forked from udsaxman/Sapphirev2
-
Notifications
You must be signed in to change notification settings - Fork 0
/
processTransfer.php
128 lines (96 loc) · 2.6 KB
/
processTransfer.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
<?php
include 'connection.php';
$theName = "";
$date = "";
$userId = 0;
$wallet = 0;
$amount = 0;
$type = 0;
$addText = "";
$fail = false;
//There probably should be a transfer code somewhere so we know what we're looking for + doing
if (isset($_POST["name"])) {
$theName = $_POST["name"];
} else {
$theName = "Error_No_Name";
}
if (isset($_POST["date"])) {
$date = $_POST["date"];
} else {
$date = "Error_No_Date";
}
if (isset($_POST["addText"])) {
$addText = $_POST["addText"];
if ($addText == "")
$addText = NULL;
} else {
$addText = NULL;
}
if (isset($_POST["selUser"])) {
$userId = $_POST["selUser"];
if ($userId == 0)
$fail = true;
} else {
$fail = true;
Fail("No user found for Transfer");
}
if (isset($_POST["wallet"])) {
$wallet = $_POST["wallet"];
} else {
$fail = true;
Fail("No wallet found for Transfer");
}
if (isset($_POST["amount"])) {
$amount = $_POST["amount"];
} else {
$amount = 0;
}
if (isset($_POST["type"])) {
$type = $_POST["type"];
} else {
$fail = true;
}
$amount = str_replace(",", "", $amount);
$wallet = str_replace(",", "", $wallet);
if (!is_numeric($amount)) {
$fail = true;
}
if (!$fail) {
if (trim($amount) == "" || !is_numeric($amount)) {
Fail("Bad Data");
} else {
switch ($type) {
case "paycheck":
$amount *= -1;
$newWallet = $wallet + $amount;
$sql = "Call sp_PaycheckTransaction(" . $userId . ", '" . $theName . "', " . $amount . ", '" . $date . "')";
$result = mysql_query($sql, $conn) or die(mysql_error());
$sql = "Call sp_UpdateUserIsk(" . $newWallet . ", " . $userId . ")";
$result = mysql_query($sql, $conn) or die(mysql_error());
Success();
break;
case "corp":
$newWallet = $wallet + $amount;
$sql = "Call sp_CorpTransaction(" . $userId . ", '" . $theName . "', " . $amount . ", '" . $date . "', '" . $addText . "')";
$result = mysql_query($sql, $conn) or die(mysql_error());
$sql = "Call sp_UpdateUserIsk(" . $newWallet . ", " . $userId . ")";
$result = mysql_query($sql, $conn) or die(mysql_error());
Success();
break;
default:
Fail("Bad Data");
break;
}
}
} else {
Fail("Bad Data");
}
function Fail($error)
{
header('Location: ./TDSInError.php?Error=' . $error . '');
}
function Success()
{
header('Location: ./TDSInAdminTools.php');
}
?>