Hello everyone,
I am working with this code:
[php]<?php
require ‘util.php’;
if (isset($_POST[‘amount’]) && isset($_POST[‘curr_type’]))
{
if(isset($_POST[‘csrf_token’]))
{
if($_SESSION[‘csrf_token’] != $_POST[‘csrf_token’])
{
throw new Error(“csrf”,“csrf token mismatch!”);
}
}
else
{
throw new Error(“csrf”,“csrf token missing”);
}
}
function bitcoin_withdraw($uid, $amount, $curr_type)
{
$addy = post(‘address’);
$bitcoin = connect_bitcoin();
$validaddy = $bitcoin->validateaddress($addy);
if (!$validaddy[‘isvalid’])
throw new Problem(‘Bitcoin says no’, ‘That address you supplied was invalid.’);
syslog(LOG_NOTICE, “address=$addy”);
endlog();
$query = "
INSERT INTO requests (req_type, uid, amount, curr_type)
VALUES ('WITHDR', '$uid', '$amount', '$curr_type');
";
do_query($query);
$reqid = mysql_insert_id();
$query = "
INSERT INTO bitcoin_requests (reqid, addy)
VALUES ('$reqid', '$addy');
";
do_query($query);
}
function litecoin_withdraw($uid, $amount, $curr_type)
{
$addy = post(‘address’);
$litecoin = connect_litecoin();
$validaddy = $litecoin->validateaddress($addy);
if (!$validaddy[‘isvalid’])
throw new Problem(‘Litecoin says no’, ‘That address you supplied was invalid.’);
syslog(LOG_NOTICE, “address=$addy”);
endlog();
$query = "
INSERT INTO requests (req_type, uid, amount, curr_type)
VALUES ('WITHDR', '$uid', '$amount', '$curr_type');
";
do_query($query);
$reqid = mysql_insert_id();
$query = "
INSERT INTO litecoin_requests (reqid, addy)
VALUES ('$reqid', '$addy');
";
do_query($query);
}
function rucoin_withdraw($uid, $amount, $curr_type)
{
$addy = post(‘address’);
$rucoin = connect_rucoin();
$validaddy = $rucoin->validateaddress($addy);
if (!$validaddy[‘isvalid’])
throw new Problem(‘RuCoin says no’, ‘That address you supplied was invalid.’);
syslog(LOG_NOTICE, “address=$addy”);
endlog();
$query = "
INSERT INTO requests (req_type, uid, amount, curr_type)
VALUES ('WITHDR', '$uid', '$amount', '$curr_type');
";
do_query($query);
$reqid = mysql_insert_id();
$query = "
INSERT INTO rucoin_requests (reqid, addy)
VALUES ('$reqid', '$addy');
";
do_query($query);
}
function save_details($uid, $amount, $curr_type)
{
beginlog();
syslog(LOG_NOTICE, “Withdrawing $amount $curr_type:”);
if ($curr_type = ‘BTC’) {
bitcoin_withdraw($uid, $amount, $curr_type);
return true;
}
elseif ($curr_type = ‘LTC’) {
litecoin_withdraw($uid, $amount, $curr_type);
return true;
}
elseif ($curr_type = ‘RUC’) {
rucoin_withdraw($uid, $amount, $curr_type);
return true;
}
else {
throw Error(‘Invalid currency’, ‘You cannot withdraw a currency that does not exist.’);
}
# should never happen!
return false;
}
function truncate_num($num)
{
return substr($num, 0, -6) . ‘000000’;
}
if (isset($_POST[‘amount’]) && isset($_POST[‘curr_type’])) {
do_query(“LOCK TABLES orderbook WRITE, purses WRITE, transactions WRITE, requests WRITE, bitcoin_requests WRITE, rucoin_requests WRITE, litecoin_requests WRITE”);
$uid = user_id();
$amount_disp = post(‘amount’);
$curr_type = post(‘curr_type’);
$amount = /numstr_to_internal/($amount_disp);
$amount = /truncate_num/($amount);
curr_supported_check($curr_type);
order_worthwhile_check($amount, $amount_disp);
enough_money_check($amount, $curr_type);
if (!save_details($uid, $amount, $curr_type))
throw Error('We had to admit it sometime...', 'Stop trading on this site. Contact the admin FAST.');
# actually take the money now
deduct_funds($amount, $curr_type);
# request is submitted to the queue for the cron job to actually execute
do_query("UNLOCK TABLES");
echo "<div class='content_box'>\n";
echo "<h3>Withdraw $curr_type</h3>\n";
echo "<p>Your request to withdraw $amount_disp $curr_type has been submitted. Visit your <a href='?page=profile'>profile</a> to check on the status of your request.</p>\n";
echo "</div>\n";
}
else {
?>
Withdraw BTC
Enter an amount below to withdraw.
Amount
<label for='input_address'>Address</label>
<input type='text' id='input_address' name='address' />
<input type='hidden' name='csrf_token' value="<?php echo $_SESSION['csrf_token']; ?>" />
<input type='hidden' name='curr_type' value='BTC' />
<input type='submit' value='Submit' />
</form>
</p>
</div>
<div class='content_box'>
<h3>Withdraw LTC</h3>
<p>Enter an amount below to withdraw.</p>
<p>
<form action='' class='indent_form' method='post'>
<label for='input_amount'>Amount</label>
<input type='text' id='input_amount' name='amount' />
<label for='input_address'>Address</label>
<input type='text' id='input_address' name='address' />
<input type='hidden' name='csrf_token' value="<?php echo $_SESSION['csrf_token']; ?>"
<input type='hidden' name='curr_type' value='LTC' />
<input type='submit' value='Submit' />
</form>
</p>
</div>
<div class='content_box'>
<h3>Withdraw RUC</h3>
<p>Enter an amount below to withdraw.</p>
<p>
<form action='' class='indent_form' method='post'>
<label for='input_amount'>Amount</label>
<input type='text' id='input_amount' name='amount' />
<label for='input_address'>Address</label>
<input type='text' id='input_address' name='address' />
<input type='hidden' name='csrf_token' value="<?php echo $_SESSION['csrf_token']; ?>" />
<input type='hidden' name='curr_type' value='RUC' />
<input type='submit' value='Submit' />
</form>
</p>
</div>
My intentios are for this script to check the form fields for submitted data and then run either the “bitcoin_withdraw”, “litecoin_withdraw” or “rucoin_withdraw” function depending on the value of “curr_type” for the form submitted…
As it stands when I press the “submit” button for the form where the curr_type is “RUC” (the last form on the page) the script attempts to run the “bitcoin_withdraw” function.
When I press “submit” for the form where the “curr_type” is “LTC” the page reloads with no errors but also does not attempt to run any of the withdraw functions.
I have not been able to attempt using the “submit” button for the form where the “curr_type” is “BTC” as I am waiting for daemon called by the “bitcoin_withdraw” function to finish downloading important files/information.
I am unable to find any syntax errors, but I am clearly using the code the wrong way…
Any help is greatly appreciated, thanks!