Hello, im working on a MMO RPG and im now trying to make a script transfer some points / or cash to other player. The problem is that all is working except when im transfering to an ID that doesn't exist, but players input that ID without knowledge in the form, my script transfers money/cash to that ID even if it doesn't exist instead of throwing player a message like "that user is not in our database".
Can you help me?
My script is:
global $db,$userid;
$_GET['userid'] = abs((int) $_GET['userid']);
$_POST['xferu'] = abs((int) $_POST['xferu']);
$_POST['money'] = abs((int) $_POST['money']);
$xferuser = $_POST['xferu'];
if($_POST['xferu'] == $userid)
{
print "
<br />
Nu iti poti trimite bani singur!
<br />
<br />
<a href=\"bank.php\">< Inapoi la Transferuri Bancare</a>
<br />
<br />
";
}
else
{
if((int) $_POST['money'])
{
if($_POST['money'] > $ir['money'])
{
print "
<br />
Nu ai atata cash disponibil!<br />
Retrage din cont suma dorita apoi reincearca transferul.<br />
<br />
<a href=\"bank.php\">< Reincearca</a>
<br />
<br />
";
}
else
{
$db->query("UPDATE users SET money=money-{$_POST['money']} WHERE userid=$userid");
$db->query("UPDATE users SET money=money+{$_POST['money']} WHERE userid=$xferuser");
print "
<br />
I-ai trimis suma de \${$_POST['money']} utilizatorului cu ID-ul $xferuser.
<br />
<br />
<a href=\"bank.php\">< Inapoi la Transferuri Bancare</a>
<br />
<br />
";
event_add($xferuser,"Ai primit un transfer bancar de \${$_POST['money']} de la {$ir['username']}.",$c);
$it=$db->query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid=$xferuser");
$er=$db->fetch_row($it);
$db->query("INSERT INTO cashxferlogs VALUES ('', $userid, $xferuser, {$_POST['money']}, unix_timestamp(), '{$ir['lastip']}', '{$er['lastip']}')");
}
}
else
{
print "
<table width=\"90%\" class=\"table\" border=\"1\">
<tr><th colspan=\"2\">Transfer Bancar intre Jucatori</th></tr>
<tr>
<form action='bank.php' method='post'>
<td>Beneficiar:</td>
<td><input type='text' STYLE='color: black; background-color: white;' name='xferu' /></td>
</tr>
<tr>
<td>Suma:</td>
<td><input type='text' STYLE='color: black; background-color: white;' name='money' /></td>
</tr>
<tr>
<td colspan=\"2\" align=\"center\"><input type='submit' STYLE='color: black; background-color: white;' value=' Trimite ' /></td>
</form>
</tr>
</table>
<br />
<table width=\"90%\" class=\"table\" border=\"1\">
<tr>
<th colspan=\"4\">Ultimile 5 Transferuri (efectuate)</th>
</tr>
<tr>
<td width=\"190px;\"><b>Data</b></td>
<td width=\"190px;\"><b>Beneficiar</b></td>
<td width=\"190px;\"><b>Suma</b></td>
</tr> ";
$q=$db->query("SELECT cx.*,u1.username as sender, u2.username as sent FROM cashxferlogs cx LEFT JOIN users u1 ON cx.cxFROM=u1.userid LEFT JOIN users u2 ON cx.cxTO=u2.userid WHERE cx.cxFROM=$userid ORDER BY cx.cxTIME DESC LIMIT 5");
while($r=$db->fetch_row($q))
{
if($r['cxFROMIP'] == $r['cxTOIP']) { $m="<span style='color:red;font-weight:800'>MULTI</span>"; } else { $m=""; }
print "<tr> <td>" . date("F j, Y, g:i:s a",$r['cxTIME']) . "</td><td>{$r['sent']} [{$r['cxTO']}] </td> <td> \${$r['cxAMOUNT']}</td> </tr>";
}
print "
</table>
";