1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
<?php
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/config.php";
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/accounts.php";
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/alert.php";
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/utils.php";
if (!authorize_user(true)) {
return;
}
if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_emoteset_own"]) {
generate_alert("/404.php", "Not enough permissions", 403);
exit;
}
if (!isset($_POST["id"], $_POST["username"])) {
generate_alert("/emotesets/", "Not enough POST fields");
exit;
}
$db = new PDO(CONFIG['database']['url'], CONFIG['database']['user'], CONFIG['database']['pass']);
// checking emoteset
$emote_set_id = $_POST["id"];
$stmt = $db->prepare("SELECT id FROM emote_sets WHERE id = ? AND owner_id = ?");
$stmt->execute([$emote_set_id, $_SESSION['user_id']]);
if ($stmt->rowCount() == 0) {
generate_alert("/emotes", "Emoteset not found", 404);
exit;
}
$emote_set = $stmt->fetch(PDO::FETCH_ASSOC);
// get user by username
$user_name = $_POST['username'];
$stmt = $db->prepare("SELECT id FROM users WHERE username = ?");
$stmt->execute([$user_name]);
if ($stmt->rowCount() == 0) {
generate_alert("/404.php", "Username $user_name does not exist", 403);
exit;
}
$user_id = $stmt->fetch(PDO::FETCH_ASSOC)['id'];
// checking if user has already acquired emote set
$stmt = $db->prepare("SELECT id FROM acquired_emote_sets WHERE user_id = ? AND emote_set_id = ?");
$stmt->execute([$user_id, $emote_set_id]);
if ($stmt->rowCount() > 0) {
generate_alert("/404.php", "User $user_name has acquired this emoteset.", 409);
exit;
}
$db->prepare('INSERT INTO acquired_emote_sets(user_id, emote_set_id) VALUES (?, ?)')
->execute([$user_id, $emote_set_id]);
generate_alert("/emotesets/?id=$emote_set_id", "This emoteset has been acquired by $user_name.", 200);
|
