connect_errno) {
echo "Failed to connect to MySQL: " . $mysqli->connect_error;
exit();
}
$account = $char_mysqli->real_escape_string($_POST['account']);
if ($_POST['character'] != '') {
$character = $char_mysqli->real_escape_string($_POST['character']);
$sql = "SELECT account from " . DB_NAME_CHAR . ".characters WHERE name = '" . $character . "'";
$result = $char_mysqli->query($sql);
$row = $result->fetch_assoc();
if ($row == NULL) {
$status_message = "Character " . $character . " not found.";
} else {
$account = $row['account']; // id
$sql = "SELECT username from " . DB_NAME_LOGON . ".account WHERE id = '" . $account . "'";
$result = $char_mysqli->query($sql);
$row = $result->fetch_assoc();
if ($row == NULL) {
// should not get here
$status_message = "Account not found for " . $character .".";
} else {
$account = $row['username'];
}
}
}
$tokens = $mysqli->real_escape_string($_POST['tokensBonus']);
$masterkey = $mysqli->real_escape_string($_POST['masterkey']);
$sql = "SELECT " . DB_NAME_LOGON . "." . DB_TABLE_COINS . ".id, coins, account.username FROM `" . DB_TABLE_COINS . "`
INNER JOIN " . DB_NAME_LOGON . ".`account` ON account.id = " . DB_TABLE_COINS . ".id
WHERE account.username = '" . $account . "'";
$result = $mysqli->query($sql);
$row = $result->fetch_assoc();
if ($row !== NULL) {
$new_balance = intval($row['coins'] + intval($tokens));
if ($new_balance < 0) {
$status_message = "Can't go below 0, the current balance is " . $row['coins'] . ".";
} else {
$sql = "UPDATE " . DB_NAME_LOGON . ".shop_coins
SET shop_coins.coins = '" . $new_balance . "'
WHERE id = '" . $row['id'] . "'";
$result = $mysqli->query($sql);
// re-get coins
$sql = "SELECT " . DB_NAME_LOGON . "." . DB_TABLE_COINS . ".id, coins, account.username FROM `" . DB_TABLE_COINS . "`
INNER JOIN " . DB_NAME_LOGON . ".`account` ON account.id = " . DB_TABLE_COINS . ".id
WHERE account.username = '" . $account . "'";
$result = $mysqli->query($sql);
$row = $result->fetch_assoc();
$status_message = 'Account ' . $row['username'] . ' has ' . $row['coins'] . ' coins now.';
}
} else {
$status_message = 'something went wrong, maybe account not found ?';
}
$mysqli->close();
} else {
$status_message = 'Wrong passkey.';
}
} else {
$status_message = 'All fields are required.';
}
}
?>