From 680da8414a1d75aa66c2224d0d5fc2a9243b25ad Mon Sep 17 00:00:00 2001
From: Lncvrt <lncvrtreal@gmail.com>
Date: Thu, 1 Jan 2026 00:26:24 -0700
Subject: [PATCH] Make getMarketplaceIcons.php and uploadMarketplaceIcon.php
 work with new db method

---
 database/getMarketplaceIcons.php   | 79 +++++++++++++++++++-----------
 database/uploadMarketplaceIcon.php | 28 +++++++----
 2 files changed, 69 insertions(+), 38 deletions(-)

diff --git a/database/getMarketplaceIcons.php b/database/getMarketplaceIcons.php
index 3827a7d..e3a636c 100644
--- a/database/getMarketplaceIcons.php
+++ b/database/getMarketplaceIcons.php
@@ -1,74 +1,74 @@
 <?php
 require __DIR__ . '/../incl/util.php';
 setPlainHeader();
-$conn = newConnection();
+$conn0 = newConnection(0);
+$conn1 = newConnection(1);
 
 $post = getPostData();
-$userId = (int)$post['userId'] ?? 0;
-$sortBy = (int)$post['sortBy'] ?? 2;
-$priceRangeEnabled = isset($post['priceRangeEnabled']) ? (string)$post['priceRangeEnabled'] == 'False' ? false : true : false;
-$priceRangeMin = (int)$post['priceRangeMin'] ?? 10;
-$priceRangeMax = (int)$post['priceRangeMax'] ?? 250;
-$searchForEnabled = isset($post['searchForEnabled']) ? (string)$post['searchForEnabled'] == 'False' ? false : true : false;
-$searchForValue = (string)$post['searchForValue'] ?? '';
-$onlyShowEnabled = isset($post['onlyShowEnabled']) ? (string)$post['onlyShowEnabled'] == 'False' ? false : true : false;
-$onlyShowValue = (string)$post['onlyShowValue'] ?? '';
-$currentIcons = json_decode(base64_decode((string)($post['currentIcons'] ?? 'W10K')));
+$userId = (int) $post['userId'] ?? 0;
+$sortBy = (int) $post['sortBy'] ?? 2;
+$priceRangeEnabled = isset($post['priceRangeEnabled']) ? (string) $post['priceRangeEnabled'] == 'False' ? false : true : false;
+$priceRangeMin = (int) $post['priceRangeMin'] ?? 10;
+$priceRangeMax = (int) $post['priceRangeMax'] ?? 250;
+$searchForEnabled = isset($post['searchForEnabled']) ? (string) $post['searchForEnabled'] == 'False' ? false : true : false;
+$searchForValue = (string) $post['searchForValue'] ?? '';
+$onlyShowEnabled = isset($post['onlyShowEnabled']) ? (string) $post['onlyShowEnabled'] == 'False' ? false : true : false;
+$onlyShowValue = (string) $post['onlyShowValue'] ?? '';
+$currentIcons = json_decode(base64_decode((string) ($post['currentIcons'] ?? 'W10K')));
 
-$where = ["u.banned = 0", "(c.state = 1 OR c.state = 2)"];
+$where = ["(state = 1 OR state = 2)"];
 $params = [];
 $types = "";
-$order = match($sortBy) {
-    1 => "ORDER BY c.price ASC",
-    2 => "ORDER BY c.id ASC",
-    3 => "ORDER BY c.id DESC",
-    default => "ORDER BY c.price DESC",
+$order = match ($sortBy) {
+    1 => "ORDER BY price ASC",
+    2 => "ORDER BY id ASC",
+    3 => "ORDER BY id DESC",
+    default => "ORDER BY price DESC",
 };
 
 if ($priceRangeEnabled) {
-    $where[] = "c.price BETWEEN ? AND ?";
+    $where[] = "price BETWEEN ? AND ?";
     $params[] = $priceRangeMin;
     $params[] = $priceRangeMax;
     $types .= "ii";
 }
 
 if ($searchForEnabled && $searchForValue !== '') {
-    $where[] = "FROM_BASE64(c.name) LIKE ?";
+    $where[] = "FROM_BASE64(name) LIKE ?";
     $params[] = "%$searchForValue%";
     $types .= "s";
 }
 
 if ($onlyShowEnabled) {
     if ($onlyShowValue === '0') {
-        $where[] = "c.userId = ?";
+        $where[] = "userId = ?";
         $params[] = $userId;
         $types .= "i";
     } elseif ($onlyShowValue === '1') {
-        $where[] = "c.userId != ?";
+        $where[] = "userId != ?";
         $params[] = $userId;
         $types .= "i";
     } elseif ($onlyShowValue === '2') {
         $placeholders = implode(',', array_fill(0, count($currentIcons), '?'));
-        $where[] = "c.uuid IN ($placeholders)";
+        $where[] = "uuid IN ($placeholders)";
         $params = array_merge($params, $currentIcons);
         $types .= str_repeat('s', count($currentIcons));
     } elseif ($onlyShowValue === '3') {
         $placeholders = implode(',', array_fill(0, count($currentIcons), '?'));
-        $where[] = "c.uuid NOT IN ($placeholders)";
+        $where[] = "uuid NOT IN ($placeholders)";
         $params = array_merge($params, $currentIcons);
         $types .= str_repeat('s', count($currentIcons));
     }
 }
 
 $sql = "
-    SELECT c.data, u.username, u.id, c.price, c.name, c.uuid, c.state
-    FROM marketplaceicons c
-    JOIN users u ON c.userId = u.id
+    SELECT data, price, name, uuid, state, userId
+    FROM marketplaceicons 
     WHERE " . implode(" AND ", $where) . "
     $order
 ";
 
-$stmt = $conn->prepare($sql);
+$stmt = $conn1->prepare($sql);
 
 if (!empty($params)) {
     $stmt->bind_param($types, ...$params);
@@ -77,6 +77,27 @@ if (!empty($params)) {
 $stmt->execute();
 $result = $stmt->get_result();
 
-echo encrypt(json_encode(array_map(fn($row) => ['username' => $row['username'], 'userid' => $row['id'], 'data' => $row['data'], 'uuid' => $row['uuid'], 'price' => (int)$row['state'] == 2 ? 100000000 : $row['price'], 'name' => base64_decode($row['name'])], $result->fetch_all(MYSQLI_ASSOC))));
+echo encrypt(json_encode(array_map(
+    function ($row) {
+        global $conn0;
 
-$conn->close();
\ No newline at end of file
+        $stmt2 = $conn0->prepare("SELECT username FROM users WHERE id = ?");
+        $stmt2->bind_param("i", $row['userId']);
+        $stmt2->execute();
+        $result2 = $stmt2->get_result();
+        $row2 = $result2->fetch_assoc();
+
+        return [
+            'username' => $row2['username'] ?? 'Unknown',
+            'userid' => $row['userId'],
+            'data' => $row['data'],
+            'uuid' => $row['uuid'],
+            'price' => (int) $row['state'] == 2 ? 100000000 : $row['price'],
+            'name' => base64_decode($row['name'])
+        ];
+    },
+    $result->fetch_all(MYSQLI_ASSOC)
+)));
+
+$conn0->close();
+$conn1->close();
\ No newline at end of file
diff --git a/database/uploadMarketplaceIcon.php b/database/uploadMarketplaceIcon.php
index 7ec3f84..3dba512 100644
--- a/database/uploadMarketplaceIcon.php
+++ b/database/uploadMarketplaceIcon.php
@@ -19,23 +19,32 @@ if (strlen($decoded) > 1024 * 1024) exitWithMessage(json_encode(["success" => fa
 $info = getimagesizefromstring($decoded);
 if (!$info) exitWithMessage(json_encode(["success" => false, "message" => "Invalid image uploaded"]));
 if ($info[2] !== IMAGETYPE_PNG) exitWithMessage(json_encode(["success" => false, "message" => "Image must be a PNG"]));
-if ($info[0] !== 128 || $info[1] !== 128) exitWithMessage(json_encode(["success" => false, "message" => "Invalid has to be 128x128"]));
+if ($info[0] !== 128 || $info[1] !== 128) exitWithMessage(json_encode(["success" => false, "message" => "Image has to be 128x128"]));
 
-$conn = newConnection();
+$conn0 = newConnection(0);
+$conn1 = newConnection(1);
 
-$stmt = $conn->prepare("SELECT * FROM users WHERE token = ? AND username = ?");
-$stmt->bind_param("ss", $token, $username);
+$stmt = $conn0->prepare("SELECT * FROM users WHERE username = ?");
+$stmt->bind_param("s", $username);
 $stmt->execute();
 $result = $stmt->get_result();
 $row = $result->fetch_assoc();
 if (!$row) exitWithMessage(json_encode(["success" => false, "message" => "Invalid session token or username, please refresh login"]));
 $stmt->close();
-
 $id = $row["id"];
+
+$stmt2 = $conn1->prepare("SELECT * FROM userdata WHERE token = ? AND id = ?");
+$stmt2->bind_param("si", $token, $id);
+$stmt2->execute();
+$result2 = $stmt2->get_result();
+$row2 = $result2->fetch_assoc();
+if (!$row2) exitWithMessage(json_encode(["success" => false, "message" => "Invalid session token or username, please refresh login"]));
+$stmt2->close();
+
 $time = time();
 $hash = hash('sha512', base64_decode($filecontent));
 
-$stmt = $conn->prepare("SELECT id FROM marketplaceicons WHERE hash = ?");
+$stmt = $conn1->prepare("SELECT id FROM marketplaceicons WHERE hash = ?");
 $stmt->bind_param("s", $hash);
 $stmt->execute();
 $result = $stmt->get_result();
@@ -47,12 +56,13 @@ $stmt->close();
 
 $uuid = uuidv4();
 
-$stmt = $conn->prepare("INSERT INTO marketplaceicons (uuid, userId, data, hash, price, name, timestamp) VALUES (?, ?, ?, ?, ?, ?, ?)");
+$stmt = $conn1->prepare("INSERT INTO marketplaceicons (uuid, userId, data, hash, price, name, timestamp) VALUES (?, ?, ?, ?, ?, ?, ?)");
 $stmt->bind_param("sissisi", $uuid, $id, $filecontent, $hash, $price, $name, $time);
 $stmt->execute();
-$insertId = $conn->insert_id;
+$insertId = $conn1->insert_id;
 $stmt->close();
 
 echo encrypt(json_encode(["success" => true, "message" => "Icon uploaded successfully! It will be reviewed and accepted or denied soon"]));
 
-$conn->close();
\ No newline at end of file
+$conn0->close();
+$conn1->close();
\ No newline at end of file