luci2oo9 Posted April 30, 2014 Share Posted April 30, 2014 (edited) Ok, i made some changes in the MCcodes v2 framework, and im stuck with a problem. I tried with !$_POST['id'] and with $db->num_rows($q)==0 but still, no luck. In my project i modified bank.php so that players can transfer directly from there to other players, also giving them the change to see logs and deposit/whitdraw money from bank. All is working perfectly, except the transfer cash scripts, because it transfers cash to non-existant users. I also tried numerous other methods, but still no luck. I belive that this is because im a really beginner in php, also. Could somebody point me with a good solution please? I really need to sort this one tiny little problem for you guys, big enormous for me. LE: problem solved. Edited May 1, 2014 by luci2oo9 Quote Link to comment Share on other sites More sharing options...
Script47 Posted April 30, 2014 Share Posted April 30, 2014 Check if the users ID is set. The echo it out or maybe var_dump(); or print_r(); the variable to see the value that might give you an idea of what's wrong. Quote Link to comment Share on other sites More sharing options...
W3Theory || Peter Posted April 30, 2014 Share Posted April 30, 2014 Am I missing something? I don't see the function for 'Transfer'. I am on my mobile so that could be it, but I don't see where it actually calls for the function. Quote Link to comment Share on other sites More sharing options...
luci2oo9 Posted April 30, 2014 Author Share Posted April 30, 2014 Script47, i repeat, im a beginner. If someone wants to help me, it has to be done from scratch.... the function i mean, the whole process for checking the ID from the form that is dedicated for the transfer. Anyway, thanks for your clues... Peter, yes you are right, the function is called at beginning but it doesn't exist now... i had that function at line 146 as a test, among other tests, but it didn't worked for me, or something went bad and i deleted it, as the rest of the tests. I posted the whole file for someone to help me with the function, with the form and with other elements regarding "transfer". Also, i gues that positioning the function at line 146 interfered with the above function in the file... and other bugs that i saw, anyway it seems like the situation exceeds my level this time. Can you help resolving this issue please? Thanks guys. Quote Link to comment Share on other sites More sharing options...
Script47 Posted April 30, 2014 Share Posted April 30, 2014 Script47, i repeat, im a beginner. If someone wants to help me, it has to be done from scratch.... the function i mean, the whole process for checking the ID from the form that is dedicated for the transfer. Anyway, thanks for your clues... Peter, yes you are right, the function is called at beginning but it doesn't exist now... i had that function at line 146 as a test, among other tests, but it didn't worked for me, or something went bad and i deleted it, as the rest of the tests. I posted the whole file for someone to help me with the function, with the form and with other elements regarding "transfer". Also, i gues that positioning the function at line 146 interfered with the above function in the file... and other bugs that i saw, anyway it seems like the situation exceeds my level this time. Can you help resolving this issue please? Thanks guys. As per you request: var_dump(); print_r(); If the ID is less than 1 then run a simple if statement: if($ir['userid'] < 1) { // Error message here. } else { // Run code if userid is greater than 0. } Quote Link to comment Share on other sites More sharing options...
Veramys Posted April 30, 2014 Share Posted April 30, 2014 Just at a glance try that. <?php include(DIRNAME(__FILE__).'/includes/globals.php'); print " <div class='generalinfo_txt'> <div><img src='images/info_left.jpg' alt='' /></div> <div class='info_mid'><h2 style='padding-top:10px;'> Banca Comerciala</h2></div> <div><img src='images/info_right.jpg' alt='' /></div> </div> <div class='generalinfo_simple'> "; if($ir['bankmoney']>-1) { switch($_GET['action']) { case 'Withdraw': withdraw(); break; case 'Deposit': deposit(); break; case 'Transfer': transfer(); break; default: index(); break; } } else { if(isset($_GET['buy'])) { $cost=20000; if($ir['money']>$cost) { $costy=number_format($cost); print " Felicitari! Ai platit taxa de \$$costy si ti-ai deschis un cont in banca. <a href='bank.php'>Intra in Banca</a> "; $sql = sprintf("UPDATE users SET bankmoney=0, money=money-$cost WHERE userid=$userid"); $db->query($sql); } else { print " Nu ai suficienti bani pentru a deschide un cont in banca! <a href='explore.php'>Inapoi in Oras...</a> </div> <div><img src='images/generalinfo_btm.jpg' alt='' /></div> </div> </div> </div> </div> </div> "; $h->endpage(); exit; } } else { print " Deschide-ti un cont in banca chiar acum, taxa \$20,000. <a href='bank.php?buy'>Deschidere cont!</a> </div> <div><img src='images/generalinfo_btm.jpg' alt='' /></div> </div> </div> </div> </div> </div> "; } } function index() { global $db, $h, $ir, $userid; $cashinfo=money_formatter($ir['money']); $interest= $ir['bankmoney']/100*5; $interests=money_formatter($interest); $balance=money_formatter($ir['bankmoney']); print " La sfarsitul fiecarei zile, vei primii <u>5% dobanda</u> pentru suma totala pe care o ai in contul de economii. Valoarea minima pentru depuneri / retrageri este de 1\$! <table width=\"90%\" class=\"table\" border=\"1\"> <tr> <th colspan=\"2\">Situatia Financiara</th> </tr> <tr> <td width=\"50%\"><img src=\"images/bankcash.gif\" width=\"100px\" alt=\"\" border=\"0\" style=\"margin-top: 15px; margin-bottom: 15px;\" /></td> <td width=\"50%\"><img src=\"images/bankcont.gif\" width=\"100px\" alt=\"\" border=\"0\" style=\"margin-top: 15px; margin-bottom: 15px;\" /></td> </tr> <tr> <td> <b>Cash disponibil:</b> $cashinfo </td> <td> <span><b>Sold curent:</b> $balance </span> <span><b>Procent dobanda:</b> 5% / zi </span> <span><b>Dobanda zilnica:</b> $interests</span> </td> </tr> </table> <table width=\"90%\" class=\"table\" border=\"1\"> <tr> <th width=\"50%\">Depunere in Cont</th><th width=\"50%\">Retragere din Cont</th> </tr> <tr> <td> Fiecare depunere este taxata de catre banca noastra cu <b>2%</b> din totalul sumei depuse. <form action='?action=Deposit' method='post'> Suma: <input type='text' STYLE='color: black; background-color: white;' name='dt' value='' /> <input type='submit' STYLE='color: black; background-color: white;' value=' Depunere  ' /> </form> </td> <td> Fiecare retragere este taxata de catre banca noastra cu <b>3%</b> din totalul sumei depuse <form action='?action=Withdraw' method='post'> Suma: <input type='text' STYLE='color: black; background-color: white;' name='wd' value='' /> <input type='submit' STYLE='color: black; background-color: white;' value=' Retragere  ' /> </form> </td> </tr> </table> "; } function transfer() { global $db,$ir,$c,$userid; $_GET['userid'] = abs((int) $_GET['userid']); $_GET['xferu'] = abs((int) $_GET['xferu']); $_POST['xferu'] = abs((int) $_POST['xferu']); $_POST['money'] = abs((int) $_POST['money']); $xferuser = $_GET['xferu']; if(!$_GET['xferu']) { echo " This user doesn't exist! <a href=\"bank.php\">< Inapoi la Transferuri Bancare</a> </div> <div><img src='images/generalinfo_btm.jpg' alt='' /></div> </div> </div> </div> </div> </div> "; exit; } if($_GET['xferu'] == $userid) { print " Nu iti poti trimite bani singur! <a href=\"bank.php\">< Inapoi la Transferuri Bancare</a> "; } else { if((int) $_POST['money']) { if($_POST['money'] > $ir['money']) { print " Nu ai atata cash disponibil! Retrage din cont suma dorita apoi reincearca transferul. <a href=\"bank.php\">< Reincearca</a> "; } else { $db->query("UPDATE users SET money=money-{$_POST['money']} WHERE userid=$userid"); $db->query("UPDATE users SET money=money+{$_POST['money']} WHERE userid=$xferuser"); print " I-ai trimis suma de \${$_POST['money']} utilizatorului cu ID-ul $xferuser. <a href=\"bank.php\">< Inapoi la Transferuri Bancare</a> "; event_add($xferuser,"Ai primit un transfer bancar de \${$_POST['money']} de la {$ir['username']}.",$c); $it=$db->query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid=$xferuser"); $er=$db->fetch_row($it); $db->query("INSERT INTO cashxferlogs VALUES ('', $userid, $xferuser, {$_POST['money']}, unix_timestamp(), '{$ir['lastip']}', '{$er['lastip']}')"); } } else { print " <table width=\"90%\" class=\"table\" border=\"1\"> <tr><th colspan=\"2\">Transfer Bancar intre Jucatori</th></tr> <tr> <form action='bank.php' method='post'> <td>Beneficiar:</td> <td><input type='text' STYLE='color: black; background-color: white;' name='xferu' value='{$_GET['xferu']}' /></td> </tr> <tr> <td>Suma:</td> <td><input type='text' STYLE='color: black; background-color: white;' name='money' /></td> </tr> <tr> <td colspan=\"2\" align=\"center\"><input type='submit' STYLE='color: black; background-color: white;' value=' Trimite  ' /></td> </form> </tr> </table> <table width=\"90%\" class=\"table\" border=\"1\"> <tr> <th colspan=\"4\">Ultimile 5 Transferuri (efectuate)</th> </tr> <tr> <td width=\"190px;\"><b>Data</b></td> <td width=\"190px;\"><b>Beneficiar</b></td> <td width=\"190px;\"><b>Suma</b></td> </tr> "; $q=$db->query("SELECT cx.*,u1.username as sender, u2.username as sent FROM cashxferlogs cx LEFT JOIN users u1 ON cx.cxFROM=u1.userid LEFT JOIN users u2 ON cx.cxTO=u2.userid WHERE cx.cxFROM=$userid ORDER BY cx.cxTIME DESC LIMIT 5"); while($r=$db->fetch_row($q)) { if($r['cxFROMIP'] == $r['cxTOIP']) { $m="<span style='color:red;font-weight:800'>MULTI</span>"; } else { $m=""; } print "<tr> <td>" . date("F j, Y, g:i:s a",$r['cxTIME']) . "</td><td>{$r['sent']} [{$r['cxTO']}] </td> <td> \${$r['cxAMOUNT']}</td> </tr>"; } print " </table> "; print " <table width=\"90%\" class=\"table\" border=\"1\"> <tr> <th colspan=\"4\">Ultimile 5 Transferuri (incasate)</th> </tr> <tr> <td width=\"190px;\"><b>Data</b></td> <td width=\"190px;\"><b>Platitor</b></td> <td width=\"190px;\"><b>Suma</b></td> </tr> "; $q=$db->query("SELECT cx.*,u1.username as sender, u2.username as sent FROM cashxferlogs cx LEFT JOIN users u1 ON cx.cxFROM=u1.userid LEFT JOIN users u2 ON cx.cxTO=u2.userid WHERE cx.cxTO=$userid ORDER BY cx.cxTIME DESC LIMIT 5"); while($r=$db->fetch_row($q)) { if($r['cxFROMIP'] == $r['cxTOIP']) { $m="<span style='color:red;font-weight:800'>MULTI</span>"; } else { $m=""; } print "<tr> <td>" . date("F j, Y, g:i:s a",$r['cxTIME']) . "</td><td>{$r['sender']} [{$r['cxFROM']}] </td><td> \${$r['cxAMOUNT']}</td> </tr>"; } print " </table> "; } } print " </div> <div><img src='images/generalinfo_btm.jpg' alt='' /></div> </div> </div> </div> </div> </div> "; } function withdraw() { global $ir,$c,$userid,$h,$db; $_POST['wd'] = abs(intval($_POST['wd'])); $with=number_format($_POST['wd']); $bkmon=number_format($ir['bankmoney']); if($ir['bankmoney']<$_POST['wd']) { print " <center>Ai incercat sa retragi <b>\$$with</b> din contul tau, dar nu ai decat <b>\$$bkmon</b> disponibili. <a href=\"bank.php\">< Inapoi</a></center> </div> <div><img src='images/generalinfo_btm.jpg' alt='' /></div> </div> </div> </div> </div> </div> "; $h->endpage(); exit; } /* $total=number_format($ir['bankmoney']-$_POST['wd']); */ $btax=$_POST['wd']*0.03; // if($btax>10000) { $btax=10000; } // $taken=number_format($btax); $bank=$_POST['wd']-$btax; $banky=number_format($bank); $total=number_format($ir['bankmoney']-$bank); print " <center> Ai retras suma de <b>\$$with</b> din contul tau, iar banca ti-a oprit comision de retragere in valoare de <b>\$$taken</b>. Suma finala primita este in valoare de <b>\$$banky</b>, cu toate taxele scazute. <a href=\"bank.php\">< Inapoi</a></center> </div> <div><img src='images/generalinfo_btm.jpg' alt='' /></div> </div> </div> </div> </div> </div> "; $sql = sprintf("UPDATE users SET bankmoney=bankmoney-{$_POST['wd']}, money=money+$bank WHERE userid=$userid"); $db->query($sql); } function deposit() { global $ir,$c,$userid,$h,$db; $_POST['dt'] = abs(intval($_POST['dt'])); $dep=number_format($_POST['dt']); $mon=number_format($ir['money']); if($_POST['dt']<1) { print " <center>Valoarea minima pentru depuneri este de 1\$! Te rugam sa introduci o valoare mai mare. <a href=\"bank.php\">< Inapoi</a></center> </div> <div><img src='images/generalinfo_btm.jpg' alt='' /></div> </div> </div> </div> </div> </div> "; $h->endpage(); exit; } if($ir['money']<$_POST['dt']) { print " <center>Ai incercat sa depui <b>\$$dep</b> in contul tau, dar ai doar <b>\$$mon</b> cash disponibil. <a href=\"bank.php\">< Inapoi</a></center> </div> <div><img src='images/generalinfo_btm.jpg' alt='' /></div> </div> </div> </div> </div> </div> "; $h->endpage(); exit; } $btax=$_POST['dt']*0.02; // if($btax>10000) { $btax=10000; } // $taken=number_format($btax); $bank=$_POST['dt']-$btax; $banky=number_format($bank); $total=number_format($ir['bankmoney']+$bank); print " <center>Ai depus suma de <b>\$$dep</b> in contul tau, din care <b>\$$taken</b> reprezinta comisionul bancii pentru depuneri. Suma totala depusa in contul tau este de <b>\$$banky</b>. <a href=\"bank.php\">< Inapoi</a></center> </div> <div><img src='images/generalinfo_btm.jpg' alt='' /></div> </div> </div> </div> </div> </div> "; $sql = sprintf("UPDATE users SET bankmoney=bankmoney+$bank, money=money-{$_POST['dt']} WHERE userid=$userid"); $db->query($sql); } $h->endpage(); ?> Quote Link to comment Share on other sites More sharing options...
luci2oo9 Posted April 30, 2014 Author Share Posted April 30, 2014 Script47: i need both to check non-existant ID in db, not only if no ID inserted. Veramis: copied and tested with your modifications, result: from line 146 bellow the php does not output any other html in browser... so doesn't show da data divs/tabels bellow. I guess my problem lays not only in function that i don't know how to resolv, but in the actual form that starts at line 231. Any other ideas? Im near cutting my veins after 3 days looking into this code... only. - - - Updated - - - Script47: also, userid in this page is set by the user logged in, but i need to test the user that im transfering to... in my case, the specified xferu from the form post action. Quote Link to comment Share on other sites More sharing options...
SRB Posted April 30, 2014 Share Posted April 30, 2014 <div class='generalinfo_simple'> Ravan script... try ravan support? Quote Link to comment Share on other sites More sharing options...
luci2oo9 Posted April 30, 2014 Author Share Posted April 30, 2014 Guest: mccodes v2, not ravan script... css file from ravan (for structure use). Im trying to use the clean codes from MC, almost clean... until i f***d them up. Quote Link to comment Share on other sites More sharing options...
luci2oo9 Posted April 30, 2014 Author Share Posted April 30, 2014 (edited) i also tried: global $db,$ir,$c,$userid; $_GET['userid'] = abs((int) $_GET['userid']); $_GET['xferu'] = abs((int) $_GET['xferu']); $_POST['xferu'] = abs((int) $_POST['xferu']); $_POST['money'] = abs((int) $_POST['money']); $xferuser = $_POST['xferu']; if($_POST['xferu'] < 1) { print " <br /> This user doesn't exist! <br /> <br /> <a href=\"bank.php\">< Inapoi la Transferuri Bancare</a> <br /> <br /> <br /> </div> <div><img src='images/generalinfo_btm.jpg' alt='' /></div> <br /> </div> </div> </div> </div> </div> "; but with no luck. were is the problem? the whole scope in this is to merge sendcash.php with bank.php, thats why im trying to fix this. also on the bank.php we will have logs for received/transmited funds. i saw this on another game and i like it... i know that it's something messed up about the form for transfer to Beneficiar also, but can't seem to find the erros. Edited May 2, 2014 by luci2oo9 Quote Link to comment Share on other sites More sharing options...
lucky3809 Posted April 30, 2014 Share Posted April 30, 2014 (edited) You can not do such like that your using... if($_POST['xferu'] < 1) { echo 'This user doesn\'t exist!'; } above that you got a $_GET variable that is $_POST['xferu'] you need to select the user in a query such: $q=$db->query("SELECT userid FROM users WHERE userid='{$_POST['xferu']}'"); $r=$db->fetch_row($q); than if($r['userid']==0){echo 'invalid user'';} Edited April 30, 2014 by lucky3809 Quote Link to comment Share on other sites More sharing options...
luci2oo9 Posted May 1, 2014 Author Share Posted May 1, 2014 (edited) lucky3809, i just saw you reply now, after few minutes after resolving the issue already, and yes, you were very very close to solution i adopted. for me, it worked like this: global $db,$ir,$c,$userid; $_GET['userid'] = abs((int) $_GET['userid']); $_GET['xferu'] = abs((int) $_GET['xferu']); $_POST['xferu'] = abs((int) $_POST['xferu']); $_POST['money'] = abs((int) $_POST['money']); $xferuser = $_POST['xferu']; $q=$db->query("SELECT * FROM users WHERE userid={$_POST['xferu']}"); $r=$db->fetch_row($q); if($r['userid'] != $xferuser) { print " <br /> This user doesn't exist! <br /> <br /> <a href=\"bank.php\">< Inapoi la Transferuri Bancare</a> <br /> <br /> <br /> </div> <div><img src='images/generalinfo_btm.jpg' alt='' /></div> <br /> </div> </div> </div> </div> </div> "; exit; } now running other issue, that does not mean as functionality but as optimised code. at the top of script i have does cases with deposit/whitdraw and transfer that calls functions in my code. i want to put the above code in a function, with all other if else from Transfer section... i tried to close function index with } and do function transfer() with all conditions, but im confused because creating function Transfer here, is like creating a function in another function... how can i create this as a function in this place (in this place, i mean that the HTML code generated by PHP should be here but the function elsewhere). sorry about my english. Edited May 1, 2014 by luci2oo9 Quote Link to comment Share on other sites More sharing options...
luci2oo9 Posted May 1, 2014 Author Share Posted May 1, 2014 (edited) reoptimised the transfer part: global $userid; $_POST['xferu'] = abs((int) $_POST['xferu']); $_POST['money'] = abs((int) $_POST['money']); $xferuser = $_POST['xferu']; $q=$db->query("SELECT * FROM users WHERE userid={$_POST['xferu']}"); $r=$db->fetch_row($q); if($r['userid'] != $xferuser) { print " <br /> This user doesn't exist! <br /> <br /> <a href=\"bank.php\">< Inapoi la Transferuri Bancare</a> <br /> <br /> <br /> </div> <div><img src='images/generalinfo_btm.jpg' alt='' /></div> <br /> </div> </div> </div> </div> </div> "; exit; } this is the full transfer part: "; global $userid; $_POST['xferu'] = abs((int) $_POST['xferu']); $_POST['money'] = abs((int) $_POST['money']); $xferuser = $_POST['xferu']; $q=$db->query("SELECT * FROM users WHERE userid={$_POST['xferu']}"); $r=$db->fetch_row($q); if($r['userid'] != $xferuser) { print " <br /> This user doesn't exist! <br /> <br /> <a href=\"bank.php\">< Inapoi la Transferuri Bancare</a> <br /> <br /> <br /> </div> <div><img src='images/generalinfo_btm.jpg' alt='' /></div> <br /> </div> </div> </div> </div> </div> "; exit; } if($_POST['xferu'] == $userid) { print " <br /> Nu iti poti trimite bani singur! <br /> <br /> <a href=\"bank.php\">< Inapoi la Transferuri Bancare</a> <br /> <br /> "; } else { if((int) $_POST['money']) { if($_POST['money'] > $ir['money']) { print " <br /> Nu ai atata cash disponibil!<br /> Retrage din cont suma dorita apoi reincearca transferul.<br /> <br /> <a href=\"bank.php\">< Reincearca</a> <br /> <br /> "; } else { $db->query("UPDATE users SET money=money-{$_POST['money']} WHERE userid=$userid"); $db->query("UPDATE users SET money=money+{$_POST['money']} WHERE userid=$xferuser"); print " <br /> I-ai trimis suma de \${$_POST['money']} utilizatorului cu ID-ul $xferuser. <br /> <br /> <a href=\"bank.php\">< Inapoi la Transferuri Bancare</a> <br /> <br /> "; event_add($xferuser,"Ai primit un transfer bancar de \${$_POST['money']} de la {$ir['username']}.",$c); $it=$db->query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid=$xferuser"); $er=$db->fetch_row($it); $db->query("INSERT INTO cashxferlogs VALUES ('', $userid, $xferuser, {$_POST['money']}, unix_timestamp(), '{$ir['lastip']}', '{$er['lastip']}')"); } } else { print " <table width=\"90%\" class=\"table\" border=\"1\"> <tr><th colspan=\"2\">Transfer Bancar intre Jucatori</th></tr> <tr> <form action='bank.php' method='post'> <td>Beneficiar:</td> <td><input type='text' STYLE='color: black; background-color: white;' name='xferu' /></td> </tr> <tr> <td>Suma:</td> <td><input type='text' STYLE='color: black; background-color: white;' name='money' /></td> </tr> <tr> <td colspan=\"2\" align=\"center\"><input type='submit' STYLE='color: black; background-color: white;' value=' Trimite  ' /></td> </form> </tr> </table> <br /> <table width=\"90%\" class=\"table\" border=\"1\"> <tr> <th colspan=\"4\">Ultimile 5 Transferuri (efectuate)</th> </tr> <tr> <td width=\"190px;\"><b>Data</b></td> <td width=\"190px;\"><b>Beneficiar</b></td> <td width=\"190px;\"><b>Suma</b></td> </tr> "; $q=$db->query("SELECT cx.*,u1.username as sender, u2.username as sent FROM cashxferlogs cx LEFT JOIN users u1 ON cx.cxFROM=u1.userid LEFT JOIN users u2 ON cx.cxTO=u2.userid WHERE cx.cxFROM=$userid ORDER BY cx.cxTIME DESC LIMIT 5"); while($r=$db->fetch_row($q)) { if($r['cxFROMIP'] == $r['cxTOIP']) { $m="<span style='color:red;font-weight:800'>MULTI</span>"; } else { $m=""; } print "<tr> <td>" . date("F j, Y, g:i:s a",$r['cxTIME']) . "</td><td>{$r['sent']} [{$r['cxTO']}] </td> <td> \${$r['cxAMOUNT']}</td> </tr>"; } print " </table> "; and finally, this is the part that i want to appear permanently on the HTML output, until player inserts amount and id for transfer, action that will post in HTML the if else messages from Transfer when checking ID and that stuff: print " <table width=\"90%\" class=\"table\" border=\"1\"> <tr><th colspan=\"2\">Transfer Bancar intre Jucatori</th></tr> <tr> <form action='bank.php' method='post'> <td>Beneficiar:</td> <td><input type='text' STYLE='color: black; background-color: white;' name='xferu' /></td> </tr> <tr> <td>Suma:</td> <td><input type='text' STYLE='color: black; background-color: white;' name='money' /></td> </tr> <tr> <td colspan=\"2\" align=\"center\"><input type='submit' STYLE='color: black; background-color: white;' value=' Trimite  ' /></td> </form> </tr> </table> don't know how to separate this all, to make a function... 1st problem, and 2nd problem lays down at what i said earlier - i have created this all in a function named function index() and don't know how to move function transfer() to be located outside function index() not in it. or how is the best fit for this script page anyway? thanks. Edited May 1, 2014 by luci2oo9 Quote Link to comment Share on other sites More sharing options...
luci2oo9 Posted May 1, 2014 Author Share Posted May 1, 2014 in my actual script, when player is accesing bank.php he sees on screen Deposit and Withdraw, Transfer part and the logs with Ultimile 5 transferuri (primite) & (trimise) - in english Last 5 transfers (received and sent). when player inserts amount and id in transfer part and sends the form, the bellow lines from script does not appear/post anymore (the last 5 transfers logs and the transfer part dedicated for user transfers). Quote Link to comment Share on other sites More sharing options...
lucky3809 Posted May 1, 2014 Share Posted May 1, 2014 I don't know your script is all over the place... I would not use switches.. You can use If($_GET['action']==Withdraw){WITHDRAW STUFF} else If($_GET['action']==Deposit){DEPOSIT STUFF} else If($_GET['action']==Transfer){TRANSFER STUFF} else { HTML YOU WANT TO SHOW WHEN USER CLICKS ON PAGE. } Quote Link to comment Share on other sites More sharing options...
luci2oo9 Posted May 1, 2014 Author Share Posted May 1, 2014 i want to show all, but i have some mixed functions there, one function index() and second function transfer() that is not created... if you look at the code you will se that: function index() { if something .... print "...something"; -> and here is the transfer part, that id like to transform to function if back to function index print "...whatever"; } // end function index as you can see, if i create function transfer() this will reside inside function index () and thats no good for me. if i pull out function transfer(), after i will create it, well... don't know how to explain, but when function posting something will not post in that place, on HTML, it will post were i pulled it. can't find all words in english to explain better, damn Quote Link to comment Share on other sites More sharing options...
luci2oo9 Posted May 1, 2014 Author Share Posted May 1, 2014 all problems solved. thank you all for assistance. topic can be closed / deleted. Quote Link to comment Share on other sites More sharing options...
Magictallguy Posted May 2, 2014 Share Posted May 2, 2014 (edited) You can not do such like that your using... if($_POST['xferu'] < 1) { echo 'This user doesn\'t exist!'; } above that you got a $_GET variable that is $_POST['xferu'] you need to select the user in a query such: $q=$db->query("SELECT userid FROM users WHERE userid='{$_POST['xferu']}'"); $r=$db->fetch_row($q); than if($r['userid']==0){echo 'invalid user'';} False, you can use his method - though I'd recommend a rather large update first. if(!array_key_exists('xferu', $_POST)) { echo 'The form hasn\'t been submitted'; exit($h->endpage()); } $_POST['xferu'] = isset($_POST['xferu']) && ctype_digit($_POST['xferu']) ? $_POST['xferu'] : null; if(empty($_POST['xferu'])) { echo 'You didn\'t enter a valid player ID'; exit($h->endpage()); } $select = $db->query('SELECT `username` FROM `users` WHERE `userid` = '.$_POST['xferu']); if(!$db->num_rows($select)) { echo 'That player doesn\'t exist'; exit($h->endpage()); } // Continue here.. make sure to validate input for amount too! Edited May 2, 2014 by Magictallguy Missed an escape for the word "hasn't" Quote Link to comment Share on other sites More sharing options...
sniko Posted May 2, 2014 Share Posted May 2, 2014 False, you can use his method - though I'd recommend a rather large update first. if(!array_key_exists('xferu', $_POST)) { echo 'The form hasn\'t been submitted'; exit($h->endpage()); } $_POST['xferu'] = isset($_POST['xferu']) && ctype_digit($_POST['xferu']) ? $_POST['xferu'] : null; if(empty($_POST['xferu'])) { echo 'You didn\'t enter a valid player ID'; exit($h->endpage()); } $select = $db->query('SELECT `username` FROM `users` WHERE `userid` = '.$_POST['xferu']); if(!$db->num_rows($select)) { echo 'That player doesn\'t exist'; exit($h->endpage()); } // Continue here.. make sure to validate input for amount too! You may want to typecast that to string. <?php $array = array("string" => (string) "20", "int" => (int) 20, "float" => (float) 20.00, ); foreach($array as $type => $test) { echo (ctype_digit($test) ? 'VALID' : 'INVALID') .' - '. $type .'<br />'; } Will return; VALID - string INVALID - int INVALID - float Quote Link to comment Share on other sites More sharing options...
lucky3809 Posted May 3, 2014 Share Posted May 3, 2014 (edited) False, you can use his method - though I'd recommend a rather large update first. if(!array_key_exists('xferu', $_POST)) { echo 'The form hasn\'t been submitted'; exit($h->endpage()); } $_POST['xferu'] = isset($_POST['xferu']) && ctype_digit($_POST['xferu']) ? $_POST['xferu'] : null; if(empty($_POST['xferu'])) { echo 'You didn\'t enter a valid player ID'; exit($h->endpage()); } $select = $db->query('SELECT `username` FROM `users` WHERE `userid` = '.$_POST['xferu']); if(!$db->num_rows($select)) { echo 'That player doesn\'t exist'; exit($h->endpage()); } // Continue here.. make sure to validate input for amount too! Why go through all that hassle to get a valid user from the database, when all he had to do is SELECT it than made an if statement? I meant that he can not just call a variable as it is, that is not relating to anything database wise and expect it to scan for a valid user in his database....This is what he had global $db,$ir,$c,$userid; $_GET['userid'] = abs((int) $_GET['userid']); $_GET['xferu'] = abs((int) $_GET['xferu']); $_POST['xferu'] = abs((int) $_POST['xferu']); $_POST['money'] = abs((int) $_POST['money']); $xferuser = $_POST['xferu']; if($_POST['xferu'] < 1) { print " This user doesn't exist! <a href=\"bank.php\">< Inapoi la Transferuri Bancare</a> </div> <div><img src='images/generalinfo_btm.jpg' alt='' /></div> </div> </div> </div> </div> </div> "; Also in your example you did EXACTLY what I did but made it if(!$db->num_rows($select)) { instead of if($r['userid']==0){ .... as for the other he could have also used empty() and !is_numeric() as for it was a number for his form to validate it... Edited May 3, 2014 by lucky3809 Quote Link to comment Share on other sites More sharing options...
Magictallguy Posted May 3, 2014 Share Posted May 3, 2014 Why go through all that hassle to get a valid user from the database, when all he had to do is SELECT it than made an if statement? I meant that he can not just call a variable as it is, that is not relating to anything database wise and expect it to scan for a valid user in his database....This is what he had global $db,$ir,$c,$userid; $_GET['userid'] = abs((int) $_GET['userid']); $_GET['xferu'] = abs((int) $_GET['xferu']); $_POST['xferu'] = abs((int) $_POST['xferu']); $_POST['money'] = abs((int) $_POST['money']); $xferuser = $_POST['xferu']; if($_POST['xferu'] < 1) { print " This user doesn't exist! <a href=\"bank.php\">< Inapoi la Transferuri Bancare</a> </div> <div><img src='images/generalinfo_btm.jpg' alt='' /></div> </div> </div> </div> </div> </div> "; Also in your example you did EXACTLY what I did but made it if(!$db->num_rows($select)) { instead of if($r['userid']==0){ .... as for the other he could have also used empty() and !is_numeric() as for it was a number for his form to validate it... The little code snippet you posted showed nothing for sanitation or validation. I was going, purely, from your post. All I did was validate, then sanitize, then validate again - which, yes, it does look like a lot of work, but try and exploit that code ;) Quote Link to comment Share on other sites More sharing options...
lucky3809 Posted May 3, 2014 Share Posted May 3, 2014 That is fine lol... He did not want validation because he did not post all his code on here, he only posted that snippet, and he had only asked for that part to validate if the user existed in the database so I posted a snippet, which he already had before looking at my post... But anyways everyone has a preference in coding... I would have validated the POST variable as if(empty($_POST['xferu']) || !is_numeric($_POST['xferu'])) {echo ' Error, you did not submit the right input';} than checked if the user existed in the database while securing the POST in query with intval()... Try telling me someone can hack that!! That is simple PHP validation and it works 100% effectively the same way as your sanitizers... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.