buffer(file_get_contents('https://assetdelivery.roblox.com/v1/asset/?id=' . $id)); if($contenttype == 'application/x-empty') { header('content-type: application/octet-stream'); } else { header('content-type: '. $contenttype); } $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'https://assetdelivery.roblox.com/v1/asset/?id='. $id); curl_setopt($ch, CURLOPT_AUTOREFERER, TRUE); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_VERBOSE, true); curl_setopt($ch, CURLOPT_USERAGENT, 'Roblox/WinInet'); // this is required im sorry roblox if you are seeing this $asset = curl_exec($ch); if($asset == '{"errors":[{"code":0,"message":"Request asset was not found"}]}') { header('content-type: application/json'); die(json_encode(["message" => "Unable to process request."])); } die($asset); } if(isset($_GET['gid'])) { // our custom gid (grublox id) $gid = (int)$_GET['gid']; if(file_exists(getcwd() . "/assets/actualassets/" . $gid)) { // check if its there $isplacecheck = $con->prepare('SELECT isplace FROM assets WHERE id=:id'); $isplacecheck->bindParam(':id', $gid); $isplacecheck->execute(); $letsdothis = $isplacecheck->fetch(PDO::FETCH_BOTH); $theisplace = $letsdothis['isplace']; if(isset($_GET['accesstoken']) && $theisplace == '1') { $accesstoken = $_GET['accesstoken']; $intensetrollingforGRUBLOX = $con->prepare('SELECT COUNT(*) FROM accesstokens WHERE accesstoken=:accesstoken'); $intensetrollingforGRUBLOX->bindParam(':accesstoken', $accesstoken); $intensetrollingforGRUBLOX->execute(); $moretroll = $intensetrollingforGRUBLOX->fetchColumn(); if ($moretroll == "0") { echo '{"message":"Request asset was not found"}'; } elseif ($moretroll == '1') { // my fucking head is exploding $place = $con->prepare('SELECT placeid FROM assets WHERE id=:id'); $place->bindParam(':id', $gid); $place->execute(); $okbrah = $place->fetch(PDO::FETCH_BOTH); $theisplace = $okbrah['placeid']; $place = $con->prepare('SELECT placeid,hasgrabbedplace,hasbeeninvalidated,ip FROM accesstokens WHERE accesstoken=:accesstoken'); $place->bindParam(':accesstoken', $accesstoken); $place->execute(); $okbrah = $place->fetch(PDO::FETCH_BOTH); $placeidfromaccesstoken = $okbrah['placeid']; $hasgrabbedplace = $okbrah['hasgrabbedplace']; $hasbeeninvalidated = $okbrah['hasbeeninvalidated']; $ipfromaccesstoken = $okbrah['ip']; $grubloxmagic = $con->prepare('SELECT placeid FROM assets WHERE id=:id'); $grubloxmagic->bindParam(':id', $gid); $grubloxmagic->execute(); $aaa = $grubloxmagic->fetch(PDO::FETCH_BOTH); $placeidfromassets = $aaa['placeid']; if ($placeidfromassets == $placeidfromaccesstoken && $hasgrabbedplace == '0' && $hasbeeninvalidated == '0') { // here i wanted to make it so you need ur ip to be server ip to be able to access this if ($devmode == "true") { $ip = $_SERVER['REMOTE_ADDR']; } elseif ($devmode == "false") { $ip = $_SERVER["HTTP_CF_CONNECTING_IP"]; } if ($ip == "::1") { $ip = '127.0.0.1'; } $ip = '127.0.0.1'; if ($ip == $ipfromaccesstoken) { $trollinghd = '1'; $EXTREMETROLLINGENABLED = $con->prepare('UPDATE accesstokens SET hasgrabbedplace = :hasgrabbedplace WHERE accesstoken=:accesstoken'); $EXTREMETROLLINGENABLED->bindParam(':hasgrabbedplace', $trollinghd); $EXTREMETROLLINGENABLED->bindParam(':accesstoken', $accesstoken); $EXTREMETROLLINGENABLED->execute(); $assetfromfile = file_get_contents(getcwd() . "/assets/actualassets/" . $gid); echo $assetfromfile; die(); } else { echo '{"message":"Request asset was not found"}'; } } else { echo '{"message":"Request asset was not found"}'; } } } elseif($theisplace == '0') { $assetfromfile = file_get_contents(getcwd() . "/assets/actualassets/" . $gid); echo $assetfromfile; die(); } else { header("content-type: text/html"); echo ''; die(); } } else { echo '{"message":"Request asset was not found"}'; } } ?>