Hitman
15-12-2007, 02:17 PM
Hmm, hey.
I have this code (below) and it basically redeems voucher codes, anyway when I redeem one it:
a) changes my name to 1 (changes $_SESSION['logged_user'] from Tom to 1)
b) says the code isn't valid
If I vists redeem.php (the code below) it automatically changes my username to 1. >_> not in the db just the session. o.O
It worked (redeeming) then broke.
<?php
session_start();
include 'config.php';
$code = clean($_POST['code']);
$usedby = $_SESSION['logged_user'];
if ($_SESSION['logged_user'] = true) {
if ($_POST['submit']) {
$checkcode = mysql_query("SELECT * FROM `codes`");
$check = mysql_fetch_object($checkcode);
if($check->code == $code) {
$query = mysql_query("SELECT `amount` FROM `codes` WHERE `code` = '$code'");
$rows = mysql_fetch_array($query);
$amount = $rows['amount'];
$query = mysql_query("SELECT `credits` FROM `users` WHERE `username` = '$usedby'");
$rows = mysql_fetch_array($query);
$credits = $rows['credits'];
$newcredits = $amount + $credits;
$update = mysql_query("UPDATE `users` SET `credits` = '$newcredits' WHERE `username` = '$usedby'");
echo "Credit code redeemed! You now have $newcredits! Your name: $usedby";
} else {
echo "Code isn't valid.";
}
} else {
echo "<form action=\"redeem.php\" method=\"POST\">
Enter code: <input type=\"text\" size=\"16\" maxlength=\"12\" name=\"code\">
</br>
<input type=\"submit\" name=\"submit\" value=\"Redeem!\">";
}
} else {
echo "Not logged in!";
}
?>What's up?
I have this code (below) and it basically redeems voucher codes, anyway when I redeem one it:
a) changes my name to 1 (changes $_SESSION['logged_user'] from Tom to 1)
b) says the code isn't valid
If I vists redeem.php (the code below) it automatically changes my username to 1. >_> not in the db just the session. o.O
It worked (redeeming) then broke.
<?php
session_start();
include 'config.php';
$code = clean($_POST['code']);
$usedby = $_SESSION['logged_user'];
if ($_SESSION['logged_user'] = true) {
if ($_POST['submit']) {
$checkcode = mysql_query("SELECT * FROM `codes`");
$check = mysql_fetch_object($checkcode);
if($check->code == $code) {
$query = mysql_query("SELECT `amount` FROM `codes` WHERE `code` = '$code'");
$rows = mysql_fetch_array($query);
$amount = $rows['amount'];
$query = mysql_query("SELECT `credits` FROM `users` WHERE `username` = '$usedby'");
$rows = mysql_fetch_array($query);
$credits = $rows['credits'];
$newcredits = $amount + $credits;
$update = mysql_query("UPDATE `users` SET `credits` = '$newcredits' WHERE `username` = '$usedby'");
echo "Credit code redeemed! You now have $newcredits! Your name: $usedby";
} else {
echo "Code isn't valid.";
}
} else {
echo "<form action=\"redeem.php\" method=\"POST\">
Enter code: <input type=\"text\" size=\"16\" maxlength=\"12\" name=\"code\">
</br>
<input type=\"submit\" name=\"submit\" value=\"Redeem!\">";
}
} else {
echo "Not logged in!";
}
?>What's up?