blob: 2094b22bc205e042ed35c2d65dca9c2b2bae6c2c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
<?php
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/config.php";
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/alert.php";
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/accounts.php";
if (!authorize_user(true)) {
generate_alert("/404.php", "Unauthorized", 401);
exit;
}
if ($_SERVER["REQUEST_METHOD"] != "POST") {
generate_alert("/404.php", "Method not allowed", 405);
exit;
}
if (!isset($_POST["id"])) {
generate_alert("/404.php", "Emote set ID is not provided");
exit;
}
$emote_set_id = $_POST["id"];
$user_id = $_SESSION["user_id"];
$db = new PDO(CONFIG['database']['url'], CONFIG['database']['user'], CONFIG['database']['pass']);
$stmt = $db->prepare("SELECT id FROM acquired_emote_sets WHERE emote_set_id = ? AND user_id = ?");
$stmt->execute([$emote_set_id, $user_id]);
if ($stmt->rowCount() == 0) {
generate_alert("/404.php", "You don't own emote set ID $emote_set_id", 403);
exit;
}
$_SESSION["user_active_emote_set_id"] = $emote_set_id;
header("Location: " . $_POST["redirect"] ?? "/");
|
