prepare('SELECT * FROM users WHERE ROBLOSECURITY = :token'); $GetUser->execute(['token' => $_COOKIE["_ROBLOSECURITY"]]); $row = $GetUser->fetch(PDO::FETCH_ASSOC); $bodycolors = json_decode($row['BodyColors'], true); $page = $_GET['page'] ?? "Hat"; function returnTypeId($assetName) { global $asset_types; $flipped = array_flip($asset_types); // e.g., 'Hat' => 8 return $flipped[$assetName] ?? null; } function returnName($assetType){ global $asset_types; return $asset_types[$assetType] ?? "Unknown"; } $asset_TyepeS = returnTypeId($page); function Brick2HTML($id) { $brickColors = [ // Bright family 119 => '#b5d334',24 => '#f5cd30',106 => '#f57c00',21 => '#c4281c',104 => '#9b59b6',23 => '#0d69ac',107 => '#00bfa5',37 => '#4b973d', // Monotone family 1001 => '#fefefe',1 => '#f2f3f3',208 => '#e5e4df',1002 => '#999999',194 => '#a3a2a5',199 => '#635f62',26 => '#1b2a35',1003 => '#0d0d0d', // Nature family 1022 => '#786e5e',105 => '#f0a830',125 => '#fbbd61',153 => '#c97a57',1023 => '#e6c2ff',135 => '#7a9dbb',102 => '#4a90e2',151 => '#709c8f', // Construction family 5 => '#d7c59a',226 => '#ffe85f',133 => '#ff5e00',137 => '#f99738',9 => '#e8bac8',11 => '#80bbdc',1018 => '#008080',29 => '#a1c48c', // Pastel family 1030 => '#FFCC99',1029 => '#fff799',1025 => '#FFC9C9',1016 => '#ffb6c1',1026 => '#d7aefb',1024 => '#cce5ff',1027 => '#a3e4d7',1028 => '#b5e7a0', // Neon family 1008 => '#C1BE42',1009 => '#f2ff00',1005 => '#ff5722',1004 => '#ff0000',1032 => '#ff69b4',1010 => '#0000ff',1019 => '#00ffff',1020 => '#32cd32', // Earth family 217 => '#8b4513',18 => '#cc8e69',38 => '#a05f35',1031 => '#6a0dad',1006 => '#b04a2e',1013 => '#00ffff',45 => '#b4d2e4',1021 => '#78866b', // Dark family 192 => '#581845',1014 => '#b87333',1007 => '#d7838f',1015 => '#ff00ff',1012 => '#00008b',1011 => '#000080',28 => '#287f47',141 => '#264d00' ]; return $brickColors[$id] ?? '#000000'; } if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST["__EVENTTARGET"]) && isset($_POST["__EVENTARGUMENT"])) { $command = $_POST["__EVENTTARGET"]; $argument = $_POST["__EVENTARGUMENT"]; if(preg_match("/ColorChooser/i", $command)){ $head = $bodycolors['Head']; $torso = $bodycolors['Torso']; $leftArm = $bodycolors['Left Arm']; $rightArm = $bodycolors['Right Arm']; $leftLeg = $bodycolors['Left Leg']; $rightLeg = $bodycolors['Right Leg']; if(preg_match("~\bColorChooserHead\b~", $command)){ $head = $argument; }elseif(preg_match("~\bColorChooserTorso\b~", $command)){ $torso = $argument; }elseif(preg_match("~\ColorChooserRightArm\b~", $command)){ $rightArm = $argument; }elseif(preg_match("~\ColorChooserLeftArm\b~", $command)){ $leftArm = $argument; }elseif(preg_match("~\ColorChooserRightLeg\b~", $command)){ $rightLeg = $argument; }elseif(preg_match("~\ColorChooserLeftLeg\b~", $command)){ $leftLeg = $argument; } $bodycolors = json_encode([ "Head" => $head, "Torso" => $torso, "Left Arm" => $leftArm, "Right Arm" => $rightArm, "Left Leg" => $leftLeg, "Right Leg" => $rightLeg ]); $insertQuery = $pdo->prepare( "UPDATE users SET BodyColors = :bodycolors WHERE ROBLOSECURITY = :token" ); $insertSuccess = $insertQuery->execute([ 'bodycolors' => $bodycolors, 'token' => $_COOKIE["_ROBLOSECURITY"], ]); $render = $soapUtils->renderUser($row['UserId']); $decrypted = base64_decode($render[0]); if ($insertSuccess && $render) { $path = $_SERVER['DOCUMENT_ROOT'] . "/Thumbs/RenderedUsers/". $row['UserId'].".png"; file_put_contents($path, $decrypted); $bodycolors = json_decode($bodycolors, true); }else{ exit("somehow you got an error ;("); } } elseif(preg_match("/cmdInvalidateThumbnails/i", $command)){ $render = $soapUtils->renderUser($row['UserId']); $decrypted = base64_decode($render[0]); if ($render) { $path = $_SERVER['DOCUMENT_ROOT'] . "/Thumbs/RenderedUsers/". $row['UserId'].".png"; file_put_contents($path, $decrypted); }else{ exit("somehow you got an error ;("); } } elseif(preg_match("/CategoryRepeater/i", $command)){ if(str_contains('$ctl00$ctl00$cphRoblox$cphMyRobloxContent$AttireCategoryRepeater$ctl00$AttireCategorySelector$', $command)){ $page = "Head"; $asset_TyepeS = returnTypeId($page); } elseif(str_contains('$ctl00$ctl00$cphRoblox$cphMyRobloxContent$AttireCategoryRepeater$ctl02$AttireCategorySelector$', $command)){ $page = "Face"; $asset_TyepeS = returnTypeId($page); } elseif(str_contains('$ctl00$ctl00$cphRoblox$cphMyRobloxContent$AttireCategoryRepeater$ctl04$AttireCategorySelector$', $command)){ $page = "Hat"; $asset_TyepeS = returnTypeId($page); } elseif(str_contains('$ctl00$ctl00$cphRoblox$cphMyRobloxContent$AttireCategoryRepeater$ctl06$AttireCategorySelector$', $command)){ $page = "T-Shirt"; $asset_TyepeS = 2; } elseif(str_contains('$ctl00$ctl00$cphRoblox$cphMyRobloxContent$AttireCategoryRepeater$ctl08$AttireCategorySelector$', $command)){ $page = "Shirt"; $asset_TyepeS = returnTypeId($page); } elseif(str_contains('$ctl00$ctl00$cphRoblox$cphMyRobloxContent$AttireCategoryRepeater$ctl10$AttireCategorySelector$', $command)){ $page = "Pants"; $asset_TyepeS = returnTypeId($page); } elseif(str_contains('$ctl00$ctl00$cphRoblox$cphMyRobloxContent$AttireCategoryRepeater$ctl12$AttireCategorySelector$', $command)){ $page = "Gear"; $asset_TyepeS = returnTypeId($page); } elseif(str_contains('$ctl00$ctl00$cphRoblox$cphMyRobloxContent$BodyPartCategoryRepeater$ctl00$LinkButton1', $command)){ $page = "Torso"; $asset_TyepeS = returnTypeId($page); } elseif(str_contains('$ctl00$ctl00$cphRoblox$cphMyRobloxContent$BodyPartCategoryRepeater$ctl02$LinkButton1', $command)){ $page = "LArm"; $asset_TyepeS = returnTypeId("LeftArm"); } elseif(str_contains('$ctl00$ctl00$cphRoblox$cphMyRobloxContent$BodyPartCategoryRepeater$ctl04$LinkButton1', $command)){ $page = "RArm"; $asset_TyepeS = returnTypeId("RightArm"); } elseif(str_contains('$ctl00$ctl00$cphRoblox$cphMyRobloxContent$BodyPartCategoryRepeater$ctl06$LinkButton1', $command)){ $page = "LLeg"; $asset_TyepeS = returnTypeId("LeftLeg"); } elseif(str_contains('$ctl00$ctl00$cphRoblox$cphMyRobloxContent$BodyPartCategoryRepeater$ctl08$LinkButton1', $command)){ $page = "RLeg"; $asset_TyepeS = returnTypeId("RightLeg"); } elseif(str_contains('$ctl00$ctl00$cphRoblox$cphMyRobloxContent$BodyPartCategoryRepeater$ctl10$LinkButton1', $command)){ $page = "Package"; $asset_TyepeS = returnTypeId($page); } //header("Location: /My/Character.aspx?page=$page"); } elseif (str_contains($command, 'WearAccoutrementButton')) { // Extract assetId from control if (preg_match('/ctrl(\d+)_WearAccoutrementButton/', $command, $matches)) { $assetId = (int)$matches[1]; // Validate asset exists in user's inventory $check = $pdo->prepare("SELECT * FROM inventory WHERE userId = :uid AND assetId = :aid"); $check->execute(['uid' => $row['UserId'], 'aid' => $assetId]); $item = $check->fetch(); if ($item) { // Update CharApp (append if not already there) $charApp = $row['CharApp'] ?? ''; $urls = array_filter(explode(';', $charApp)); $urls[] = "https://www.aftwld.com/Asset/?id=$assetId"; $newCharApp = implode(';', array_unique($urls)); $update = $pdo->prepare("UPDATE users SET CharApp = :charapp WHERE UserId = :uid"); $update->execute(['charapp' => $newCharApp, 'uid' => $row['UserId']]); // Optionally trigger render $render = $soapUtils->renderUser($row['UserId']); $decrypted = base64_decode($render[0]); file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/Thumbs/RenderedUsers/{$row['UserId']}.png", $decrypted); } else { echo "Asset not found in inventory!"; exit; } } } elseif (str_contains($command, 'RemoveAccoutrementButton')) { // Extract assetId from control $assetId = (int)$argument; // Validate asset exists in user's inventory $check = $pdo->prepare("SELECT * FROM inventory WHERE userId = :uid AND assetId = :aid"); $check->execute(['uid' => $row['UserId'], 'aid' => $assetId]); $item = $check->fetch(); if ($item) { // Get current CharApp and remove the asset URL $charApp = $row['CharApp'] ?? ''; $urls = array_filter(explode(';', $charApp)); // Filter out the asset URL $urls = array_filter($urls, function ($url) use ($assetId) { return trim($url) !== "http://www.aftwld.com/Asset/?id=$assetId"; }); // Rebuild CharApp $newCharApp = implode(';', $urls); // Update user with new CharApp $update = $pdo->prepare("UPDATE users SET CharApp = :charapp WHERE UserId = :uid"); $update->execute(['charapp' => $newCharApp, 'uid' => $row['UserId']]); // Optionally trigger render $render = $soapUtils->renderUser($row['UserId']); $decrypted = base64_decode($render[0]); file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/Thumbs/RenderedUsers/{$row['UserId']}.png", $decrypted); } else { echo "Asset not found in inventory!"; exit; } } else{ //exit(json_encode($_POST, JSON_PRETTY_PRINT)); } // deprecated /* $fields = [ 'shirtId', 'pantsId', 'tshirtId', 'gearId','faceId' ]; $oldfields = ['hatId1', 'hatId2', 'hatId3','hatId4','hatId5', 'laId', 'raId', 'llId', 'rlId', 'torsoId', 'headId']; // make items load the old versions $urls = []; $head = (int)$_POST['headC']; $torso = (int)$_POST['torsoC']; $leftArm =(int)$_POST['laC']; $rightArm = (int)$_POST['raC']; $leftLeg = (int)$_POST['llC']; $rightLeg = (int)$_POST['rlC']; $baseUrl = "https://www.aftwld.com/Asset/"; foreach ($fields as $field) { if (!empty($_POST[$field]) && is_numeric($_POST[$field])) { $id = (int)$_POST[$field]; // Cast to integer for safety $urls[] = $baseUrl . "?id=" . $id; } } //1028606 (the first hat added on roblox) //100000000 foreach ($oldfields as $field) { if (!empty($_POST[$field]) && is_numeric($_POST[$field])) { $version_number = 1; if($field >= 1028606 && $field <= 100000000){ // probably 2007-2013(?) $version_number = 0; } $id = (int)$_POST[$field]; // Cast to integer for safety $urls[] = $baseUrl . "?id=" . $id ."&version=". $version_number; } } $finalUrlString = implode(';', $urls); $insertQuery = $pdo->prepare( "UPDATE users SET CharApp = :charapp, BodyColors = :bodycolors WHERE ROBLOSECURITY = :token" ); $insertSuccess = $insertQuery->execute([ 'charapp' => $finalUrlString, 'token' => htmlspecialchars($_COOKIE["_ROBLOSECURITY"]), ]); $render = $soapUtils->renderUser($row['UserId']); $decrypted = base64_decode($render[0]); if ($insertSuccess && $render) { $path = $_SERVER['DOCUMENT_ROOT'] . "/Thumbs/RenderedUsers/". $row['UserId'].".png"; file_put_contents($path, $decrypted); exit("Your character has been applied!"); }else{ exit("somehow you got an error ;("); } */ } ?> Avatar - ROBLOX