Jump to content

[SOLVED] if($username == $postedname) help on something like this


ababmxking

Recommended Posts

Ok so i have a text based game and we are having some problems with this.

Heres the basic idea of the code

 

<?

if($_POST['submit']){
$postedname = strip_tags($_POST['postedname']);
$amount = strip_tags($_POST['amount']);
$fetch = mysql_fetch_object(mysql_query("SELECT * FROM user WHERE username='$postedname'"));
$fetchs = mysql_fetch_object(mysql_query("SELECT * FROM user WHERE username='$username'"));
$moneyupdate = $fetch->money + $amount;
$moneyupdate2 = $fetchs->money - $amount;

$error = "No";

if($username == $postedname){
echo"<div align='center'>You can not send money to your self!</div>";
$error = "Yes";
}

if($error == 'No'){
echo"<div align='center'>You sent $postedname £".makecomma($amount).".";
mysql_query("UPDATE users SET money='$moneyupdate' WHERE username='$username'");
mysql_query("UPDATE users SET money='$moneyupdate2' WHERE username='$postedname'");

echo"
<form action='' mthod='POST'>
<table>
<tr>
<td colspan='2' align='center'>Money Transfer</td></tr>
<tr>
<td align='right'>Username</td>
<td align='center'><input type='text' name='postedname'></td>
</tr>
<tr>
<td align='right'>Amount</td>
<td align='center'><input type='text' name='amount'></td>
</tr>
<tr>
<td align='center' colspan='2'><input type='submit' name='submit' value='Send Money'></td>
</tr>

 

Thats the basics of it. Of course theres stuff stopping it from sending negative amounts and to fake accounts. But they can type there username with a space at the end and send money to there self and there money will double. I tried fixing it with the strip_tags thing, i tried adding the usernames to a database when they are first submited and then checking if the usernames are the same in the database but it still doesnt work.

Link to comment
Share on other sites

Also you could make the code more specific by using:

 

<?php


if (isset($_POST['submit'])) {
$postedname = strip_tags($_POST['postedname']);
$amount = strip_tags($_POST['amount']);
$fetch = mysql_fetch_object(mysql_query("SELECT * FROM user WHERE username='$postedname'"));
$fetchs = mysql_fetch_object(mysql_query("SELECT * FROM user WHERE username='$username'"));
$moneyupdate = $fetch->money + $amount;
$moneyupdate2 = $fetchs->money - $amount;

if ($postedname == $username) {
	echo "Error: You cannot send money to yourself!";
} else {
	echo"<div align='center'>You sent $postedname £".makecomma($amount).".";
	$moneyupdate1 = mysql_query("UPDATE users SET money='$moneyupdate' WHERE username='$username'");
	$moneyupdate2 = mysql_query("UPDATE users SET money='$moneyupdate2' WHERE username='$postedname'");
	if ($moneyupdate1 && $moneyupdate2) {
		echo"<div align='center'>You sent $postedname £".makecomma($amount).".";
	} else {
		die(mysql_error());
	}
}
} else {
echo"
	<form action='' method='POST'>
	<table>
	<tr>
	<td colspan='2' align='center'>Money Transfer</td></tr>
	<tr>
	<td align='right'>Username</td>
	<td align='center'><input type='text' name='postedname'></td>
	</tr>
	<tr>
	<td align='right'>Amount</td>
	<td align='center'><input type='text' name='amount'></td>
	</tr>
	<tr>
	<td align='center' colspan='2'><input type='submit' name='submit' value='Send Money'></td>
	</tr></table></form>";
}
?>

Link to comment
Share on other sites

you also have

 

session_start();

 

at the top of every page?

 

If so then I think it was just the logic used in your code that was wrong, try the revised code I posted as you were missing lots of syntax and closing braces etc.

Link to comment
Share on other sites

ya i have session_start() at the top of everypage.. but i just wrote that up real quick to help lessen the confusion on allot of other things i have in the code. but here is the actual code i am using right now. (with the isset updated on it)

 

<?
include 'other/require.php';
include 'other/db_connect.php';
include 'other/logincheck.php';
$date = gmdate('Y,m,d m:i:s');
$open = closed;

if($open == 'open'){
echo"
<form action='moneytransfer.php' method='POST'>
<center><table width='400' bgcolor='0a3a4d'><tr class='subject'><td colspan='2'><center>Money Transfer</center></td></tr>
<div align=<'left'>
<tr><td class='tdwhite2'><div align='right'><b> Amount : </B></div></td>
<td class='tdwhite2'><div align='left'><input class='author3' type='text' name='tmon'></div></td></tr>
<tr><td class='tdwhite2'><div align='right'><b> Username : </B></div></td>
<td class='tdwhite2'><div align='left'><input class='author3' type='text' name='uname'></div></td></tr>
<tr><td colspan='2'><center><input class='finduser' type='submit' name='submit' value='transfer'></center></form></td></tr>
<table></center>";




if ( isset($_POST['submit']) ) {
$uname = strip_tags($_POST['uname']) ;
$amount = strip_tags($_POST['tmon']) ;
$cms = mysql_query("SELECT * FROM user WHERE username='$uname' LIMIT 1");
$fms = mysql_num_rows($cms);
$error = "no";
$fls = mysql_fetch_object($cms);
$fls2 = $fls->money;
$result1 = $money - $amount;
$result2 = $fls2 + $amount;
mysql_query("INSERT INTO moneytransfer(sender,reciever,amount,date) VALUE ('$username', '$uname1', '$amount','$date')");
$query22 = mysql_query("SELECT * FROM moneytransfer WHERE sender='$username' AND date='$date'");
$fetch43 = mysql_fetch_object($query22);

if ( $_POST['tmon'] > $money ) {
echo"<center><font color='red'>You don't have enought money!";
$error = "yes"; }

if ( $_POST['tmon'] <= 0 ) {
echo"<center><font color='red'>You cant send negative or 0 amounts!";
$error = "yes"; }

if ($username == $uname) {
echo"<center><font color='red'>You can't send yourself money. 1";
$error = "yes";}

if($fetch43->sender == $fetch43->reciever){
echo"<center><font color='red'>You can't send money to your self! 2";
$error = "Yes";}

if ( $fms == 0 ) {
  echo"<center><font color='red'>Username does not exist.";
$error = "yes"; }

if ($error == no  && $username != $fetch43->reciever){
mysql_query("UPDATE user SET money='$result1' WHERE username='$username'");
mysql_query("UPDATE user SET money='$result2' WHERE username='$uname'");
echo "<center><font color='white'>Money transfered"; } }
}
else{

echo"<font color=white><center>Money transfer is still being debugged.</font></center>";
}
?>

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.