API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 6th, 2018
74
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 21.00 KB | None | 0 0
raw download clone embed print report
  1. <link rel="stylesheet" type="text/css" href="http://bloxtopia.stellermultimedia.com/css/unstyled.css">
  2. <?php
  3. //die("hi does this work");
  4. session_start();
  5. require("include/conn.php");
  6. include "include/wl.php";
  7.  
  8. $cid = intval($_GET['id']);
  9. $type = $_GET['type'];
  10.  
  11. if ($type != "hat") {
  12. if ($type != 'tshirt') {
  13. if ($type != 'pants') {
  14. if ($type != 'shirt') {
  15. die ("Invalid type");
  16. }
  17. }
  18. }
  19. }
  20.  
  21. if ($type == "hat") {
  22. $conn = $connect;
  23.  
  24. $itemnumq = $conn->query("SELECT id FROM catalog ORDER BY id ASC") or die("query failed");
  25. $itemnumr = $conn->fetch_row;
  26. $itemnum = intval($itemnum[0]);
  27.  
  28.  
  29. if ($itemnum > $cid) {
  30. die ("Invalid Item: debugging stuff itemnum < $cid");
  31. }
  32.  
  33. if ($cid < 1) {
  34. die ('Not a valid ID.');
  35. }
  36.  
  37. if (!$_SESSION['username']) {
  38. die ('<h1>You are not logged in!</h1>');
  39. } else {
  40. $username = $_SESSION['username'];
  41. echo "<h2>Welcome back, ". $username ."!</h2>";
  42. }
  43. $stmt = $conn->prepare("SELECT price,name,creator,creatorid,islimited,serials,isforsale,sales FROM catalog WHERE id = ?") or die("Critical Error: Couldn't get catalog items. Error log: ". mysqli_error($conn));
  44. $stmt->bind_param("i",$cid);
  45. $stmt->execute();
  46. $stmt->bind_result($price,$name,$creatorname,$creatorid,$islimited,$serials,$isforsale,$sales);
  47. $stmt->fetch();
  48. $stmt->close();
  49.  
  50. $name = mysqli_real_escape_string($connect, $name);
  51.  
  52. if ($islimited && $sales >= $serials) {
  53. die ("This item has sold out!");
  54. }
  55.  
  56. //$catalogq = $conn->query("SELECT * FROM catalog WHERE id = '$cid'") or die("Critical Error: Couldn't get catalog items.");
  57. //$catalogdetails = $conn->fetch_assoc($catalogq);
  58. //var_dump($catalogdetails);
  59.  
  60. $stmt = $conn->prepare("SELECT id,robux FROM users WHERE username = ?") or die("Critical Error: Couldn't get user details.");
  61. $stmt->bind_param("s",$username);
  62. $stmt->execute();
  63. $stmt->bind_result($uid,$utokens);
  64. $stmt->fetch();
  65. $stmt->close();
  66.  
  67. //$userdetails = mysqli_fetch_assoc($userq);
  68. $rq = $conn->query("SELECT * FROM users WHERE id = '$creatorid'") or die("Critical Error: Couldn't get Seller details.");
  69. $rdetails = $rq->fetch_assoc();
  70.  
  71. $checkq = mysqli_query($conn, "SELECT * FROM owneditems WHERE playerid=$uid AND itemid=$cid AND type='hat'");
  72. $check = mysqli_num_rows($checkq);
  73.  
  74. if ($check != 0) {
  75. die("You already own this item");
  76. }
  77.  
  78. //$utokens = $userdetails['robux'];
  79. //$utix = $userdetails['tix'];
  80. /*
  81. $currency = $catalogdetails['currency'];
  82. $name = $catalogdetails['name'];
  83. $price = $catalogdetails['price'];
  84. */
  85. //$uid = $userdetails['id'];
  86. //$creatorname = $catalogdetails['creatorname'];
  87. //$creatorid = $catalogdetails['creatorid'];
  88.  
  89. if ($isforsale == 0) {
  90. $message = "Attempt to purchase not-for-sale item.";
  91. discord($message, $username. " (Moderation)");
  92. die ("This item is currently not for sale.");
  93. }
  94.  
  95. if ($utokens < $price) {
  96. die ("You have not enough robux to buy this item.");
  97. } else {
  98. ?>
  99. <html>
  100. <head>
  101.  
  102. </head>
  103. <body>
  104. <br>
  105. <br>
  106. <center>
  107. <form method='POST'>
  108. <h1>Are you sure you want to buy <?php echo $name ?> for <?php echo $price ?> Robux?</h1><br>
  109. <input type='submit' name='yes' value='Yes'>
  110. <input type='submit' name='no' value='No'>
  111. </form>
  112. </center>
  113. <?php
  114. $yes = $_POST['yes'];
  115. $no = $_POST['no'];
  116. $nextvalue = $utokens - $price;
  117. $rtokens100percent = $rdetails['robux'] + $price;
  118.  
  119. $rtokens = $rdetails['robux'] + round($price * 0.7);
  120. //DEBUG STUFF
  121. //echo "your ID is:",$uid;
  122. //echo "Your robux will be:", $nextvalue;
  123. //echo "<br>Roblox's Robux will be:", $rtokens;
  124.  
  125. if ($no) {
  126. echo "<meta http-equiv='refresh' content='0; url=index.php'/>";
  127. }
  128. if ($yes) {
  129. $stmt = $conn->prepare("UPDATE `users` SET `robux` = ? WHERE `id` = ?") or die("Something went wrong while purchasing.");
  130. $stmt->bind_param("ii",$nextvalue,$uid);
  131. $stmt->execute();
  132. if ($stmt->error)
  133. {
  134. die("Something went wrong while purchasing.");
  135. }
  136. $stmt->close();
  137.  
  138. $stmt = $conn->prepare("INSERT INTO `bt`.`owneditems` (
  139. `id` ,
  140. `itemid` ,
  141. `playerid` ,
  142. `itemname` ,
  143. `itemcreatorid` ,
  144. `itemcreatorname`,
  145. `type`
  146. )
  147. VALUES (
  148. NULL , '$cid', '$uid', '$name', '$creatorid', '$creatorname', 'hat'
  149. );") or die("Something went wrong while adding the item to your inventory. Error log:". mysqli_error($conn));
  150.  
  151. //$stmt->bind_param("iisis",$cid,$uid,$name,$creatorid,$creatorname);
  152. $stmt->execute();
  153. if ($stmt->error)
  154. {
  155. die("Something went wrong while adding the item to your inventory.");
  156. }
  157.  
  158. $stmt->close();
  159. $newsales = $sales + 1;
  160. $stmt = $conn->prepare("UPDATE `catalog` SET `sales` = ? WHERE `id` = $cid;") or die("Something went wrong while updating sales.");
  161. $stmt->bind_param("i",$newsales);
  162. $stmt->execute();
  163. if ($stmt->error)
  164. {
  165. die("Something went wrong while updating sales.");
  166. }
  167.  
  168. $stmt = $conn->prepare("UPDATE `users` SET `robux` = ? WHERE `id` = $creatorid;") or die("Something went wrong while transferring Tokens to seller.");
  169. $stmt->bind_param("i",$rtokens);
  170. $stmt->execute();
  171. if ($stmt->error)
  172. {
  173. die("Something went wrong while transferring robux to seller.");
  174. }
  175. $stmt->close();
  176. $message = "Bought item: ". $name . " for ". $price . " robux.";
  177. $username = $_SESSION['username'];
  178. discord($message, $username. " (Moderation)");
  179. header ("Location: /item.php?id=". $cid);
  180. }
  181. }
  182. } else if ($type == "tshirt") {
  183. // T-SHIRT START
  184. // T-SHIRT START
  185. // T-SHIRT START
  186. // T-SHIRT START
  187. // T-SHIRT START
  188. // T-SHIRT START
  189. // T-SHIRT START
  190. // T-SHIRT START
  191. // T-SHIRT START
  192. // T-SHIRT START
  193. // T-SHIRT START
  194. // T-SHIRT START
  195. // T-SHIRT START
  196. // T-SHIRT START
  197. // T-SHIRT START
  198. // T-SHIRT START
  199. // T-SHIRT START
  200. // T-SHIRT START
  201. // T-SHIRT START
  202. // T-SHIRT START
  203. // T-SHIRT START
  204. // T-SHIRT START
  205.  
  206. $servername = "stellermultimedia.com";
  207. $susername = "r07";
  208. $password = "KWcOolvALAfya";
  209. $dbname = "bt";
  210.  
  211. $conn = new mysqli($servername, $susername, $password, $dbname) or die("Couldn't connect to database");
  212. //$conn->query("UPDATE users SET robux='42' WHERE id=36"); // FOR TEST USE ONLY
  213.  
  214.  
  215. $cid = intval($_GET['id']);
  216.  
  217. $itemnumq = $conn->query("SELECT id FROM tshirts ORDER BY id DESC") or die("query failed");
  218. $itemnumr = mysqli_fetch_row($itemnumq);
  219. $itemnum = intval($itemnumr[0]);
  220.  
  221.  
  222. if ($itemnum < $cid) {
  223. die ("Invalid Item ($itemnum > $cid)");
  224. }
  225.  
  226. if ($cid < 1) {
  227. die ('Not a valid ID.');
  228. }
  229.  
  230. if (!$_SESSION['username']) {
  231. die ('<h1>You are not logged in!</h1>');
  232. } else {
  233. $username = $_SESSION['username'];
  234. echo "<h2>Welcome back, ". $username ."!</h2>";
  235. }
  236. $stmt = $conn->prepare("SELECT price,name,creatorname,creatorid,sales FROM tshirts WHERE id = ?") or die("Critical Error: Couldn't get catalog items.");
  237. $stmt->bind_param("i",$cid);
  238. $stmt->execute();
  239. $stmt->bind_result($price,$name,$creatorname,$creatorid, $sales);
  240. $stmt->fetch();
  241. $stmt->close();
  242.  
  243. //$catalogq = $conn->query("SELECT * FROM catalog WHERE id = '$cid'") or die("Critical Error: Couldn't get catalog items.");
  244. //$catalogdetails = $conn->fetch_assoc($catalogq);
  245. //var_dump($catalogdetails);
  246.  
  247. $stmt = $conn->prepare("SELECT id,tickets FROM users WHERE username = ?") or die("Critical Error: Couldn't get user details.");
  248. $stmt->bind_param("s",$username);
  249. $stmt->execute();
  250. $stmt->bind_result($uid,$utokens);
  251. $stmt->fetch();
  252. $stmt->close();
  253.  
  254. //$userdetails = mysqli_fetch_assoc($userq);
  255.  
  256. $rq = $conn->query("SELECT * FROM users WHERE id = '$creatorid'") or die("Critical Error: Couldn't get creator user details.");
  257. $rdetails = $rq->fetch_assoc();
  258.  
  259. //$urobux = $userdetails['robux'];
  260. //$utix = $userdetails['tix'];
  261. /*
  262. $currency = $catalogdetails['currency'];
  263. $name = $catalogdetails['name'];
  264. $price = $catalogdetails['price'];
  265. */
  266. //$uid = $userdetails['id'];
  267. //$creatorname = $catalogdetails['creatorname'];
  268. //$creatorid = $catalogdetails['creatorid'];
  269.  
  270. $checkq = mysqli_query($conn, "SELECT * FROM owneditems WHERE playerid=$uid AND itemid=$cid AND type='tshirt'");
  271. $check = mysqli_num_rows($checkq);
  272.  
  273. if ($check != 0) {
  274. die("You already own this item");
  275. }
  276.  
  277. if ($utokens < $price) {
  278. die ("You have not enough Tickets to buy this item.");
  279. } else {
  280. ?>
  281.  
  282. <br>
  283. <br>
  284. <center>
  285. <form method='POST'>
  286. <h1>Are you sure you want to buy <?php echo $name ?> for <?php echo $price ?> Tickets?</h1><br>
  287. <input type='submit' name='yes' value='Yes'>
  288. <input type='submit' name='no' value='No'>
  289. </form>
  290. </center>
  291. <?php
  292. $yes = $_POST['yes'];
  293. $no = $_POST['no'];
  294. $nextvalue = $utokens - $price;
  295. $rtokens = $rdetails['robux'] + $price;
  296. //DEBUG STUFF
  297. //echo "your ID is:",$uid;
  298. //echo "Your robux will be:", $nextvalue;
  299. //echo "<br>Roblox's Robux will be:", $rtokens;
  300.  
  301. if ($no) {
  302. echo "<meta http-equiv='refresh' content='0; url=cancel.php'/>";
  303. }
  304. if ($yes) {
  305. $stmt = $conn->prepare("UPDATE `users` SET `tickets` = ? WHERE `id` = ?") or die("Something went wrong while purchasing.");
  306. $stmt->bind_param("ii",$nextvalue,$uid);
  307. $stmt->execute();
  308. if ($stmt->error)
  309. {
  310. die("Something went wrong while purchasing.");
  311. }
  312. $stmt->close();
  313.  
  314. $stmt = $conn->prepare("INSERT INTO `bt`.`owneditems` (
  315. `id` ,
  316. `itemid` ,
  317. `playerid` ,
  318. `itemname` ,
  319. `itemcreatorid` ,
  320. `itemcreatorname`,
  321. `type`
  322. )
  323. VALUES (
  324. NULL , '$cid', '$uid', '$name', '$creatorid', '$creatorname', 'tshirt'
  325. );") or die("Something went wrong while adding the item to your inventory: ". mysqli_error($conn));
  326.  
  327. //$stmt->bind_param("iisis",$cid,$uid,$name,$creatorid,$creatorname);
  328. $stmt->execute();
  329. if ($stmt->error)
  330. {
  331. die("Something went wrong while adding the item to your inventory: ". mysqli_error($conn));
  332. }
  333.  
  334. $stmt->close();
  335. $stmt = $conn->prepare("UPDATE `users` SET `tickets` = ? WHERE `id` = $creatorid;") or die("Something went wrong while transferring robux.");
  336. $stmt->bind_param("i",$rtokens);
  337. $stmt->execute();
  338. if ($stmt->error)
  339. {
  340. die("Something went wrong while transferring robux.");
  341. }
  342. $stmt->close();
  343. $newsales = $sales + 1;
  344. $stmt = $conn->prepare("UPDATE `tshirts` SET `sales` = ? WHERE `id` = $cid;") or die("Something went wrong while upd00tings sales.");
  345. $stmt->bind_param("i",$newsales);
  346. $stmt->execute();
  347. if ($stmt->error)
  348. {
  349. die("Something went wrong while updating sales.");
  350. }
  351. $message = "Bought t-shirt: ". $name . " for ". $price . " tickets.";
  352. $username = $_SESSION['username'];
  353. discord($message, $username. " (Moderation)");
  354. echo "<meta http-equiv='refresh' content='0; url=http://bloxtopia.stellermultimedia.com/tshirt.php?id=$cid'/>";
  355. }
  356. }
  357. } else if ($type == "shirt") {
  358. // SHIRT START
  359. // SHIRT START
  360. // SHIRT START
  361. // SHIRT START
  362. // SHIRT START
  363. // SHIRT START
  364. // SHIRT START
  365. // SHIRT START
  366. // SHIRT START
  367. // SHIRT START
  368. // SHIRT START
  369. // SHIRT START
  370. // SHIRT START
  371. // SHIRT START
  372. // SHIRT START
  373. // SHIRT START
  374. // SHIRT START
  375. // SHIRT START
  376. // SHIRT START
  377. // SHIRT START
  378. // SHIRT START
  379.  
  380.  
  381. $servername = "stellermultimedia.com";
  382. $susername = "r07";
  383. $password = "KWcOolvALAfya";
  384. $dbname = "bt";
  385.  
  386. $conn = new mysqli($servername, $susername, $password, $dbname) or die("Couldn't connect to database");
  387. //$conn->query("UPDATE users SET robux='42' WHERE id=36"); // FOR TEST USE ONLY
  388.  
  389.  
  390. $cid = intval($_GET['id']);
  391.  
  392. $itemnumq = $conn->query("SELECT id FROM shirts ORDER BY id DESC") or die("query failed");
  393. $itemnumr = mysqli_fetch_row($itemnumq);
  394. $itemnum = intval($itemnumr[0]);
  395.  
  396.  
  397. if ($itemnum < $cid) {
  398. die ("Invalid Item ($itemnum > $cid)");
  399. }
  400.  
  401. if ($cid < 1) {
  402. die ('Not a valid ID.');
  403. }
  404.  
  405. if (!$_SESSION['username']) {
  406. die ('<h1>You are not logged in!</h1>');
  407. } else {
  408. $username = $_SESSION['username'];
  409. echo "<h2>Welcome back, ". $username ."!</h2>";
  410. }
  411. $stmt = $conn->prepare("SELECT price,name,creatorname,creatorid,sales FROM shirts WHERE id = ?") or die("Critical Error: Couldn't get catalog items.");
  412. $stmt->bind_param("i",$cid);
  413. $stmt->execute();
  414. $stmt->bind_result($price,$name,$creatorname,$creatorid, $sales);
  415. $stmt->fetch();
  416. $stmt->close();
  417.  
  418. //$catalogq = $conn->query("SELECT * FROM catalog WHERE id = '$cid'") or die("Critical Error: Couldn't get catalog items.");
  419. //$catalogdetails = $conn->fetch_assoc($catalogq);
  420. //var_dump($catalogdetails);
  421.  
  422. $stmt = $conn->prepare("SELECT id,tickets FROM users WHERE username = ?") or die("Critical Error: Couldn't get user details.");
  423. $stmt->bind_param("s",$username);
  424. $stmt->execute();
  425. $stmt->bind_result($uid,$utokens);
  426. $stmt->fetch();
  427. $stmt->close();
  428.  
  429. //$userdetails = mysqli_fetch_assoc($userq);
  430.  
  431. $rq = $conn->query("SELECT * FROM users WHERE id = '$creatorid'") or die("Critical Error: Couldn't get creator user details.");
  432. $rdetails = $rq->fetch_assoc();
  433.  
  434. //$urobux = $userdetails['robux'];
  435. //$utix = $userdetails['tix'];
  436. /*
  437. $currency = $catalogdetails['currency'];
  438. $name = $catalogdetails['name'];
  439. $price = $catalogdetails['price'];
  440. */
  441. //$uid = $userdetails['id'];
  442. //$creatorname = $catalogdetails['creatorname'];
  443. //$creatorid = $catalogdetails['creatorid'];
  444.  
  445. $checkq = mysqli_query($conn, "SELECT * FROM owneditems WHERE playerid=$uid AND itemid=$cid AND type='shirt'");
  446. $check = mysqli_num_rows($checkq);
  447.  
  448. if ($check != 0) {
  449. die("You already own this item");
  450. }
  451.  
  452. if ($utokens < $price) {
  453. die ("You have not enough Tickets to buy this item.");
  454. } else {
  455. ?>
  456.  
  457. <br>
  458. <br>
  459. <center>
  460. <form method='POST'>
  461. <h1>Are you sure you want to buy <?php echo $name ?> for <?php echo $price ?> Tickets?</h1><br>
  462. <input type='submit' name='yes' value='Yes'>
  463. <input type='submit' name='no' value='No'>
  464. </form>
  465. </center>
  466. <?php
  467. $yes = $_POST['yes'];
  468. $no = $_POST['no'];
  469. $nextvalue = $utokens - $price;
  470. $rtokens = $rdetails['robux'] + $price;
  471. //DEBUG STUFF
  472. //echo "your ID is:",$uid;
  473. //echo "Your robux will be:", $nextvalue;
  474. //echo "<br>Roblox's Robux will be:", $rtokens;
  475.  
  476. if ($no) {
  477. echo "<meta http-equiv='refresh' content='0; url=cancel.php'/>";
  478. }
  479. if ($yes) {
  480. $stmt = $conn->prepare("UPDATE `users` SET `tickets` = ? WHERE `id` = ?") or die("Something went wrong while purchasing.");
  481. $stmt->bind_param("ii",$nextvalue,$uid);
  482. $stmt->execute();
  483. if ($stmt->error)
  484. {
  485. die("Something went wrong while purchasing.");
  486. }
  487. $stmt->close();
  488.  
  489. $stmt = $conn->prepare("INSERT INTO `bt`.`owneditems` (
  490. `id` ,
  491. `itemid` ,
  492. `playerid` ,
  493. `itemname` ,
  494. `itemcreatorid` ,
  495. `itemcreatorname`,
  496. `type`
  497. )
  498. VALUES (
  499. NULL , '$cid', '$uid', '$name', '$creatorid', '$creatorname', 'shirt'
  500. );") or die("Something went wrong while adding the item to your inventory: ". mysqli_error($conn));
  501.  
  502. //$stmt->bind_param("iisis",$cid,$uid,$name,$creatorid,$creatorname);
  503. $stmt->execute();
  504. if ($stmt->error)
  505. {
  506. die("Something went wrong while adding the item to your inventory: ". mysqli_error($conn));
  507. }
  508.  
  509. $stmt->close();
  510. $stmt = $conn->prepare("UPDATE `users` SET `tickets` = ? WHERE `id` = $creatorid;") or die("Something went wrong while transferring robux.");
  511. $stmt->bind_param("i",$rtokens);
  512. $stmt->execute();
  513. if ($stmt->error)
  514. {
  515. die("Something went wrong while transferring robux.");
  516. }
  517. $stmt->close();
  518. $newsales = $sales + 1;
  519. $stmt = $conn->prepare("UPDATE `shirts` SET `sales` = ? WHERE `id` = $cid;") or die("Something went wrong while upd00tings sales.");
  520. $stmt->bind_param("i",$newsales);
  521. $stmt->execute();
  522. if ($stmt->error)
  523. {
  524. die("Something went wrong while updating sales.");
  525. }
  526. $message = "Bought shirt: ". $name . " for ". $price . " tickets.";
  527. $username = $_SESSION['username'];
  528. discord($message, $username. " (Moderation)");
  529. echo "<meta http-equiv='refresh' content='0; url=http://bloxtopia.stellermultimedia.com/tshirt.php?id=$cid'/>";
  530. }
  531. }
  532. } else if ($type == "pants") {
  533. // PANTS START
  534. // PANTS START
  535. // PANTS START
  536. // PANTS START
  537. // PANTS START
  538. // PANTS START
  539. // PANTS START
  540. // PANTS START
  541. // PANTS START
  542. // PANTS START
  543. // PANTS START
  544. // PANTS START
  545. // PANTS START
  546. // PANTS START
  547. // PANTS START
  548. // PANTS START
  549. // PANTS START
  550. // PANTS START
  551. // PANTS START
  552. // PANTS START
  553. // PANTS START
  554.  
  555. $servername = "stellermultimedia.com";
  556. $susername = "r07";
  557. $password = "KWcOolvALAfya";
  558. $dbname = "bt";
  559.  
  560. $conn = new mysqli($servername, $susername, $password, $dbname) or die("Couldn't connect to database");
  561. //$conn->query("UPDATE users SET robux='42' WHERE id=36"); // FOR TEST USE ONLY
  562.  
  563.  
  564. $cid = intval($_GET['id']);
  565.  
  566. $itemnumq = $conn->query("SELECT id FROM pants ORDER BY id DESC") or die("query failed");
  567. $itemnumr = mysqli_fetch_row($itemnumq);
  568. $itemnum = intval($itemnumr[0]);
  569.  
  570.  
  571. if ($itemnum < $cid) {
  572. die ("Invalid Item ($itemnum > $cid)");
  573. }
  574.  
  575. if ($cid < 1) {
  576. die ('Not a valid ID.');
  577. }
  578.  
  579. if (!$_SESSION['username']) {
  580. die ('<h1>You are not logged in!</h1>');
  581. } else {
  582. $username = $_SESSION['username'];
  583. echo "<h2>Welcome back, ". $username ."!</h2>";
  584. }
  585. $stmt = $conn->prepare("SELECT price,name,creatorname,creatorid,sales FROM pants WHERE id = ?") or die("Critical Error: Couldn't get catalog items.");
  586. $stmt->bind_param("i",$cid);
  587. $stmt->execute();
  588. $stmt->bind_result($price,$name,$creatorname,$creatorid, $sales);
  589. $stmt->fetch();
  590. $stmt->close();
  591.  
  592. //$catalogq = $conn->query("SELECT * FROM catalog WHERE id = '$cid'") or die("Critical Error: Couldn't get catalog items.");
  593. //$catalogdetails = $conn->fetch_assoc($catalogq);
  594. //var_dump($catalogdetails);
  595.  
  596. $stmt = $conn->prepare("SELECT id,tickets FROM users WHERE username = ?") or die("Critical Error: Couldn't get user details.");
  597. $stmt->bind_param("s",$username);
  598. $stmt->execute();
  599. $stmt->bind_result($uid,$utokens);
  600. $stmt->fetch();
  601. $stmt->close();
  602.  
  603. //$userdetails = mysqli_fetch_assoc($userq);
  604.  
  605. $rq = $conn->query("SELECT * FROM users WHERE id = '$creatorid'") or die("Critical Error: Couldn't get creator user details.");
  606. $rdetails = $rq->fetch_assoc();
  607.  
  608. //$urobux = $userdetails['robux'];
  609. //$utix = $userdetails['tix'];
  610. /*
  611. $currency = $catalogdetails['currency'];
  612. $name = $catalogdetails['name'];
  613. $price = $catalogdetails['price'];
  614. */
  615. //$uid = $userdetails['id'];
  616. //$creatorname = $catalogdetails['creatorname'];
  617. //$creatorid = $catalogdetails['creatorid'];
  618.  
  619. $checkq = mysqli_query($conn, "SELECT * FROM owneditems WHERE playerid=$uid AND itemid=$cid AND type='pants'");
  620. $check = mysqli_num_rows($checkq);
  621.  
  622. if ($check != 0) {
  623. die("You already own this item");
  624. }
  625.  
  626. if ($utokens < $price) {
  627. die ("You have not enough Tickets to buy this item.");
  628. } else {
  629. ?>
  630.  
  631. <br>
  632. <br>
  633. <center>
  634. <form method='POST'>
  635. <h1>Are you sure you want to buy <?php echo $name ?> for <?php echo $price ?> Tickets?</h1><br>
  636. <input type='submit' name='yes' value='Yes'>
  637. <input type='submit' name='no' value='No'>
  638. </form>
  639. </center>
  640. <?php
  641. $yes = $_POST['yes'];
  642. $no = $_POST['no'];
  643. $nextvalue = $utokens - $price;
  644. $rtokens = $rdetails['pants'] + $price;
  645. //DEBUG STUFF
  646. //echo "your ID is:",$uid;
  647. //echo "Your robux will be:", $nextvalue;
  648. //echo "<br>Roblox's Robux will be:", $rtokens;
  649.  
  650. if ($no) {
  651. echo "<meta http-equiv='refresh' content='0; url=cancel.php'/>";
  652. }
  653. if ($yes) {
  654. $stmt = $conn->prepare("UPDATE `users` SET `tickets` = ? WHERE `id` = ?") or die("Something went wrong while purchasing.");
  655. $stmt->bind_param("ii",$nextvalue,$uid);
  656. $stmt->execute();
  657. if ($stmt->error)
  658. {
  659. die("Something went wrong while purchasing.");
  660. }
  661. $stmt->close();
  662.  
  663. $stmt = $conn->prepare("INSERT INTO `bt`.`owneditems` (
  664. `id` ,
  665. `itemid` ,
  666. `playerid` ,
  667. `itemname` ,
  668. `itemcreatorid` ,
  669. `itemcreatorname`,
  670. `type`
  671. )
  672. VALUES (
  673. NULL , '$cid', '$uid', '$name', '$creatorid', '$creatorname', 'pants'
  674. );") or die("Something went wrong while adding the item to your inventory: ". mysqli_error($conn));
  675.  
  676. //$stmt->bind_param("iisis",$cid,$uid,$name,$creatorid,$creatorname);
  677. $stmt->execute();
  678. if ($stmt->error)
  679. {
  680. die("Something went wrong while adding the item to your inventory: ". mysqli_error($conn));
  681. }
  682.  
  683. $stmt->close();
  684. $stmt = $conn->prepare("UPDATE `users` SET `tickets` = ? WHERE `id` = $creatorid;") or die("Something went wrong while transferring robux.");
  685. $stmt->bind_param("i",$rtokens);
  686. $stmt->execute();
  687. if ($stmt->error)
  688. {
  689. die("Something went wrong while transferring robux.");
  690. }
  691. $stmt->close();
  692. $newsales = $sales + 1;
  693. $stmt = $conn->prepare("UPDATE `pants` SET `sales` = ? WHERE `id` = $cid;") or die("Something went wrong while upd00tings sales.");
  694. $stmt->bind_param("i",$newsales);
  695. $stmt->execute();
  696. if ($stmt->error)
  697. {
  698. die("Something went wrong while updating sales.");
  699. }
  700. $message = "Bought pants: ". $name . " for ". $price . " tickets.";
  701. $username = $_SESSION['username'];
  702. discord($message, $username. " (Moderation)");
  703. echo "<meta http-equiv='refresh' content='0; url=http://bloxtopia.xyz/tshirt.php?id=$cid'/>";
  704. }
  705. }
  706. }
  707. ?>
  708. </body>
  709. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!