} } } // If success, ask SQL server for all the information: if (true == $access) { $sql_query = "SELECT * FROM tbPracticeAccounts WHERE AcctID='" . $_SESSION['user']['ActivePortfolio']['ID'] . "'"; $result = mysqli_query($connection, $sql_query); while ($row = mysqli_fetch_array($result)) { // Load data... $_SESSION['user']['ActivePortfolio']['Shared'] = $row['Shared']; $_SESSION['user']['ActivePortfolio']['Balance_USD'] = $row['Balance_USD'] / $DIV_BY_AMOUNT; $_SESSION['user']['ActivePortfolio']['Balance_BTC'] = $row['Balance_BTC'] / $DIV_BY_AMOUNT; $_SESSION['user']['ActivePortfolio']['Settings'] = $row['Settings']; $_SESSION['user']['ActivePortfolio']['History'] = $row['History']; $_SESSION['user']['ActivePortfolio']['ValueIncrease'] = $row['ValueIncrease']; $_SESSION['user']['ActivePortfolio']['Pending'] = $row['Pending']; $_SESSION['user']['ActivePortfolio']['Value'] = $_SESSION['user']['ActivePortfolio']['Balance_USD'] + $_SESSION['user']['ActivePortfolio']['Balance_BTC'] * getCurrentBTCPrice(); foreach ($_SESSION['user']['ActivePortfolio'] as $index => $value) { $_SESSION['user']['PracticeAcct'][$_SESSION['user']['ActivePortfolio']['ID']][$index] = $value; } } } else { $bErrMessage += "Could not access SQL - user does not have permission for this account!"; } // TODO: Via SQL, get portfolio balance information. // Also: Do this via AJAX!! if ("" == $bErrMessage) { header("Location: " . $_POST['Return_URL']); } else { echo "Error List:<br />\n{$bErrMessage}"; }
} // Well, the user now has been deducted the amount, so you'd better update the portfolio too! if ($bContinue) { // Connect to the SQL server $connection = mysqli_connect($LOCALHOST, $USER, $SQL_PASSWORD, $DEFAULT_DB); // Via SQL, get the portfolio current balance in BTC. $sql_query = "SELECT Balance_USD, Balance_BTC FROM tbPracticeAccounts WHERE AcctID='{$practiceAccountID}'"; $balanceUSD = 0; $balanceBTC = 0; $value = 0; if ($result = mysqli_query($connection, $sql_query)) { $row = mysqli_fetch_array($result); $balanceUSD = $row['Balance_USD'] / $DIV_BY_AMOUNT; $balanceBTC = $row['Balance_BTC'] / $DIV_BY_AMOUNT; $balanceBTC += $btcToAdd; $value = $balanceUSD + $balanceBTC * getCurrentBTCPrice(); // Finally, update SQL with added practice BTC. $sql_query = "UPDATE tbPracticeAccounts SET Balance_BTC='" . $balanceBTC * $DIV_BY_AMOUNT . "', ValueIncrease='{$value}' WHERE AcctID={$practiceAccountID}"; if ($result = mysqli_query($connection, $sql_query)) { // Update session variables... $_SESSION['user']['PracticeAcct'][$practiceAccountID]['Balance_BTC'] = $balanceBTC; $_SESSION['user']['PracticeAcct'][$practiceAccountID]['ValueIncrease'] = $value; $_SESSION['user']['PracticeAcct'][$practiceAccountID]['Value'] = $value; } else { $bContinue = false; $errMessage .= "Error updating practice account {$practiceAccountID} to new balance {$balanceBTC} and value {$value}<br />\n"; $errMessage .= "Faulty query: {$sql_query}<br />\n"; $errMessage .= mysqli_error($connection) . "<br />\n"; } } else { $bContinue = false;
include $_SERVER['DOCUMENT_ROOT'] . "/HEADER.php"; ?> </div> <div id="nav"> <?php include $_SERVER['DOCUMENT_ROOT'] . "/NAVBAR.php"; ?> </div> <div id="main"> <h2>BitWizard.com - Your Personal Bitcoin Investment Wizard</h2> <h3>Running as <?php echo `whoami`; ?> </h3><br /> <h3>Current Bitcoin Price: <?php echo getCurrentBTCPrice(); ?> </h3><br /> <p>Image of Site in Use HERE</p> <p>The BitWizard is here to help you with all of your bitcoin investing needs, including:</p> <ol> <li>Bitcoin Price Charts and Analysis Tools</li> <li>Investment Strategy Descriptions</li> <li>Practice Investing Environment</li> <li>Investment Strategy Wizard (tools, calculators, suggestions, etc.)</li> </ol> </div> <div id="sidebar"> <?php include $_SERVER['DOCUMENT_ROOT'] . "/SIDEBAR.php";
$_SESSION['user']['ActivePortfolio']['Pending'] = $updatedPendingTrades; $_SESSION['user']['PracticeAcct'][$_SESSION['user']['ActivePortfolio']['ID']]['Pending'] = $updatedPendingTrades; } else { $errMessage .= "SQL Connection Error in Updating Account<br />\n"; $bContinue = false; } } else { $errMessage .= "SQL Connection Error in Selecting Account<br />\n"; $bContinue = false; } } } else { if ("redeem" == $_POST['action']) { $key = escape_string($_POST['portfolioID']); // Compare current USD value to old value: $_SESSION['user']['PracticeAcct'][$key]['Value'] = $_SESSION['user']['PracticeAcct'][$key]['Balance_USD'] + $_SESSION['user']['PracticeAcct'][$key]['Balance_BTC'] * getCurrentBTCPrice(); $currentValue = $_SESSION['user']['PracticeAcct'][$key]['Value']; $oldValue = $_SESSION['user']['PracticeAcct'][$key]['ValueIncrease']; $percentDelta = ($currentValue - $oldValue) / $oldValue * 100; echo "Active Portfolio Data:<br />\n"; foreach ($_SESSION['user']['PracticeAcct'][$key] as $tkey => $data) { echo "{$tkey}: {$data}<br />\n"; } echo "Data so far gathered:<br />\nOld Value: {$oldValue}<br />\nCurrent Value: {$currentValue}<br />\nPercent Delta: {$percentDelta}%<br />\n"; // Now, what to do? If the percentage is zero or negative, set to zero and exit. if (0 >= $percentDelta) { $btcGive = 0; } else { $btcGive = 0; // If the account is shared, they get more benefits. if ("y" == $_SESSION['user']['PracticeAcct'][$key]['Shared']) {
// 3) Sanatize input and update SQL (remove balance, create portfolio, link to account) if (!is_numeric($_SESSION['user']['Balance_NT']) || !is_numeric($_SESSION['user']['Balance'])) { $errMessage .= "Somehow you broke it?\n"; } else { $connection = mysqli_connect($LOCALHOST, $USER, $SQL_PASSWORD, $DEFAULT_DB); if (mysqli_connect_errno()) { $errMessage .= "SQL Connection Error: " . mysqli_connect_error(); } else { $sql_query = "INSERT INTO tbPracticeAccounts (Shared, Balance_USD, Balance_BTC, ValueIncrease) "; $sql_query .= "VALUES ("; if (isset($_GET['shared'])) { $sql_query .= "'y'"; } else { $sql_query .= "'n'"; } $sql_query .= ", 0, " . round(($_GET['pBTC'] + $PRACTICE_INCLUDED_BTC) * $DIV_BY_AMOUNT, 2) . ", " . round(($_GET['pBTC'] + $PRACTICE_INCLUDED_BTC) * getCurrentBTCPrice(), 4) . ")"; if (!mysqli_query($connection, $sql_query)) { $errMessage .= "Record Creation Fail: {$sql_query} failed because: " . mysqli_error($connection) . "\n"; } $newID = mysqli_insert_id($connection); if (0 == $newID) { $errMessage .= "Record still somehow doesn't exist - if you see this message, PANIC.\n"; } else { $sql_query = "UPDATE tbPracticeAccounts SET AcctID='{$newID}' WHERE PID='{$newID}'"; if (!mysqli_query($connection, $sql_query)) { $errMessage .= "Record Update Fail: " . mysqli_error($connection) . "\n"; } $userPracticeAcctIdList = ""; foreach ($_SESSION['user']['PracticeAcctIdList'] as $practiceAcctId) { $userPracticeAcctIdList .= $practiceAcctId . ","; }