XOCredit Mangement

1. <body>
2. <?php session_start();
3.  
4. $curUser = $_SESSION['u_name'];
5.  
6. include('../SQLconfig.php');
7.  
8. $query = "SELECT * FROM players ;";
9. $result = mysql_query($query);
10.  
11. echo "<table border = ' 0 '>";
12. echo "<tr>";
13. echo "<p>" . $curUser . "</p>";
14. echo "<th>XO Credit Mangement</th>";
15. echo "</tr >";
16.  
17. while($row = mysql_fetch_array($result))
18. {
19. echo "<tr>";
20. $url = "XOCredits.php?username=" . $row['username'];
21.     echo "<td><a href=" . $url . ">"
22.     . $row['id']
23.     . " - "
24.     . $row['rank']
25.     . " - "
26.     . $row['username']
27.     . " - "
28.     . $row['credits']
29.     . "</a></td>";
30.    
31. echo "</tr>";
32. }
33. echo "</table>";
34.  
35.  
36.  
37. if(isset($_GET['username']))
38. {
39. $username = $_GET['username'];
40. $beforeCredits = $row['credits'];
41. echo $username . "<a href='XOCredits.php?add'><button>Add Credits</button></a>" . "<a href='XOCredits.php?minus'><button>Minus Credits</button></a>";
42. }
43.  
44.  
45.  
46. if(isset($_GET['add']))
47. {
48. $username = $_GET['username'];
49. echo "<u>" . $username . "</u>" ;
50. ?>
51. <form action='XOCredits.php?ac' method='post'>
52. <p>Username:  (DEBUG ONLY, DO NOT CHANGE)</p>
53. <input type='text' name='user' value='<?php echo $username; ?>'><br />
54. <p>Add Credits Amount:</p>
55. <input type='text' name='amount' />
56. <br />
57. <input type='submit' name='submit' value='Submit' />
58. </form>
59. <?php
60. }
61.  
62.  
63. if(isset($_GET['minus']))
64. {
65. $username = $_GET['username'];
66. echo "<u>" . $username . "</u>" ;
67. ?>
68. <form action='XOCredits.php?mc' method='post'>
69. <p>Username:  (DEBUG ONLY, DO NOT CHANGE)</p>
70. <input type='text' name='user' value='<?php echo $username; ?>'><br />
71. <p>Take Away Credits Amount:</p>
72. <input type='text' name='amount' />
73. <br />
74. <input type='submit' name='submit' value='Submit' />
75. </form>
76. <?php
77. }
78.  
79.  
80.  
81. if(isset($_GET['ac']))
82. {
83. $type = "add";
84. $amount = $_POST['amount'];
85. $afterCredits = $beforeCredits + $amount ;
86.  
87. $sentFrom = $curUser ;
88.  
89. $sentTo = $_POST['user'];
90.  
91. $query = "INSERT INTO creditlog (sentFrom,sentTo,amount,type)
92. VALUES ('$sentFrom','$sentTo','$afterCredits','$type');";
93.    
94. mysql_query($query) or die (mysql_error());
95.  
96. echo $query;
97.  
98. $credits    = $afterCredits;
99. $query2 = ("UPDATE players SET credits='$credits' WHERE username='$sentTo'
100. ;")or die(mysql_error());  
101.  
102. mysql_query($query2);
103.  
104. echo $query2;
105. }
106.  
107. if(isset($_GET['mc']))
108. {
109. $type = "minus";
110. $amount = $_POST['amount'];
111. $afterCredits = $beforeCredits - $amount ;
112.  
113. $sentFrom = $_SESSION['u_name'];
114. $sentTo = $_POST['user'];
115.  
116. $query = "INSERT INTO creditlog (sentFrom,sentTo,amount,type)
117. VALUES ('$sentFrom','$sentTo','$afterCredits','$type');";
118.    
119. mysql_query($query) or die (mysql_error());
120.  
121. echo $query;
122.  
123. $credits    = $afterCredits;
124. $query2 = ("UPDATE players SET credits='$credits' WHERE username='$username'
125. ;")or die(mysql_error());  
126.  
127. mysql_query($query2);
128.  
129. echo $query2;
130. }
131. ?>
132.  
133.  
134. <br /><a href="index.php"><button>Home</button></a>
135. </body>