[SOLVED] if($username == $postedname) help on something like this

ababmxking · June 30, 2008

Ok so i have a text based game and we are having some problems with this.

Heres the basic idea of the code

<?

if($_POST['submit']){
$postedname = strip_tags($_POST['postedname']);
$amount = strip_tags($_POST['amount']);
$fetch = mysql_fetch_object(mysql_query("SELECT * FROM user WHERE username='$postedname'"));
$fetchs = mysql_fetch_object(mysql_query("SELECT * FROM user WHERE username='$username'"));
$moneyupdate = $fetch->money + $amount;
$moneyupdate2 = $fetchs->money - $amount;

$error = "No";

if($username == $postedname){
echo"<div align='center'>You can not send money to your self!</div>";
$error = "Yes";
}

if($error == 'No'){
echo"<div align='center'>You sent $postedname £".makecomma($amount).".";
mysql_query("UPDATE users SET money='$moneyupdate' WHERE username='$username'");
mysql_query("UPDATE users SET money='$moneyupdate2' WHERE username='$postedname'");

echo"
<form action='' mthod='POST'>
<table>
<tr>
<td colspan='2' align='center'>Money Transfer</td></tr>
<tr>
<td align='right'>Username</td>
<td align='center'><input type='text' name='postedname'></td>
</tr>
<tr>
<td align='right'>Amount</td>
<td align='center'><input type='text' name='amount'></td>
</tr>
<tr>
<td align='center' colspan='2'><input type='submit' name='submit' value='Send Money'></td>
</tr>

Thats the basics of it. Of course theres stuff stopping it from sending negative amounts and to fake accounts. But they can type there username with a space at the end and send money to there self and there money will double. I tried fixing it with the strip_tags thing, i tried adding the usernames to a database when they are first submited and then checking if the usernames are the same in the database but it still doesnt work.

dmccabe · June 30, 2008

What is $username set to ?

Also change:

<form action='' mthod='POST'>

to

<form action='' method='POST'>

(missing e in method)

dmccabe · June 30, 2008

Also you could make the code more specific by using:

<?php


if (isset($_POST['submit'])) {
$postedname = strip_tags($_POST['postedname']);
$amount = strip_tags($_POST['amount']);
$fetch = mysql_fetch_object(mysql_query("SELECT * FROM user WHERE username='$postedname'"));
$fetchs = mysql_fetch_object(mysql_query("SELECT * FROM user WHERE username='$username'"));
$moneyupdate = $fetch->money + $amount;
$moneyupdate2 = $fetchs->money - $amount;

if ($postedname == $username) {
	echo "Error: You cannot send money to yourself!";
} else {
	echo"<div align='center'>You sent $postedname £".makecomma($amount).".";
	$moneyupdate1 = mysql_query("UPDATE users SET money='$moneyupdate' WHERE username='$username'");
	$moneyupdate2 = mysql_query("UPDATE users SET money='$moneyupdate2' WHERE username='$postedname'");
	if ($moneyupdate1 && $moneyupdate2) {
		echo"<div align='center'>You sent $postedname £".makecomma($amount).".";
	} else {
		die(mysql_error());
	}
}
} else {
echo"
	<form action='' method='POST'>
	<table>
	<tr>
	<td colspan='2' align='center'>Money Transfer</td></tr>
	<tr>
	<td align='right'>Username</td>
	<td align='center'><input type='text' name='postedname'></td>
	</tr>
	<tr>
	<td align='right'>Amount</td>
	<td align='center'><input type='text' name='amount'></td>
	</tr>
	<tr>
	<td align='center' colspan='2'><input type='submit' name='submit' value='Send Money'></td>
	</tr></table></form>";
}
?>

ababmxking · June 30, 2008

$_SESSION['username'] = $username;

Thats in the index.php page (login)

and this is in the other/require.php thats in just about every page.

$username = $_SESSION['username'];

dmccabe · June 30, 2008

you also have

session_start();

at the top of every page?

If so then I think it was just the logic used in your code that was wrong, try the revised code I posted as you were missing lots of syntax and closing braces etc.

ababmxking · June 30, 2008

ya i have session_start() at the top of everypage.. but i just wrote that up real quick to help lessen the confusion on allot of other things i have in the code. but here is the actual code i am using right now. (with the isset updated on it)

<?
include 'other/require.php';
include 'other/db_connect.php';
include 'other/logincheck.php';
$date = gmdate('Y,m,d m:i:s');
$open = closed;

if($open == 'open'){
echo"
<form action='moneytransfer.php' method='POST'>
<center><table width='400' bgcolor='0a3a4d'><tr class='subject'><td colspan='2'><center>Money Transfer</center></td></tr>
<div align=<'left'>
<tr><td class='tdwhite2'><div align='right'><b> Amount : </B></div></td>
<td class='tdwhite2'><div align='left'><input class='author3' type='text' name='tmon'></div></td></tr>
<tr><td class='tdwhite2'><div align='right'><b> Username : </B></div></td>
<td class='tdwhite2'><div align='left'><input class='author3' type='text' name='uname'></div></td></tr>
<tr><td colspan='2'><center><input class='finduser' type='submit' name='submit' value='transfer'></center></form></td></tr>
<table></center>";




if ( isset($_POST['submit']) ) {
$uname = strip_tags($_POST['uname']) ;
$amount = strip_tags($_POST['tmon']) ;
$cms = mysql_query("SELECT * FROM user WHERE username='$uname' LIMIT 1");
$fms = mysql_num_rows($cms);
$error = "no";
$fls = mysql_fetch_object($cms);
$fls2 = $fls->money;
$result1 = $money - $amount;
$result2 = $fls2 + $amount;
mysql_query("INSERT INTO moneytransfer(sender,reciever,amount,date) VALUE ('$username', '$uname1', '$amount','$date')");
$query22 = mysql_query("SELECT * FROM moneytransfer WHERE sender='$username' AND date='$date'");
$fetch43 = mysql_fetch_object($query22);

if ( $_POST['tmon'] > $money ) {
echo"<center><font color='red'>You don't have enought money!";
$error = "yes"; }

if ( $_POST['tmon'] <= 0 ) {
echo"<center><font color='red'>You cant send negative or 0 amounts!";
$error = "yes"; }

if ($username == $uname) {
echo"<center><font color='red'>You can't send yourself money. 1";
$error = "yes";}

if($fetch43->sender == $fetch43->reciever){
echo"<center><font color='red'>You can't send money to your self! 2";
$error = "Yes";}

if ( $fms == 0 ) {
  echo"<center><font color='red'>Username does not exist.";
$error = "yes"; }

if ($error == no  && $username != $fetch43->reciever){
mysql_query("UPDATE user SET money='$result1' WHERE username='$username'");
mysql_query("UPDATE user SET money='$result2' WHERE username='$uname'");
echo "<center><font color='white'>Money transfered"; } }
}
else{

echo"<font color=white><center>Money transfer is still being debugged.</font></center>";
}
?>

ababmxking · June 30, 2008

bump

darkfreaks · June 30, 2008

try sanitizing the variable with the trim() function this will remove spaces before and after the string

ababmxking · June 30, 2008

thanks the trim worked, ive been looking for a function like that for awhile

works now. thank you guys so much for the help!

darkfreaks · June 30, 2008

no problem can you mark it as solved? the button should be on the lower left corner towards the bottom of the threas/post

Sign In

[SOLVED] if($username == $postedname) help on something like this

Recommended Posts

ababmxking

Link to comment

Share on other sites

dmccabe

Link to comment

Share on other sites

dmccabe

Link to comment

Share on other sites

ababmxking

Link to comment

Share on other sites

dmccabe

Link to comment

Share on other sites

ababmxking

Link to comment

Share on other sites

ababmxking

Link to comment

Share on other sites

darkfreaks

Link to comment

Share on other sites

ababmxking

Link to comment

Share on other sites

darkfreaks

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information