$gateway_data = $db->result(); $fees = new fees(); switch ($_GET['a']) { case 1: // add to account balance $pp_paytoemail = $gateway_data['paypal_address']; $an_paytoid = $gateway_data['authnet_address']; $an_paytopass = $gateway_data['authnet_password']; $wp_paytoid = $gateway_data['worldpay_id']; $tc_paytoid = $gateway_data['toocheckout_id']; $mb_paytoemail = $gateway_data['moneybookers_address']; $payvalue = $system->input_money($_POST['pfval']); $custoncode = $user->user_data['id'] . 'WEBID1'; $message = sprintf($MSG['582'], $system->print_money($payvalue)); $title = $system->SETTINGS['sitename'] . ' - ' . $MSG['935']; $fees->add_to_account($MSG['935'], 'balance', $payvalue); break; case 2: // pay for an item $query = "SELECT w.id, a.title, a.shipping_cost, a.shipping_cost_additional, a.shipping, w.bid, u.paypal_email, u.authnet_id, u.authnet_pass,\n\t\t\t\tu.id As uid, u.nick, a.payment, u.worldpay_id, u.toocheckout_id, u.moneybookers_email, w.qty\n\t\t\t\tFROM " . $DBPrefix . "winners w\n\t\t\t\tLEFT JOIN " . $DBPrefix . "auctions a ON (a.id = w.auction)\n\t\t\t\tLEFT JOIN " . $DBPrefix . "users u ON (u.id = w.seller)\n\t\t\t\tWHERE w.id = :pfval AND w.winner = :user_id"; $params = array(); $params[] = array(':pfval', $_POST['pfval'], 'int'); $params[] = array(':user_id', $user->user_data['id'], 'int'); $db->query($query, $params); // check its real if ($db->numrows() < 1) { header('location: outstanding.php'); exit; } $data = $db->result(); $payment = explode(', ', $data['payment']);