Jump to content
MakeWebGames

Bank.php


gurpreet

Recommended Posts

Ok im trying to make it so on my game, mccodes v2, on bank.php you dont have to buy an account.

<?php

include "globals.php";

print "<h3>Bank</h3>";

if($ir['bankmoney']>-1)

{

switch($_GET['action'])

{

case "deposit":

deposit();

break;



case "withdraw":

withdraw();

break;



default:

index();

break;

}

function index()

{

global $db, $ir,$c,$userid,$h;

print "\n[b]You currently have \${$ir['bankmoney']} in the bank.[/b]


At the end of each day, your bank balance will go up by 2%.


<table width='100%' cellspacing=1 class='table'> <tr> <td width='50%'>[b]Deposit Money[/b]


It will cost you 15% of the money you deposit, rounded up. The maximum fee is \$3,000.<form action='bank.php?action=deposit' method='post'>

Amount: <input type='text' name='deposit' value='{$ir['money']}' />


<input type='submit' value='Deposit' /></form></td> <td>

[b]Withdraw Money[/b]


There is no fee on withdrawals.<form action='bank.php?action=withdraw' method='post'>

Amount: <input type='text' name='withdraw' value='{$ir['bankmoney']}' />


<input type='submit' value='Withdraw' /></form></td> </tr> </table>";

}

function deposit()

{

global $db,$ir,$c,$userid,$h;

$check = (

	strpos($_POST[' deposit'],'<script>') || 

	strpos($_POST['deposit'],'<script/>') || 

	strrchr($_POST['deposit'],'>') || 

	strrchr($_POST['deposit'],'<') || 

	strrchr($_POST['deposit'],'{') || 

	strrchr($_POST['deposit'],'}') || 

	strrchr($_POST['deposit'],'/') || 

	strrchr($_POST['deposit'],'<?') || 

	strrchr($_POST['deposit'],';'));

if($check===true){

		$message = htmlentities($_POST['deposit'], ENT_QUOTES);

		event_add(1, "{$ir['username']} [$userid] Possibly Tried SQL Injecting Thebr /> 




		[b]message post error/b>


		Message:- $deposit",$c);

		die ("



		<h4> PAGE ERROR -- Illeagal Entry! </h4>

		You`re Input Contains An Illegal String,


		A Copy Of What You Entered Has Been Sent To Admin For Evaluation.



		Please Start Again And Only Enter Valid Characters.... 			Thank you. 






		[url='bank.php'] Back [/url]");

		$h->endpage();

		exit;

		}

$_POST['deposit']=abs($_POST['deposit']);

if($_POST['deposit'] > $ir['money'])

{

print "You do not have enough money to deposit this amount.";

}

else

{

$fee=ceil($_POST['deposit']*15/100);

if($fee > 3000) { $fee=3000; }

$gain=$_POST['deposit']-$fee;

$ir['bankmoney']+=$gain;

$db->query("UPDATE users SET bankmoney=bankmoney+$gain, money=money-{$_POST['deposit']} where userid=$userid");

print "You hand over \${$_POST['deposit']} to be deposited, 


after the fee is taken (\$$fee), \$$gain is added to your account. 


[b]You now have \${$ir['bankmoney']} in the bank.[/b]


[url='bank.php']> Back[/url]";

}

}

function withdraw()

{

global $db,$ir,$c,$userid,$h;

$check = (

	strpos($_POST[' withdraw'],'<script>') || 

	strpos($_POST['withdraw'],'<script/>') || 

	strrchr($_POST['withdraw'],'>') || 

	strrchr($_POST['withdraw'],'<') || 

	strrchr($_POST['withdraw'],'{') || 

	strrchr($_POST['withdraw'],'}') || 

	strrchr($_POST['withdraw'],'/') || 

	strrchr($_POST['withdraw'],'<?') || 

	strrchr($_POST['withdraw'],';'));

if($check===true){

		$message = htmlentities($_POST['withdraw'], ENT_QUOTES);

		event_add(1, "{$ir['username']} [$userid] Possibly Tried SQL Injecting There /> 




		[b]message post error/b>


		Message:- $withdraw",$c);

		die ("



		<h4> PAGE ERROR -- Illeagal Entry! </h4>

		You`re Input Contains An Illegal String,


		A Copy Of What You Entered Has Been Sent To Admin For Evaluation.



		Please Start Again And Only Enter Valid Characters.... 			Thank you. 






		[url='bank.php'] Back [/url]");

		$h->endpage();

		exit;

		}


$_POST['withdraw']=abs($_POST['withdraw']);

if($_POST['withdraw'] > $ir['bankmoney'])

{

print "You do not have enough banked money to withdraw this amount.";

}

else

{



$gain=$_POST['withdraw'];

$ir['bankmoney']-=$gain;

$db->query("UPDATE users SET bankmoney=bankmoney-$gain, money=money+$gain where userid=$userid");

print "You ask to withdraw $gain, 


The bank lady happily gives you the money. 


[b]You now have \${$ir['bankmoney']} in the bank.[/b]


[url='bank.php']> Back[/url]";

}

}

$h->endpage();

?>

 

Then i get the error about unexpected $send on last line, which i think means im missing a { or }. Can someone please help me fix this. Thanks

Link to comment
Share on other sites

Re: Bank.php

thats actually becauce u took the Query out to update your bank from -1 to 0, so really you still dont have a account.

try this

 

<?php
include "globals.php";
print "<h3>Bank</h3>";
if($ir['bankmoney']>-1)
{
switch($_GET['action'])
{
case "deposit":
deposit();
break;

case "withdraw":
withdraw();
break;

default:
index();
break;
}
}
else
{
if(isset($_GET['buy']))
{
print "Congratulations, you opened your free bank account!

[url='bank.php']Start using my account[/url]";
$db->query("UPDATE users SET bankmoney=0 WHERE userid=$userid");
}
else
{
print "Open a free bank account today!

[url='bank.php?buy']> Yes, sign me up![/url]";
}
}
function index()
{

global $db, $ir,$c,$userid,$h;

print "\n[b]You currently have \${$ir['bankmoney']} in the bank.[/b]


At the end of each day, your bank balance will go up by 2%.


<table width='100%' cellspacing=1 class='table'> <tr> <td width='50%'>[b]Deposit Money[/b]


It will cost you 15% of the money you deposit, rounded up. The maximum fee is \$3,000.<form action='bank.php?action=deposit' method='post'>

Amount: <input type='text' name='deposit' value='{$ir['money']}' />


<input type='submit' value='Deposit' /></form></td> <td>

[b]Withdraw Money[/b]


There is no fee on withdrawals.<form action='bank.php?action=withdraw' method='post'>

Amount: <input type='text' name='withdraw' value='{$ir['bankmoney']}' />


<input type='submit' value='Withdraw' /></form></td> </tr> </table>";

}

function deposit()

{

global $db,$ir,$c,$userid,$h;

$check = (

	strpos($_POST[' deposit'],'<script>') || 

	strpos($_POST['deposit'],'<script/>') || 

	strrchr($_POST['deposit'],'>') || 

	strrchr($_POST['deposit'],'<') || 

	strrchr($_POST['deposit'],'{') || 

	strrchr($_POST['deposit'],'}') || 

	strrchr($_POST['deposit'],'/') || 

	strrchr($_POST['deposit'],'<?') || 

	strrchr($_POST['deposit'],';'));

if($check===true){

		$message = htmlentities($_POST['deposit'], ENT_QUOTES);

		event_add(1, "{$ir['username']} [$userid] Possibly Tried SQL Injecting Thebr /> 




		[b]message post error/b>


		Message:- $deposit",$c);

		die ("



		<h4> PAGE ERROR -- Illeagal Entry! </h4>

		You`re Input Contains An Illegal String,


		A Copy Of What You Entered Has Been Sent To Admin For Evaluation.



		Please Start Again And Only Enter Valid Characters.... 			Thank you. 






		[url='bank.php'] Back [/url]");

		$h->endpage();

		exit;

		}

$_POST['deposit']=abs($_POST['deposit']);

if($_POST['deposit'] > $ir['money'])

{

print "You do not have enough money to deposit this amount.";

}

else

{

$fee=ceil($_POST['deposit']*15/100);

if($fee > 3000) { $fee=3000; }

$gain=$_POST['deposit']-$fee;

$ir['bankmoney']+=$gain;

$db->query("UPDATE users SET bankmoney=bankmoney+$gain, money=money-{$_POST['deposit']} where userid=$userid");

print "You hand over \${$_POST['deposit']} to be deposited, 


after the fee is taken (\$$fee), \$$gain is added to your account. 


[b]You now have \${$ir['bankmoney']} in the bank.[/b]


[url='bank.php']> Back[/url]";

}

}

function withdraw()

{

global $db,$ir,$c,$userid,$h;

$check = (

	strpos($_POST[' withdraw'],'<script>') || 

	strpos($_POST['withdraw'],'<script/>') || 

	strrchr($_POST['withdraw'],'>') || 

	strrchr($_POST['withdraw'],'<') || 

	strrchr($_POST['withdraw'],'{') || 

	strrchr($_POST['withdraw'],'}') || 

	strrchr($_POST['withdraw'],'/') || 

	strrchr($_POST['withdraw'],'<?') || 

	strrchr($_POST['withdraw'],';'));

if($check===true){

		$message = htmlentities($_POST['withdraw'], ENT_QUOTES);

		event_add(1, "{$ir['username']} [$userid] Possibly Tried SQL Injecting There /> 




		[b]message post error/b>


		Message:- $withdraw",$c);

		die ("



		<h4> PAGE ERROR -- Illeagal Entry! </h4>

		You`re Input Contains An Illegal String,


		A Copy Of What You Entered Has Been Sent To Admin For Evaluation.



		Please Start Again And Only Enter Valid Characters.... 			Thank you. 






		[url='bank.php'] Back [/url]");

		$h->endpage();

		exit;

		}


$_POST['withdraw']=abs($_POST['withdraw']);

if($_POST['withdraw'] > $ir['bankmoney'])

{

print "You do not have enough banked money to withdraw this amount.";

}

else

{



$gain=$_POST['withdraw'];

$ir['bankmoney']-=$gain;

$db->query("UPDATE users SET bankmoney=bankmoney-$gain, money=money+$gain where userid=$userid");

print "You ask to withdraw $gain, 


The bank lady happily gives you the money. 


[b]You now have \${$ir['bankmoney']} in the bank.[/b]


[url='bank.php']> Back[/url]";

}

}

$h->endpage();

?>
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...