function Create() { $bcode = escapeSQL($this->bcode); $bno = escapeSQL($this->bno); $bname = escapeSQL($this->bname); $uid = escapeSQL($this->uid); $sql = "SELECT count(*) cnt FROM banks where uid = {$uid} and bno = '{$bno}' and bcode = '{$bcode}'"; $o = queryScalar($sql); if ($o->cnt > 0) { return -2; } $sql = "INSERT INTO `banks` (`bcode`,`bno`,`bname`,`uid`) VALUES ('{$bcode}','{$bno}','{$bname}','{$uid}')"; mysql_query($sql); return 1; }
function fbConnect($fbid, $fbtoken) { $sql = "SELECT count(*) cnt FROM users where fbid = '{$fbid}'"; $o = queryScalar($sql); if ($o->cnt > 0) { return -3; } $uid = $this->uid; $sql = "update users set fbid = '{$fbid}', fbtoken = '{$fbtoken}' where uid = {$uid} "; $ret = mysql_query($sql); if ($ret) { $this->getCurrentUser(); return 1; } else { return 0; } }
function getSuperAdminValue() { $sql = "select rank from roles where rname = 'superadmin'"; $o = queryScalar($sql); return $o->rank; }
function saveWithdraw($val, $dt, $bank) { $val = escapeSQL($val); $dt = escapeSQL($dt); $bank = escapeSQL($bank); $uid = S("user")['uid']; $value = "{$val},{$dt},{$bank}"; $withdraw = intval($val); if ($withdraw > Trans::getInstance()->getBalance()) { return -2; } $withdrawpending = $withdraw + Trans::getInstance()->getWithdrawPending(); if ($withdrawpending > Trans::getInstance()->getBalance()) { return -3; } $sql = "select count(*) cnt from trans where trans_value = '{$value}' and uid = {$uid} and trans_type = 'W'"; $o = queryScalar($sql); if ($o->cnt) { return -1; } $sql = "insert into trans(uid, trans_type, trans_value) values({$uid}, 'W', '{$value}')"; mysql_query($sql); return 1; }
exit(0); } if ($_SERVER['REQUEST_METHOD'] === "POST") { $uid = $_SESSION['user']['sub']; $vid = P("id"); $code = P("code"); $created_at = P("created_at"); $created_by = P("created_by"); $discount = floatval(P("discount")); $times = intval(P("times")); $status = P("status"); $valid_from = P("valid_from"); $valid_until = P("valid_until"); $amount = P("amount"); $sql = "select count(*) cnt from pin where uid = {$uid} and code = '{$code}'"; $res = queryScalar($sql); if ($res->cnt > 0) { echo json_encode(array("error" => "A Voucher code {$code} was PIN by this user")); exit(0); } $sql = "replace into v(vid,code,created_at,created_by,status,valid_from,valid_until, amount) value({$vid},'{$code}','{$created_at}','{$created_by}','{$status}','{$valid_from}','{$valid_until}','{$amount}')"; mysql_query($sql); $sql = "insert ignore into pin(uid, code) value({$uid}, '{$code}')"; mysql_query($sql); $sql = "insert into farm(code,ft,discount, times) value('{$code}', current_timestamp, {$discount}, {$times})"; mysql_query($sql); echo json_encode(array("success" => "Pin successful")); } elseif ($_SERVER['REQUEST_METHOD'] === "DELETE") { $uid = $_SESSION['user']['sub']; $code = G("code"); $sql = "delete from pin where code = '{$code}' and uid = {$uid}";