coc().php

<?php
//Script by Sebastian Wirajaya

session_start();

if(!isset($_SESSION['username'])) {
header('location:../login.php'); }
else { $username = $_SESSION['username']; }
require_once("../koneksi.php");

$query = mysql_query("SELECT * FROM user WHERE username = '$username'");
$get = mysql_fetch_array($query);
?>

<?php
  require_once("../koneksi.php");
  $usera = $_POST['usera'];
  $passworda = $_POST['passworda'];
  $packagea = $_POST['packagea'];
  $domaina = $_POST['domaina'];

if ($packagea == '500') {
$harga = 100000;
} else if ($packagea == '1.200') {
$harga = 200000;
} else if ($packagea == '2.400') {
$harga = 300000;
} else if ($packagea == '6.400') {
$harga = 800000;
} else if ($packagea == '14.000') {
$harga = 99999999;
} else {
$harga = a;
}
  if ($get['saldo'] < $harga) { ?>
<div class="alert alert-danger">
Gagal : Saldo tidak mencukupi.
</div>
<? } else {
$no = rand(1111,9999);
$tanggal = date("Y-m-d H:i:s");
$simpan = mysql_query("UPDATE user SET saldo=saldo-$harga WHERE username = '$username'");
          $simpan = mysql_query("INSERT INTO historyall VALUES('','$no','$username','Gems COC $packagea','$harga','Pending','Email : $usera -- Password : $passworda -- Paket : $packagea Gems -- Link FB : $domaina ','$tanggal')");
if($simpan) {

?>
<div class="alert alert-success"><center>
==== Clash Of Clans ====<br />
No.Order : <?php echo $no; ?><br />
Pembelian  <?php echo $packagea; ?> Gems COC<br />
Pembeli : <?php echo $get['nama']; ?><br />
Harga : <?php echo $harga; ?><br />
Email : <?php echo $usera; ?><br />
Password : <?php echo $passworda; ?><br />
Link FB : <?php echo $domaina; ?><br />
Tgl. Transaksi : <?php echo $tanggal; ?> <br />
==== Clash Of Clans ====
</center></div>
<div class="alert alert-warning">
Perhatian : Harap memberikan hasil dan No.Order pada Admin jika terjadi error.
</div>
<?php echo $result ?>
<? } else { ?>
ERROR
<? }
}
?>