<?php /** * @author phpal.in * @copyright 2011 * @purpose money sende

1. <?php
2.  
3. /**
4. * @author phpal.in
5. * @copyright 2011
6. * @purpose money sender
7. */
8. require_once ('config.php');
9. if (isset($_GET['username']) || isset($_GET['password']) || isset($_GET['receiver']) ||
10. isset($_GET['amount'])) {
11.  
12. $username = mysql_real_escape_string($_GET['username']);
13. $password = mysql_real_escape_string($_GET['password']);
14. $receiver = mysql_real_escape_string($_GET['receiver']);
15. $amount = mysql_real_escape_string($_GET['amount']);
16.  
17. if ($username == $receiver) {
18. echo "no";
19. } else {
20.  
21.  
22.  
23. $hpass = hash('sha256', $password . $salt);
24.  
25. $recvUser = mysql_query("SELECT username FROM users WHERE username = '{$receiver}'") or
26. die(mysql_error());
27. if (mysql_num_rows($recvUser) == 1) {
28. $lQuery = "SELECT username,money FROM users WHERE username = '{$username}' AND password = '{$hpass}' LIMIT 1";
29. $lResult = mysql_query($lQuery) or die(mysql_error());
30. if (mysql_num_rows($lResult) == 1) {
31. if (($lResult['money'] - $amount) < 0) {
32. echo "if"; //Insufficient funds
33. } else {
34. $subtract = mysql_query("UPDATE users SET money = '{$amount}' WHERE username = '{$username}'") or
35. die(mysql_error());
36. if ($subtract) {
37. $sendPayment = mysql_query("UPDATE users SET money = money+'{$amount}' WHERE username = '{$receiver}'") or
38. die(mysql_error());
39. echo ($iResult['money'] - $amount); ///Money sent
40. } else {
41. echo "f"; //Failure
42. }
43. }
44. } else {
45. echo "fa"; //Invalid user
46. }
47.  
48.  
49. } else {
50. echo "ru"; //Receivers username doesn't exist
51. }
52. }
53.  
54.  
55. }
56. ?>