Example #1
0
 function Create()
 {
     $bcode = escapeSQL($this->bcode);
     $bno = escapeSQL($this->bno);
     $bname = escapeSQL($this->bname);
     $uid = escapeSQL($this->uid);
     $sql = "SELECT count(*) cnt FROM banks where uid = {$uid} and bno = '{$bno}' and bcode = '{$bcode}'";
     $o = queryScalar($sql);
     if ($o->cnt > 0) {
         return -2;
     }
     $sql = "INSERT INTO `banks` (`bcode`,`bno`,`bname`,`uid`) VALUES ('{$bcode}','{$bno}','{$bname}','{$uid}')";
     mysql_query($sql);
     return 1;
 }
Example #2
0
 function fbConnect($fbid, $fbtoken)
 {
     $sql = "SELECT count(*) cnt FROM users where fbid = '{$fbid}'";
     $o = queryScalar($sql);
     if ($o->cnt > 0) {
         return -3;
     }
     $uid = $this->uid;
     $sql = "update users set fbid = '{$fbid}', fbtoken = '{$fbtoken}' where uid = {$uid} ";
     $ret = mysql_query($sql);
     if ($ret) {
         $this->getCurrentUser();
         return 1;
     } else {
         return 0;
     }
 }
Example #3
0
 function getSuperAdminValue()
 {
     $sql = "select rank from roles where rname = 'superadmin'";
     $o = queryScalar($sql);
     return $o->rank;
 }
Example #4
0
 function saveWithdraw($val, $dt, $bank)
 {
     $val = escapeSQL($val);
     $dt = escapeSQL($dt);
     $bank = escapeSQL($bank);
     $uid = S("user")['uid'];
     $value = "{$val},{$dt},{$bank}";
     $withdraw = intval($val);
     if ($withdraw > Trans::getInstance()->getBalance()) {
         return -2;
     }
     $withdrawpending = $withdraw + Trans::getInstance()->getWithdrawPending();
     if ($withdrawpending > Trans::getInstance()->getBalance()) {
         return -3;
     }
     $sql = "select count(*) cnt from trans where trans_value = '{$value}' and uid = {$uid} and trans_type = 'W'";
     $o = queryScalar($sql);
     if ($o->cnt) {
         return -1;
     }
     $sql = "insert into trans(uid, trans_type, trans_value) values({$uid}, 'W', '{$value}')";
     mysql_query($sql);
     return 1;
 }
Example #5
0
    exit(0);
}
if ($_SERVER['REQUEST_METHOD'] === "POST") {
    $uid = $_SESSION['user']['sub'];
    $vid = P("id");
    $code = P("code");
    $created_at = P("created_at");
    $created_by = P("created_by");
    $discount = floatval(P("discount"));
    $times = intval(P("times"));
    $status = P("status");
    $valid_from = P("valid_from");
    $valid_until = P("valid_until");
    $amount = P("amount");
    $sql = "select count(*) cnt from pin where uid = {$uid} and code = '{$code}'";
    $res = queryScalar($sql);
    if ($res->cnt > 0) {
        echo json_encode(array("error" => "A Voucher code {$code} was PIN by this user"));
        exit(0);
    }
    $sql = "replace into v(vid,code,created_at,created_by,status,valid_from,valid_until, amount) value({$vid},'{$code}','{$created_at}','{$created_by}','{$status}','{$valid_from}','{$valid_until}','{$amount}')";
    mysql_query($sql);
    $sql = "insert ignore into pin(uid, code) value({$uid}, '{$code}')";
    mysql_query($sql);
    $sql = "insert into farm(code,ft,discount, times) value('{$code}', current_timestamp, {$discount}, {$times})";
    mysql_query($sql);
    echo json_encode(array("success" => "Pin successful"));
} elseif ($_SERVER['REQUEST_METHOD'] === "DELETE") {
    $uid = $_SESSION['user']['sub'];
    $code = G("code");
    $sql = "delete from pin where code = '{$code}' and uid = {$uid}";