alexandre

this variable is in in the transaction table , it is the collumn holding the voucher codes linked with their transaction

but you are right this query effectively returns nothing ... i am lost again 😅

i just dont understand why it would not be working since i use the same setup to update the voucher table down below and it is getting updated, i could be using the value from the transaction of the transaction table but i preferred opting for the direct source of the funds instead of a kind of copy of the data.

in fact all other queries works perfectly vouchers and transactions are getting updated only the accounts query is stalling there. if i was setting a condition that avoid continuing the script if the accounts query isnt successful , i am pretty sure it would stop there

yup this one works or it would not go through the rest of the code because of the condition right after

how is that ?

i forgot the code where the pagination is done here : <?php include '../donation-clash/includes/connect_db1.php'; require_once 'pagination_clash.css'; require_once '../donation-clash/donation-clash0.css'; $pdo = pdoConnect(); const PER_PAGE = 15; $page = $_GET['page'] ?? 1; $offset = ($page - 1) * PER_PAGE; ################################################################################ # DETERMINE NUMBER OF PAGES # ################################################################################ $res = $pdo->query("SELECT COUNT(*) FROM transactions "); $total_pages = ceil($res->fetchColumn()/PER_PAGE); ################################################################################ # CREATE PAGE LINKS # ################################################################################ $prev = $page==1 ? 1 : $page - 1; $next = $page==$total_pages ? $total_pages : $page + 1; $prev_vis = $page==1 ? 'hidden' : 'visible'; $next_vis = $page==$total_pages ? 'hidden' : 'visible'; $pagelinks = "<a href='?page=$prev' class='page-link' style='visibility:$prev_vis'><i class='fa fa-caret-left'></i></a>\n"; for ($p=1; $p<=$total_pages; $p++) { $current = ($p == $page) ? 'current-page' : ''; $pagelinks .= "<a href='?page=$p' class='page-link $current' >$p</a>\n"; } $pagelinks .= "<a href='?page=$next' class='page-link' style='visibility:$next_vis'><i class='fa fa-caret-right'></i></a>\n"; ################################################################################ # CREATE TABLE OF RANKED DATA # ################################################################################ $sql = " SELECT voucher_code_in_transaction, request_sender_name, request_receiver_name, transaction_amount_by_sender, creation_date, completion_date FROM transactions WHERE request_receiver_id = ? AND transaction_status = 1 ORDER BY creation_date DESC LIMIT ?, ? "; $res = $pdo->prepare($sql); $res->execute([ $_SESSION['id'], $offset, PER_PAGE ]); $ranked_data = ""; foreach ($res as $row) { $ranked_data .= "<tr> <th>transaction initiator</th><th>initiator amount</th><th>request receiver</th><th>transaction creation date</th><th>claim transaction</th> </tr>\n"; $ranked_data .= " <tr> <td class='remain1'>" . $row['request_sender_name']. "</td> <td class='remain2'>" . $row['transaction_amount_by_sender']. "</td> <td class='remain4'>" . $row['request_receiver_name']. "</td> <td class='remain1'>" . $row['creation_date']. "</td> <td> <form action='tran_claim.php' method='post' enctype='multipart/form-data'><input class='input_placeholder2' type='hidden' name='voucher_code_in_transaction' value='". $row['voucher_code_in_transaction'] . "'> <button class='voucher_submit2' type='submit' formenctype='text/plan' formmethod='POST'>claim transaction</button> </form></td> </tr> \n"; } ?> <!DOCTYPE html> <html lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Pagination Sample</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css"> <link rel="stylesheet" href="../phplogin/style.css" type="text/css"> </head> <body> <h1>all your transactions received in pending</h1> <div class='pagenav'> <?=$pagelinks?> </div> <div class="rankingtrue2"> <div class='ranking_wrapper'> <table class='rankingtable3'> <?= $ranked_data ?> </table> </div> </div></div> </body> </html> i used the pagination model that barand provided me.

i made the claiming system like this : i added a button to the rows of data displayed and for each row the button have a hidden input with as value the voucher code of this row so, when you press claim, you are sent to the claiming process page where the voucher value is pulled using the voucher code sent by hidden input. this code is unique so it can be targeted easily

the variables containing the changed data are defined, it is two simple variables just above the first update query, where i add the value of of the voucher to the initialy fetched variables . until now i have been using this method to do this but i dont know right now it doesnt want to ..

i need an outside look on this , there is 3 update queries running one after the others. the only query not processing is the one to update the user's balance and total received since it is the same query. here is the code <?php error_reporting(E_ALL); ini_set('display_errors', '1'); session_start(); // If the user is not logged in redirect to the login page... if (!isset($_SESSION['loggedin'])) { header('Location: index.html'); exit; } include '../donation-clash/includes/connect_db2.php'; if (!isset($_POST['voucher_code_in_transaction'])) { echo 'sorry it seems like there is no voucher code in this transaction'; exit; } else if (isset($_POST['voucher_code_in_transaction']) && $_SERVER['REQUEST_METHOD'] == "POST") { $stmt = $con->prepare('SELECT request_receiver_id, request_receiver_name FROM transactions WHERE voucher_code_in_transaction = ?'); $stmt->bind_param('s', $_POST['voucher_code_in_transaction']); $stmt->execute(); $stmt->bind_result($request_receiver_id, $request_receiver_name); $stmt->fetch(); $stmt->close(); if (($request_receiver_id == $_SESSION['id']) && $request_receiver_name == $_SESSION['name']) { $stmt = $con->prepare('SELECT userbalance, total_pifcoin_received FROM accounts WHERE id = ?'); $stmt->bind_param('i', $_SESSION['id']); $stmt->execute(); $stmt->bind_result($userbalance, $total_pifcoin_received); $stmt->fetch(); $stmt->close(); $stmt = $con->prepare('SELECT voucher_value FROM voucher_codes WHERE voucher_code = ?'); $stmt->bind_param('s', $voucher_code_in_transaction); $stmt->execute(); $stmt->bind_result($voucher_value); $stmt->fetch(); $stmt->close(); $userbalance = $userbalance + $voucher_value; $total_pifcoin_received = $total_pifcoin_received + $voucher_value; $stmt = $con->prepare("UPDATE accounts SET userbalance = ?, total_pifcoin_received = ? WHERE id = ?"); $stmt->bind_param('ddi', $userbalance, $total_pifcoin_received, $_SESSION['id']); $stmt->execute(); $stmt->close(); $stmt = $con->prepare('UPDATE voucher_codes SET voucher_value = 0, voucher_status = 0 WHERE voucher_code = ?'); $stmt->bind_param('s', $_POST['voucher_code_in_transaction']); $stmt->execute(); $stmt->close(); $stmt = $con->prepare('UPDATE transactions SET transaction_status = 0, transaction_lock = 1, transaction_accepted = 1 WHERE voucher_code_in_transaction = ?'); $stmt->bind_param('s', $_POST['voucher_code_in_transaction']); $stmt->execute(); $stmt->close(); header('location: transaction_success.php'); exit; } else { exit; } } ?> i might be missing something , thats why i am asking for an outside look .

thank you for the help , it worked perfectly.

you are right, i dont know why i dont think about those things , it so much make sense.

i thought it might be a storage shortage for the data that was supposed to be inserted, so i even was thinking that i could use the numerics and letters for generating the voucher codes , and would store it as a varchar(20). but just like that , if i am using number type for input in the sender page, should it be a int or big int collumn? or it would still work as a varchar collumn even tho this is for number input ?

the voucher code collumn is unique as well as the transaction id and the current time is getting inserted as creation date and another collumn is set on current time on update for when the transaction will be claimed by the targeted user as completion date. for the error handling , i am still trying to learn the best way to do so , i handle errors as they come up when i am testing but as you see the code there, it is running till the insert query, if the password is wrong or is not set i guess would be a result of a failed query i just wrote a error message to see where the code is failing but apart of that i am not sure , i think you talked about naming the exact error code in the error handling and i have no idea about those error code yet. for the number being inserted it is : 2147483647 while the number that should be inserted should be this: 72414625804506422 i forgot to say that , whatever voucher code i am trying to use for the transaction it is always inserting that same number and is indeed giving a duplicate entry every single time.

so everything is going well until that insert query where i try to insert the value of $_POST['voucher_code5'] in the collumn voucher_code_in_transaction, everything else is getting inserted well but that code. if i echo the posted code just before the query it gives me the right voucher code but if i let it insert, it will insert always the same number coming from no where... i do not understand what is happening, <?php error_reporting(E_ALL); ini_set('display_errors', '1'); session_start(); // If the user is not logged in redirect to the login page... if (!isset($_SESSION['loggedin'])) { header('Location: ../phplogin/index.html'); exit; } include '../donation-clash/includes/connect_db2.php'; if (((!isset($_POST['transaction_target'])) || !isset($_POST['voucher_code5'])) || !isset($_POST['voucher_password5'])) { exit; } else if ((((isset($_POST['transaction_target'])) && isset($_POST['voucher_password5'])) && isset($_POST['voucher_code5'])) && $_SERVER['REQUEST_METHOD'] == "POST") { if (empty($_POST['voucher_password5'])) { // One or more values are empty. exit('Please fill the password field'); } if (empty($_POST['transaction_target'])) { // One or more values are empty. exit("Please fill user's name field"); } if (empty($_POST['voucher_code5'])) { // One or more values are empty. exit("Please fill voucher'code field"); } if (preg_match('/^[0-9]+$/', $_POST['voucher_code5']) == 0) { exit('only numbers are allowed!'); } } $stmt = $con->prepare('SELECT voucher_password, voucher_value, owner_id, owner_name FROM voucher_codes WHERE voucher_code = ? AND voucher_status AND voucher_lock = 0'); $stmt->bind_param('i', $_POST['voucher_code5']); $stmt->execute(); $stmt->bind_result($voucher_password2, $voucher_value, $owner_id, $owner_name); $stmt->fetch(); $stmt->close(); if ($voucher_password2 == null) { $transaction_allowed = false; echo 'verify your voucher and try again'; exit; } elseif (password_verify($_POST['voucher_password5'], $voucher_password2)) { $transaction_allowed = true; } else { echo 'verify your voucher informations and try again'; exit; } if (((($transaction_allowed == true) && $owner_id != $_SESSION['id']) || $owner_name != $_SESSION['name']) || $voucher_value <= 0) { $transaction_allowed = false; echo ' lil sneaky cannot win on me , because it is me marleau, ciao'; exit; } else if (((($transaction_allowed == true) && $owner_id == $_SESSION['id']) && $owner_name == $_SESSION['name']) && $voucher_value > 0) { $stmt = $con->prepare('SELECT id FROM accounts WHERE username = ?'); $stmt->bind_param('s', $_POST['transaction_target']); $stmt->execute(); $stmt->bind_result($target_id); $stmt->fetch(); $stmt->close(); $stmt = $con->prepare('INSERT INTO transactions (voucher_code_in_transaction, request_sender_id, request_sender_name, request_receiver_id, request_receiver_name, transaction_amount_by_sender) VALUES (?, ?, ?, ?, ?, ?)'); $stmt->bind_param('iisisd', $_POST['voucher_code5'], $_SESSION['id'], $_SESSION['name'], $target_id, $_POST['transaction_target'], $voucher_value); $stmt->execute(); $stmt->close(); $stmt = $con->prepare('UPDATE voucher_codes SET voucher_lock = 1 WHERE voucher_code = ?'); $stmt->bind_param('i', $_POST['voucher_code5']); $stmt->execute(); $stmt->close(); $stmt = $con->prepare('UPDATE transactions SET transaction_sent = 1 WHERE voucher_code_in_transaction = ?'); $stmt->bind_param('i', $_POST['voucher_code5']); $stmt->execute(); $stmt->close(); header('location: transaction_request_sent.php'); exit; } ?>

i have been thinking about a way to make it as easy as possible for the users to use the voucher code system but i have this issue where if a user own many vouchers, to avoid losing a password of a voucher without having to always use the same, since the passwords cant be recovered, or changed to avoid scam in trades. so i was thinking about a password and code manager that would be protected by a security pin. somehow i feel like a simple security pin short enough to remember for the users would not be enough to protect their funds if their account was to be compromised for any reasons. having a password and code manager would put their funds at risk so i have put a recovery of the voucher codes in place but again this is numbers that users have to save somewhere and that is the big risk of lost funds if they lose the last thing making them able to recover their voucher. i feel like their is no real way in my control to make sure that no mistakes can be made.. if i allow them to recover passwords it will allow scams and if i store all informations they need , i put them at risk. which one is the less worst in those two that i could handle ?

the thing is it could become this important in the future you wont go far if you see little as they say so thats why i was trying to make things as unbreachable as possible for any eventuality.

ok thank you , some places i read seemed to say people where stupid to not take that in count while developing a website.

yess this make me think about making it required to have different charaters in their password for their accounts. the vouchers password is chosen by the creator of the voucher and can then be shared if they want to trade funds with other users this should also be required for those. thank you for the reminder

i didnt use rand() for a password but for a numeric code as for the code of the voucher, i just read about some people being able to work around and predict your next number generated by cracking the algorithm used for it. my use of this function i am searching for would be as a shorter pin randomly generated that i would ask the user to enter if they ever lose the voucher code it will make me able to easily target at their exact voucher. my voucher system is already functioning perfectly but i wasnt sure anymore about using rand().

i have read around and opinions seems not to be the same everywhere.. personally i have used rand() until now but i have read that it might be a predictible function for a use with random passwords for example. i would like to know what could be the best way to get a unpredictable random number.

i will take a better look at this , this seems to be the behavior i wish to produce. also my choucher_code collumn is already a unique one

maybe this should look better $voucher_code = rand(0, 1000000000000000000); $stmt = $con->prepare('SELECT voucher_code FROM voucher_codes WHERE voucher_status = 1'); $voucher_codes = mysqli_query($con, $stmt); if (mysqli_num_rows($voucher_codes) > 0) { while ($voucher_rows = mysqli_fetch_assoc($voucher_codes)) { if ($voucher_code === $voucher_codes) { unset($voucher_code); $voucher_code = rand(0, 1000000000000000000); } else if ($voucher_code != $voucher_codes) { $voucher_code_unique = $voucher_code; } } } and yes im starting to get the difference with mysqli objects.. i think so 😅

first of all you attack me about something that i wasnt even done writing , i was asking for opinions to be sure i was going the right way ., which i got, and now i will go work on it , no need of telling me that i dont know to do nothing in programming , and yes i was extremely tired last night and didnt pay much attention so i am sorry for asking for enlightment for no reason..

thats not true , i thought about the behavior of what i was trying to do should be but obviously i didnt read the manual for the shuffle function , i saw it in an example somewhere on a forum while looking for an answer already answered but he was doing this shuffle($numbers) in the answer so i just assumed it was a shuffling function. and for the rest i dont see why it is what you said hotch-potch ? yes i save time by going in my other files and taking a part of code that i need sometimes but for the most part i dont copy paste only. the idea behind it makes sense for me .. i just was looking for theorical enlightement to have a better understanding and it seems like it worked .😅