Bank.php

gurpreet · November 12, 2007

Ok im trying to make it so on my game, mccodes v2, on bank.php you dont have to buy an account.

<?php

include "globals.php";

print "<h3>Bank</h3>";

if($ir['bankmoney']>-1)

{

switch($_GET['action'])

{

case "deposit":

deposit();

break;



case "withdraw":

withdraw();

break;



default:

index();

break;

}

function index()

{

global $db, $ir,$c,$userid,$h;

print "\n[b]You currently have \${$ir['bankmoney']} in the bank.[/b]


At the end of each day, your bank balance will go up by 2%.


<table width='100%' cellspacing=1 class='table'> <tr> <td width='50%'>[b]Deposit Money[/b]


It will cost you 15% of the money you deposit, rounded up. The maximum fee is \$3,000.<form action='bank.php?action=deposit' method='post'>

Amount: <input type='text' name='deposit' value='{$ir['money']}' />


<input type='submit' value='Deposit' /></form></td> <td>

[b]Withdraw Money[/b]


There is no fee on withdrawals.<form action='bank.php?action=withdraw' method='post'>

Amount: <input type='text' name='withdraw' value='{$ir['bankmoney']}' />


<input type='submit' value='Withdraw' /></form></td> </tr> </table>";

}

function deposit()

{

global $db,$ir,$c,$userid,$h;

$check = (

	strpos($_POST[' deposit'],'<script>') || 

	strpos($_POST['deposit'],'<script/>') || 

	strrchr($_POST['deposit'],'>') || 

	strrchr($_POST['deposit'],'<') || 

	strrchr($_POST['deposit'],'{') || 

	strrchr($_POST['deposit'],'}') || 

	strrchr($_POST['deposit'],'/') || 

	strrchr($_POST['deposit'],'<?') || 

	strrchr($_POST['deposit'],';'));

if($check===true){

		$message = htmlentities($_POST['deposit'], ENT_QUOTES);

		event_add(1, "{$ir['username']} [$userid] Possibly Tried SQL Injecting Thebr /> 




		[b]message post error/b>


		Message:- $deposit",$c);

		die ("



		<h4> PAGE ERROR -- Illeagal Entry! </h4>

		You`re Input Contains An Illegal String,


		A Copy Of What You Entered Has Been Sent To Admin For Evaluation.



		Please Start Again And Only Enter Valid Characters.... 			Thank you. 






		[url='bank.php'] Back [/url]");

		$h->endpage();

		exit;

		}

$_POST['deposit']=abs($_POST['deposit']);

if($_POST['deposit'] > $ir['money'])

{

print "You do not have enough money to deposit this amount.";

}

else

{

$fee=ceil($_POST['deposit']*15/100);

if($fee > 3000) { $fee=3000; }

$gain=$_POST['deposit']-$fee;

$ir['bankmoney']+=$gain;

$db->query("UPDATE users SET bankmoney=bankmoney+$gain, money=money-{$_POST['deposit']} where userid=$userid");

print "You hand over \${$_POST['deposit']} to be deposited, 


after the fee is taken (\$$fee), \$$gain is added to your account. 


[b]You now have \${$ir['bankmoney']} in the bank.[/b]


[url='bank.php']> Back[/url]";

}

}

function withdraw()

{

global $db,$ir,$c,$userid,$h;

$check = (

	strpos($_POST[' withdraw'],'<script>') || 

	strpos($_POST['withdraw'],'<script/>') || 

	strrchr($_POST['withdraw'],'>') || 

	strrchr($_POST['withdraw'],'<') || 

	strrchr($_POST['withdraw'],'{') || 

	strrchr($_POST['withdraw'],'}') || 

	strrchr($_POST['withdraw'],'/') || 

	strrchr($_POST['withdraw'],'<?') || 

	strrchr($_POST['withdraw'],';'));

if($check===true){

		$message = htmlentities($_POST['withdraw'], ENT_QUOTES);

		event_add(1, "{$ir['username']} [$userid] Possibly Tried SQL Injecting There /> 




		[b]message post error/b>


		Message:- $withdraw",$c);

		die ("



		<h4> PAGE ERROR -- Illeagal Entry! </h4>

		You`re Input Contains An Illegal String,


		A Copy Of What You Entered Has Been Sent To Admin For Evaluation.



		Please Start Again And Only Enter Valid Characters.... 			Thank you. 






		[url='bank.php'] Back [/url]");

		$h->endpage();

		exit;

		}


$_POST['withdraw']=abs($_POST['withdraw']);

if($_POST['withdraw'] > $ir['bankmoney'])

{

print "You do not have enough banked money to withdraw this amount.";

}

else

{



$gain=$_POST['withdraw'];

$ir['bankmoney']-=$gain;

$db->query("UPDATE users SET bankmoney=bankmoney-$gain, money=money+$gain where userid=$userid");

print "You ask to withdraw $gain, 


The bank lady happily gives you the money. 


[b]You now have \${$ir['bankmoney']} in the bank.[/b]


[url='bank.php']> Back[/url]";

}

}

$h->endpage();

?>

Then i get the error about unexpected $send on last line, which i think means im missing a { or }. Can someone please help me fix this. Thanks

fbiss · November 12, 2007

Re: Bank.php

*updated code below

gurpreet · November 12, 2007

Re: Bank.php

Well it kinda works, but if you dont have a bank account, it just say BANK nothing else. No withdraw or anything :S

fbiss · November 12, 2007

Re: Bank.php

thats actually becauce u took the Query out to update your bank from -1 to 0, so really you still dont have a account.

try this

<?php
include "globals.php";
print "<h3>Bank</h3>";
if($ir['bankmoney']>-1)
{
switch($_GET['action'])
{
case "deposit":
deposit();
break;

case "withdraw":
withdraw();
break;

default:
index();
break;
}
}
else
{
if(isset($_GET['buy']))
{
print "Congratulations, you opened your free bank account!

[url='bank.php']Start using my account[/url]";
$db->query("UPDATE users SET bankmoney=0 WHERE userid=$userid");
}
else
{
print "Open a free bank account today!

[url='bank.php?buy']> Yes, sign me up![/url]";
}
}
function index()
{

global $db, $ir,$c,$userid,$h;

print "\n[b]You currently have \${$ir['bankmoney']} in the bank.[/b]


At the end of each day, your bank balance will go up by 2%.


<table width='100%' cellspacing=1 class='table'> <tr> <td width='50%'>[b]Deposit Money[/b]


It will cost you 15% of the money you deposit, rounded up. The maximum fee is \$3,000.<form action='bank.php?action=deposit' method='post'>

Amount: <input type='text' name='deposit' value='{$ir['money']}' />


<input type='submit' value='Deposit' /></form></td> <td>

[b]Withdraw Money[/b]


There is no fee on withdrawals.<form action='bank.php?action=withdraw' method='post'>

Amount: <input type='text' name='withdraw' value='{$ir['bankmoney']}' />


<input type='submit' value='Withdraw' /></form></td> </tr> </table>";

}

function deposit()

{

global $db,$ir,$c,$userid,$h;

$check = (

	strpos($_POST[' deposit'],'<script>') || 

	strpos($_POST['deposit'],'<script/>') || 

	strrchr($_POST['deposit'],'>') || 

	strrchr($_POST['deposit'],'<') || 

	strrchr($_POST['deposit'],'{') || 

	strrchr($_POST['deposit'],'}') || 

	strrchr($_POST['deposit'],'/') || 

	strrchr($_POST['deposit'],'<?') || 

	strrchr($_POST['deposit'],';'));

if($check===true){

		$message = htmlentities($_POST['deposit'], ENT_QUOTES);

		event_add(1, "{$ir['username']} [$userid] Possibly Tried SQL Injecting Thebr /> 




		[b]message post error/b>


		Message:- $deposit",$c);

		die ("



		<h4> PAGE ERROR -- Illeagal Entry! </h4>

		You`re Input Contains An Illegal String,


		A Copy Of What You Entered Has Been Sent To Admin For Evaluation.



		Please Start Again And Only Enter Valid Characters.... 			Thank you. 






		[url='bank.php'] Back [/url]");

		$h->endpage();

		exit;

		}

$_POST['deposit']=abs($_POST['deposit']);

if($_POST['deposit'] > $ir['money'])

{

print "You do not have enough money to deposit this amount.";

}

else

{

$fee=ceil($_POST['deposit']*15/100);

if($fee > 3000) { $fee=3000; }

$gain=$_POST['deposit']-$fee;

$ir['bankmoney']+=$gain;

$db->query("UPDATE users SET bankmoney=bankmoney+$gain, money=money-{$_POST['deposit']} where userid=$userid");

print "You hand over \${$_POST['deposit']} to be deposited, 


after the fee is taken (\$$fee), \$$gain is added to your account. 


[b]You now have \${$ir['bankmoney']} in the bank.[/b]


[url='bank.php']> Back[/url]";

}

}

function withdraw()

{

global $db,$ir,$c,$userid,$h;

$check = (

	strpos($_POST[' withdraw'],'<script>') || 

	strpos($_POST['withdraw'],'<script/>') || 

	strrchr($_POST['withdraw'],'>') || 

	strrchr($_POST['withdraw'],'<') || 

	strrchr($_POST['withdraw'],'{') || 

	strrchr($_POST['withdraw'],'}') || 

	strrchr($_POST['withdraw'],'/') || 

	strrchr($_POST['withdraw'],'<?') || 

	strrchr($_POST['withdraw'],';'));

if($check===true){

		$message = htmlentities($_POST['withdraw'], ENT_QUOTES);

		event_add(1, "{$ir['username']} [$userid] Possibly Tried SQL Injecting There /> 




		[b]message post error/b>


		Message:- $withdraw",$c);

		die ("



		<h4> PAGE ERROR -- Illeagal Entry! </h4>

		You`re Input Contains An Illegal String,


		A Copy Of What You Entered Has Been Sent To Admin For Evaluation.



		Please Start Again And Only Enter Valid Characters.... 			Thank you. 






		[url='bank.php'] Back [/url]");

		$h->endpage();

		exit;

		}


$_POST['withdraw']=abs($_POST['withdraw']);

if($_POST['withdraw'] > $ir['bankmoney'])

{

print "You do not have enough banked money to withdraw this amount.";

}

else

{



$gain=$_POST['withdraw'];

$ir['bankmoney']-=$gain;

$db->query("UPDATE users SET bankmoney=bankmoney-$gain, money=money+$gain where userid=$userid");

print "You ask to withdraw $gain, 


The bank lady happily gives you the money. 


[b]You now have \${$ir['bankmoney']} in the bank.[/b]


[url='bank.php']> Back[/url]";

}

}

$h->endpage();

?>

gurpreet · November 12, 2007

Re: Bank.php

TYVM you 2. I will give you +1 for a day or 2 :) Thanks again

Godhand · November 12, 2007

Re: Bank.php

You could also just make the default for bank to be set at 0. Although that might seem overly simple?

Isomerizer · November 12, 2007

Re: Bank.php

Or maybe just..

$_POST['deposit']=abs(@intval($_POST['deposit']));

?

Sign In

Bank.php

Recommended Posts

gurpreet

fbiss

gurpreet

fbiss

gurpreet

Godhand

Isomerizer

Join the conversation

Browse

Activity

Hosting