Jump to content

PLS Help, How do i remove an OTP without affecting other Operations ?


Recommended Posts

<?php

$email = $row['acct_email'];
$account_id =$row['id'];

if(isset($_POST['wire_transfer'])){

    $amount = inputValidation($_POST['amount']);
    $acct_name = inputValidation($_POST['acct_name']);
    $bank_name = inputValidation($_POST['bank_name']);
    $acct_number = inputValidation($_POST['acct_number']);
    $acct_country = inputValidation($_POST['acct_country']);
    $acct_swift = inputValidation($_POST['acct_swift']);
    $acct_routing = inputValidation($_POST['acct_routing']);
    $acct_type = inputValidation($_POST['acct_type']);
    $acct_remarks = inputValidation($_POST['acct_remarks']);

    $acct_amount = $row['acct_balance'];


    if($amount <= 0){
        toast_alert('error', 'Invalid amount entered');
    }else if($amount > $acct_amount){
        toast_alert("error","Insufficient Balance");
    }else {
        $limit_balance = $row['acct_limit'];
        $transferLimit = $row['limit_remain'];

        // if($transferLimit === 0){
        //     toast_alert('error', 'You have Exceed Your Transfer Limit');
        // }

        // if($amount > $transferLimit){
        //     toast_alert('error', 'Your transfer limit remain '.$transferLimit);
        // } else {
        
            $trans_id = uniqid();
            $trans_opt = substr(number_format(time() * rand(), 0, '', ''), 0, 6);

            $sql = "INSERT INTO temp_trans (amount,trans_id,acct_id,bank_name,acct_name_id,acct_number,acct_type,acct_country,acct_swift,acct_routing,acct_remarks,trans_otp) VALUES(:amount,:trans_id,:acct_id,:bank_name,:acct_name,:acct_number,:acct_type,:acct_country,:acct_swift,:acct_routing,:acct_remarks,:trans_otp)";
            $tranfered = $conn->prepare($sql);
            $tranfered->execute([
                'amount' => $amount,
                'trans_id'=>$trans_id,
                'acct_id' => $account_id,
                'bank_name' => $bank_name,
                'acct_name' => $acct_name,
                'acct_number' => $acct_number,
                'acct_type' => $acct_type,
                'acct_country' => $acct_country,
                'acct_swift' => $acct_swift,
                'acct_routing' => $acct_routing,
                'acct_remarks' => $acct_remarks,
                'trans_otp'=>$trans_opt
            ]);

            if (true) {
                $acct_otp = substr(number_format(time() * rand(), 0, '', ''), 0, 6);

                $sql =  "UPDATE users SET acct_otp=:acct_otp WHERE id=:id";
                $stmt = $conn->prepare($sql);
                $stmt->execute([
                   'acct_otp'=>$acct_otp,
                    'id'=>$account_id
                ]);

               
                    if($page['billing_code']=='0') {

                        $sql = "SELECT * FROM users WHERE id=:id";
                        $stmt = $conn->prepare($sql);
                        $stmt->execute([
                            'id' => $account_id
                        ]);
                        $resultCode = $stmt->fetch(PDO::FETCH_ASSOC);
                        $code = $resultCode['acct_otp'];
                        
                        $APP_NAME = $pageTitle;

                        $number = $resultCode['acct_phone'];
                        
                  
                        if($page['twillio_status'] == '1'){
                        $messageText = "Dear ".$resultCode['firstname']. " You just made a Transaction of ".$currency."".$amount." in Your ".$APP_NAME." Account  Kindly make use of this ".$code."  to complete your Transaction Thanks ";
                        
                        $sendSms->sendSmsCode($number,$messageText);
                        }
                    
                        $message = $sendMail->pinRequest($currency, $amount, $fullName, $code, $APP_NAME);
                        // User Email
                        $subject = "[OTP CODE] - $APP_NAME";
                        $email_message->send_mail($email, $message, $subject);

                        if(true){
                            session_start();
                            $_SESSION['wire-transfer'] = $code;
                                header("Location:./pin.php");
                        }
                        
                    }else if($row['billing_code'] == "0"){
                        
                                                $sql = "SELECT * FROM users WHERE id=:id";
                        $stmt = $conn->prepare($sql);
                        $stmt->execute([
                            'id' => $account_id
                        ]);
                        $resultCode = $stmt->fetch(PDO::FETCH_ASSOC);
                        $code = $resultCode['acct_otp'];
                        
                        $APP_NAME = $pageTitle;

                        $number = $resultCode['acct_phone'];
                        
                  
                        if($page['twillio_status'] == '1'){
                        $messageText = "Dear ".$resultCode['firstname']. " You just made a Transaction of ".$currency."".$amount." in Your ".$APP_NAME." Account  Kindly make use of this ".$code."  to complete your Transaction Thanks ";
                        
                        $sendSms->sendSmsCode($number,$messageText);
                        }
                    
                        $message = $sendMail->pinRequest($currency, $amount, $fullName, $code, $APP_NAME);
                        // User Email
                        $subject = "[OTP CODE] - $APP_NAME";
                        $email_message->send_mail($email, $message, $subject);

                        if(true){
                            session_start();
                            $_SESSION['wire-transfer'] = $code;
                                header("Location:./pin.php");
                        }
                        
                        
                    }else{
                        session_start();
                        $_SESSION['wire-transfer']=$user_id;
                        header("Location:./cot.php");
                    }
                }
        }
    }

if (isset($_POST['cot_submit'])){
    $cotCode = $_POST['cot_code'];
    $acct_cot = $row['acct_cot'];

    if($cotCode === $acct_cot){
        $_SESSION['wire-transfer'] = $user_id;
        header("Location:./tax.php");
    }else{
        notify_alert('Invalid COT Code','danger','3000','Close');
    }
}

if (isset($_POST['tax_submit'])){
    $taxCode = $_POST['tax_code'];
    $acct_tax = $row['acct_tax'];

    if($taxCode === $acct_tax){
        $_SESSION['wire-transfer'] = $user_id;
        header("Location:./imf-code.php");
    }else{
        notify_alert('Invalid TAX Code','danger','3000','Close');
    }
}


if (isset($_POST['imf_submit'])){
    $imf_code = $_POST['imf_code'];
    $imf = $row['acct_imf'];
    $amount = $temp_trans['amount'];

    if($imf_code === $imf){
        $sql3 = "SELECT * FROM users WHERE id=:id";
        $stmt = $conn->prepare($sql3);
        $stmt->execute([
            'id' => $account_id
        ]);
        $resultCode = $stmt->fetch(PDO::FETCH_ASSOC);
        $code = $resultCode['acct_otp'];
        
        $number = $resultCode['acct_phone'];
        $message = "Dear ".$resultCode['firstname']. "Your verify code is ". $code;
           
            
        if($page['twillio_status'] == '1'){            
        $data = twilioController::sendSmsCode($number,$message);
        }

        $APP_NAME = $pageTitle;
        $message = $sendMail->pinRequest($currency, $amount, $fullName, $code, $APP_NAME);
        $subject = "[OTP CODE] - $APP_NAME";
        $email_message->send_mail($email, $message, $subject);

        if(true){
            $_SESSION['wire-transfer'] = $user_id;
            header("Location:./pin.php");
        }else{
            notify_alert('Invalid IMF Code','danger','3000','Close');
        }
    }
}

if(isset($_POST['submit-pin'])){
    $pin = inputValidation($_POST['pin']);
    $oldPin = inputValidation($row['acct_otp']);
    $acct_amount = inputValidation($row['acct_balance']);
    $account_id = inputValidation($_POST['account_id']);
    $amount = inputValidation($_POST['amount']);
    $bank_name = inputValidation($_POST['bank_name']);
    $acct_name = inputValidation($_POST['acct_name']);
    $acct_number = inputValidation($_POST['acct_number']);
    $acct_type = inputValidation($_POST['acct_type']);
    $acct_country = inputValidation($_POST['acct_country']);
    $acct_swift = inputValidation($_POST['acct_swift']);
    $acct_routing = inputValidation($_POST['acct_routing']);
    $acct_remarks = inputValidation($_POST['acct_remarks']);

    $limit_balance = $row['acct_limit'];
    $transferLimit = $row['limit_remain'];

    if($pin !== $oldPin){
        toast_alert('error','Incorrect OTP CODE');
    }else if($acct_amount < 0){
        toast_alert('error','Insufficient Balance');
    }else {

        $tBalance = ($transferLimit - $amount);
        $aBalance = ($acct_amount - $amount);


        $sql = "UPDATE users SET limit_remain=:limit_remain,acct_balance=:acct_balance WHERE id=:id";
        $stmt = $conn->prepare($sql);
        $stmt->execute([
            'limit_remain' => $tBalance,
            'acct_balance' => $aBalance,
            'id' => $account_id
        ]);

        if (true) {
            $refrence_id = uniqid();
            $sql = "INSERT INTO wire_transfer (amount,acct_id,refrence_id,bank_name,acct_name,acct_number,acct_type,acct_country,acct_swift,acct_routing,acct_remarks) VALUES(:amount,:acct_id,:refrence_id,:bank_name,:acct_name,:acct_number,:acct_type,:acct_country,:acct_swift,:acct_routing,:acct_remarks)";
            $tranfered = $conn->prepare($sql);
            $tranfered->execute([
                'amount' => $amount,
                'acct_id' => $account_id,
                'refrence_id'=>$refrence_id,
                'bank_name' => $bank_name,
                'acct_name' => $acct_name,
                'acct_number' => $acct_number,
                'acct_type' => $acct_type,
                'acct_country' => $acct_country,
                'acct_swift' => $acct_swift,
                'acct_routing' => $acct_routing,
                'acct_remarks' => $acct_remarks
            ]);

            if (true) {
                session_start();
                $_SESSION['wire_transfer'] = $refrence_id;
                header("Location:./success.php");

            } else {
                toast_alert("error", "Sorry Error Occured Contact Support");
            }

        }
    }

}


if(isset($_POST['domestic-transfer'])){

    $amount = $_POST['amount'];
    $acct_name = $_POST['acct_name'];
    $bank_name = $_POST['bank_name'];
    $acct_number = $_POST['acct_number'];
    $acct_type = $_POST['acct_type'];
    $acct_remarks = $_POST['acct_remarks'];

    $acct_amount = $row['acct_balance'];
    $account_id =$row['id'];


    if($acct_stat === 'hold' ){
        toast_alert("error","Account on Hold Contact Support");
    }elseif($amount > $acct_amount){
        toast_alert("error","Insufficient Balance!");
    }else {
        $trans_id = uniqid();
        $trans_opt = substr(number_format(time() * rand(), 0, '', ''), 0, 6);
        $trans_type = "domestic transfer";
        $sql = "INSERT INTO temp_trans (amount,trans_id,acct_id,bank_name,acct_name_id,acct_number,acct_type,acct_remarks,trans_otp,trans_type) VALUES(:amount,:trans_id,:acct_id,:bank_name,:acct_name,:acct_number,:acct_type,:acct_remarks,:trans_otp,:trans_type )";
        $tranfered = $conn->prepare($sql);
        $tranfered->execute([
            'amount' => $amount,
            'trans_id' => $trans_id,
            'acct_id' => $account_id,
            'bank_name' => $bank_name,
            'acct_name' => $acct_name,
            'acct_number' => $acct_number,
            'acct_type' => $acct_type,
            'acct_remarks' => $acct_remarks,
            'trans_otp' => $trans_opt,
            'trans_type' =>$trans_type
        ]);

        if (true) {
//            $TRANS = uniqid('w', true);
            $trans_id = mt_rand(100000, 999999);
            $trans_opt = substr(number_format(time() * rand(), 0, '', ''), 0, 6);

            $sql = "UPDATE users SET acct_otp=:acct_otp WHERE id=:id";
            $stmt = $conn->prepare($sql);
            $stmt->execute([
                'acct_otp' => $trans_opt,
                'id' => $account_id
            ]);

            if (true) {
                $sql = "SELECT * FROM users WHERE id=:id";
                $stmt = $conn->prepare($sql);
                $stmt->execute([
                    'id' => $account_id
                ]);

                $result = $stmt->fetch(PDO::FETCH_ASSOC);

                $code = $result['acct_otp'];
                
                $number = $result['acct_phone'];
                 $message = "Dear ".$result['firstname']. "Your verify code is ". $code;
                        
                if($page['twillio_status'] == '1'){
                 $data = twilioController::sendSmsCode($number,$message);
                }

                $APP_NAME = $pageTitle;
                $message = $sendMail->pinRequest($currency, $amount, $fullName, $code, $APP_NAME);
                $subject = "[OTP CODE] - $APP_NAME";
                $email_message->send_mail($email, $message, $subject);

            }

            if (true) {
                session_start();
                $_SESSION['dom-transfer'] = $code;
                header("Location:./pin.php");
            }
            
            
            //  if (true) {
            //         if($row['billing_code']==='0') {

            //             $sql = "SELECT * FROM users WHERE id=:id";
            //             $stmt = $conn->prepare($sql);
            //             $stmt->execute([
            //                 'id' => $account_id
            //             ]);
            //             $resultCode = $stmt->fetch(PDO::FETCH_ASSOC);
            //             $code = $resultCode['acct_otp'];

            //             $APP_NAME = $pageTitle;
            //             $message = $sendMail->pinRequest($currency, $amount, $fullName, $code, $APP_NAME);
            //             $subject = "[OTP CODE] - $APP_NAME";
            //             $email_message->send_mail($email, $message, $subject);

            //             if(true){
            //                 session_start();
            //                 $_SESSION['dom-transfer'] = $code;
            //                     header("Location:./pin.php");
            //             }
            //         }else{
            //             session_start();
            //             $_SESSION['dom-transfer']=$user_id;
            //             header("Location:./cot.php");
            //         }
            //     }

        }
    }
}

userPinfunction.txt

Edited by requinix
please use the Code <> button when posting code

What do you mean, "remove"? What "other operations"?

You've managed to post a whole bunch of code, but wouldn't you know, when asking for help with a thing, giving a description of what you want to do is more important than the code itself!

 

30 minutes ago, ginerjm said:

Huh?  What's an OTP?

One-time password. Like those 6-digit numbers you get from SMS or "authenticator" apps that cycle every 30 seconds.

Such as this algorithm,

$acct_otp = substr(number_format(time() * rand(), 0, '', ''), 0, 6);

(which is terrible and should never be used by anyone for any reason)

  • Like 1
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.