prepare('SELECT * FROM users WHERE ROBLOSECURITY = :token'); $GetUser->execute(['token' => $_COOKIE["_ROBLOSECURITY"]]); $row = $GetUser->fetch(PDO::FETCH_ASSOC); if (!empty($_COOKIE['_ROBLOSECURITY'])) { $row = getuserinfo($_COOKIE['_ROBLOSECURITY']); $userId = isset($row['UserId']) ? (int)$row['UserId'] : (isset($row['UserID']) ? (int)$row['UserID'] : (isset($row['id']) ? (int)$row['id']: 1)); $adminLevel = isset($row['isAdmin']) ? (int)$row['isAdmin'] : 0; } else { $userId = 1; } if ($adminLevel === 0) { header('Location: /NewLogin'); exit(); } include_once $_SERVER['DOCUMENT_ROOT'] . '/Admi/SideBar.php'; if ($adminLevel < AdminLevel::ASSET_MOD) { echo <<
HTML; exit; } if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($adminLevel < AdminLevel::ASSET_MOD) { http_response_code(403); echo 'Unauthorized'; exit(); } if (isset($_POST['aid']) && preg_match('/^\d+$/', $_POST['aid'])) { $robloxAssetId = intval($_POST['aid']); // Step 1: Fetch metadata from your productinfo proxy $metaUrl = "https://aftwld.com/marketplace/productinfo.php?assetId=" . $robloxAssetId; $urlcall = @file_get_contents($metaUrl); $meta = json_decode($urlcall, true); if (!$meta || !isset($meta['Name'])) { die("Failed to fetch valid metadata for asset ID $robloxAssetId. response $urlcall"); } // Step 2: Download asset content using authenticated .ROBLOSECURITY if($meta["AssetTypeId"] == 41 || $meta["AssetTypeId"] == 42 || $meta["AssetTypeId"] == 43 || $meta["AssetTypeId"] == 44 || $meta["AssetTypeId"] == 45 || $meta["AssetTypeId"] == 46 || $meta["AssetTypeId"] == 47){ $meta["AssetTypeId"] = 8;} $assetUrl = "https://assetdelivery.roblox.com/v2/assetId/$robloxAssetId"; if($meta["AssetTypeId"] == 8 || $meta["AssetTypeId"] == 41 || $meta["AssetTypeId"] == 27 ||$meta["AssetTypeId"] == 28 ||$meta["AssetTypeId"] == 29 ||$meta["AssetTypeId"] == 30 ||$meta["AssetTypeId"] == 31){ $assetUrl = "https://assetdelivery.roblox.com/v2/assetId/$robloxAssetId/version/1"; } $ch = curl_init($assetUrl); curl_setopt_array($ch, [ CURLOPT_RETURNTRANSFER => true, CURLOPT_HTTPHEADER => [ "User-Agent: RobloxStudio/WinInet", "Cookie: .ROBLOSECURITY=" . ROBLOSECURITY ], CURLOPT_TIMEOUT => 10, CURLOPT_SSL_VERIFYPEER => false, ]); $assetData = curl_exec($ch); $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if ($httpCode !== 200 || !$assetData) { die("Failed to download asset content. Error code $httpCode"); } $data = json_decode($assetData, true); $cdnUrl = $data['locations'][0]['location'] ?? null; if (!$cdnUrl) { http_response_code(404); die("CDN location not found for asset. response: $assetData"); } // Step 2: Download and decompress asset from CDN $ch = curl_init($cdnUrl); curl_setopt_array($ch, [ CURLOPT_RETURNTRANSFER => true, CURLOPT_HEADER => true, CURLOPT_ENCODING => "", // auto-decompress CURLOPT_FOLLOWLOCATION => true, CURLOPT_TIMEOUT => 10, CURLOPT_SSL_VERIFYPEER => false, ]); $raw = curl_exec($ch); $headerSize = curl_getinfo($ch, CURLINFO_HEADER_SIZE); $headers = substr($raw, 0, $headerSize); $assetData = substr($raw, $headerSize); $assetData = str_replace('class="Accessory"', 'class="Hat"', $assetData); $assetData = str_replace('roblox.com', 'aftwld.com', $assetData); $contentType = curl_getinfo($ch, CURLINFO_CONTENT_TYPE) ?: 'application/octet-stream'; curl_close($ch); // Step 3: Determine local ID $FindGames = $pdo->query('SELECT * FROM assets ORDER BY AssetID DESC LIMIT 1')->fetch(PDO::FETCH_ASSOC); $newAssetId = intval($FindGames['AssetID']) + 1; // Step 4: Save content to disk $target_dir = $_SERVER['DOCUMENT_ROOT'] . "/asset/cache/"; if (!is_dir($target_dir)) mkdir($target_dir, 0755, true); $target_file = $target_dir . $newAssetId . ".asset"; if (!file_put_contents($target_file, $assetData)) { die("Failed to save asset content."); } // Step 5: Insert into DB $stmt = $pdo->prepare("INSERT INTO assets (Name, Description, CreatorID, Created_At, Updated_At, AssetType) VALUES (:name, :desc, :creator, UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), :type)"); $stmt->execute([ 'name' => $meta['Name'], 'desc' => $meta['Description'] ?? 'Imported from Roblox', 'creator' => $userId, // Or a system bot ID 'type' => $meta['AssetTypeId'] ?? 0, ]); $name = htmlspecialchars($meta['Name']); $urlName = urlencode(str_replace(' ', '-', $name)); $link = "/$urlName-item?id=$newAssetId"; echo "Successfully migrated Roblox asset ID $robloxAssetId into local ID $newAssetId."; } else{ $target_dir = $_SERVER['DOCUMENT_ROOT'] . "/asset/cache/"; $FindGames = $pdo->query('SELECT * FROM assets ORDER BY AssetID DESC LIMIT 1')->fetch(PDO::FETCH_ASSOC); $assetid = intval($FindGames['AssetID']) + 1; $target_file = $target_dir . $assetid . ".asset"; $uploadField = 'fileToUpload'; $uploadMaxSize = 10 * 1024 * 1024; // 10 MB if (!isset($_FILES[$uploadField])) { echo "No file uploaded."; return; } $errorCode = $_FILES[$uploadField]['error']; if ($errorCode !== UPLOAD_ERR_OK) { $uploadErrors = [ UPLOAD_ERR_INI_SIZE => 'The uploaded file exceeds the upload_max_filesize directive in php.ini.', UPLOAD_ERR_FORM_SIZE => 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.', UPLOAD_ERR_PARTIAL => 'The uploaded file was only partially uploaded.', UPLOAD_ERR_NO_FILE => 'No file was uploaded.', UPLOAD_ERR_NO_TMP_DIR => 'Missing a temporary folder.', UPLOAD_ERR_CANT_WRITE => 'Failed to write file to disk.', UPLOAD_ERR_EXTENSION => 'A PHP extension stopped the file upload.', ]; $message = $uploadErrors[$errorCode] ?? 'Unknown upload error.'; echo "Upload failed with error: $message (code $errorCode)"; return; } $fileInfo = $_FILES[$uploadField]; $fileTmpPath = $fileInfo['tmp_name']; $fileSize = $fileInfo['size']; if ($fileSize > $uploadMaxSize) { $message = "File too large. Limit is 10MB."; $success = false; } $fileData = file_get_contents($fileTmpPath); if ($fileData === false) { $message = "Failed to read uploaded file."; $success = false; } if (file_put_contents($target_file, $fileData) === false) { $message = "Failed to save file."; $success = false; } // Insert asset metadata into DB if($_POST['assettype'] == 9){ $insert = $pdo->prepare('INSERT INTO assets (Name, Description, CreatorID, Created_At, Updated_At, AssetType, ClientYear, isSubPlace, UniverseID, MaxPlayers) VALUES (:name, :desc, :creator, UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), :typee, :client, 0, :uid, :max)'); $insert->execute([ 'name' => $_POST['name'] ?? 'Untitled', 'desc' => $_POST['description'] ?? '', 'creator' => $userId, 'typee' => intval($_POST['assettype']), "client" => intval($_POST['client']), "uid" => $assetid, "max" => intval($_POST['maxplrs']) ]); }elseif($_POST['assettype'] == 2){// tee shirt/shirtgraphics $insert = $pdo->prepare('INSERT INTO assets (Name, Description, CreatorID, Created_At, Updated_At, AssetType, isPrivate) VALUES (:name, :desc, :creator, UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), :typee, 1)'); $insert->execute([ 'name' => $_POST['name'] ?? 'Untitled', 'desc' => '', 'creator' => $userId, 'typee' => 1 ]); $rbxm = ' null nil Clothing http://www.aftwld.com/asset?id='.$assetid.' '; $assetid = $assetid + 1; $target_file = $target_dir . $assetid . ".asset"; file_put_contents($target_file, $rbxm); $insert = $pdo->prepare('INSERT INTO assets (Name, Description, CreatorID, Created_At, Updated_At, AssetType) VALUES (:name, :desc, :creator, UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), :typee)'); $insert->execute([ 'name' => $_POST['name'] ?? 'Untitled', 'desc' => $_POST['description'] ?? '', 'creator' => $userId, 'typee' => intval($_POST['assettype']) ]); }elseif($_POST['assettype'] == 11){// shirt $insert = $pdo->prepare('INSERT INTO assets (Name, Description, CreatorID, Created_At, Updated_At, AssetType, isPrivate) VALUES (:name, :desc, :creator, UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), :typee, 1)'); $insert->execute([ 'name' => $_POST['name'] ?? 'Untitled', 'desc' => '', 'creator' => $userId, 'typee' => 1 ]); $rbxm = ' null nil Clothing http://www.aftwld.com/asset?id='.$assetid.' '; $assetid = $assetid + 1; $target_file = $target_dir . $assetid . ".asset"; file_put_contents($target_file, $rbxm); $insert = $pdo->prepare('INSERT INTO assets (Name, Description, CreatorID, Created_At, Updated_At, AssetType) VALUES (:name, :desc, :creator, UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), :typee)'); $insert->execute([ 'name' => $_POST['name'] ?? 'Untitled', 'desc' => $_POST['description'] ?? '', 'creator' => $userId, 'typee' => intval($_POST['assettype']) ]); }elseif($_POST['assettype'] == 12){// pants $insert = $pdo->prepare('INSERT INTO assets (Name, Description, CreatorID, Created_At, Updated_At, AssetType, isPrivate) VALUES (:name, :desc, :creator, UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), :typee, 1)'); $insert->execute([ 'name' => $_POST['name'] ?? 'Untitled', 'desc' => '', 'creator' => $userId, 'typee' => 1 ]); $rbxm = ' null nil Clothing http://www.aftwld.com/asset?id='.$assetid.' '; $assetid = $assetid + 1; $target_file = $target_dir . $assetid . ".asset"; file_put_contents($target_file, $rbxm); $insert = $pdo->prepare('INSERT INTO assets (Name, Description, CreatorID, Created_At, Updated_At, AssetType) VALUES (:name, :desc, :creator, UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), :typee)'); $insert->execute([ 'name' => $_POST['name'] ?? 'Untitled', 'desc' => $_POST['description'] ?? '', 'creator' => $userId, 'typee' => intval($_POST['assettype']) ]); }elseif($_POST['assettype'] == 18){// face $insert = $pdo->prepare('INSERT INTO assets (Name, Description, CreatorID, Created_At, Updated_At, AssetType, isPrivate) VALUES (:name, :desc, :creator, UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), :typee, 1)'); $insert->execute([ 'name' => $_POST['name'] ?? 'Untitled', 'desc' => '', 'creator' => $userId, 'typee' => 1 ]); $rbxm = ' null nil 5 face 20 0 http://www.aftwld.com/asset?id='.$assetid.' 0 '; $assetid = $assetid + 1; $target_file = $target_dir . $assetid . ".asset"; file_put_contents($target_file, $rbxm); $insert = $pdo->prepare('INSERT INTO assets (Name, Description, CreatorID, Created_At, Updated_At, AssetType) VALUES (:name, :desc, :creator, UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), :typee)'); $insert->execute([ 'name' => $_POST['name'] ?? 'Untitled', 'desc' => $_POST['description'] ?? '', 'creator' => $userId, 'typee' => intval($_POST['assettype']) ]); }else{ $insert = $pdo->prepare('INSERT INTO assets (Name, Description, CreatorID, Created_At, Updated_At, AssetType) VALUES (:name, :desc, :creator, UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), :typee)'); $insert->execute([ 'name' => $_POST['name'] ?? 'Untitled', 'desc' => $_POST['description'] ?? '', 'creator' => $userId, 'typee' => intval($_POST['assettype']) ]); } $name = htmlspecialchars($_POST['name']); $urlName = urlencode(str_replace(' ', '-', $name)); $link = "/$urlName-item?id=$assetid"; $message = "Uploaded " . htmlspecialchars($fileInfo['name']) . " as asset ID: $assetid"; $success = true; } } ?>

✔

✖

You do not have permission to use this.

Asset Uploader

Asset Migrator (WIP)