Shop Makeover
First off to get this kicking you will want to run the following SQL Queries in your phpMyAdmin Database.
Code
ALTER TABLE `shop_items` ADD `desc` TEXT NOT NULL ,
ADD `quantity` INT( 11 ) NOT NULL ,
ADD `staffonly` VARCHAR( 255 ) NOT NULL DEFAULT 'false';
ALTER TABLE `user_shop_items` ADD `quantity` INT( 11 ) NOT NULL DEFAULT '0';
Next Replace your shop.php with the new shop.php
PHP Code
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
<?php
session_start(); //allow sessions
require("config.php"); //get configuration
if($logged['username']){ //if the user is logged in
switch($_GET['page']){ //start page grabbing
default: //default
print "Welcome to the shop $logged[username]."; //welcome ^^
$get_items = mysql_query("SELECT * FROM `shop_items`"); //get all items
if(mysql_num_rows($get_items) == 0){ //check if any in db
print "Sorry, No Shop Items Available.";
}else{
while($items = mysql_fetch_array($get_items)){
if($items['staffonly'] == "True" && $logged['userlevel'] >= '4'){ //staff items :D
print "<h2>Staff Items</h2>";
print "<img src=\"$items[image]\" alt=\"$items[name]\" />
<table width=\"400\">
<tr>
<td width=\"400\" colspan=\"4\" align=\"left\" valign=\"middle\">
<b>$items[name]</b>
</td>
</tr>
<tr>
<td width=\"100\" align=\"left\" valign=\"middle\">
<b>Description</b>
</td>
<td width=\"300\" align=\"center\" valign=\"middle\">
$items[desc]
</td>
</tr>
<tr>
<td width=\"100\" align=\"left\" valign=\"middle\">
<b>Price</b>
</td>
<td width=\"300\" align=\"center\" valign=\"middle\">
$items[price] Point(s)
</td>
</tr>
<tr>
<td width=\"100\" align=\"left\" valign=\"middle\">
<b>Quantity</b>
</td>
<td width=\"300\" align=\"center\" valign=\"middle\">
$items[quantity]
</td>
</tr>
<tr>
<td width=\"100\" align=\"left\" valign=\"middle\">
</td>
<td width=\"300\" align=\"center\" valign=\"middle\">
<a href=\"shop.php?page=verify&item=$items[id]\">Buy</a>
</td>
</table>"; //print item data
}elseif($items['staffonly'] == "True" && $logged['userlevel'] < '4'){
//nothing here cause admins wont be able to see it ;(
}else{ //not an admin and item aint staff only
print "<img src=\"$items[image]\" alt=\"$items[name]\" />
<table width=\"400\">
<tr>
<td width=\"400\" colspan=\"4\" align=\"left\" valign=\"middle\">
<b>$items[name]</b>
</td>
</tr>
<tr>
<td width=\"100\" align=\"left\" valign=\"middle\">
<b>Description</b>
</td>
<td width=\"300\" align=\"center\" valign=\"middle\">
$items[desc]
</td>
</tr>
<tr>
<td width=\"100\" align=\"left\" valign=\"middle\">
<b>Price</b>
</td>
<td width=\"300\" align=\"center\" valign=\"middle\">
$items[price] Point(s)
</td>
</tr>
<tr>
<td width=\"100\" align=\"left\" valign=\"middle\">
<b>Quantity</b>
</td>
<td width=\"300\" align=\"center\" valign=\"middle\">
$items[quantity]
</td>
</tr>
<tr>
<td width=\"100\" align=\"left\" valign=\"middle\">
</td>
<td width=\"300\" align=\"center\" valign=\"middle\">
<a href=\"shop.php?page=verify&item=$items[id]\">Buy</a>
</td>
</table>"; //print item data
} //end level check >]
} //end loop for items >/
} //end item check
break; //end page
case 'verify': //verify page
$itemid = (int) addslashes($_GET['item']); //get item id
if(!$itemid){ //not set
print "<b>Error</b>: No Item Selected.";
}else{ //is set
$check = mysql_query("SELECT * FROM `shop_items` WHERE `id` = '$itemid';"); //check with db
if(mysql_num_rows($check) == 0){ //invalid
print "<b>Error</b>: Invalid ID Selected.";
}else{ //not invalid
$item = mysql_fetch_array($check); //array data
print "Are you sure you want to purchase $item[name]?<br> <a href='shop.php?page=purchase&item=$itemid'>Yes</a> - <a href='shop.php'>No</a>"; //ask if they reall want to buy it.
} //end invalid check
} //end general check
break;
case 'purchase': //purchase the item ;)
$itemid = (int) addslashes($_GET['item']); //item id
if(!$itemid){ //no id found
print "<b>Error</b>: No Item Selected.";
}else{ //was found
$check = mysql_query("SELECT * FROM `shop_items` WHERE `id` = '$itemid';"); //check with db
if(mysql_num_rows($check) == 0){ //not found
print "<b>Error</b>: Invalid ID Selected.";
}else{ //found
$item = mysql_fetch_array($check); //array data
$users_items = mysql_query("SELECT * FROM `user_shop_items` WHERE `name` = '$item[name]' AND `owner` = '$logged[username]';"); //get current users items
$array_items = mysql_fetch_array($users_items); //array those items
if(mysql_num_rows($users_items) == 1){ //if its there :O
if($logged['points'] < $item['price']){ //check points
print "<b>Error</b>: You Don't Have Enough Points!"; //not enough
}else{
//has enough
$new_quantity = ($array_items['quantity'] + 1); //new quantity
$update = mysql_query("UPDATE `user_shop_items` SET `quantity` = '$new_quantity' WHERE `owner` = '$logged[username]' AND `name` = '$item[name]'"); //update it ;)
$new_points = ($logged['points'] - $item['price']); //new points
$update2 = mysql_query("UPDATE `members` SET `points` = '$new_points' WHERE `username` = '$logged[username]';"); //update them
print "You Have Bought 1 $item[name]."; //give them what they wanted ;)
} //end point check
}else{
if($logged['points'] < $item['price']){
print "<b>Error</b>: You Don't Have Enough Points!";
}else{
$insert = mysql_query("INSERT INTO `user_shop_items` (`name`,`image`,`owner`,`quantity`) VALUES ('$item[name]','$item[image]','$logged[username]','1');"); //insert item into table
$new_points = ($logged['points'] - $item['price']);
$update2 = mysql_query("UPDATE `members` SET `points` = '$new_points' WHERE `username` = '$logged[username]';"); //update points
print "You Have Bought 1 $item[name].";
}
}
}
}
break;
}
}else{
print "<b>Error</b> You Are Not Logged In."; //not logged in
}
?>
Next part is the shop admin replace your file with the following:
PHP Code
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
<?php
session_start(); //allow sessions
include "config.php"; //get config
if($logged[username] && $logged[userlevel] == 6){ //check if admin
switch($_GET[page]){ //allow page var to be used
default: //default.
echo ("Welcome to the shop admin. <a href='?page=add'>Add a shop item</a><br><br>"); //welcome :D
$fetch = mysql_query("SELECT * FROM `shop_items`"); //get items
$rows = mysql_num_rows($fetch); //total them up
if ($rows == 0){ //none :(
echo ("No shop items. Sorry. <a href='?page=add'>Add a shop item</a>");
}else{ //some :)
while ($shop = mysql_fetch_array($fetch)){ //make loop to echo items
echo ("<img src='$shop[image]'> | $shop[name] | $shop[price] - <a href='?page=edit&id=$shop[id]'>Edit</a> // <a href='?page=verifydelete&id=$shop[id]'>Delete</a><br>"); //give things to do and item info
} //end loop
} //end check
break; //end page
case 'add': //add new item :)
echo ("<form method='post' action='?page=additem'>
Name: <input type='text' name='name'><br>
Price: <input type='text' name='price'><br>
Image: <input type='text' name='image'><br>
Quantity: <input type='text' name='quantity'><br>
Staff Only: <select name=\"staff\">
<option value=\"True\">Yes</option>
<option value=\"False\">No</option>
</select><br>
<input type='submit' value='Add' name='submit'>
</form>"); //item data and such to be entered to the DB
break;
case 'additem':
//variables ^^
$image = strip_tags(htmlspecialchars($_POST[image]));
$name = strip_tags(htmlspecialchars($_POST[name]));
$price = strip_tags(htmlspecialchars($_POST[price]));
$quantity = (int) $_POST[quantity];
$staffonly = htmlspecialchars(addslashes($_POST[staff]));
$add = mysql_query("INSERT INTO `shop_items` (`price`, `image`, `name`,`quantity`,`staffonly`) VALUES ('$price', '$image', '$name','$quantity','$staffonly');"); //add to the database
echo ("$name has been added to the shop. thank you. <a href='shop_admin.php'>Back</a>"); //thanks ^^
break; //end page
case 'edit': //edit an item
$id = strip_tags(htmlspecialchars($_GET[id])); //get id
$fetch = mysql_query("SELECT * FROM `shop_items` WHERE `id` = '$id'"); //check
$shop = mysql_fetch_array($fetch); //array data
echo ("<form method='post' action='?page=edititem&id=$id'>
Name: <input type='text' value='$shop[name]' name='name'><br>
Price: <input type='text' value='$shop[price]' name='price'><br>
Image: <input type='text' value='$shop[image]' name='image'><br>
Quantity: <input type='text' name='quantity' value='$shop[quantity]'><br>
Staff Only: <select name=\"staff\">
<option value=\"True\">Yes</option>
<option value=\"False\">No</option>
</select><br>
<input type='submit' value='Edit' name='submit'>
</form>");//allow user to edit data
break; //end page
case 'edititem':
//vars to be used
$id = strip_tags(htmlspecialchars($_GET[id]));
$image = strip_tags(htmlspecialchars($_POST[image]));
$name = strip_tags(htmlspecialchars($_POST[name]));
$price = strip_tags(htmlspecialchars($_POST[price]));
$quantity = (int) $_POST[quantity];
$staffonly = htmlspecialchars(addslashes($_POST[staff]));
$edit = mysql_query("UPDATE `shop_items` SET `image` = '$image', `name` = '$name', `price` = '$price', `quantity` = '$quantity', `staffonly` = '$staffonly' WHERE `id` = '$id'"); //set the new data :)
echo ("$shop[name] has been edited thank you. <a href='shop_admin.php'>Back</a>"); //item edited ;)
break; //end page
case 'verifydelete':
$id = strip_tags(htmlspecialchars($_GET[id]));
$fetch = mysql_query("SELECT * FROM `shop_items` WHERE `id` = '$id'");
$shop = mysql_fetch_array($fetch);
echo ("Are you sure you want to delete $shop[name]?<br> <a href='?page=delete&id=$id'>Yes</a> - <a href='shop.php'>No</a>"); //verify the delete
break;
case 'delete':
$id = strip_tags(htmlspecialchars($_GET[id]));
$delete = mysql_query("DELETE FROM `shop_items` WHERE `id` = '$id'"); //Adios Amigos!
echo ("$shop[name] has been deleted thank you. <a href='shop_admin.php'>Back</a>"); //tel them they deleted it ;(
break; //end page
}
}
?>
Thats about it other then the inventory ;)
So, name this file inventory.php and add the following lines of code.
PHP Code
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
<?php
session_start(); //allow sessio ns
include("config.php"); //get config
if(!$logged['username']){ //check username is online
print "<b>Error</b>: You Are Not Logged In!"; //not
}else{
switch($_GET['page']){ //is so allow the page var to be used
default: //default page
$get_users_items = mysql_query("SELECT * FROM `users_shop_items` WHERE `owner` = '$logged[username]';"); //get users items
print "<h2>Your Items</h2>"; //yours items Duh
while($items = mysql_fetch_array($get_users_items)){ //loop to show items
print "<img src=\"$items[image]\" alt=\"$items[name]\" />
<table width=\"400\">
<tr>
<td width=\"400\" colspan=\"4\" align=\"left\" valign=\"middle\">
<b>$items[name]</b>
</td>
</tr>
<tr>
<td width=\"100\" align=\"left\" valign=\"middle\">
<b>Description</b>
</td>
<td width=\"300\" align=\"center\" valign=\"middle\">
$items[desc]
</td>
</tr>
<tr>
<td width=\"100\" align=\"left\" valign=\"middle\">
<b>Price</b>
</td>
<td width=\"300\" align=\"center\" valign=\"middle\">
$items[price] Point(s)
</td>
</tr>
<tr>
<td width=\"100\" align=\"left\" valign=\"middle\">
<b>Quantity</b>
</td>
<td width=\"300\" align=\"center\" valign=\"middle\">
$items[quantity]
</td>
</tr>
<tr>
<td width=\"100\" align=\"left\" valign=\"middle\">
</td>
<td width=\"300\" align=\"center\" valign=\"middle\">
<a href=\"inventory.php?page=verify&id=$items[id]\">Buy</a>
</td>
</table>"; //display item details
}
break; //Muah! end page O_o'
case 'verify': //verify that you want to sell the item.
$id = (int) addslashes($_GET['id']); //id :D
if(!$id){ //check if it is there
print "<b>Error</b>: No ID Selected."; //it aint D:
}else{ //it is :D
$check = mysql_query("SELECT * FROM `user_shop_items` WHERE `id` = '$id';"); //check with database
$array = mysql_fetch_array($check); //array info
if(mysql_num_rows($check) == 0){ //not there :O
print "<b>Error</b>: Invalid ID Selected."; //tell em it aint there
}else{ //or is it?!?!?!?!
if($array['owner'] != $logged['username']){ //not yours!!!!
print "<b>Error</b>: This is not Your Item."; //your bad!
}else{ //its theres ^^
print "Are you sure you wish to sell A(n) $array[name]?
<a href=\"inventory.php?page=sell&id=$id\">Yes</a> ||
<a href=\"inventory.php\">No</a>"; //are your sure?
}
}
}
break; //end page
case 'sell': //sell the item
$id = (int) addslashes($_GET['id']);
if(!$id){
print "<b>Error</b>: No ID Selected.";
}else{
$check = mysql_query("SELECT * FROM `user_shop_items` WHERE `id` = '$id';"); //check item
$array = mysql_fetch_array($check);
if(mysql_num_rows($check) == 0){
print "<b>Error</b>: Invalid ID Selected.";
}else{
if($array['owner'] != $logged['username']){ //aint theres
print "<b>Error</b>: This is not Your Item.";
}else{
if($array['quantity'] == 1){ //its there and thers only 1?
$orig_item_data = mysql_fetch_array(mysql_query("SELECT * FROM `shop_items` WHERE `name` = '$array[name]';")); //get original data and array it
$new_points = ($logged['points'] + $orig_item_data['price']);
$update_user_points = mysql_query("UPDATE `members` SERT `points` = '$new_points' WHERE `username` = '$logged[username]';"); //you can have your points back
$del_item_from_table = mysql_query("DELETE FROM `user_shop_items` WHERE `id` = '$id';"); //adios!
print "Item Sold!";
}else{ //more then one!!!
$orig_item_data = mysql_fetch_array(mysql_query("SELECT * FROM `shop_items` WHERE `name` = '$array[name]';"));
$new_points = ($logged['points'] + $orig_item_data[price]);
$update_user_points = mysql_query("UPDATE `members` SERT `points` = '$new_points' WHERE `username` = '$logged[username]';");
$new_quantity = ($array['quantity'] - 1);
$update_item_info = mysql_query("UPDATE `user_shop_items` SET `quantity` = '$new_quantity' WHERE `id` = '$id';"); //update quantity
print "Item Sold!";
}
}
}
}
break;
}
}
?>