Jump to content

Help Needed!


c4n10

Recommended Posts

Hello all,

 

I am working with a page that has 3 forms, each with their own submit button and a field called "curr_type" where each form has it's own unique value.

 

Upon submit, depending on the form's submitted "curr_type" value it should be running one of three different functions on the page, "bitcoin_withdraw", "litecoin_withdraw" or "rucoin_withdraw".

 

All three forms submit the correct amount and address but for some reason all three forms are causing the "bitcoin_withdraw" function to run and I am getting very frustrated with it.

 

Any help is greatly appreciated, here is the code:

 

<?php
require 'util.php';

   if (isset($_POST['amount']) && isset($_POST['curr_type']))
{
   if(isset($_POST['csrf_token']))
   {
       if($_SESSION['csrf_token'] != $_POST['csrf_token'])
       {
           throw new Error("csrf","csrf token mismatch!");
       }
   }
   else
   {
       throw new Error("csrf","csrf token missing");
   }
}

function bitcoin_withdraw($uid, $amount, $curr_type)
{
   $addy = post('address');
   $bitcoin = connect_bitcoin();
   $validaddy = $bitcoin->validateaddress($addy);
   if (!$validaddy['isvalid'])
       throw new Problem('Bitcoin says no', 'That address you supplied was invalid.');
   syslog(LOG_NOTICE, "address=$addy");
   endlog();

   $query = "
      INSERT INTO requests (req_type, uid, amount, curr_type)
      VALUES ('WITHDR', '$uid', '$amount', '$curr_type');
  ";
   do_query($query);
   $reqid = mysql_insert_id();
   $query = "
      INSERT INTO bitcoin_requests (reqid, addy)
      VALUES ('$reqid', '$addy');
  ";
   do_query($query);
}

function litecoin_withdraw($uid, $amount, $curr_type)
{
   $addy = post('address');
   $litecoin = connect_litecoin();
   $validaddy = $litecoin->validateaddress($addy);
   if (!$validaddy['isvalid'])
       throw new Problem('Litecoin says no', 'That address you supplied was invalid.');
   syslog(LOG_NOTICE, "address=$addy");
   endlog();

   $query = "
      INSERT INTO requests (req_type, uid, amount, curr_type)
      VALUES ('WITHDR', '$uid', '$amount', '$curr_type');
  ";
   do_query($query);
   $reqid = mysql_insert_id();
   $query = "
      INSERT INTO litecoin_requests (reqid, addy)
      VALUES ('$reqid', '$addy');
  ";
   do_query($query);
}

function rucoin_withdraw($uid, $amount, $curr_type)
{
   $addy = post('address');
   $rucoin = connect_rucoin();
   $validaddy = $rucoin->validateaddress($addy);
   if (!$validaddy['isvalid'])
       throw new Problem('RuCoin says no', 'That address you supplied was invalid.');
   syslog(LOG_NOTICE, "address=$addy");
   endlog();

   $query = "
      INSERT INTO requests (req_type, uid, amount, curr_type)
      VALUES ('WITHDR', '$uid', '$amount', '$curr_type');
  ";
   do_query($query);
   $reqid = mysql_insert_id();
   $query = "
      INSERT INTO rucoin_requests (reqid, addy)
      VALUES ('$reqid', '$addy');
  ";
   do_query($query);
}

function save_details($uid, $amount, $curr_type)
{
   beginlog();
   syslog(LOG_NOTICE, "Withdrawing $amount $curr_type:");
   if ($curr_type = 'BTC') {
           bitcoin_withdraw($uid, $amount, $curr_type);
           return true;
   }
   elseif ($curr_type = 'LTC') {
       litecoin_withdraw($uid, $amount, $curr_type);
       return true;
   }
   elseif ($curr_type = 'RUC') {
       rucoin_withdraw($uid, $amount, $curr_type);
       return true;
   }
   else {
       throw Error('Invalid currency', 'You cannot withdraw a currency that does not exist.');
       }
       # should never happen!
      return false;
}

function truncate_num($num)
{
   return substr($num, 0, -6) . '000000';
}

if (isset($_POST['amount']) && isset($_POST['curr_type'])) {
   do_query("LOCK TABLES orderbook WRITE, purses WRITE, transactions WRITE, requests WRITE, bitcoin_requests WRITE, rucoin_requests WRITE, litecoin_requests WRITE");
   $uid = user_id();
   $amount_disp = post('amount');
   $curr_type = post('curr_type');
   $amount = /*numstr_to_internal*/($amount_disp);
   $amount = /*truncate_num*/($amount);

   curr_supported_check($curr_type);
   order_worthwhile_check($amount, $amount_disp);
   enough_money_check($amount, $curr_type);

   if (!save_details($uid, $amount, $curr_type))
       throw Error('We had to admit it sometime...', 'Stop trading on this site. Contact the admin FAST.');
   # actually take the money now
  deduct_funds($amount, $curr_type);
   # request is submitted to the queue for the cron job to actually execute

   do_query("UNLOCK TABLES");

   echo "<div class='content_box'>\n";
   echo "<h3>Withdraw $curr_type</h3>\n";
   echo "<p>Your request to withdraw $amount_disp $curr_type has been submitted. Visit your <a href='?page=profile'>profile</a> to check on the status of your request.</p>\n";
   echo "</div>\n";
}
else {
?>
   <div class='content_box'>
   <h3>Withdraw BTC</h3>
   <p>Enter an amount below to withdraw.</p>
   <p>
       <form action='' class='indent_form' method='post'>
           <label for='input_amount'>Amount</label>
           <input type='text' id='input_amount' name='amount' />

           <label for='input_address'>Address</label>
           <input type='text' id='input_address' name='address' />

           <input type='hidden' name='csrf_token' value="<?php echo $_SESSION['csrf_token']; ?>" />
           <input type='hidden' name='curr_type' value='BTC' />
           <input type='submit' value='Submit' />
       </form>
   </p>
   </div>

   <div class='content_box'>
   <h3>Withdraw LTC</h3>
   <p>Enter an amount below to withdraw.</p>
   <p>
       <form action='' class='indent_form' method='post'>
           <label for='input_amount'>Amount</label>
           <input type='text' id='input_amount' name='amount' />

           <label for='input_address'>Address</label>
           <input type='text' id='input_address' name='address' />

           <input type='hidden' name='csrf_token' value="<?php echo $_SESSION['csrf_token']; ?>" />
           <input type='hidden' name='curr_type' value='LTC' />
           <input type='submit' value='Submit' />
       </form>
   </p>
   </div>

   <div class='content_box'>
   <h3>Withdraw RUC</h3>
   <p>Enter an amount below to withdraw.</p>
   <p>
       <form action='' class='indent_form' method='post'>
           <label for='input_amount'>Amount</label>
           <input type='text' id='input_amount' name='amount' />

           <label for='input_address'>Address</label>
           <input type='text' id='input_address' name='address' />

           <input type='hidden' name='csrf_token' value="<?php echo $_SESSION['csrf_token']; ?>" />
           <input type='hidden' name='curr_type' value='RUC' />
           <input type='submit' value='Submit' />
       </form>
   </p>
   </div>

<?php
}
?>

Link to comment
https://forums.phpfreaks.com/topic/274559-help-needed/
Share on other sites

When you're checking the value of $curr_type, you're actually assigning a new value. You need to put double equals.

 

function save_details($uid, $amount, $curr_type)
{
beginlog();
syslog(LOG_NOTICE, "Withdrawing $amount $curr_type:");
if ($curr_type == 'BTC') {
bitcoin_withdraw($uid, $amount, $curr_type);
return true;
}
elseif ($curr_type == 'LTC') {
litecoin_withdraw($uid, $amount, $curr_type);
return true;
}
elseif ($curr_type == 'RUC') {
rucoin_withdraw($uid, $amount, $curr_type);
return true;
}
else {
throw Error('Invalid currency', 'You cannot withdraw a currency that does not exist.');
}
# should never happen!
return false;
}

You could also use triple equals to make sure it's exactly the same

Link to comment
https://forums.phpfreaks.com/topic/274559-help-needed/#findComment-1412857
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.