<?php
if (!eregi("modules.php", $PHP_SELF)){
  die (_accessdirectly);
}

if($submit == _requestxp)
{
	$details = addslashes(stripslashes($details));
	if(!ctype_digit($xp))
		$xp = 0;

	if(!ctype_digit($charid))
		die(_nocharacter);

	$query = "select userid from ".$prefix."_character_characters where charid = '$charid'";
	$result = sql_query($query,$dbi);
	$line = sql_fetch_array($result);
	if($userid != $line['userid'])
		die(_accessdenied);

	$query1 = "INSERT INTO ".$prefix."_character_xp (charid,xpdate,xp,details)"
	."VALUES('$charid',NOW(),'$xp','$details')";
	$result = sql_query($query1,$dbi);

}


$query = "select userid,xp from ".$prefix."_character_characters where charid = '$charid'";
$result = sql_query($query, $dbi);
$num = sql_num_rows($result);
if(!$num)
	die (_nocharacter);
$line = sql_fetch_array($result);

if($userid != $line['userid'])
	die(_accessdenied);
$experience = $line['xp'];
if($mode2 == "view" && isset($charid) && ctype_digit($charid) && isset($xpid) && ctype_digit($xpid))

{

	$query = "select id,charid,xpdate,xp,details,status,stxp,stcomments from ".$prefix."_character_xp where charid = '$charid' and id='$xpid'";
	$result = sql_query($query, $dbi) or die(_notresource);

	if(!sql_num_rows($result))
	{
		echo _xprequestnotfound;
	}
	else
	{

		$line = sql_fetch_array($result);
		echo date("F j, Y, g:i a T",strtotime($line[xpdate])).
		"<br> "._xprequested.": $line[xp]<br>
		"._details.": $line[details]<br>
		"._xpstatus.": ".constant("_".$line[status]);
		if($line['status'] == _resolved)
		{
			echo "<br>"._xpgiven.": $line[stxp]";
			echo "<br>"._stcomments.": $line[stcomments]";
		}
	}


}


else


{

	$query = "select id,charid,xpdate,xp,details,status,stxp from ".$prefix."_character_xp where charid = '$charid' order by xpdate desc limit 5";
	$result = sql_query($query, $dbi) or die(_notresource);


	if(!sql_num_rows($result))
	{
		echo _nopreviousrequest."<br><br>";
	}
	else
	{


		echo "<table width=400><tr>
		<th>"._date."</th><th>"._xp."</th><th>"._status."</th></tr>";
		while($line = sql_fetch_array($result))
		{
		echo "<tr><td align =\"left\"><a href=\"modules.php?name=$module_name&mode=requestxp&mode2=view&charid=$charid&xpid=$line[id]\">$line[xpdate]</a></td><td align=\"center\">";
		if($line['status'] == _pending)
			echo $line['xp']."</td><td align = \"center\">"._pending;
		else
			echo "<b>".$line['stxp']."</b></td><td align = \"center\"><b>"._resolved."</b>";
		echo "</td></tr>";
		}

		echo "</table><br><br>";
	}

	echo "<b>"._unspentxp.": $experience</b><br><br>";
	echo"<div align=left><form action=\"modules.php?name=$module_name&mode=requestxp\" method=\"post\">";

	echo _xprequestfor." ";

	$currentseconds = mktime();
	$dayofweek = date("w");

	$beginningweekseconds = strtotime("now -".($dayofweek + 7)."days");
	$beginningweekseconds = strtotime(date("Y-m-d 00:00:00",$beginningweekseconds));

	$currentweekseconds = strtotime("now -".($dayofweek + 1)."days");
	$currentweekseconds = strtotime(date("Y-m-d 00:00:00",$currentweekseconds));
	$beginningtimestamp = date("Y-m-d H:i:s",$beginningweekseconds);
	$currenttimestamp = date("Y-m-d H:i:s",$currentweekseconds);

	echo date("l F d, Y", $beginningweekseconds)." - ".date("l F d, Y", $currentweekseconds)."<br><br>";

	//echo $beginningtimestamp." - ".$currenttimestamp."<br>";

	echo
	"
	<input type=\"hidden\" name = \"charid\" value=\"$charid\">
	"._xprequested.": ".make_selectbox_num("xp","",1,6)
	."<br>
	<b>"._detailsoptional.":</b><br>
	<textarea cols=\"100\" rows=\"8\" name=\"details\">$details</textarea><br><br>
	";

	echo "
	<p><input type=\"submit\" name=\"submit\" value=\""._requestxp."\"></form></div>";
}
?>