I have tested this and found no bugs it prevents users from being able to use negative numbers to
get unlimited amounts of cash and it stops users from being able to take more out then max loan.
to upload this just overwrite your bank.php with the file run the 1 sql and add the one cron to day cron.
mysql_query("UPDATE `users` SET `money` = `money` - 2500 WHERE `loan` > 0", $c); <---- Add to day cron
ALTER TABLE `users` ADD `loan` INT (11) NOT NULL ; <----------- insert into php my admin
[code]
<?php
session_start();
require "global_func.php";
if($_SESSION['loggedin']==0) { header("Location: login.php");exit; }
$userid=$_SESSION['userid'];
require "header.php";
$h = new headers;
$h->startheaders();
include "mysql.php";
global $c;
$is=mysql_query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid=$userid",$c) or die(mysql_error());
$ir=mysql_fetch_array($is);
check_level();
$fm=money_formatter($ir['money']);
$cm=money_formatter($ir['crystals'],'');
$lv=date('F j, Y, g:i a',$ir['laston']);
$h->userdata($ir,$lv,$fm,$cm);
$h->menuarea();
if($ir['jail'] > 0 || $ir['hospital'] > 0)
{
echo"This page cannot be accessed while in the jail or hospital.";
echo"<a href='index.php'> Go Home</a>";
exit();
}
echo"<h3>Savings & Loan</h3>";
if($ir['bankmoney']>-1)
{
switch($_GET['action'])
{
case "deposit":
deposit();
break;
case "withdraw":
withdraw();
break;
default:
index();
break;
}
}
else
{
if(isset($_GET['buy']))
{
if($ir['money']>49999)
{
print "Congratulations, you bought a bank account for \$50,000!<br />
<a href='bank.php'>Start using my account</a>";
mysql_query("UPDATE users SET money=money-50000,bankmoney=0 WHERE userid=$userid",$c);
}
else
{
print "You do not have enough money to open an account.
<a href='explore.php'>Back to town...</a>";
}
}
else
{
print "Open a bank account today, just \$50,000!<br />
<a href='bank.php?buy'>> Yes, sign me up!</a><br /><br />";
}
}
function index()
{
global $ir,$c,$userid,$h;
print "\n<b>You currently have \${$ir['bankmoney']} in the bank.</b><br />
At the end of each day, your bank balance will go up by 2%.<br />
<table width='75%' border='2'> <tr> <td width='50%'><b>Deposit Money</b><br />
It will cost you 15% of the money you deposit, rounded up. The maximum fee is \$3,000.<form action='bank.php?action=deposit' method='post'>
Amount: <input type='text' name='deposit' value='{$ir['money']}' /><br />
<input type='submit' value='Deposit' /></form></td> <td>
<b>Withdraw Money</b><br />
There is no fee on withdrawals.<form action='bank.php?action=withdraw' method='post'>
Amount: <input type='text' name='withdraw' value='{$ir['bankmoney']}' /><br />
<input type='submit' value='Withdraw' /></form></td> </tr> </table>";
}
function deposit()
{
global $ir,$c,$userid,$h;
$_POST['deposit']=abs((int) $_POST['deposit']);
if($_POST['deposit'] > $ir['money'])
{
print "You do not have enough money to deposit this amount.";
}
else
{
$fee=ceil($_POST['deposit']*15/100);
if($fee > 3000) { $fee=3000; }
$gain=$_POST['deposit']-$fee;
$ir['bankmoney']+=$gain;
mysql_query("UPDATE users SET bankmoney=bankmoney+$gain, money=money-{$_POST['deposit']} where userid=$userid",$c);
print "You hand over \${$_POST['deposit']} to be deposited, <br />
after the fee is taken (\$$fee), \$$gain is added to your account. <br />
<b>You now have \${$ir['bankmoney']} in the bank.</b><br />
<a href='bank.php'>> Back</a>";
}
}
function withdraw()
{
global $ir,$c,$userid,$h;
$_POST['withdraw']=abs((int) $_POST['withdraw']);
if($_POST['withdraw'] > $ir['bankmoney'])
{
print "You do not have enough banked money to withdraw this amount.";
}
else
{
$gain=$_POST['withdraw'];
$ir['bankmoney']-=$gain;
mysql_query("UPDATE users SET bankmoney=bankmoney-$gain, money=money+$gain where userid=$userid",$c);
print "You ask to withdraw $gain, <br />
the banking lady grudgingly hands it over. <br />
<b>You now have \${$ir['bankmoney']} in the bank.</b><br />
<a href='bank.php'>> Back</a>";
}
}
$_GET['action'] = (isset($_GET['action']) && is_string($_GET['action'])) ? htmlentities($_GET['action'], ENT_QUOTES) : FALSE;
if(!in_array($_GET['action'], array('borrow','repay','loanshark_main','')))
{
printf('Sorry, it seems something went wrong. Go back and try again.
');
echo"<a href='bank.php'>Go Back</a>";
exit();
}
switch($_GET['action'])
{
case 'borrow':
borrow_money_start();
break;
case 'repay':
repay_money_start();
break;
default:
loandepartment_main();
break;
}
function loandepartment_main()
{
global $ir;
//This is just the amount left they can borrow. I added to the end. So they can only see what they can borrow up to.
$maxloan = $ir['level'] * 5000 - $ir['loan'];
printf('<h3>Loan Departent</h3>');
printf('Welcome to the Your Game Name Here 1st National Bank loan department.
');
printf('We are here to assist you.
');
printf('Due to your poor credit history and in ability to hold down a job due to some legal issues.
');
printf('In order for me to get your loan approved you are going to have to scratch my back too. How does $2500 bucks a day lining my pocket sound?.
');
printf('If you do not like the deal then move on I got other shady characters waiting and willing to line my pockets.
');
$current_loan = $ir['loan'] == 0 ? ('You do not currently have a loan.
') : ('You currently have a loan of $'.number_format($ir['loan']).'.
');
printf($current_loan);
printf('The max you can borrow is $'.number_format($maxloan).'
');
echo"<a href='bank.php?action=borrow'>Borrow Money</a><br />
<a href='bank.php?action=repay'>Repay Loan</a>";
}
function borrow_money_start()
{
global $ir,$db;
$maxloan = $ir['level'] * 5000;
if(isset($_POST['borrowed']))
{
if($_POST['borrowed'] + $ir['loan'] > $maxloan)
{
printf('Sorry, you are trying to borrow more than your max amount allowed.
');
echo"<a href='bank.php?action=borrow'> Go Back</a>";
exit();
}
if($_POST['borrowed'] < 0)
{
printf('Sorry, but negative numbers is not allowed to be entered quit trying to cheat.
');
echo"<a href='bank.php?action=borrow'> Go Back</a>";
exit();
}
else if(!ereg("[0-9]",$_POST['borrowed']))
{
printf('Sorry, it seems something went wrong. Please go back and try again.
');
echo"<a href='bank.php?action=borrow'>Go Back</a>";
}
else
{
$update_user = sprintf("UPDATE users SET loan = loan + %u, money = money + %u WHERE userid = %u",abs(@intval($_POST['borrowed'])),abs(@intval($_POST['borrowed'])),abs(@intval($ir['userid'])));
mysql_query($update_user);
printf('You just borrowed $'.number_format($_POST['borrowed']).' from the loan department.
');
echo"<a href='bank.php'>Go Back</a><br />
<a href='index.php'>Go Home</a>";
}
}
else
{
//Check if they have the max already.
if($ir['loan'] == $maxloan)
{
printf('You have already taken out the max loan. You must pay it back before you can borrow more.
');
echo"<a href='bank.php?action=repay'>Repay</a>";
exit();
}
$amount_left = $maxloan - $ir['loan'];
printf('The max amount you can borrow is $'.number_format($amount_left).'
');
printf('You currently have a loan of $'.number_format($ir['loan']).'
');
printf('<form action="bank.php?action=borrow" method="post">');
echo "Amount: <input type='text' style='font-family:verdana;color:black;' value=''.$amount_left.'' name='borrowed' />";
echo"<input type='submit' style='font-family:verdana;color:black;' value='Borrow' />";
printf('</form>');
}
}
function repay_money_start()
{
global $ir,$db;
//Again added post here to remove another switch that is not needed.
if(isset($_POST['repayed']))
{
//Stop from paying to much.
if($_POST['repayed'] > $ir['loan'])
{
printf('Seems you are trying to pay back to much.
');
echo"<a href='bank.php?action=repay'>Go Back</a>";
}
else if(!ereg("[0-9]",$_POST['repayed']))
{
printf('Sorry, it seems something went wrong. Please go back and try again.
');
echo"<a href='bank.php?action=repay'>Go Back</a>";
}
else if($_POST['repayed'] > $ir['money'])
{
printf('Seems you do not have enough money to pay back that amount.
');
echo"<a href='bank.php?action=repay'>> Go Back</a>";
}
else
{
$update_user = sprintf("UPDATE users SET loan = loan - %u, money = money - %u WHERE userid = %u",abs(@intval($_POST['repayed'])),abs(@intval($_POST['repayed'])),abs(@intval($ir['userid'])));
mysql_query($update_user);
printf('You just payed back the loan department '.number_format($_POST['repayed']).'.
');
echo"<a href='bank.php'> Go Back</a>";
}
}
else
{
if($ir['loan'] == 0)
{
printf('It seems you do not have a loan.
');
echo"<a href='bank.php'>Go Back</a>";
}
else
{
printf('You have a loan of $'.number_format($ir['loan']).'
');
printf('<form action="bank.php?action=repay" method="post">');
printf('Amount: <input type="text" style="font-family:verdana;color:black;" value="'.$ir['loan'].'" name="repayed" />
');
printf('<input type="submit" style="font-family:verdana;color:black" value="Repay" />');
printf('</form>');
}
}
}
$h->endpage();
?>
