Jump to content

Help Needed!

c4n10

By c4n10
in PHP Coding Help

 Share

Recommended Posts

c4n10 Newbie

c4n10

Posted
Posted (edited)

Hello all,

 

I am working with a page that has 3 forms, each with their own submit button and a field called "curr_type" where each form has it's own unique value.

 

Upon submit, depending on the form's submitted "curr_type" value it should be running one of three different functions on the page, "bitcoin_withdraw", "litecoin_withdraw" or "rucoin_withdraw".

 

All three forms submit the correct amount and address but for some reason all three forms are causing the "bitcoin_withdraw" function to run and I am getting very frustrated with it.

 

Any help is greatly appreciated, here is the code:

 

<?php
require 'util.php';

   if (isset($_POST['amount']) && isset($_POST['curr_type']))
{
   if(isset($_POST['csrf_token']))
   {
       if($_SESSION['csrf_token'] != $_POST['csrf_token'])
       {
           throw new Error("csrf","csrf token mismatch!");
       }
   }
   else
   {
       throw new Error("csrf","csrf token missing");
   }
}

function bitcoin_withdraw($uid, $amount, $curr_type)
{
   $addy = post('address');
   $bitcoin = connect_bitcoin();
   $validaddy = $bitcoin->validateaddress($addy);
   if (!$validaddy['isvalid'])
       throw new Problem('Bitcoin says no', 'That address you supplied was invalid.');
   syslog(LOG_NOTICE, "address=$addy");
   endlog();

   $query = "
      INSERT INTO requests (req_type, uid, amount, curr_type)
      VALUES ('WITHDR', '$uid', '$amount', '$curr_type');
  ";
   do_query($query);
   $reqid = mysql_insert_id();
   $query = "
      INSERT INTO bitcoin_requests (reqid, addy)
      VALUES ('$reqid', '$addy');
  ";
   do_query($query);
}

function litecoin_withdraw($uid, $amount, $curr_type)
{
   $addy = post('address');
   $litecoin = connect_litecoin();
   $validaddy = $litecoin->validateaddress($addy);
   if (!$validaddy['isvalid'])
       throw new Problem('Litecoin says no', 'That address you supplied was invalid.');
   syslog(LOG_NOTICE, "address=$addy");
   endlog();

   $query = "
      INSERT INTO requests (req_type, uid, amount, curr_type)
      VALUES ('WITHDR', '$uid', '$amount', '$curr_type');
  ";
   do_query($query);
   $reqid = mysql_insert_id();
   $query = "
      INSERT INTO litecoin_requests (reqid, addy)
      VALUES ('$reqid', '$addy');
  ";
   do_query($query);
}

function rucoin_withdraw($uid, $amount, $curr_type)
{
   $addy = post('address');
   $rucoin = connect_rucoin();
   $validaddy = $rucoin->validateaddress($addy);
   if (!$validaddy['isvalid'])
       throw new Problem('RuCoin says no', 'That address you supplied was invalid.');
   syslog(LOG_NOTICE, "address=$addy");
   endlog();

   $query = "
      INSERT INTO requests (req_type, uid, amount, curr_type)
      VALUES ('WITHDR', '$uid', '$amount', '$curr_type');
  ";
   do_query($query);
   $reqid = mysql_insert_id();
   $query = "
      INSERT INTO rucoin_requests (reqid, addy)
      VALUES ('$reqid', '$addy');
  ";
   do_query($query);
}

function save_details($uid, $amount, $curr_type)
{
   beginlog();
   syslog(LOG_NOTICE, "Withdrawing $amount $curr_type:");
   if ($curr_type = 'BTC') {
           bitcoin_withdraw($uid, $amount, $curr_type);
           return true;
   }
   elseif ($curr_type = 'LTC') {
       litecoin_withdraw($uid, $amount, $curr_type);
       return true;
   }
   elseif ($curr_type = 'RUC') {
       rucoin_withdraw($uid, $amount, $curr_type);
       return true;
   }
   else {
       throw Error('Invalid currency', 'You cannot withdraw a currency that does not exist.');
       }
       # should never happen!
      return false;
}

function truncate_num($num)
{
   return substr($num, 0, -6) . '000000';
}

if (isset($_POST['amount']) && isset($_POST['curr_type'])) {
   do_query("LOCK TABLES orderbook WRITE, purses WRITE, transactions WRITE, requests WRITE, bitcoin_requests WRITE, rucoin_requests WRITE, litecoin_requests WRITE");
   $uid = user_id();
   $amount_disp = post('amount');
   $curr_type = post('curr_type');
   $amount = /*numstr_to_internal*/($amount_disp);
   $amount = /*truncate_num*/($amount);

   curr_supported_check($curr_type);
   order_worthwhile_check($amount, $amount_disp);
   enough_money_check($amount, $curr_type);

   if (!save_details($uid, $amount, $curr_type))
       throw Error('We had to admit it sometime...', 'Stop trading on this site. Contact the admin FAST.');
   # actually take the money now
  deduct_funds($amount, $curr_type);
   # request is submitted to the queue for the cron job to actually execute

   do_query("UNLOCK TABLES");

   echo "<div class='content_box'>\n";
   echo "<h3>Withdraw $curr_type</h3>\n";
   echo "<p>Your request to withdraw $amount_disp $curr_type has been submitted. Visit your <a href='?page=profile'>profile</a> to check on the status of your request.</p>\n";
   echo "</div>\n";
}
else {
?>
   <div class='content_box'>
   <h3>Withdraw BTC</h3>
   <p>Enter an amount below to withdraw.</p>
   <p>
       <form action='' class='indent_form' method='post'>
           <label for='input_amount'>Amount</label>
           <input type='text' id='input_amount' name='amount' />

           <label for='input_address'>Address</label>
           <input type='text' id='input_address' name='address' />

           <input type='hidden' name='csrf_token' value="<?php echo $_SESSION['csrf_token']; ?>" />
           <input type='hidden' name='curr_type' value='BTC' />
           <input type='submit' value='Submit' />
       </form>
   </p>
   </div>

   <div class='content_box'>
   <h3>Withdraw LTC</h3>
   <p>Enter an amount below to withdraw.</p>
   <p>
       <form action='' class='indent_form' method='post'>
           <label for='input_amount'>Amount</label>
           <input type='text' id='input_amount' name='amount' />

           <label for='input_address'>Address</label>
           <input type='text' id='input_address' name='address' />

           <input type='hidden' name='csrf_token' value="<?php echo $_SESSION['csrf_token']; ?>" />
           <input type='hidden' name='curr_type' value='LTC' />
           <input type='submit' value='Submit' />
       </form>
   </p>
   </div>

   <div class='content_box'>
   <h3>Withdraw RUC</h3>
   <p>Enter an amount below to withdraw.</p>
   <p>
       <form action='' class='indent_form' method='post'>
           <label for='input_amount'>Amount</label>
           <input type='text' id='input_amount' name='amount' />

           <label for='input_address'>Address</label>
           <input type='text' id='input_address' name='address' />

           <input type='hidden' name='csrf_token' value="<?php echo $_SESSION['csrf_token']; ?>" />
           <input type='hidden' name='curr_type' value='RUC' />
           <input type='submit' value='Submit' />
       </form>
   </p>
   </div>

<?php
}
?>

Edited by c4n10
Link to comment
Share on other sites
denno020 Regular Member

denno020

Posted
Posted (edited)

When you're checking the value of $curr_type, you're actually assigning a new value. You need to put double equals.

 

function save_details($uid, $amount, $curr_type)
{
beginlog();
syslog(LOG_NOTICE, "Withdrawing $amount $curr_type:");
if ($curr_type == 'BTC') {
bitcoin_withdraw($uid, $amount, $curr_type);
return true;
}
elseif ($curr_type == 'LTC') {
litecoin_withdraw($uid, $amount, $curr_type);
return true;
}
elseif ($curr_type == 'RUC') {
rucoin_withdraw($uid, $amount, $curr_type);
return true;
}
else {
throw Error('Invalid currency', 'You cannot withdraw a currency that does not exist.');
}
# should never happen!
return false;
}

You could also use triple equals to make sure it's exactly the same

Edited by denno020
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.