www.gusucode.com > ShopEx481 & PHPWind 整合版码程序 > bbs/hack/toolcenter/index.php
<?php !function_exists('readover') && exit('Forbidden'); require_once(D_P.'data/bbscache/level.php'); require_once(R_P.'require/updateforum.php'); require_once(R_P.'require/tool.php'); !$db_toolifopen && Showmsg('toolcenter_close'); !$windid && Showmsg('not_login'); require_once(R_P.'require/credit.php'); list($db_moneyname,$db_moneyunit,$db_rvrcname,$db_rvrcunit,$db_creditname,$db_creditunit)=explode("\t",$db_credits); $userdb = array( 'money'=>array($winddb['money'],$db_moneyunit), 'rvrc'=>array($userrvrc,$db_rvrcunit), 'credit'=>array($winddb['credit'],$db_creditunit), 'currency'=>array($winddb['currency'],'') ); foreach(GetCredit($winduid) as $key=>$value){ $userdb[$key] = array($value[1],$_CREDITDB[$key][1]); } $CreditType = GetCreditType(); InitGP(array('action')); if(!$action){ $query = $db->query("SELECT * FROM pw_tools WHERE state=1 ORDER BY vieworder"); while($rt = $db->fetch_array($query)){ $rt['descrip'] = substrs($rt['descrip'],30); !$rt['creditype'] && $rt['creditype'] = 'currency'; $tooldb[] = $rt; } require_once PrintHack('index');footer(); } elseif($action == 'mytool'){ $query = $db->query("SELECT u.*,t.name,t.price,t.creditype,t.stock FROM pw_usertool u LEFT JOIN pw_tools t ON t.id=u.toolid WHERE u.uid='$winduid'"); while($rt = $db->fetch_array($query)){ !$rt['creditype'] && $rt['creditype'] = 'currency'; $tooldb[] = $rt; } require_once PrintHack('index');footer(); } elseif($action == 'user'){ !$db_allowtrade && Showmsg('trade_close'); InitGP(array('uid')); $sqladd = $owner = ''; if(is_numeric($uid)){ $rt = $db->get_one("SELECT username FROM pw_members WHERE uid='$uid'"); if(!$rt){ $errorname = $uid; Showmsg('user_not_exists'); } $sqladd = "AND u.uid='$uid'"; $owner = $rt['username']; } $query = $db->query("SELECT u.*,t.name,t.descrip,t.logo,t.creditype,m.username FROM pw_usertool u LEFT JOIN pw_members m USING(uid) LEFT JOIN pw_tools t ON t.id=u.toolid WHERE sellnums!=0 $sqladd"); while($rt = $db->fetch_array($query)){ $rt['descrip'] = substrs($rt['descrip'],45); !$rt['creditype'] && $rt['creditype'] = 'currency'; $tooldb[] = $rt; } require_once PrintHack('index');footer(); } elseif($action == 'sell'){ !$db_allowtrade && Showmsg('trade_close'); InitGP(array('id')); if(!$_POST['step']){ $rt = $db->get_one("SELECT u.*,t.name,t.price,t.creditype,t.logo FROM pw_usertool u LEFT JOIN pw_tools t ON t.id=u.toolid WHERE uid='$winduid' AND toolid='$id'"); !$rt && Showmsg('undefined_action'); $rt['nums'] == 0 && Showmsg('unenough_toolnum'); !$rt['creditype'] && $rt['creditype'] = 'currency'; require_once PrintHack('index');footer(); } else{ $rt = $db->get_one("SELECT u.*,t.name FROM pw_usertool u LEFT JOIN pw_tools t ON t.id=u.toolid WHERE uid='$winduid' AND toolid='$id'"); if($rt){ InitGP(array('nums','price'),'P'); $nums = (int)$nums; $price = (int)$price; $price <= 0 && Showmsg('illegal_nums'); $nums <= 0 && Showmsg('illegal_nums'); $rt['nums'] < $nums && Showmsg('unenough_nums'); $db->update("UPDATE pw_usertool SET nums=nums-'$nums',sellnums=sellnums+'$nums',sellprice='$price' WHERE uid='$winduid' AND toolid='$id'"); $logdata = array( 'type' => 'sell', 'nums' => $nums, 'money' => $price, 'descrip' => 'sell_descrip', 'uid' => $winduid, 'username' => $windid, 'ip' => $onlineip, 'time' => $timestamp, 'toolname' => $rt['name'], 'from' => '', ); writetoollog($logdata); refreshto("hack.php?H_name=toolcenter&action=mytool",'operate_success'); } else{ Showmsg('undefined_action'); } } } elseif($action == 'buyuser'){ InitGP(array('id','uid')); if(!$_POST['step']){ $rt = $db->get_one("SELECT * FROM pw_usertool u LEFT JOIN pw_tools t ON t.id=u.toolid WHERE u.toolid='$id' AND u.uid='$uid'"); if($rt){ $condition = unserialize($rt['conditions']); $groupids = $condition['group']; $fids = $condition['forum']; foreach($condition[credit] as $key => $value){ $key == 'rvrc' && $value /= 10; $condition['credit'][$key] = (int)$value; } $usergroup=""; $num = 0; foreach($ltitle as $key=>$value){ if($key != 1 && $key != 2){ if(strpos($groupids,','.$key.',') !== false){ $num++; $htm_tr = $num%5 == 0 ? '</tr><tr>' : ''; $usergroup .=" <td width='20%'>$value</td>$htm_tr"; } } } $num = 0; $forumcheck = ""; $sqladd = " AND f_type!='hidden' AND cms='0'"; $query = $db->query("SELECT fid,name FROM pw_forums WHERE type<>'category' AND cms='0'"); while($fm = $db->fetch_array($query)){ if(strpos($fids,','.$fm['fid'].',') !== false){ $num ++; $htm_tr = $num % 5 == 0 ? '</tr><tr>' : ''; $forumcheck .= "<td width='20%'>$fm[name]</td>$htm_tr"; } } !$rt['creditype'] && $rt['creditype'] = 'currency'; require_once PrintHack('index');footer(); } else{ Showmsg('undefined_action'); } } else{ $toolinfo = $db->get_one("SELECT u.*,t.name,t.creditype,m.username FROM pw_usertool u LEFT JOIN pw_members m USING(uid) LEFT JOIN pw_tools t ON t.id=u.toolid WHERE u.toolid='$id' && u.uid='$uid'"); //$userinfo = $db->get_one("SELECT currency FROM pw_memberdata WHERE uid='$winduid'"); $nums = (int)GetGP('nums'); $nums <= 0 && Showmsg('illegal_nums'); $price = $toolinfo['sellprice'] * $nums; $toolinfo['sellnums'] < $nums && Showmsg('unenough_sellnum'); if($winduid == $toolinfo['uid']){ $logdata=array( 'type' => 'buy', 'nums' => $nums, 'money' => $price, 'descrip' => 'buyself_descrip', 'uid' => $winduid, 'username' => $windid, 'ip' => $onlineip, 'time' => $timestamp, 'toolname' => $toolinfo['name'], 'from' => '', ); writetoollog($logdata); $db->update("UPDATE pw_usertool SET nums=nums+'$nums',sellnums=sellnums-'$nums' WHERE uid='$toolinfo[uid]' AND toolid='$id'"); } else{ $lockfile = D_P.'data/bbscache/lock_buyusertool.txt'; $fp = fopen($lockfile,'wb+'); flock($fp,LOCK_EX); !$toolinfo['creditype'] && $toolinfo['creditype'] = 'currency'; if($userdb[$toolinfo['creditype']][0] < $price){ $creditname = CreditName($toolinfo['creditype']); Showmsg('unenough_money'); } UserCredit($winduid,$toolinfo['creditype'],'set',-$price); UserCredit($toolinfo['uid'],$toolinfo['creditype'],'set',$price); //$db->update("UPDATE pw_memberdata SET currency=currency-'$price' WHERE uid='$winduid'"); //$db->update("UPDATE pw_memberdata SET currency=currency+'$price' WHERE uid='$toolinfo[uid]'"); $db->pw_update( "SELECT uid FROM pw_usertool WHERE uid='$winduid' AND toolid='$id'", "UPDATE pw_usertool SET nums=nums+'$nums' WHERE uid='$winduid' AND toolid='$id'", "INSERT INTO pw_usertool SET nums='$nums',uid='$winduid',toolid='$id'" ); fclose($fp); $db->update("UPDATE pw_usertool SET sellnums=sellnums-'$nums' WHERE uid='$toolinfo[uid]' AND toolid='$id'"); $logdata=array( 'type' => 'buy', 'nums' => $nums, 'money' => $price, 'descrip' => 'buyuser_descrip', 'uid' => $winduid, 'username' => $windid, 'ip' => $onlineip, 'time' => $timestamp, 'toolname' => $toolinfo['name'], 'from' => $toolinfo['username'], ); writetoollog($logdata); } refreshto("hack.php?H_name=toolcenter&action=user",'operate_success'); } } elseif($action == 'buy'){ InitGP(array('id')); if(!$_POST['step']){ $rt = $db->get_one("SELECT * FROM pw_tools WHERE id='$id'"); if($rt['state']==0){ Showmsg('tool_buyclose'); } if($rt){ $rt['stock'] == 0 && Showmsg('no_stock'); $condition = unserialize($rt['conditions']); $groupids = $condition['group']; $fids = $condition['forum']; foreach($condition[credit] as $key => $value){ $key == 'rvrc' && $value /= 10; $condition['credit'][$key] = (int)$value; } $usergroup = ""; $num = 0; foreach($ltitle as $key=>$value){ if($key != 1 && $key != 2){ if(strpos($groupids,','.$key.',') !== false){ $num ++; $htm_tr = $num%5 == 0 ? '</tr><tr>' : ''; $usergroup .= "<td width='20%'>$value</td>$htm_tr"; } } } $num = 0; $forumcheck = "<table cellspacing='0' cellpadding='0' border='0' width='100%' align='center'><tr>"; $sqladd = " AND f_type!='hidden' AND cms='0'"; $query = $db->query("SELECT fid,name FROM pw_forums WHERE type<>'category' AND cms='0'"); while($fm = $db->fetch_array($query)){ if(strpos($fids,','.$fm['fid'].',') !== false){ $num ++; $htm_tr = $num % 5 == 0 ? '</tr><tr>' : ''; $forumcheck .= "<td width='20%'>$fm[name]</td>$htm_tr"; } } $forumcheck.="</tr></table>"; !$rt['creditype'] && $rt['creditype'] = 'currency'; require_once PrintHack('index');footer(); } else{ Showmsg('undefined_action'); } } else{ $lockfile = D_P.'data/bbscache/lock_buytool.txt'; $fp = fopen($lockfile,'wb+'); flock($fp,LOCK_EX); $toolinfo = $db->get_one("SELECT * FROM pw_tools WHERE id='$id'"); //$userinfo = $db->get_one("SELECT currency FROM pw_memberdata WHERE uid='$winduid'"); $nums = (int)GetGP('nums'); $nums <= 0 && Showmsg('illegal_nums'); $price = $toolinfo['price'] * $nums; $toolinfo['stock'] < $nums && Showmsg('unenough_stock'); !$toolinfo['creditype'] && $toolinfo['creditype'] = 'currency'; if($userdb[$toolinfo['creditype']][0] < $price){ $creditname = CreditName($toolinfo['creditype']); Showmsg('unenough_money'); } UserCredit($winduid,$toolinfo['creditype'],'set',-$price); //$db->update("UPDATE pw_memberdata SET currency=currency-'$price' WHERE uid='$winduid'"); $db->update("UPDATE pw_tools SET stock=stock-'$nums' WHERE id='$id'"); $db->pw_update( "SELECT uid FROM pw_usertool WHERE uid='$winduid' AND toolid='$id'", "UPDATE pw_usertool SET nums=nums+'$nums' WHERE uid='$winduid' AND toolid='$id'", "INSERT INTO pw_usertool SET nums='$nums',uid='$winduid',toolid='$id'" ); fclose($fp); $logdata=array( 'type' => 'buy', 'nums' => $nums, 'money' => $price, 'descrip' => 'buy_descrip', 'uid' => $winduid, 'username' => $windid, 'ip' => $onlineip, 'time' => $timestamp, 'toolname' => $toolinfo['name'], 'from' => '', ); writetoollog($logdata); refreshto("hack.php?H_name=toolcenter",'operate_success'); } } elseif($action == 'use' || $action=='ajax'){ $toolid = (int)GetGP('toolid'); if(!$toolid){ $tooldb = array(); $query = $db->query("SELECT * FROM pw_usertool u LEFT JOIN pw_tools t ON t.id=u.toolid WHERE u.uid='$winduid' ORDER BY vieworder"); while($rt = $db->fetch_array($query)){ $rt['descrip'] = substrs($rt['descrip'],45); $tooldb[] = $rt; } if(!$tooldb){ Showmsg('no_tool'); } require_once PrintHack('index');footer(); } $tooldb = $db->get_one("SELECT u.nums,t.name,t.filename,t.state,t.type,t.conditions FROM pw_usertool u LEFT JOIN pw_tools t ON t.id=u.toolid WHERE u.uid='$winduid' AND u.toolid='$toolid'"); !$db_toolifopen && Showmsg('toolcenter_close'); if(!$tooldb || $tooldb['nums'] <= 0){ Showmsg('nothistool'); } if($tooldb['type']==1){ !$tid && Showmsg('illegal_tid'); $condition = unserialize($tooldb['conditions']); $tpcdb = $db->get_one("SELECT fid,subject,authorid,topped,toolfield FROM pw_threads WHERE tid='$tid'"); if(!$tpcdb){ Showmsg('illegal_tid'); } if($condition['forum'] && strpos($condition['forum'],",$tpcdb[fid],") === false){ Showmsg('tool_forumlimit'); } } CheckUserTool($winduid,$tooldb); if(file_exists(H_P.'require/'.$tooldb['filename'].'.php')){ require_once Pcv(H_P.'require/'.$tooldb['filename'].'.php'); } else{ Showmsg('tooluse_not_finished'); } } ?>