Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

1. Transaction.php <!-- Check for a valid transaction --> <?php session_start(); i..

Decoded Output download

1.	Transaction.php 
<!-- Check for a valid transaction --> 
<?php 
	session_start(); 
 
	if(isset($_SESSION['account'])) { 
		// Do something if anything special you need. 
	}else{ 
		header("Location: index.php"); 
	} 
?> 
 
<!DOCTYPE html> 
<html> 
<head> 
	<meta name="viewport" content="width=device-width, initial-scale=1"> 
	<title>Credit Card Faurd Detecting System</title> 
 
	<!-- Load all static files --> 
	<link rel="stylesheet" type="text/css" href="assets/BS/css/bootstrap.min.css"> 
	<link rel="stylesheet" type="text/css" href="assets/css/styles.css"> 
 
</head> 
<body class="container"> 
	<!-- Navbar included --> 
	<?php include 'helper/navbar.html' ?> 
	<!-- Config included --> 
	<?php include 'helper/config.php' ?> 
 
	<div class="row m-r-0 m-l-0"> 
		<!-- After submitting the form --> 
		<?php 
			if($_SERVER['REQUEST_METHOD'] == 'POST') { 
				// get data from form 
				$amount = $_POST['amount']; 
				$total_balance = $_POST['total_balance']; 
				$trans_limit = $_POST['trans_limit']; 
				$acc_table_id = $_POST['id']; 
 
				// Withdrawal business logic 
				if($amount <= $total_balance) { 
					if($amount <= $trans_limit) { 
						$branch_pk = $_SESSION['branch_pk']; 
						// update will be rest of the amount 
						$rest_amount = $total_balance - $amount; 
						$update_query = "UPDATE account SET balance=".$rest_amount." WHERE id=".$acc_table_id; 
						$conn->query($update_query); 
						// Now it's time to add a row on transaction table 
						$add_trans_sql = "INSERT INTO transaction (account_id, branch_id, amount) VALUES (".$acc_table_id.", ".$branch_pk.", ".$amount.")"; 
						$conn->query($add_trans_sql); 
						unset($_SESSION["branch_pk"]);  
 
						// show success message 
						echo '<p class="success-message">Successfully Withdrawn!!</p>'; 
 
					}else { 
						// show error message (when maximum limit) 
						echo '<p class="error-message">Sorry!! Maximum limit reached. Try Again!!</p>'; 
					} 
				}else { 
					// show error message (When insufficient funds) 
					echo '<p class="error-message">Not Enough Fund!!</p>'; 
				} 
				 
			} 
		?> 
	</div> 
 
	<!-- This part will show first --> 
	<div class="row m-r-0 m-l-0"> 
		<?php 
			if(isset($_SESSION['account'])) { 
				$account_pk = $_SESSION['account_id']; 
				// Warning OR Notification about last blocking message 
				$blocked_sql = "SELECT block_history.account_id, block_history.branch_id, created_at, branch.id, branch.name as branch_name FROM block_history, branch WHERE block_history.account_id=".$account_pk." AND block_history.branch_id=branch.id ORDER BY created_at DESC"; 
				 
				$blocked_last_row = $conn->query($blocked_sql); 
 
				if($blocked_last_row->num_rows> 0) { 
					$blocked_row = $blocked_last_row->fetch_row(); 
					$blocked_timestamp = $blocked_row[2]; 
					$blocked_branch_name = $blocked_row[4]; 
 
					// Show Warning 
					echo '<p class="warning-message">You account was tryng to access from <strong>'.$blocked_branch_name.'</strong> at <strong>'.$blocked_timestamp.'</strong></p>'; 
				} 
 
 
				$ac_number = $_SESSION['account']; 
				$account_id = $_SESSION['account_id']; 
 
				// Get data from account table 
				$sql = "SELECT * FROM account WHERE id=".$account_id; 
				$result = $conn->query($sql); 
 
				if($result->num_rows == 1) { 
					$row = $result->fetch_row(); 
					echo ' 
						<div class="col-sm-12 col-md-6"> 
							<div class="panel panel-primary"> 
								<div class="panel-heading"> 
									<h3>Transaction</h3> 
								</div> 
								<div class="panel-body"> 
									<form method="POST" action="" class="form-group"> 
										<p>Available Balance: '.$row[4].'</p> 
										<label>Enter Amount</label> 
										<input type="number" name="amount" class="form-control" required/> 
										<input type="hidden" name="total_balance" value="'.$row[4].'"/> 
										<input type="hidden" name="trans_limit" value="'.$row[5].'"/> 
										<input type="hidden" name="id" value="'.$row[0].'"/> 
										<br/> 
										<input class="btnbtn-primary btn-block" type="submit" name="submit" value="Withdraw"/> 
									</form> 
								</div> 
							</div> 
						</div> 
					'; 
				} 
			} 
		?> 
		<!-- The clock / time limit will be here --> 
		<div class="col-sm-12 col-md-4 jumbotron pull-right m-r-15"> 
			<h2 class="alert-message-color">You are running out of time.</h2> 
			<div id="s_timer"></div> 
			<p class="p-t-sm f-16 alert-message-color"> 
				<strong>Note:</strong> You just have 60 seconds to finish this transaction.  
				If you missed to finish you have re-enter your AC number and PIN.  
			</p> 
		</div> 
	</div> 
	 
</body> 
<footer> 
	<!-- All the Javascript will be load here... --> 
	<script type="text/javascript" src="assets/JS/jquery-3.1.1.min.js"></script> 
	<script type="text/javascript" src="assets/JS/jquery.countdownTimer.min.js"></script> 
	<script type="text/javascript" src="assets/JS/main.js"></script> 
	<script type="text/javascript" src="assets/JS/timer.js"></script> 
	<script type="text/javascript" src="assets/BS/js/bootstrap.min.js"></script> 
</footer> 
</html> 
 
2.	Settings.php 
<?php 
    include 'helper/config.php'; 
 
session_start(); 
 
    if (isset($_SESSION['username'])) { 
        // logged in 
        // Something will happen here.... 
    } else { 
        // not logged in 
header('Location: login.php'); 
    } 
?> 
 
<!-- Login view --> 
<form class="form-signin"method="POST" action=""> 
<h2 class="form-signin-heading">SIGN IN</h2> 
<label for="inputEmail" class="sr-only">Email address</label> 
<input type="email" id="inputEmail" name="email" class="form-control" placeholder="Email address" required autofocus> 
<label for="inputPassword" class="sr-only">Password</label> 
<input type="password" id="inputPassword" name="password" class="form-control" placeholder="Password" required> 
<button class="btnbtn-lg btn-primary btn-block" type="submit">Sign in</button> 
</form> 
</body> 
<footer> 
	<!-- All the Javascript will be load here... --> 
	<script type="text/javascript" src="assets/JS/jquery-3.1.1.min.js"></script> 
	<script type="text/javascript" src="assets/JS/main.js"></script> 
	<script type="text/javascript" src="assets/BS/js/bootstrap.min.js"></script> 
</footer> 
</html> 
 
3.	Index.php 
<!DOCTYPE html> 
<html> 
<head> 
	<meta name="viewport" content="width=device-width, initial-scale=1"> 
	<title>Credit Card Faurd Detecting System</title> 
 
	<!-- Load all static files --> 
	<link rel="stylesheet" type="text/css" href="assets/BS/css/bootstrap.min.css"> 
	<link rel="stylesheet" type="text/css" href="assets/css/styles.css"> 
</head> 
<body class="container"> 
	<!-- Navbar included --> 
	<?php include 'helper/navbar.html' ?> 
	<!-- Config included --> 
	<?php include 'helper/config.php' ?> 
 
	<!-- Let's do something more --> 
	<?php include 'dashboard.php' ?> 
</body> 
<footer> 
	<!-- All the Javascript will be load here... --> 
	<script type="text/javascript" src="assets/JS/jquery-3.1.1.min.js"></script> 
	<script type="text/javascript" src="assets/JS/main.js"></script> 
	<script type="text/javascript" src="assets/BS/js/bootstrap.min.js"></script> 
</footer> 
</html> 
 
4.	History.php 
<?php 
    include 'helper/config.php'; 
 
session_start(); 
 
    if (isset($_SESSION['username'])) { 
        // logged in 
        // Something will happen here.... 
    } else { 
        // not logged in 
header('Location: login.php'); 
    } 
?> 
 
<!DOCTYPE html> 
<html> 
<head> 
	<meta name="viewport" content="width=device-width, initial-scale=1"> 
	<title>History | Credit Card</title> 
 
	<!-- Load all static files --> 
	<link rel="stylesheet" type="text/css" href="assets/BS/css/bootstrap.min.css"> 
	<link rel="stylesheet" type="text/css" href="assets/css/styles.css"> 
</head> 
<body class="container"> 
<!-- Config included --> 
	<?php  
        include 'helper/navbar.html'; 
    ?> 
 
<!-- Transaction history --> 
<div class="row"> 
<div class="col-sm-12 col-md-12"> 
<div class="panel panel-success"> 
<div class="panel-heading"> 
<p class="text-22px text-center">Transaction History</p> 
</div> 
<div class="panel-body"> 
<table class="table"> 
<?php 
                            $email = $_SESSION['username']; 
                            $user_data_sql = "SELECT id FROM users WHERE email='".$email."'"; 
                            $user_data = $conn->query($user_data_sql); 
                            if($user_data->num_rows == 1){ 
                                $user_pk = $user_data->fetch_row()[0]; 
                            } 
                            $get_account_sql = "SELECT id from account WHERE user_id=".$user_pk; 
                            $account_data = $conn->query($get_account_sql); 
                            if($account_data->num_rows == 1) { 
                                $account_pk = $account_data->fetch_row()[0]; 
                            } 
 
                            $sql = "SELECT transaction.account_id, transaction.amount, transaction.branch_id, created_at, account.id, account.user_id, users.id, users.name AS user_name, branch.id, branch.name AS branch_name FROM transaction, account, users, branch WHERE transaction.account_id=".$account_pk." AND account.user_id=".$user_pk." AND branch.id=transaction.branch_id AND users.id=".$user_pk." ORDER BY transaction.id"; 
 
                            $transaction_data = $conn->query($sql); 
 
                            if($transaction_data->num_rows> 0) { 
                                echo ' 
<thead> 
<tr> 
<th>User Name</th> 
<th>Branch Name</th> 
<th>Amount</th> 
<th>Transaction Date & Time</th> 
</tr> 
</thead> 
                                '; 
while($row = $transaction_data->fetch_assoc()){ 
                                    echo ' 
<tbody> 
<tr> 
<td>'.$row["user_name"].'</td> 
<td>'.$row["branch_name"].'</td> 
<td>'.$row["amount"].'</td> 
<td>'.$row["created_at"].'</td> 
</tr> 
</tbody> 
                                    '; 
                                } 
}else{ 
                                echo '<p class="text-center">No data to show</p>'; 
                            } 
                        ?> 
</table> 
</div> 
</div> 
</div> 
</div> 
 
<!-- Blocking History --> 
<div class="row"> 
<div class="col-sm-12 col-md-12"> 
<div class="panel panel-success"> 
<div class="panel-heading"> 
<p class="text-22px text-center">Blocking History</p> 
</div> 
<div class="panel-body"> 
<table class="table"> 
<?php 
                            $email = $_SESSION['username']; 
                            $user_data_sql = "SELECT id FROM users WHERE email='".$email."'"; 
                            $user_data = $conn->query($user_data_sql); 
                            if($user_data->num_rows == 1){ 
                                $user_pk = $user_data->fetch_row()[0]; 
                            } 
 
                            $get_account_sql = "SELECT id from account WHERE user_id=".$user_pk; 
                            $account_data = $conn->query($get_account_sql); 
                            if($account_data->num_rows == 1) { 
                                $account_pk = $account_data->fetch_row()[0]; 
                            } 
 
                            $sql = "SELECT block_history.account_id, block_history.branch_id, created_at, account.user_id, users.id, users.name AS user_name, branch.id, branch.name AS branch_name FROM block_history, account, users, branch WHERE block_history.account_id=".$account_pk." AND block_history.branch_id=branch.id AND account.user_id=".$user_pk." AND users.id=".$user_pk." ORDER BY created_at"; 
 
                            $blocking_history = $conn->query($sql); 
 
                            if($blocking_history->num_rows> 0) { 
                                echo ' 
<thead> 
<tr> 
<th>Branch Name</th> 
<th>Account User Name</th> 
<th>Date & Time</th> 
</tr> 
</thead> 
                                '; 
while($row = $blocking_history->fetch_assoc()){ 
                                    echo ' 
<tbody> 
<tr> 
<td>'.$row["branch_name"].'</td> 
<td>'.$row["user_name"].'</td> 
<td>'.$row["created_at"].'</td> 
</tr> 
</tbody> 
                                    '; 
                                } 
}else{ 
                                echo '<p class="text-center">No data to show</p>'; 
                            } 
                        ?> 
</table> 
</div> 
</div> 
</div> 
</div> 
</body> 
<footer> 
	<!-- All the Javascript will be load here... --> 
	<script type="text/javascript" src="assets/JS/jquery-3.1.1.min.js"></script> 
	<script type="text/javascript" src="assets/JS/main.js"></script> 
	<script type="text/javascript" src="assets/BS/js/bootstrap.min.js"></script> 
</footer> 
</html> 
 
5.	Dashboard.php 
<!-- After submiting the form --> 
<?php 
	// Initialize the session 
	session_start(); 
	if($_SERVER['REQUEST_METHOD'] == 'POST') { 
		$card_number = $_POST['card_number']; 
		$pin = $_POST['pin']; 
		$branch_id = $_POST['branch_id']; 
 
		// Get all the the pins with card number then I'll match with inputed data 
		$query = "SELECT * FROM credit_card"; 
		$credit_cards = $conn->query($query); 
 
		if ($credit_cards->num_rows> 0) { 
			// Declare some helper arrays 
			$card_number_array = array(); 
			while($row = $credit_cards->fetch_assoc()) { 
				array_push($card_number_array, $row["ac_number"]); 
			} 
		} 
 
		$matched = False; 
		// Match with the inputed data 
		for($i=0; $i<count($card_number_array); $i++){ 
			if($card_number == $card_number_array[$i]){ 
				$matched = True; 
				break; 
			} 
		} 
		// After matching  
		if($matched) { 
			// Again call db for specific response 
			$card_data_sql = "SELECT * FROM credit_card WHERE ac_number=".$card_number." AND pin=".$pin; 
			$card_data = $conn->query($card_data_sql); 
 
			if($card_data->num_rows == 0){ 
				echo '<p class="error-message">You are not authorised!!</p>'; 
			} 
 
			if($card_data->num_rows == 1){ 
				$row = $card_data->fetch_row(); 
				$allowed_branches = $row[1]; 
				$ac_status = $row[5]; 
 
				if($ac_status == 1){ 
					if(strpos($allowed_branches, $branch_id)) { 
						// set AC num and pin to session 
						$_SESSION['account'] = $card_number; 
						$_SESSION['account_id'] = $row[4]; 
						$_SESSION['branch_pk'] = $branch_id; 
						header("Location: transaction.php");  
					}else { 
						echo '<p class="error-message">SORRY! This Branch is not Allowed!!</p>'; 
						// Account will be locked now. 
						/* 
							0 = Block 
							1 = Active	 
						*/ 
						$update_block_sql = "UPDATE credit_card SET status=0 WHERE ac_number=".$card_number; 
						$updated_block_status = $conn->query($update_block_sql); 
						if($updated_block_status) { 
							echo '<p class="error-message">Account will be blocked!!</p>'; 
							$block_history_sql = "INSERT INTO block_history (account_id, branch_id) VALUES(".$row[4].", ".$branch_id.")"; 
							$conn->query($block_history_sql);	 
						} 
					} 
				}else { 
					echo '<p class="error-message">Your account has blocked!!</p>'; 
				} 
 
				 
			} 
			 
		}else { 
			echo '<p class="error-message">You are not authorised!!</p>'; 
		} 
	} 
	 
?> 
 
<div class="row"> 
	<h2 class="text-center">Dashboard</h2> 
	<p class="text-center">Authorized Card Number: 5531886652142950, Pin code: 3310</p> 
	<p class="text-center">Login Email: [email protected], Password: 12345</p> 
<?php  
	// Get branches data from database 
	$sql = "SELECT * FROM branch"; 
	$result = $conn->query($sql); 
 
	if ($result->num_rows> 0) { 
	    // output data of each row 
	while($row = $result->fetch_assoc()) { 
		$name = $row["name"]; 
	 
			echo ' 
				<div class="col-xs-6 col-md-4"> 
					<div class="panel panel-success"> 
						<div class="panel-heading"> 
							<h3>'.$name.' Branch</h3> 
						</div> 
						<div class="panel-body"> 
							<form method="POST" action="" class="form-group"> 
								<label>Your Card Number</label> 
								<input type="text" name="card_number" class="form-control" required/> 
								<br/> 
								<label>Your PIN</label> 
								<input type="password" name="pin" class="form-control" required/> 
								<input type="hidden" name="branch_id" value="'.$row["id"].'"/> 
								<br/> 
								<input class="btnbtn-success btn-block" type="submit" name="submit" value="Withdraw"/> 
							</form> 
						</div> 
					</div> 
				</div> 
			'; 
	    } 
	} else { 
	    echo "0 results"; 
	} 
	// $conn->close(); 
?> 
 
</div> 
 

Did this file decode correctly?

Original Code

1.	Transaction.php
<!-- Check for a valid transaction -->
<?php
	session_start();

	if(isset($_SESSION['account'])) {
		// Do something if anything special you need.
	}else{
		header("Location: index.php");
	}
?>

<!DOCTYPE html>
<html>
<head>
	<meta name="viewport" content="width=device-width, initial-scale=1">
	<title>Credit Card Faurd Detecting System</title>

	<!-- Load all static files -->
	<link rel="stylesheet" type="text/css" href="assets/BS/css/bootstrap.min.css">
	<link rel="stylesheet" type="text/css" href="assets/css/styles.css">

</head>
<body class="container">
	<!-- Navbar included -->
	<?php include 'helper/navbar.html' ?>
	<!-- Config included -->
	<?php include 'helper/config.php' ?>

	<div class="row m-r-0 m-l-0">
		<!-- After submitting the form -->
		<?php
			if($_SERVER['REQUEST_METHOD'] == 'POST') {
				// get data from form
				$amount = $_POST['amount'];
				$total_balance = $_POST['total_balance'];
				$trans_limit = $_POST['trans_limit'];
				$acc_table_id = $_POST['id'];

				// Withdrawal business logic
				if($amount <= $total_balance) {
					if($amount <= $trans_limit) {
						$branch_pk = $_SESSION['branch_pk'];
						// update will be rest of the amount
						$rest_amount = $total_balance - $amount;
						$update_query = "UPDATE account SET balance=".$rest_amount." WHERE id=".$acc_table_id;
						$conn->query($update_query);
						// Now it's time to add a row on transaction table
						$add_trans_sql = "INSERT INTO transaction (account_id, branch_id, amount) VALUES (".$acc_table_id.", ".$branch_pk.", ".$amount.")";
						$conn->query($add_trans_sql);
						unset($_SESSION["branch_pk"]); 

						// show success message
						echo '<p class="success-message">Successfully Withdrawn!!</p>';

					}else {
						// show error message (when maximum limit)
						echo '<p class="error-message">Sorry!! Maximum limit reached. Try Again!!</p>';
					}
				}else {
					// show error message (When insufficient funds)
					echo '<p class="error-message">Not Enough Fund!!</p>';
				}
				
			}
		?>
	</div>

	<!-- This part will show first -->
	<div class="row m-r-0 m-l-0">
		<?php
			if(isset($_SESSION['account'])) {
				$account_pk = $_SESSION['account_id'];
				// Warning OR Notification about last blocking message
				$blocked_sql = "SELECT block_history.account_id, block_history.branch_id, created_at, branch.id, branch.name as branch_name FROM block_history, branch WHERE block_history.account_id=".$account_pk." AND block_history.branch_id=branch.id ORDER BY created_at DESC";
				
				$blocked_last_row = $conn->query($blocked_sql);

				if($blocked_last_row->num_rows> 0) {
					$blocked_row = $blocked_last_row->fetch_row();
					$blocked_timestamp = $blocked_row[2];
					$blocked_branch_name = $blocked_row[4];

					// Show Warning
					echo '<p class="warning-message">You account was tryng to access from <strong>'.$blocked_branch_name.'</strong> at <strong>'.$blocked_timestamp.'</strong></p>';
				}


				$ac_number = $_SESSION['account'];
				$account_id = $_SESSION['account_id'];

				// Get data from account table
				$sql = "SELECT * FROM account WHERE id=".$account_id;
				$result = $conn->query($sql);

				if($result->num_rows == 1) {
					$row = $result->fetch_row();
					echo '
						<div class="col-sm-12 col-md-6">
							<div class="panel panel-primary">
								<div class="panel-heading">
									<h3>Transaction</h3>
								</div>
								<div class="panel-body">
									<form method="POST" action="" class="form-group">
										<p>Available Balance: '.$row[4].'</p>
										<label>Enter Amount</label>
										<input type="number" name="amount" class="form-control" required/>
										<input type="hidden" name="total_balance" value="'.$row[4].'"/>
										<input type="hidden" name="trans_limit" value="'.$row[5].'"/>
										<input type="hidden" name="id" value="'.$row[0].'"/>
										<br/>
										<input class="btnbtn-primary btn-block" type="submit" name="submit" value="Withdraw"/>
									</form>
								</div>
							</div>
						</div>
					';
				}
			}
		?>
		<!-- The clock / time limit will be here -->
		<div class="col-sm-12 col-md-4 jumbotron pull-right m-r-15">
			<h2 class="alert-message-color">You are running out of time.</h2>
			<div id="s_timer"></div>
			<p class="p-t-sm f-16 alert-message-color">
				<strong>Note:</strong> You just have 60 seconds to finish this transaction. 
				If you missed to finish you have re-enter your AC number and PIN. 
			</p>
		</div>
	</div>
	
</body>
<footer>
	<!-- All the Javascript will be load here... -->
	<script type="text/javascript" src="assets/JS/jquery-3.1.1.min.js"></script>
	<script type="text/javascript" src="assets/JS/jquery.countdownTimer.min.js"></script>
	<script type="text/javascript" src="assets/JS/main.js"></script>
	<script type="text/javascript" src="assets/JS/timer.js"></script>
	<script type="text/javascript" src="assets/BS/js/bootstrap.min.js"></script>
</footer>
</html>

2.	Settings.php
<?php
    include 'helper/config.php';

session_start();

    if (isset($_SESSION['username'])) {
        // logged in
        // Something will happen here....
    } else {
        // not logged in
header('Location: login.php');
    }
?>

<!-- Login view -->
<form class="form-signin"method="POST" action="">
<h2 class="form-signin-heading">SIGN IN</h2>
<label for="inputEmail" class="sr-only">Email address</label>
<input type="email" id="inputEmail" name="email" class="form-control" placeholder="Email address" required autofocus>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" id="inputPassword" name="password" class="form-control" placeholder="Password" required>
<button class="btnbtn-lg btn-primary btn-block" type="submit">Sign in</button>
</form>
</body>
<footer>
	<!-- All the Javascript will be load here... -->
	<script type="text/javascript" src="assets/JS/jquery-3.1.1.min.js"></script>
	<script type="text/javascript" src="assets/JS/main.js"></script>
	<script type="text/javascript" src="assets/BS/js/bootstrap.min.js"></script>
</footer>
</html>

3.	Index.php
<!DOCTYPE html>
<html>
<head>
	<meta name="viewport" content="width=device-width, initial-scale=1">
	<title>Credit Card Faurd Detecting System</title>

	<!-- Load all static files -->
	<link rel="stylesheet" type="text/css" href="assets/BS/css/bootstrap.min.css">
	<link rel="stylesheet" type="text/css" href="assets/css/styles.css">
</head>
<body class="container">
	<!-- Navbar included -->
	<?php include 'helper/navbar.html' ?>
	<!-- Config included -->
	<?php include 'helper/config.php' ?>

	<!-- Let's do something more -->
	<?php include 'dashboard.php' ?>
</body>
<footer>
	<!-- All the Javascript will be load here... -->
	<script type="text/javascript" src="assets/JS/jquery-3.1.1.min.js"></script>
	<script type="text/javascript" src="assets/JS/main.js"></script>
	<script type="text/javascript" src="assets/BS/js/bootstrap.min.js"></script>
</footer>
</html>

4.	History.php
<?php
    include 'helper/config.php';

session_start();

    if (isset($_SESSION['username'])) {
        // logged in
        // Something will happen here....
    } else {
        // not logged in
header('Location: login.php');
    }
?>

<!DOCTYPE html>
<html>
<head>
	<meta name="viewport" content="width=device-width, initial-scale=1">
	<title>History | Credit Card</title>

	<!-- Load all static files -->
	<link rel="stylesheet" type="text/css" href="assets/BS/css/bootstrap.min.css">
	<link rel="stylesheet" type="text/css" href="assets/css/styles.css">
</head>
<body class="container">
<!-- Config included -->
	<?php 
        include 'helper/navbar.html';
    ?>

<!-- Transaction history -->
<div class="row">
<div class="col-sm-12 col-md-12">
<div class="panel panel-success">
<div class="panel-heading">
<p class="text-22px text-center">Transaction History</p>
</div>
<div class="panel-body">
<table class="table">
<?php
                            $email = $_SESSION['username'];
                            $user_data_sql = "SELECT id FROM users WHERE email='".$email."'";
                            $user_data = $conn->query($user_data_sql);
                            if($user_data->num_rows == 1){
                                $user_pk = $user_data->fetch_row()[0];
                            }
                            $get_account_sql = "SELECT id from account WHERE user_id=".$user_pk;
                            $account_data = $conn->query($get_account_sql);
                            if($account_data->num_rows == 1) {
                                $account_pk = $account_data->fetch_row()[0];
                            }

                            $sql = "SELECT transaction.account_id, transaction.amount, transaction.branch_id, created_at, account.id, account.user_id, users.id, users.name AS user_name, branch.id, branch.name AS branch_name FROM transaction, account, users, branch WHERE transaction.account_id=".$account_pk." AND account.user_id=".$user_pk." AND branch.id=transaction.branch_id AND users.id=".$user_pk." ORDER BY transaction.id";

                            $transaction_data = $conn->query($sql);

                            if($transaction_data->num_rows> 0) {
                                echo '
<thead>
<tr>
<th>User Name</th>
<th>Branch Name</th>
<th>Amount</th>
<th>Transaction Date & Time</th>
</tr>
</thead>
                                ';
while($row = $transaction_data->fetch_assoc()){
                                    echo '
<tbody>
<tr>
<td>'.$row["user_name"].'</td>
<td>'.$row["branch_name"].'</td>
<td>'.$row["amount"].'</td>
<td>'.$row["created_at"].'</td>
</tr>
</tbody>
                                    ';
                                }
}else{
                                echo '<p class="text-center">No data to show</p>';
                            }
                        ?>
</table>
</div>
</div>
</div>
</div>

<!-- Blocking History -->
<div class="row">
<div class="col-sm-12 col-md-12">
<div class="panel panel-success">
<div class="panel-heading">
<p class="text-22px text-center">Blocking History</p>
</div>
<div class="panel-body">
<table class="table">
<?php
                            $email = $_SESSION['username'];
                            $user_data_sql = "SELECT id FROM users WHERE email='".$email."'";
                            $user_data = $conn->query($user_data_sql);
                            if($user_data->num_rows == 1){
                                $user_pk = $user_data->fetch_row()[0];
                            }

                            $get_account_sql = "SELECT id from account WHERE user_id=".$user_pk;
                            $account_data = $conn->query($get_account_sql);
                            if($account_data->num_rows == 1) {
                                $account_pk = $account_data->fetch_row()[0];
                            }

                            $sql = "SELECT block_history.account_id, block_history.branch_id, created_at, account.user_id, users.id, users.name AS user_name, branch.id, branch.name AS branch_name FROM block_history, account, users, branch WHERE block_history.account_id=".$account_pk." AND block_history.branch_id=branch.id AND account.user_id=".$user_pk." AND users.id=".$user_pk." ORDER BY created_at";

                            $blocking_history = $conn->query($sql);

                            if($blocking_history->num_rows> 0) {
                                echo '
<thead>
<tr>
<th>Branch Name</th>
<th>Account User Name</th>
<th>Date & Time</th>
</tr>
</thead>
                                ';
while($row = $blocking_history->fetch_assoc()){
                                    echo '
<tbody>
<tr>
<td>'.$row["branch_name"].'</td>
<td>'.$row["user_name"].'</td>
<td>'.$row["created_at"].'</td>
</tr>
</tbody>
                                    ';
                                }
}else{
                                echo '<p class="text-center">No data to show</p>';
                            }
                        ?>
</table>
</div>
</div>
</div>
</div>
</body>
<footer>
	<!-- All the Javascript will be load here... -->
	<script type="text/javascript" src="assets/JS/jquery-3.1.1.min.js"></script>
	<script type="text/javascript" src="assets/JS/main.js"></script>
	<script type="text/javascript" src="assets/BS/js/bootstrap.min.js"></script>
</footer>
</html>

5.	Dashboard.php
<!-- After submiting the form -->
<?php
	// Initialize the session
	session_start();
	if($_SERVER['REQUEST_METHOD'] == 'POST') {
		$card_number = $_POST['card_number'];
		$pin = $_POST['pin'];
		$branch_id = $_POST['branch_id'];

		// Get all the the pins with card number then I'll match with inputed data
		$query = "SELECT * FROM credit_card";
		$credit_cards = $conn->query($query);

		if ($credit_cards->num_rows> 0) {
			// Declare some helper arrays
			$card_number_array = array();
			while($row = $credit_cards->fetch_assoc()) {
				array_push($card_number_array, $row["ac_number"]);
			}
		}

		$matched = False;
		// Match with the inputed data
		for($i=0; $i<count($card_number_array); $i++){
			if($card_number == $card_number_array[$i]){
				$matched = True;
				break;
			}
		}
		// After matching 
		if($matched) {
			// Again call db for specific response
			$card_data_sql = "SELECT * FROM credit_card WHERE ac_number=".$card_number." AND pin=".$pin;
			$card_data = $conn->query($card_data_sql);

			if($card_data->num_rows == 0){
				echo '<p class="error-message">You are not authorised!!</p>';
			}

			if($card_data->num_rows == 1){
				$row = $card_data->fetch_row();
				$allowed_branches = $row[1];
				$ac_status = $row[5];

				if($ac_status == 1){
					if(strpos($allowed_branches, $branch_id)) {
						// set AC num and pin to session
						$_SESSION['account'] = $card_number;
						$_SESSION['account_id'] = $row[4];
						$_SESSION['branch_pk'] = $branch_id;
						header("Location: transaction.php"); 
					}else {
						echo '<p class="error-message">SORRY! This Branch is not Allowed!!</p>';
						// Account will be locked now.
						/*
							0 = Block
							1 = Active	
						*/
						$update_block_sql = "UPDATE credit_card SET status=0 WHERE ac_number=".$card_number;
						$updated_block_status = $conn->query($update_block_sql);
						if($updated_block_status) {
							echo '<p class="error-message">Account will be blocked!!</p>';
							$block_history_sql = "INSERT INTO block_history (account_id, branch_id) VALUES(".$row[4].", ".$branch_id.")";
							$conn->query($block_history_sql);	
						}
					}
				}else {
					echo '<p class="error-message">Your account has blocked!!</p>';
				}

				
			}
			
		}else {
			echo '<p class="error-message">You are not authorised!!</p>';
		}
	}
	
?>

<div class="row">
	<h2 class="text-center">Dashboard</h2>
	<p class="text-center">Authorized Card Number: 5531886652142950, Pin code: 3310</p>
	<p class="text-center">Login Email: [email protected], Password: 12345</p>
<?php 
	// Get branches data from database
	$sql = "SELECT * FROM branch";
	$result = $conn->query($sql);

	if ($result->num_rows> 0) {
	    // output data of each row
	while($row = $result->fetch_assoc()) {
		$name = $row["name"];
	
			echo '
				<div class="col-xs-6 col-md-4">
					<div class="panel panel-success">
						<div class="panel-heading">
							<h3>'.$name.' Branch</h3>
						</div>
						<div class="panel-body">
							<form method="POST" action="" class="form-group">
								<label>Your Card Number</label>
								<input type="text" name="card_number" class="form-control" required/>
								<br/>
								<label>Your PIN</label>
								<input type="password" name="pin" class="form-control" required/>
								<input type="hidden" name="branch_id" value="'.$row["id"].'"/>
								<br/>
								<input class="btnbtn-success btn-block" type="submit" name="submit" value="Withdraw"/>
							</form>
						</div>
					</div>
				</div>
			';
	    }
	} else {
	    echo "0 results";
	}
	// $conn->close();
?>

</div>

Function Calls

None

Variables

None

Stats

MD5 e8cb0b8260c96f30191ef12ff7fef724
Eval Count 0
Decode Time 113 ms