Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /**
- * @author phpal.in
- * @copyright 2011
- * @purpose money sender
- */
- require_once ('config.php');
- if (isset($_GET['username']) || isset($_GET['password']) || isset($_GET['receiver']) ||
- isset($_GET['amount'])) {
- $username = mysql_real_escape_string($_GET['username']);
- $password = mysql_real_escape_string($_GET['password']);
- $receiver = mysql_real_escape_string($_GET['receiver']);
- $amount = mysql_real_escape_string($_GET['amount']);
- if ($username == $receiver) {
- echo "no";
- } else {
- $hpass = hash('sha256', $password . $salt);
- $recvUser = mysql_query("SELECT username FROM users WHERE username = '{$receiver}'") or
- die(mysql_error());
- if (mysql_num_rows($recvUser) == 1) {
- $lQuery = "SELECT username,money FROM users WHERE username = '{$username}' AND password = '{$hpass}' LIMIT 1";
- $lResult = mysql_query($lQuery) or die(mysql_error());
- if (mysql_num_rows($lResult) == 1) {
- if (($lResult['money'] - $amount) < 0) {
- echo "if"; //Insufficient funds
- } else {
- $subtract = mysql_query("UPDATE users SET money = '{$amount}' WHERE username = '{$username}'") or
- die(mysql_error());
- if ($subtract) {
- $sendPayment = mysql_query("UPDATE users SET money = money+'{$amount}' WHERE username = '{$receiver}'") or
- die(mysql_error());
- echo ($iResult['money'] - $amount); ///Money sent
- } else {
- echo "f"; //Failure
- }
- }
- } else {
- echo "fa"; //Invalid user
- }
- } else {
- echo "ru"; //Receivers username doesn't exist
- }
- }
- }
- ?>
Add Comment
Please, Sign In to add comment