gurpreet Posted November 12, 2007 Share Posted November 12, 2007 Ok im trying to make it so on my game, mccodes v2, on bank.php you dont have to buy an account. <?php include "globals.php"; print "<h3>Bank</h3>"; if($ir['bankmoney']>-1) { switch($_GET['action']) { case "deposit": deposit(); break; case "withdraw": withdraw(); break; default: index(); break; } function index() { global $db, $ir,$c,$userid,$h; print "\n[b]You currently have \${$ir['bankmoney']} in the bank.[/b] At the end of each day, your bank balance will go up by 2%. <table width='100%' cellspacing=1 class='table'> <tr> <td width='50%'>[b]Deposit Money[/b] It will cost you 15% of the money you deposit, rounded up. The maximum fee is \$3,000.<form action='bank.php?action=deposit' method='post'> Amount: <input type='text' name='deposit' value='{$ir['money']}' /> <input type='submit' value='Deposit' /></form></td> <td> [b]Withdraw Money[/b] There is no fee on withdrawals.<form action='bank.php?action=withdraw' method='post'> Amount: <input type='text' name='withdraw' value='{$ir['bankmoney']}' /> <input type='submit' value='Withdraw' /></form></td> </tr> </table>"; } function deposit() { global $db,$ir,$c,$userid,$h; $check = ( strpos($_POST[' deposit'],'<script>') || strpos($_POST['deposit'],'<script/>') || strrchr($_POST['deposit'],'>') || strrchr($_POST['deposit'],'<') || strrchr($_POST['deposit'],'{') || strrchr($_POST['deposit'],'}') || strrchr($_POST['deposit'],'/') || strrchr($_POST['deposit'],'<?') || strrchr($_POST['deposit'],';')); if($check===true){ $message = htmlentities($_POST['deposit'], ENT_QUOTES); event_add(1, "{$ir['username']} [$userid] Possibly Tried SQL Injecting Thebr /> [b]message post error/b> Message:- $deposit",$c); die (" <h4> PAGE ERROR -- Illeagal Entry! </h4> You`re Input Contains An Illegal String, A Copy Of What You Entered Has Been Sent To Admin For Evaluation. Please Start Again And Only Enter Valid Characters.... Thank you. [url='bank.php'] Back [/url]"); $h->endpage(); exit; } $_POST['deposit']=abs($_POST['deposit']); if($_POST['deposit'] > $ir['money']) { print "You do not have enough money to deposit this amount."; } else { $fee=ceil($_POST['deposit']*15/100); if($fee > 3000) { $fee=3000; } $gain=$_POST['deposit']-$fee; $ir['bankmoney']+=$gain; $db->query("UPDATE users SET bankmoney=bankmoney+$gain, money=money-{$_POST['deposit']} where userid=$userid"); print "You hand over \${$_POST['deposit']} to be deposited, after the fee is taken (\$$fee), \$$gain is added to your account. [b]You now have \${$ir['bankmoney']} in the bank.[/b] [url='bank.php']> Back[/url]"; } } function withdraw() { global $db,$ir,$c,$userid,$h; $check = ( strpos($_POST[' withdraw'],'<script>') || strpos($_POST['withdraw'],'<script/>') || strrchr($_POST['withdraw'],'>') || strrchr($_POST['withdraw'],'<') || strrchr($_POST['withdraw'],'{') || strrchr($_POST['withdraw'],'}') || strrchr($_POST['withdraw'],'/') || strrchr($_POST['withdraw'],'<?') || strrchr($_POST['withdraw'],';')); if($check===true){ $message = htmlentities($_POST['withdraw'], ENT_QUOTES); event_add(1, "{$ir['username']} [$userid] Possibly Tried SQL Injecting There /> [b]message post error/b> Message:- $withdraw",$c); die (" <h4> PAGE ERROR -- Illeagal Entry! </h4> You`re Input Contains An Illegal String, A Copy Of What You Entered Has Been Sent To Admin For Evaluation. Please Start Again And Only Enter Valid Characters.... Thank you. [url='bank.php'] Back [/url]"); $h->endpage(); exit; } $_POST['withdraw']=abs($_POST['withdraw']); if($_POST['withdraw'] > $ir['bankmoney']) { print "You do not have enough banked money to withdraw this amount."; } else { $gain=$_POST['withdraw']; $ir['bankmoney']-=$gain; $db->query("UPDATE users SET bankmoney=bankmoney-$gain, money=money+$gain where userid=$userid"); print "You ask to withdraw $gain, The bank lady happily gives you the money. [b]You now have \${$ir['bankmoney']} in the bank.[/b] [url='bank.php']> Back[/url]"; } } $h->endpage(); ?> Then i get the error about unexpected $send on last line, which i think means im missing a { or }. Can someone please help me fix this. Thanks Quote Link to comment Share on other sites More sharing options...
fbiss Posted November 12, 2007 Share Posted November 12, 2007 Re: Bank.php *updated code below Quote Link to comment Share on other sites More sharing options...
gurpreet Posted November 12, 2007 Author Share Posted November 12, 2007 Re: Bank.php Well it kinda works, but if you dont have a bank account, it just say BANK nothing else. No withdraw or anything :S Quote Link to comment Share on other sites More sharing options...
fbiss Posted November 12, 2007 Share Posted November 12, 2007 Re: Bank.php thats actually becauce u took the Query out to update your bank from -1 to 0, so really you still dont have a account. try this <?php include "globals.php"; print "<h3>Bank</h3>"; if($ir['bankmoney']>-1) { switch($_GET['action']) { case "deposit": deposit(); break; case "withdraw": withdraw(); break; default: index(); break; } } else { if(isset($_GET['buy'])) { print "Congratulations, you opened your free bank account! [url='bank.php']Start using my account[/url]"; $db->query("UPDATE users SET bankmoney=0 WHERE userid=$userid"); } else { print "Open a free bank account today! [url='bank.php?buy']> Yes, sign me up![/url]"; } } function index() { global $db, $ir,$c,$userid,$h; print "\n[b]You currently have \${$ir['bankmoney']} in the bank.[/b] At the end of each day, your bank balance will go up by 2%. <table width='100%' cellspacing=1 class='table'> <tr> <td width='50%'>[b]Deposit Money[/b] It will cost you 15% of the money you deposit, rounded up. The maximum fee is \$3,000.<form action='bank.php?action=deposit' method='post'> Amount: <input type='text' name='deposit' value='{$ir['money']}' /> <input type='submit' value='Deposit' /></form></td> <td> [b]Withdraw Money[/b] There is no fee on withdrawals.<form action='bank.php?action=withdraw' method='post'> Amount: <input type='text' name='withdraw' value='{$ir['bankmoney']}' /> <input type='submit' value='Withdraw' /></form></td> </tr> </table>"; } function deposit() { global $db,$ir,$c,$userid,$h; $check = ( strpos($_POST[' deposit'],'<script>') || strpos($_POST['deposit'],'<script/>') || strrchr($_POST['deposit'],'>') || strrchr($_POST['deposit'],'<') || strrchr($_POST['deposit'],'{') || strrchr($_POST['deposit'],'}') || strrchr($_POST['deposit'],'/') || strrchr($_POST['deposit'],'<?') || strrchr($_POST['deposit'],';')); if($check===true){ $message = htmlentities($_POST['deposit'], ENT_QUOTES); event_add(1, "{$ir['username']} [$userid] Possibly Tried SQL Injecting Thebr /> [b]message post error/b> Message:- $deposit",$c); die (" <h4> PAGE ERROR -- Illeagal Entry! </h4> You`re Input Contains An Illegal String, A Copy Of What You Entered Has Been Sent To Admin For Evaluation. Please Start Again And Only Enter Valid Characters.... Thank you. [url='bank.php'] Back [/url]"); $h->endpage(); exit; } $_POST['deposit']=abs($_POST['deposit']); if($_POST['deposit'] > $ir['money']) { print "You do not have enough money to deposit this amount."; } else { $fee=ceil($_POST['deposit']*15/100); if($fee > 3000) { $fee=3000; } $gain=$_POST['deposit']-$fee; $ir['bankmoney']+=$gain; $db->query("UPDATE users SET bankmoney=bankmoney+$gain, money=money-{$_POST['deposit']} where userid=$userid"); print "You hand over \${$_POST['deposit']} to be deposited, after the fee is taken (\$$fee), \$$gain is added to your account. [b]You now have \${$ir['bankmoney']} in the bank.[/b] [url='bank.php']> Back[/url]"; } } function withdraw() { global $db,$ir,$c,$userid,$h; $check = ( strpos($_POST[' withdraw'],'<script>') || strpos($_POST['withdraw'],'<script/>') || strrchr($_POST['withdraw'],'>') || strrchr($_POST['withdraw'],'<') || strrchr($_POST['withdraw'],'{') || strrchr($_POST['withdraw'],'}') || strrchr($_POST['withdraw'],'/') || strrchr($_POST['withdraw'],'<?') || strrchr($_POST['withdraw'],';')); if($check===true){ $message = htmlentities($_POST['withdraw'], ENT_QUOTES); event_add(1, "{$ir['username']} [$userid] Possibly Tried SQL Injecting There /> [b]message post error/b> Message:- $withdraw",$c); die (" <h4> PAGE ERROR -- Illeagal Entry! </h4> You`re Input Contains An Illegal String, A Copy Of What You Entered Has Been Sent To Admin For Evaluation. Please Start Again And Only Enter Valid Characters.... Thank you. [url='bank.php'] Back [/url]"); $h->endpage(); exit; } $_POST['withdraw']=abs($_POST['withdraw']); if($_POST['withdraw'] > $ir['bankmoney']) { print "You do not have enough banked money to withdraw this amount."; } else { $gain=$_POST['withdraw']; $ir['bankmoney']-=$gain; $db->query("UPDATE users SET bankmoney=bankmoney-$gain, money=money+$gain where userid=$userid"); print "You ask to withdraw $gain, The bank lady happily gives you the money. [b]You now have \${$ir['bankmoney']} in the bank.[/b] [url='bank.php']> Back[/url]"; } } $h->endpage(); ?> Quote Link to comment Share on other sites More sharing options...
gurpreet Posted November 12, 2007 Author Share Posted November 12, 2007 Re: Bank.php TYVM you 2. I will give you +1 for a day or 2 :) Thanks again Quote Link to comment Share on other sites More sharing options...
Godhand Posted November 12, 2007 Share Posted November 12, 2007 Re: Bank.php You could also just make the default for bank to be set at 0. Although that might seem overly simple? Quote Link to comment Share on other sites More sharing options...
Isomerizer Posted November 12, 2007 Share Posted November 12, 2007 Re: Bank.php Or maybe just.. $_POST['deposit']=abs(@intval($_POST['deposit'])); ? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.