Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // In Response to Yahoo Answer's Question
- /*
- Going to use sessions to save some system resources, by only querying when needed.
- http://ca.php.net/manual/en/features.sessions.php
- */
- session_start();
- /* Place your Database Connection Stuff Here, or Include the connection file */
- /* Functions */
- function getPts($username){
- $result = mysql_query("SELECT pts FROM users WHERE user_name='{$username}' LIMIT 1") or die('MySQL Query Error: ' . mysql_error());
- return mysql_fetch_object( $result )->pts;
- }
- function updatePts($username, $pts){
- $result = mysql_query("UPDATE users SET pts=pts+({$pts}) WHERE user_name='{$username}' LIMIT 1") or die('MySQL Query Error: ' . mysql_error());
- return $result;
- }
- if( $_SERVER['REQUEST_METHOD'] === 'GET' ){
- $username = mysql_real_escape_string( $_SESSION['username'] ); // I don't know your method of keeping the user's username. ** DO NOT USE PLAIN COOKIES **
- $pointsAvail = $_SESSION['pts'] = getPts($username);
- /*
- Seeing as the User is the one with the ability to send the pts, there is no need for them to be included in the form, all that does is allow someone to change it. Then you have complete kaos.
- */
- if($pointsAvail > 0){
- echo '
- <form method="post">
- ' . $username . ', you currently have: <span style="font-weight: bold;">' . $pointsAvail . '</span> pts Available to transfer.<br>
- Send: <input type="text" name="formValue" value="' . $pointsAvail . '"> pts<br>
- To: <input type="text" name="recipient"><br>
- <input type="submit" value="Send Pts">
- </form>
- ';
- }else{
- echo 'Sorry, ' . $username . ', you do not have any points to transfer.';
- }
- }else{
- /* Form Has Been Submitted, Update Necessary Fields */
- $username = mysql_real_escape_string( $_SESSION['username'] );
- $recipient = mysql_real_escape_string( $_POST['recipient'] );
- $formValue = abs( $_POST['formValue'] );
- /*
- I used abs(), because it will automatically convert negative numbers to possitive (It gets the absolute value of the number).
- Imagine if you simply subtracted the values, and someone entered (-10). You SQL statement would then be:
- ... SET pts=pts-(-10) ... Which would actually add points.
- */
- $errorMsg = ''; // Will hold the error Message, if any
- /* Error Checking */
- if(strlen($recipient) === 0){
- $errorMsg .= 'You need to enter a recipient.<br>';
- }
- if($formValue > $_SESSION['pts']){
- $errorMsg .= 'You do not have enough points (' . $_SESSION['pts'] . ' pts) to transfer ' . $formValue . ' pts.<br>';
- }
- if($recipient === $username){
- $errorMsg .= 'There\'s no point in sending points to yourself.<br>';
- }else if(!@mysql_query("SELECT pts FROM users WHERE user_name='{$recipient}' LIMIT 1")){ // The column pts is not important, but it was just a simple column that I knew existed, that's all
- $errorMsg .= 'The Recipient selected does not appear to exist.<br>';
- }
- /* If Errors, display Message and end */
- if( strlen($errorMsg) > 0){
- echo 'The following errors occurred: <br>' . $errorMsg;
- }else if( updatePts( $recipient, $formValue ) && updatePts($username, ($formValue * (-1))) ) { // Continue with the processing of the form. Value * -1 to convert it to a negative number
- $_SESSION['pts'] -= $formValue;
- echo '<h3>Success</h3><p>You gave sent ' . $formValue .' pts to ' . $recipient . '.</p>' .
- '<p>You currently have: ' . $_SESSION['pts'] . ' pts remaining.</p>';
- }else{
- echo '<h3>Error</h3><p>An internal server error has stopped this process. Please try again in a few minutes.</p>';
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement