-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathbuytool.php
68 lines (57 loc) · 2.65 KB
/
buytool.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
<?php
ob_start();
session_start();
error_reporting();
date_default_timezone_set('UTC');
if(!isset($_SESSION['sname']) and !isset($_SESSION['spass'])){
header("location: ../");
exit();
}
include "includes/config.php";
?>
<?php
$date = date("Y-m-d H:i:s");
$uid = mysqli_real_escape_string($dbcon, $_GET['id']);
$tbl = mysqli_real_escape_string($dbcon, $_GET['t']);
$qqs = @mysqli_query($dbcon, "SELECT * FROM $tbl WHERE id='$uid'") or die();
$rows = mysqli_fetch_assoc($qqs);
$price = mysqli_real_escape_string($dbcon, $rows['price']);
$type = mysqli_real_escape_string($dbcon, $rows['acctype']);
$fb = mysqli_real_escape_string($dbcon, $rows['country']);
$infos = mysqli_real_escape_string($dbcon, $rows['infos']);
$url = mysqli_real_escape_string($dbcon, $rows['url']);
$login = mysqli_real_escape_string($dbcon, $rows['login']);
$pa = mysqli_real_escape_string($dbcon, $rows['pass']);
$sid = mysqli_real_escape_string($dbcon, $rows['id']);
$resseller = mysqli_real_escape_string($dbcon, $rows['resseller']);
$usrid = mysqli_real_escape_string($dbcon, $_SESSION['sname']);
$qqs2 = @mysqli_query($dbcon, "SELECT * FROM users WHERE username='$usrid'") or die();
$rows2 = mysqli_fetch_assoc($qqs2);
$balance = $rows2['balance'];
$ipur = $rows2['ipurchassed'];
if($balance >= $price){
$newb = $balance - $price;
$newb2 = mysqli_real_escape_string($dbcon, $newb);
$re = mysqli_query($dbcon, "SELECT sold FROM $tbl WHERE id='$uid'");
$ree = mysqli_fetch_assoc($re);
if($ree['sold'] == '0'){
$npur = $ipur + 1 ;
mysqli_query($dbcon, "UPDATE $tbl SET sold='1', sto='$usrid', dateofsold='$date', resseller='$resseller' WHERE id='$uid'");
mysqli_query($dbcon, "UPDATE users SET balance='$newb2' WHERE username='$usrid'");
mysqli_query($dbcon, "UPDATE users SET ipurchassed='$npur' WHERE username='$usrid'");
mysqli_query($dbcon, "INSERT INTO purchases
(s_id,buyer,date,type,country,infos,url,login,pass,price,resseller,reported,reportid)
VALUES
('$sid','$usrid','$date','$type','$fb','$infos','$url','$login','$pa','$price','$resseller','',null)
");
$last_id = mysqli_insert_id($dbcon);
$b = $price;
mysqli_query($dbcon, "UPDATE resseller SET allsales=(allsales + $b),soldb=(soldb + $b) WHERE username='$resseller'");
echo '<button onclick="openitem('.$last_id.')" class="btn btn-primary btn-xs"> Order #'.$last_id.'</button>';
}else{
echo 'Already sold / Deleted.' ;
}
}else{
echo 'Please top-up your balance to buy.' ;
}
?>