PHP interesse |
|
Beste mensen,
Ik heb een script in elkaar gezet genaamd bank.php, maar nu zit er een hele erge fout in..
Als je naar jezelf probeert te sturen staat er dit: Je kan geen geld naar jezelf sturen. dus stel ik heet Piet.. en ik typ Piet in, dan komt er te staan dat ik niet naar mezelf kan sturen, maar als ik in plaats van Piet dit intyp: Piét met dat streepje erop, dan accepteert hij het wel, en kan je geld naar jezelf sturen, dan verdubbelt je geld dus de hele tijd.
EDIT: Hier heb je het script.
<?
if(time() > $user['banktime']){
if($user['lastbank'] > time() && $user['bank'] == 0){
$query = "UPDATE `users` SET `lastbank` = '0' WHERE `id` = '".$user['id']."'";
mysql_query($query) or die(mysql_error());
}
if(isset($_POST['action'])){
$action=$_POST['action'];
if($action == 'Deposit' && $_POST['amount'] > 0){
$amount=$_POST['amount'];
if($amount > $user['money'] || strlen($user['money']) < strlen($amount)){
echo "You don't have that much money.";
}
elseif(ereg("[^0-9]", $amount)){
echo "Invalid amount.";
}
elseif($user['lastbank'] > time()){
echo "You already have money on your bank.";
}
else{
$nmoney = $user['money'] - $amount;
$nbank = $user['bank'] + $amount;
$ntime = time() + (24 * 60 * 60);
$query = "UPDATE `users` SET `money` = '".$nmoney."', `bank` = '".$nbank."', `lastbank` = '".$ntime."' WHERE `id` = '".$user['id']."'";
mysql_query($query) or die(mysql_Error());
echo "You deposited <b>$".number_format($amount)."</b> in your bank.";
}
}
elseif($action == 'Withdraw' && $_POST['amount'] > 0){
$amount=$_POST['amount'];
if($amount > $user['bank'] || strlen($user['bank']) < strlen($amount)){
echo "There is not that much on your bank.";
}
elseif(ereg("[^0-9]", $amount)){
echo "Invalid amount.";
}
else{
$nbank = $user['bank'] - $amount;
$nmoney = $user['money'] + $amount;
$query = "UPDATE `users` SET `money` = '".$nmoney."', `bank` = '".$nbank."' WHERE `id` = '".$user['id']."'";
mysql_query($query) or die(mysql_error());
if($nbank == 0){
$query = "UPDATE `users` SET `lastbank` = '0' WHERE `id` = '".$user['id']."'";
mysql_query($query) or die(mysql_error());
}
echo "You withdrew <b>$".number_format($amount)."</b> from your bank.";
}
}
elseif($action == 'Send'){
$to=trim($_POST['to']);
$amount=$_POST['amount'];
$message=htmlspecialchars($_POST['message']);
$check = ("SELECT * FROM `users` WHERE `username` = '".htmlspecialchars($to)."'");
$check = mysql_query($check);
$geldheb=mysql_fetch_object(mysql_query("SELECT * FROM users WHERE id = ".$user['id'].""));
if(mysql_num_rows($check) == 0){
echo "This user does not exist.";
}
elseif($amount < 100){
echo "You need to send at least $100.";
}
elseif(strtolower($to) == strtolower($user['username'])){
echo "You cannot give money to yourself.";
}
elseif($amount > $geldheb->money || strlen($amount) > strlen($geldheb->money)){
echo "You don't have that much money.";
}
elseif(ereg("[^0-9]", $amount)){
echo "Invalid amount of money.";
}
else{
$nmoney = $geldheb->money - $amount;
$query = "UPDATE `users` SET `money` = '".$nmoney."' WHERE `id` = '".$user['id']."'";
mysql_query($query) or die(mysql_error());
$users = mysql_fetch_object($check);
$nomoney = $users->money + $amount;
$query = "UPDATE `users` SET `money` = '".$nomoney."' WHERE `id` = '".$users->id."'";
mysql_query($query) or die(mysql_error());
if(!empty($message)){
$message = str_replace($message, "[b]".$user['username']." has sent you $".number_format($amount)." with the following message:[/b]\n\r<hr>".$message, $message);
$query = "INSERT INTO `messages` (`from`,`to`,`date`,`message`,`read`,`saved`) VALUES ('Notificiation','".$users->username."','".date("d/m/Y H:i:s")."','".$message."','0','0')";
mysql_query($query) or die(mysql_error());
}
$query = "INSERT INTO `transfers` (`from`,`to`,`date`,`amount`) VALUES ('".$user['username']."','".$users->username."','".date("d/m/Y H:i:s")."','".$amount."')";
mysql_query($query) or die(mysql_error());
echo "You succesfully gave <b>$".number_format($amount)."</b> to <b>".$users->username."</b>.";
}
}
}
?>
<? if(time() > $user['banktime']){ if($user['lastbank'] > time() && $user['bank'] == 0){ $query = "UPDATE `users` SET `lastbank` = '0' WHERE `id` = '".$user['id']."'"; } if(isset($_POST['action'])){ $action=$_POST['action']; if($action == 'Deposit' && $_POST['amount'] > 0){ $amount=$_POST['amount']; if($amount > $user['money'] || strlen($user['money']) < strlen($amount)){ echo "You don't have that much money."; } elseif(ereg("[^0-9]", $amount)){ } elseif($user['lastbank'] > time()){ echo "You already have money on your bank."; } else{ $nmoney = $user['money'] - $amount; $nbank = $user['bank'] + $amount; $ntime = time() + (24 * 60 * 60); $query = "UPDATE `users` SET `money` = '".$nmoney."', `bank` = '".$nbank."', `lastbank` = '".$ntime."' WHERE `id` = '".$user['id']."'"; } } elseif($action == 'Withdraw' && $_POST['amount'] > 0){ $amount=$_POST['amount']; if($amount > $user['bank'] || strlen($user['bank']) < strlen($amount)){ echo "There is not that much on your bank."; } elseif(ereg("[^0-9]", $amount)){ } else{ $nbank = $user['bank'] - $amount; $nmoney = $user['money'] + $amount; $query = "UPDATE `users` SET `money` = '".$nmoney."', `bank` = '".$nbank."' WHERE `id` = '".$user['id']."'"; if($nbank == 0){ $query = "UPDATE `users` SET `lastbank` = '0' WHERE `id` = '".$user['id']."'"; } } } elseif($action == 'Send'){ $amount=$_POST['amount']; $check = ("SELECT * FROM `users` WHERE `username` = '".htmlspecialchars($to)."'"); echo "This user does not exist."; } elseif($amount < 100){ echo "You need to send at least $100."; } echo "You cannot give money to yourself."; } elseif($amount > $geldheb->money || strlen($amount) > strlen($geldheb->money)){ echo "You don't have that much money."; } elseif(ereg("[^0-9]", $amount)){ echo "Invalid amount of money."; } else{ $nmoney = $geldheb->money - $amount; $query = "UPDATE `users` SET `money` = '".$nmoney."' WHERE `id` = '".$user['id']."'"; $nomoney = $users->money + $amount; $query = "UPDATE `users` SET `money` = '".$nomoney."' WHERE `id` = '".$users->id."'"; $message = str_replace($message, "[b]".$user['username']." has sent you $".number_format($amount)." with the following message:[/b]\n\r<hr>".$message, $message); $query = "INSERT INTO `messages` (`from`,`to`,`date`,`message`,`read`,`saved`) VALUES ('Notificiation','".$users->username."','".date("d/m/Y H:i:s")."','".$message."','0','0')"; } $query = "INSERT INTO `transfers` (`from`,`to`,`date`,`amount`) VALUES ('".$user['username']."','".$users->username."','".date("d/m/Y H:i:s")."','".$amount."')"; echo "You succesfully gave <b>$".number_format($amount)."</b> to <b>".$users->username."</b>."; } } } ?>
Wie kan mij hiermee helpen?
Alvast bedankt.
|