purchasetheme.pl
Copying Source is Forbidden
98 lines of code
1
#!/usr/local/bin/perl
2
3
# must have's!
4
use strict;
5
use warnings;
6
use CGI::Carp qw(fatalsToBrowser);
7
use DBI;
8
use URI::Escape;
9
10
use lib "/var/www/html/Pm";
11
12
use Html qw(header pre_html_header);
13
use Redir qw(notice_redir error_redir);
14
use User qw(get_user_stat isUserSubscriber $USER_DATA);
15
use Bc_chef qw(cookie_get);
16
use Bc_misc qw(get_param referrer);
17
use Bc_sql qw(
18
get_constant
19
sql_execute
20
user_exists
21
$QUERY_PAGE
22
$QUERY_UID
23
$LOGGEDIN
24
25
$DB
26
);
27
28
use Security qw(banned);
29
30
31
my $DEBUG = 0;
32
if (not user_exists($LOGGEDIN) or banned($LOGGEDIN)) {
33
my $msg = "Access Denied";
34
if ($DEBUG) { $msg .= " (purchasetheme.pl)"; }
35
print error_redir("/", $msg);
36
37
exit 1;
38
}
39
40
my $tid = get_param("tid");
41
42
my $coinSql = "select * from coins where ID=" . $DB->quote($LOGGEDIN);
43
my $coinsRef = sql_execute($coinSql, "purchasetheme.pl");
44
my $coins = 0;
45
46
if (ref $coinsRef eq "HASH") { $coins = $coinsRef->{points}; }
47
48
my $themeSql = "select ID from themes where ID=" . $DB->quote($tid);
49
my $theme = sql_execute($themeSql, "purchasetheme.pl");
50
51
############
52
my $output = ""; # header("Purchase Theme", "?tid=$tid", "", "", "Purchase Theme");
53
############
54
55
if (ref $theme eq "HASH") {
56
my $ownedSql = "select ID from theme_purchases where UID=" . $DB->quote($LOGGEDIN) . " and TID=" . $DB->quote($tid);
57
my $owned = sql_execute($ownedSql, "purchasetheme.pl");
58
if (ref $owned eq "HASH") {
59
# theme already owned!
60
$output .= error_redir(referrer(), "Theme ID (<b>$tid</b>) already owned");
61
} else {
62
# theme not owned!
63
my $costSql = "select cost_coins from themes where ID=" . $DB->quote($tid);
64
my $costRef = sql_execute($costSql, "purchasetheme.pl");
65
my $cost = 0;
66
if (ref $costRef eq "HASH") {
67
$cost = $costRef->{cost_coins};
68
$cost = $cost - int($cost*0.1);
69
}
70
71
if ($coins >= $cost) {
72
$coins -= $cost;
73
# update user points db entry
74
my $updateSql = "update coins set points=" . $DB->quote($coins) . " where ID=" . $DB->quote($LOGGEDIN);
75
my $ok = sql_execute($updateSql, "purchasetheme.pl");
76
if ($ok) {
77
my $updateSql = "insert into theme_purchases values (NULL, " . $DB->quote($LOGGEDIN) . ", " . $DB->quote($tid) . ")";
78
$ok = sql_execute($updateSql, "purchasetheme.pl");
79
if ($ok) {
80
$output .= notice_redir(referrer(), "Theme ID (<b>$tid</b>) purchased $coins minus $cost");
81
} else {
82
$output .= error_redir(referrer(), "database failure!");
83
}
84
} else {
85
$output .= error_redir(referrer(), "database failure!");
86
}
87
} else {
88
$output .= error_redir(referrer(), "Sorry, you don't have enough coins<br>to purchase this theme");
89
}
90
}
91
} else {
92
# invalid theme id!
93
$output .= error_redir(referrer(), "Invalid Theme ID: <b>$tid</b>");
94
}
95
96
print $output;
97
98
exit 1;