Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?PHP
- session_start();
- include("config.php");
- if($_SESSION['badgeshop']) {
- $badgeid = mysql_real_escape_string(strip_tags($_GET['id']));
- $b1 = mysql_query("SELECT * FROM badgeshop WHERE id='$badgeid'");
- while($badgerow = mysql_fetch_assoc($b1)){
- $price = $badgerow['price'];
- $badgecode = $badgerow['badgecode'];
- }
- $getuserinfo = mysql_query("SELECT * FROM users WHERE username='".$_SESSION['badgeshop']."'");
- while($userrow = mysql_fetch_assoc($getuserinfo)) {
- $coins = $userrow['credits'];
- $userid = $userrow['id'];
- }
- $getting = mysql_query("SELECT * FROM user_badges WHERE user_id='$userid' AND badge_id='$badgecode'");
- $numming = mysql_num_rows($getting);
- $existing = mysql_num_rows($b1);
- if($existing!=0){
- if($numming==0){
- if($coins<$price){
- header("Location: index.php?error=4");
- }
- else
- $credits = mysql_query("UPDATE users SET credits = credits - $price WHERE id='$userid'");
- $sql = "INSERT INTO user_badges VALUES('$userid','$badgecode','0')";
- $badge = mysql_query($sql);
- header("Location: index.php?success=1");
- }
- else
- header("Location: index.php?error=2");
- }
- else
- header("Location: index.php?error=5");
- }
- else
- header("Location: index.php?error=6");
- ?>
Add Comment
Please, Sign In to add comment