I am making a payment system, pure for learning and I have a limited time. I realize my security is not as it should be. And not all is proper. I have not enough time to look at everything. Mostly I need to make it functional.
I have a balance in balance view table, with user_id and balance. I can output the balance on screen and etc.
I want to make it so that if you transfer from one to another that if the balance is under 0, that they cannot transfer anything. Is this best to do with MySQL code or an if statement. So far I have got this.
<?php
session_start();
require_once('verbinding.php');
if(!isset($_SESSION['username']) & empty($_SESSION['username'])){
header('location:index.php'); //redirect naar index.php als je niet ingelogd bent.
}
$username = $_SESSION['username'];
$user_id = $_SESSION['user_id'];
?>
<!DOCTYPE html>
<?php
require_once('verbinding.php');
?>
<!doctype html>
<html lang="en">
<head>
<!-- Required meta tags -->
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-
scale=1, shrink-to-fit=no">
<!-- Bootstrap CSS -->
<link rel="stylesheet"
href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min
.css" integrity="sha384-
MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO"
crossorigin="anonymous">
<title>Kameleon</title>
<style>.carousel-inner > .item > img { width:100%;
height:570px; } </style>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<nav class="navbar navbar-dark bg-dark">
<!-- Navbar content -->
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarText" aria-controls="navbarText" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarText">
<ul class="navbar-nav mr-auto">
<li class="nav-item">
<a class="nav-link" href="register.php">Register</a>
</li>
<li class="nav-item active">
<a class="nav-link" href="login.php">My Account <span class="sr-only">(current)</span></a>
</li>
<li class="nav-item">
<a class="nav-link" href="#">Customer Service</a>
</li>
</ul>
</div>
<a class="navbar-brand" href="index.php">Kameleon</a>
</nav><br><br>
<h1 class="display-3">Members area </h1>
<br>
<?php
$sql = "SELECT * FROM users WHERE id='$user_id'";
$result = mysqli_query($conn, $sql);
if($row = mysqli_fetch_array($result))
{
$username = $row["username"];
$sql = "SELECT balance FROM balanceview WHERE
user_id=$user_id";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_array($result);
echo "Hallo $username, jouw balans is: "
.$row["balance"] . " euro";
}
?>
<br><br>
<form action='transfer.php' method='REQUEST'
enctype="multipart/form-data">
<div class="test">
<b>Transfer amount</b><br><br>
<label>Amount</label> <input type='text'
name='amount' value=''><br>
</div>
<div class="test">
<label>To which Kameleon account</label> <input
type='text' name='touser' value=''><br>
</div>
<input type='submit' name='submit' class='knop'
value='send'><br>
</div>
</form>
<br>
<a href='logout.php'> Logout </a>
<!-- jQuery first, then Tether, then Bootstrap JS. -->
<script src="https://code.jquery.com/jquery-3.1.1.slim.min.js"
integrity="sha384-
A7FZj7v+d/sdmMqp/nOQwliLvUsJfDHW+k9Omg/a/EheAdgtzNs3hpfag6Ed950n"
crossorigin="anonymous"></script>
<script
src="https://cdnjs.cloudflare.com/ajax/libs/tether/1.4.0/js/tether.min.js
" integrity="sha384-
DztdAPBWPRXSA/3eYEEUWrWCy7G5KFbe8fFjk5JAIxUYHKkDx6Qin1DkWx51bBrb"
crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-
alpha.6/js/bootstrap.min.js" integrity="sha384-
vBWWzlZJ8ea9aCX4pEW3rVHjgjt7zpkNpZk+02D9phzyeVkE+jo0ieGizqPLForn"
crossorigin="anonymous"></script>
<script
src="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.
js" integrity="sha384-
ChfqqxuZUCnJSK3+MXmPNIyE6ZbWh2IMqE241rYiqJxyMiZ6OW/JmZQ5stwEULTy"
crossorigin="anonymous"></script>
</body>
<footer>
<nav class="navbar fixed-bottom navbar-dark bg-dark">
<a class="navbar-brand" href="register.php">Register</a>
<a class="navbar-brand" href="login.php">My Account</a>
<a class="navbar-brand" href="about.php">About Us</a>
</nav>
</footer>
</html>
And this is the code that is not working, I try to do this from the top of my head, I dont know how else to do it. It gives an error. Can someone advise how to apply the ride code and what to look for ?
<?php
session_start();
require_once('verbinding.php');
$value = $_REQUEST['amount'];
$touser = $_REQUEST['touser'];
$fromuser = $_SESSION['user_id'];
$balance = $_SESSION['balance']
/*
die code hier van net en dan de if else
*/
$sql = "SELECT * FROM users WHERE id='$user_id'";
$result = mysqli_query($conn, $sql);
if($row = mysqli_fetch_array($result))
{
$username = $row["username"];
$sql = "SELECT balance FROM balanceview WHERE user_id=$user_id";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_array($result);
}
if($row["balance"] < 0 )) {
echo "No way not enough credits";
} else {
$sql = "INSERT into transactions (from_user, to_user, amount)
VALUES ('$fromuser', '$touser','$value')";
$result = mysqli_query($conn, $sql) or
die(mysqli_error($conn));
echo $sql;
echo "$result";
}
?>
Aucun commentaire:
Enregistrer un commentaire