send cash

1. <?php
2.  
3. include "includes/db_connect.php";
4.  
5. include "includes/functions.php";
6.  
7. logincheck();
8.  
9. $username = $_SESSION['username'];
10.  
11. $date = gmdate('Y-m-d H:i:s');
12.  
13. $query=mysql_query("SELECT * FROM users WHERE username='$username' LIMIT 1");
14. $info = mysql_fetch_object($query);
15.  
16. if (strip_tags($_POST['give']) && strip_tags($_POST['giveto']) && strip_tags($_POST['giveamount'])){
17.  
18. $giveto = strip_tags($_POST['giveto']);
19. $giveamount = strip_tags($_POST['giveamount']);
20.  
21. $query2=mysql_query("SELECT * FROM users WHERE username='$giveto' LIMIT 1");
22. $info2 = mysql_fetch_object($query2);
23.  
24. if($giveto == $username){
25. echo "<center><b><font color=red>You cannot send money to yourself!</b></font></center>";
26. }elseif($giveamount < "0"){
27. echo "<center><b><font color=red>You cannot send that amount of money!</b></font></center>";
28. }elseif($info->l_ip == $info2->l_ip){
29. echo "<center><b><font color=red>You cannot send money to another account on the same IP Address!</b></font></center>";
30. }elseif($info->money <= $giveamount){
31. echo "<center><b><font color=red>You havent got that much money!</b></font></center>";
32. }elseif($info->money >= $giveamount || $giveto != $username || $info->l_ip != $info2->l_ip){
33.  
34. ///////////////////////////////////////////////////////////////
35.  
36. $newmoney=$info->money-$giveamount;
37.  
38. mysql_query("UPDATE users SET money='$newmoney' WHERE username='$username'");
39.  
40. ///////////////////////////////////////////////////////////////
41.  
42. $givetouser=mysql_fetch_object(mysql_query("SELECT * FROM users WHERE username='$giveto'"));
43.  
44. $newmoney2=$givetouser->money + $giveamount;
45.  
46. mysql_query("UPDATE users SET money='$newmoney2' WHERE username='$giveto'");
47.  
48. ///////////////////////////////////////////////////////////////
49.  
50. mysql_query("INSERT INTO `transfers` ( `id` , `to` , `from` , `amount` , `date` )
51.  
52. VALUES ('', '$giveto', '$username', '$giveamount', '$date')");
53.  
54. echo "<center><font color=green><b>You have sent $giveto &pound;".number_format($giveamount)."!</b></font></center>";
55.  
56. $text = "$username sent you &pound;".number_format($giveamount)."!";
57.  
58. mysql_query("INSERT INTO `inbox` ( `id` , `to` , `from` , `message` , `subject` , `date` , `read`)
59.  
60. VALUES ('', '$giveto', '$username', '$text', '<b>Bank Transfer</b>', '$date', '0');") or die (mysql_error());
61.  
62. }}
63.  
64. ?>
65.  
66. <script type="text/javascript" src="moneyinput.js"></script>
67.  
68. <html>
69. <head>
70. <title> Send Money</title></head>
71. <link REL="stylesheet" TYPE="text/css" HREF="style.css">
72.  
73. <br>
74. <form method="post" action="" name="f">
75. <table width='400' border='0' cellpadding='0' cellspacing='0' bordercolor=black class='table' align='center'>
76.  
77. <tr class='header'><td colspan='4'><center>Send Money</td>
78. </tr>
79. <tr>
80.  
81. <td align="center" border="0">Send To: <input class="textbox" type=text name=giveto></td>
82. </tr>
83. <tr>
84. <td align="center" border="0">Amount: <input class="textbox" type=text name=giveamount></td>
85. </tr>
86.  
87. <tr>
88. <td align="center" colspan="3" border="0"><input type=submit name="give" class="button" value="Send"></td>
89. </tr>
90. </table>
91. </form>