PHP Code:
<?$transfer_settings = simplexml_load_file('engine/config_mods/transfer.xml');$tax = $transfer_settings->tax;$credits_tax = $transfer_settings->credits;$wcoinc_tax = $transfer_settings->wcoinc;$wcoinp_tax = $transfer_settings->wcoinp;$gp_tax = $transfer_settings->gp;
if (isset($_POST['transfer'])){ if (isset($_POST['account'])) { if (isset($_POST['amount'])) { $change = htmlspecialchars($_POST['change'],ENT_QUOTES); $amount = htmlspecialchars($_POST['amount'],ENT_QUOTES); $account = htmlspecialchars($_POST['account'],ENT_QUOTES); $exist1 = $core_db->Execute("Select memb___id from MEMB_CREDITS where memb___id=?",array($user_auth_id)); if($exist1->EOF) { mssql_query("INSERT INTO MEMB_CREDITS(memb___id,credits,used) VALUES ('$user_auth_id',0,0)"); } $exist2 = $core_db->Execute("Select memb___id from MEMB_CREDITS where memb___id=?",array($account)); if($exist2->EOF) { mssql_query("INSERT INTO MEMB_CREDITS(memb___id,credits,used) VALUES ('$account',0,0)"); } $kredit1 = mssql_query("SELECT credits FROM MEMB_CREDITS WHERE memb___id='$user_auth_id'"); $kredit = mssql_fetch_array($kredit1); $points1 = mssql_query("SELECT WCoinC,WCoinP,GoblinPoint FROM CashShopData WHERE AccountID='$user_auth_id'"); $points = mssql_fetch_array($points1); $kredit_rec1 = mssql_query("SELECT credits FROM MEMB_CREDITS WHERE memb___id='$account'"); $kredit_rec = mssql_fetch_array($kredit_rec1); $points_rec1 = mssql_query("SELECT WCoinC,WCoinP,GoblinPoint FROM CashShopData WHERE AccountID='$account'"); $points_rec = mssql_fetch_array($points_rec1); $acc_check1 = mssql_query("Select memb___id from MEMB_INFO where memb___id= '$account'"); $acc_check = mssql_num_rows($acc_check1); if($change == 'credits') { if (!eregi("^[0-9\]{1,11}$", $amount)) { echo msg('0','Wrong value.'); } else if ($amount > $kredit[0]) { echo msg('0','Not enough credits.'); } else if ($acc_check == 0) { echo msg('0','Receiver doesnt exists.'); } else { if($tax == 1) { mssql_query("Update MEMB_CREDITS Set credits = credits - $amount where memb___id = '$user_auth_id'"); mssql_query("Update MEMB_CREDITS Set credits = credits + ($amount - $credits_tax) where memb___id = '$account'"); } else { mssql_query("Update MEMB_CREDITS Set credits = credits - $amount where memb___id = '$user_auth_id'"); mssql_query("Update MEMB_CREDITS Set credits = credits + $amount where memb___id = '$account'"); } echo msg('1','Transfer was successfull.'); $filename = fopen('transfer_log.txt', 'a'); fwrite($filename, "".date("d.m.Y H:i:s")." | ".$user_auth_id." sent ".$amount." credits to ".$account.".\r\n"); fclose($filename); } } if($change == 'wcoinc') { if (!eregi("^[0-9\]{1,11}$", $amount)) { echo msg('0','Wrong value.'); } else if ($amount > $points[0]) { echo msg('0','Not enough WCoinC.'); } else if ($acc_check == 0) { echo msg('0','Receiver doesnt exists.'); } else { if($tax == 1) { mssql_query("Update CashShopData Set WCoinC = WCoinC - $amount where AccountID = '$user_auth_id'"); mssql_query("Update CashShopData Set WCoinC = WCoinC + ($amount - $wcoinc_tax) where AccountID = '$account'"); } else { mssql_query("Update CashShopData Set WCoinC = WCoinC - $amount where AccountID = '$user_auth_id'"); mssql_query("Update CashShopData Set WCoinC = WCoinC + $amount where AccountID = '$account'"); } echo msg('1','Transfer was successfull.'); $filename = fopen('transfer_log.txt', 'a'); fwrite($filename, "".date("d.m.Y H:i:s")." | ".$user_auth_id." sent ".$amount." WCoinC to ".$account.".\r\n"); fclose($filename); } } if($change == 'wcoinp') { if (!eregi("^[0-9\]{1,11}$", $amount)) { echo msg('0','Wrong value.'); } else if ($amount > $points[1]) { echo msg('0','Not enough WCoinP.'); } else if ($acc_check == 0) { echo msg('0','Receiver doesnt exists.'); } else { if($tax == 1) { mssql_query("Update CashShopData Set WCoinP = WCoinP - $amount where AccountID = '$user_auth_id'"); mssql_query("Update CashShopData Set WCoinP = WCoinP + ($amount - $wcoinp_tax) where AccountID = '$account'"); } else { mssql_query("Update CashShopData Set WCoinP = WCoinP - $amount where AccountID = '$user_auth_id'"); mssql_query("Update CashShopData Set WCoinP = WCoinP + $amount where AccountID = '$account'"); } echo msg('1','Transfer was successfull.'); $filename = fopen('transfer_log.txt', 'a'); fwrite($filename, "".date("d.m.Y H:i:s")." | ".$user_auth_id." sent ".$amount." WCoinP to ".$account.".\r\n"); fclose($filename); } } if($change == 'gp') { if (!eregi("^[0-9\]{1,11}$", $amount)) { echo msg('0','Wrong value.'); } else if ($amount > $points[2]) { echo msg('0','Not enough GoblinPoint.'); } else if ($acc_check == 0) { echo msg('0','Receiver doesnt exists.'); } else { if($tax == 1) { mssql_query("Update CashShopData Set GoblinPoint = GoblinPoint - $amount where AccountID = '$user_auth_id'"); mssql_query("Update CashShopData Set GoblinPoint = GoblinPoint + ($amount - $gp_tax) where AccountID = '$account'"); } else { mssql_query("Update CashShopData Set GoblinPoint = GoblinPoint - $amount where AccountID = '$user_auth_id'"); mssql_query("Update CashShopData Set GoblinPoint = GoblinPoint + $amount where AccountID = '$account'"); } echo msg('1','Transfer was successfull.'); $filename = fopen('transfer_log.txt', 'a'); fwrite($filename, "".date("d.m.Y H:i:s")." | ".$user_auth_id." sent ".$amount." GoblinPoint to ".$account.".\r\n"); fclose($filename); } } } else { echo msg('0','Missing amount.'); } } else { echo msg('0','Missing receiver account.'); }}
$cred = mssql_query("SELECT credits FROM MEMB_CREDITS WHERE memb___id='$user_auth_id'");$kredit = mssql_fetch_array($cred);$mon = mssql_query("SELECT purse FROM MEMB_INFO WHERE memb___id='$user_auth_id'");$money = mssql_fetch_array($mon);$www = mssql_query("SELECT WCoinC,WCoinP,GoblinPoint FROM CashShopData WHERE AccountID='$user_auth_id'");$wcp = mssql_fetch_array($www);
echo '<table width="95%" align="center"><tr><td width="30%"><b>Credits:</b></td><td>'.number_format($kredit[0]).'</td></tr><tr><td><b>WCoinC:</b></td><td>'.number_format($wcp[0]).'</td></tr><tr><td><b>WCoinP:</b></td><td>'.number_format($wcp[1]).'</td></tr><tr><td><b>GoblinPoint:</b></td><td>'.number_format($wcp[2]).'</td></tr></table>';?>
<br><form action="" method="post" onsubmit="request("form_vip","sh_","POST","getpage.php?cat=transfer"); return false;"><table><tr><td><b>Choose currency for transfer</b></td><td align="right"> <select class="iRg_input" style="width: 110px" name="change"> <option value="credits" selected>Credits</option> <option value="wcoinc">WCoinC</option> <option value="wcoinp">WCoinP</option> <option value="gp">GoblinPoint</option> </select></td></tr><tr><td><b>Amount to transfer</b></td><td align="right"><input type="text" class="iRg_input" size="13" maxlength="11" name="amount" value="0" /></td></tr><tr><td><b>Account to receive</b></td><td align="right"><input type="text" class="iRg_input" size="13" maxlength="10" name="account" value="<?=$user_auth_id?>" /></td></tr><tr><td colspan="2" align="right"><input type="submit" class="button-gray" name="transfer" value="Transfer" /></td></tr></table><br><br>
<?phpif($tax == 1) {?><fieldset><legend>Taxes</legend><li>Sending credits costs <?=$credits_tax?> credits.<li>Sending WCoinC costs <?=$wcoinc_tax?> WCoinC.<li>Sending WCoinP costs <?=$wcoinp_tax?> WCoinP.<li>Sending GoblinPoints costs <?=$gp_tax?> GoblinPoints.</fieldset><?php}?>
