function regenerate_session()
{
session_unset();
session_destroy();
session_start();
// session_regenerate_id(true);
$_SESSION['name'] = 'CatLover';
$_SESSION['money'] = 10000;
$_SESSION['timeout'] = time();
regenerate_CSRF();
}
<?php
require_once '../init.php';
if (isset($_SESSION['name']) && isset($_POST['total_cost']) && isset($_POST['csrf_token']) && $_POST['csrf_token'] === $_SESSION['csrf_token']) {
$username = $_SESSION['name'];
$balance = (int) $_SESSION['money'];
$total_cost = (int) $_POST['total_cost'];
$new_balance = $balance -= $total_cost;
if ($new_balance < 0) {
$error = "<h1>{$username}, <br/>Please top up your wallet!</h1>";
} else {
// regenerate Anti-CSRF Token
regenerate_CSRF();
$_SESSION['money'] = $new_balance;
$message = <<<HTML
<h1>Thank You!</h1>
<h3>Your wallet has been successfully charged for {$total_cost} Baht.</h3>
<p>Username: {$username}</p>
<p>Your money: {$new_balance} Baht</p>
HTML;
}
} else {
$error = '<h1>unauthorized access.</h1>';
}
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="author" content="Pichaya Morimoto">
<title> Pwnladin's Cat Shop </title>