', " . $vbulletin->userinfo[userid] . ", '" . addslashes($vbulletin->userinfo[username]) . "')"; $vbulletin->db->query_write($query); return $trade['tradeid']; } function create_sale($selleruserid) { global $vbulletin; $tradeid = $this->create_trade(); $query = "UPDATE " . TABLE_PREFIX . "tm_trade SET selleruserid=$selleruserid WHERE tradeid=$tradeid"; $vbulletin->db->query_write($query); return $tradeid; } function create_trade_details($tradeid, $traderid, $tradername, $rectraderid, $rectradername, $cards) { global $vbulletin; $query = "INSERT INTO " . TABLE_PREFIX . "tm_trade_detail (tradeid, userid, username, recuserid, recusername, cards) VALUES ($this->tradeid, $traderid, '" . addslashes($tradername) . "', $rectraderid,'" . addslashes($rectradername) . "','" . addslashes($cards) . "')"; $vbulletin->db->query_write($query); } } Unable to add cookies, header already sent.
File: /chroot/home/thebench/thebenchtrading.com/html/includes/class_tm2_actions.php
Line: 787