Full Point System
First off the SQLCode
ALTER TABLE `members` ADD `pin` VARCHAR( 255 ) NULL,
ADD `has_bank` INT( 1 ) NOT NULL default '0',
ADD `points` INT( 11 ) NOT NULL default '50';
CREATE TABLE `banks` (
`id` INT( 11 ) NOT NULL auto_increment,
`username` VARCHAR( 255 ) NOT NULL,
`points` INT( 11 ) NOT NULL default '0',
`pin` VARCHAR( 255 ) NULL,
PRIMARY KEY(`id`)
);
Add this to your functions.php if you have one. If not, add to your config.php
PHP Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
<?php
function secure($var){ //secure pin code function
$p = $var; //yawn? lets give it a simpler name :D
$md5 = md5(md5(md5(md5(md5($p))))); //md5 the pin/variablke
$sha1 = sha1(sha1(sha1(sha1(sha1($p))))); //sha1 the pin/text
$compile = "xX-$md5-$sha1-Xx"; //combine them
$secure_full = md5(sha1($compile)); //md5 and sha1 them :D
return $secure_full; //return the code
} //end function
function checkpin($pinhash){ //check our pin
$pin = $pinhash; //easier name
$pins = mysql_query("SELECT * FROM `members` WHERE `pin` = '$pin';") or die(mysql_error()); //get pins from members table
if(empty($pin)){ //UHOH they left it empty
return false; //BAD! you fail =]
} //end empty check
if(mysql_num_rows($pins) == 0){ //no pins found =(
return false; //fail.
} //end
if(mysql_num_rows($pins) >= 1){ //more then 1 found :D
return true; //true!!! pass!!!!
} //end
} //end function
?>
Call this file bank.php. it will be the only file you will need for this tutorial.
PHP Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218
<?php
session_start(); //allow sessions
require("config.php"); //get configuration
if(!$logged['username']){ //not logged in
print "You Must Be Logged In For Use of This Function!";
}else{ //they are logged in
if($logged['has_bank'] == 0){ //user doesn't have a bank account
if(!$_POST['getbank']){ //form not submitted
print "<form method=\"post\">
<strong>Pin Code</strong>
<input type=\"password\" size=\"15\" name=\"pincode\" maxlength=\"4\" />
<input type=\"submit\" name=\"getbank\" value=\"Get Bank!\" />
</form>";
}else{ //form was submitted
$pin = (int)$_POST['pincode']; //this is our un-encrypted pin
$enc_pin = secure($pin); //new pin for database
if(empty($pin)){ //it was empty =(
print "You Must Enter a 4 Digit Pin Code!";
}else{ //maybe not..
if(strlen($pin) < '4' || strlen($pin) > '4'){ //too long or too short
print "Pin Must Be 4 Digits Long!";
}else{ //not.
$update_user = mysql_query("UPDATE `members` SET `has_bank` = '1', `pin` = '$enc_pin' WHERE `username` = '$logged[username]';") or die(mysql_error()); //update the user
$insert_bank = mysql_query("INSERT INTO `banks` (`username`,`pin`) VALUES ('$logged[username]','$enc_pin');") or die(mysql_error()); //give them a bank account
print "Bank Setup Successfully!";
}
}
}
}else{
switch($_GET['page']){
default:
$getBank = mysql_query("SELECT * FROM `banks` WHERE `username` = '$logged[username]';"); //get the bank for the logged user
$bArray = mysql_fetch_array($getBank); //array the data.
print "<p>
Welcome to the bank $logged[username]
You Have $logged[points] in your hand and $bArray[points] in your bank account for a total of ".($logged[points] + $bArray[points])." points.
What would you like to do?</p>
<table width=\"300\">
<tr>
<td align=\"center\" valign=\"middle\">
<a href=\"bank.php?page=withdraw\">Withdraw Points</a>
</td>
<td align=\"center\" valign=\"middle\">
<a href=\"bank.php?page=deposit\">Deposit Points</a>
</td>
</tr>
<tr>
<td align=\"center\" valign=\"middle\">
<a href=\"bank.php?page=changepin\">Change Pin</a>
</td>
<td align=\"center\" valign=\"middle\">
<a href=\"bank.php?page=forgotpin\">Forgot Pin</a>
</td>
</tr>
</table>";
break;
case 'withdraw': //the withdraw points page
$getBank = mysql_query("SELECT * FROM `banks` WHERE `username` = '$logged[username]';"); //get the bank for the logged user
$bArray = mysql_fetch_array($getBank); //array the data.
if(!$_POST['withdraw']){ //form not submitted
print "<form method=\"post\">
You Have $bArray[points] In Bank!
<strong>Withdraw Amount</strong>
<input type=\"text\" name=\"amount\" value=\"0\" />
<strong>Your Pin</strong>
<input type=\"password\" name=\"mypin\" size=\"15\" />
<input type=\"submit\" name=\"withdraw\" value=\"Withdraw Points!\" />
</form>";
}else{ //it was
$pin = (int)$_POST['mypin']; //our pin
$withdrawpoints = (int) $_POST['amount']; //ammount wanted
$errors = array(); //errors
if(empty($pin)){ //empty pin
$errors[] = "You Must Enter your 4 Digit Pin Code!";
}
if(empty($withdrawpoints)){ //no moneyto withdraw
$errors[] = "You Must Enter an Amount of Money!";
}
if($bArray['points'] < $withdrawpoints){ //not enough points
$errors[] = "You Don't Have That Much Money In Your Bank!";
}
if(!checkpin(secure($pin))){ //invalid pin code
$errors[] = "Invalid PIN Code!";
}
if($bArray['pin'] != secure($pin)){ //wrong pin code:O
$errors[] = "Invalid Bank PIN!";
}
if($withdrawpoints < 0){
$errors[] = "Invalid Amount of Points!";
}
if(count($errors) > 0){ //errors found
foreach($errors as $err){ //loop for all errors
print $err.''; //print the error
} //end loop
}else{ //none found
$newbankpoints = ($bArray['points'] - $withdrawpoints); //new bank amount
$newhandpoints = ($logged['points'] + $withdrawpoints); //new hand amount
$update_hand = mysql_query("UPDATE `members` SET `points` = '$newhandpoints' WHERE `username` = '$logged[username]';") or die(mysql_error());
$update_bank = mysql_query("UPDATE `banks` SET `points` = '$newbankpoints' WHERE `username` = '$logged[username]';") or die(mysql_error());
print "$withdrawpoints Points has been withdrawn.";
} //end errors count
} //end form check
break;
case 'deposit': //depposit points page
$getBank = mysql_query("SELECT * FROM `banks` WHERE `username` = '$logged[username]';"); //get the bank for the logged user
$bArray = mysql_fetch_array($getBank); //array the data.
if(!$_POST['deposit']){ //form not submitted
print "<form method=\"post\">
You Have $logged[points] In Hand!
<strong>Withdraw Amount</strong>
<input type=\"text\" name=\"amount\" value=\"0\" />
<strong>Your Pin</strong>
<input type=\"password\" name=\"mypin\" size=\"15\" />
<input type=\"submit\" name=\"deposit\" value=\"Deposit Points!\" />
</form>";
}else{ //it was
$pin = (int)$_POST['mypin']; //our pin
$depositpoints = (int) $_POST['amount']; //ammount wanted
$errors = array(); //errors
if(empty($pin)){ //empty pin
$errors[] = "You Must Enter your 4 Digit Pin Code!";
}
if(empty($depositpoints)){ //no money to deposit
$errors[] = "You Must Enter an Amount of Money!";
}
if($logged['points'] < $depositpoints){ //not enough points
$errors[] = "You Don't Have That Much Money In Your Hand!";
}
if(!checkpin(secure($pin))){ //invalid pin code
$errors[] = "Invalid PIN Code!";
}
if($bArray['pin'] != secure($pin)){ //wrong pin code:O
$errors[] = "Invalid Bank PIN!";
}
if($depositpoints < 0){
$errors[] = "Invalid Amount of Points!";
}
if(count($errors) > 0){ //errors found
foreach($errors as $err){ //loop for all errors
print $err.''; //print the error
} //end loop
}else{ //none found
$newbankpoints = ($bArray['points'] + $depositpoints); //new bank amount
$newhandpoints = ($logged['points'] - $depositpoints); //new hand amount
$update_hand = mysql_query("UPDATE `members` SET `points` = '$newhandpoints' WHERE `username` = '$logged[username]';") or die(mysql_error());
$update_bank = mysql_query("UPDATE `banks` SET `points` = '$newbankpoints' WHERE `username` = '$logged[username]';") or die(mysql_error());
print "$depositpoints Points has been deposited.";
} //end errors count
} //end form check
break;
case 'changepin': //change pin page
$getBank = mysql_query("SELECT * FROM `banks` WHERE `username` = '$logged[username]';"); //get the bank for the logged user
$bArray = mysql_fetch_array($getBank); //array the data.
if(!$_POST['changepin']){ //form not submitted
print "<form method=\"post\">
<strong>Current PIN Code</strong>
<input type=\"password\" name=\"cur_pin\" maxlength=\"4\" />
<strong>New Pin</strong>
<input type=\"password\" name=\"new_pin\" maxlength=\"4\" />
<strong>Verify New Pin</strong>
<input type=\"password\" name=\"ver_pin\" maxlength=\"4\" />
<input type=\"submit\" name=\"changepin\" value=\"Change Pin!\">
</form>";
}else{ //or was it..
$pin = (int) $_POST['cur_pin']; //original pin
$newpin = (int) $_POST['new_pin'];//new pin
$verpin = (int) $_POST['ver_pin'];//verify new
$errors = array(); //errors
if(empty($pin)){ //no pin given
$errors[] = "Current Pin Incorrect.";
}
if(empty($newpin)){ //no new pin given
$errors[] = "You Msut Enter a New Pin!";
}
if(empty($verpin)){ //no verify new pin given
$errors[] = "You Must Verify Your New Pin!";
}
if($bArray['pin'] != secure($pin)){ //current pin doesnt equal bank current pin
$errors[] = "Incorrect Current Pin!";
}
if($newpin != $verpin){ //new pins dont match
$errors[] = "New Pins Do Not Match!";
}
if(count($errors) > 0){ //errors found
foreach($errors as $err){ //loop to print errors on page
print $err.'';
}
}else{ //no errors
$update_user_pin = mysql_query("UPDATE `members` SET `pin` = '".secure($newpin)."' WHERE `username` = '$logged[username]';") or die(mysql_error()); //update users pin
$update_bank_pin = mysql_query("UPDATE `banks` SET `pin` = '".secure($newpin)."' WHERE `username` = '$logged[username]';"); //update bank pin
print "Pin Updated!"; //success
} //end errors check
} //end form submit
break;
case 'forgotpin': //forgot my pin code D:
if(!$_POST['requestnew']){ //form not submitted
print "Well, looks like you have forgotten your pin. Too bad you won't be getting it right away. After clicking the button below please check your email for your new pin code.
<form method=\"post\">
<input type=\"submit\" name=\"requestnew\" value=\"Get New Pin!\" />
</form>";
}else{ //it was
$chars = "1234567890"; //available chars
$newpin = substr(str_shuffle($chars), 0, 4); //make new pin
$update_bank_pin = mysql_query("UPDATE `banks` SET `pin` = '".secure($newpin)."' WHERE `username` = '$logged[username]';") or die(mysql_error());
$update_members_pin = mysql_query("UPDATE `members` SET `pin` = '".secure($newpin)."' WHERE `username` = '$logged[username]';") or die(mysql_error());
$mail = mail($logged['email'], "New Pin Code", "hello $logged[username], $newpin is your new pin code. please do not lose it."); //email the user
if(!$mail){ //not sent
print "Error sending email!";
}else{//it sent
print "Please check your Email for your pin code.";
}
}
break;
}
}
}
?>
Posted on Tuesday 12th August 2008 at 01:06 AM
bank.php
Posted on Tuesday 12th August 2008 at 12:55 AM
whatever page ur calling
Posted on Tuesday 12th August 2008 at 12:51 AM
wat file lol
Posted on Monday 11th August 2008 at 10:37 PM
It can not get access to the secure function :S you will have to palce it in the file.
Posted on Monday 11th August 2008 at 10:09 PM
I get this error
Fatal error: Call to undefined function secure() in /home/jambomb/public_html/HighRize/main/bank.php on line 246
Fatal error: Call to undefined function secure() in /home/jambomb/public_html/HighRize/main/bank.php on line 246
Posted on Sunday 20th July 2008 at 12:57 AM
I got it. Nevermind.
Posted on Saturday 19th July 2008 at 02:37 PM
Error is as it seems. It can't find the function. Add it to that file maybe ^^'
Posted on Friday 18th July 2008 at 09:58 PM
I can't desposit points.
Fatal error: Call to undefined function checkpin() in /home/jsfdan/public_html/bank.php on line 147
Fatal error: Call to undefined function checkpin() in /home/jsfdan/public_html/bank.php on line 147
Posted on Friday 18th July 2008 at 03:29 PM
Yes It is :P
Posted on Thursday 17th July 2008 at 06:28 PM
Is this for the Shop?