Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
1. Transaction.php <!-- Check for a valid transaction --> <?php session_start(); i..
Decoded Output download
1. Transaction.php
<!-- Check for a valid transaction -->
<?php
session_start();
if(isset($_SESSION['account'])) {
// Do something if anything special you need.
}else{
header("Location: index.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Credit Card Faurd Detecting System</title>
<!-- Load all static files -->
<link rel="stylesheet" type="text/css" href="assets/BS/css/bootstrap.min.css">
<link rel="stylesheet" type="text/css" href="assets/css/styles.css">
</head>
<body class="container">
<!-- Navbar included -->
<?php include 'helper/navbar.html' ?>
<!-- Config included -->
<?php include 'helper/config.php' ?>
<div class="row m-r-0 m-l-0">
<!-- After submitting the form -->
<?php
if($_SERVER['REQUEST_METHOD'] == 'POST') {
// get data from form
$amount = $_POST['amount'];
$total_balance = $_POST['total_balance'];
$trans_limit = $_POST['trans_limit'];
$acc_table_id = $_POST['id'];
// Withdrawal business logic
if($amount <= $total_balance) {
if($amount <= $trans_limit) {
$branch_pk = $_SESSION['branch_pk'];
// update will be rest of the amount
$rest_amount = $total_balance - $amount;
$update_query = "UPDATE account SET balance=".$rest_amount." WHERE id=".$acc_table_id;
$conn->query($update_query);
// Now it's time to add a row on transaction table
$add_trans_sql = "INSERT INTO transaction (account_id, branch_id, amount) VALUES (".$acc_table_id.", ".$branch_pk.", ".$amount.")";
$conn->query($add_trans_sql);
unset($_SESSION["branch_pk"]);
// show success message
echo '<p class="success-message">Successfully Withdrawn!!</p>';
}else {
// show error message (when maximum limit)
echo '<p class="error-message">Sorry!! Maximum limit reached. Try Again!!</p>';
}
}else {
// show error message (When insufficient funds)
echo '<p class="error-message">Not Enough Fund!!</p>';
}
}
?>
</div>
<!-- This part will show first -->
<div class="row m-r-0 m-l-0">
<?php
if(isset($_SESSION['account'])) {
$account_pk = $_SESSION['account_id'];
// Warning OR Notification about last blocking message
$blocked_sql = "SELECT block_history.account_id, block_history.branch_id, created_at, branch.id, branch.name as branch_name FROM block_history, branch WHERE block_history.account_id=".$account_pk." AND block_history.branch_id=branch.id ORDER BY created_at DESC";
$blocked_last_row = $conn->query($blocked_sql);
if($blocked_last_row->num_rows> 0) {
$blocked_row = $blocked_last_row->fetch_row();
$blocked_timestamp = $blocked_row[2];
$blocked_branch_name = $blocked_row[4];
// Show Warning
echo '<p class="warning-message">You account was tryng to access from <strong>'.$blocked_branch_name.'</strong> at <strong>'.$blocked_timestamp.'</strong></p>';
}
$ac_number = $_SESSION['account'];
$account_id = $_SESSION['account_id'];
// Get data from account table
$sql = "SELECT * FROM account WHERE id=".$account_id;
$result = $conn->query($sql);
if($result->num_rows == 1) {
$row = $result->fetch_row();
echo '
<div class="col-sm-12 col-md-6">
<div class="panel panel-primary">
<div class="panel-heading">
<h3>Transaction</h3>
</div>
<div class="panel-body">
<form method="POST" action="" class="form-group">
<p>Available Balance: '.$row[4].'</p>
<label>Enter Amount</label>
<input type="number" name="amount" class="form-control" required/>
<input type="hidden" name="total_balance" value="'.$row[4].'"/>
<input type="hidden" name="trans_limit" value="'.$row[5].'"/>
<input type="hidden" name="id" value="'.$row[0].'"/>
<br/>
<input class="btnbtn-primary btn-block" type="submit" name="submit" value="Withdraw"/>
</form>
</div>
</div>
</div>
';
}
}
?>
<!-- The clock / time limit will be here -->
<div class="col-sm-12 col-md-4 jumbotron pull-right m-r-15">
<h2 class="alert-message-color">You are running out of time.</h2>
<div id="s_timer"></div>
<p class="p-t-sm f-16 alert-message-color">
<strong>Note:</strong> You just have 60 seconds to finish this transaction.
If you missed to finish you have re-enter your AC number and PIN.
</p>
</div>
</div>
</body>
<footer>
<!-- All the Javascript will be load here... -->
<script type="text/javascript" src="assets/JS/jquery-3.1.1.min.js"></script>
<script type="text/javascript" src="assets/JS/jquery.countdownTimer.min.js"></script>
<script type="text/javascript" src="assets/JS/main.js"></script>
<script type="text/javascript" src="assets/JS/timer.js"></script>
<script type="text/javascript" src="assets/BS/js/bootstrap.min.js"></script>
</footer>
</html>
2. Settings.php
<?php
include 'helper/config.php';
session_start();
if (isset($_SESSION['username'])) {
// logged in
// Something will happen here....
} else {
// not logged in
header('Location: login.php');
}
?>
<!-- Login view -->
<form class="form-signin"method="POST" action="">
<h2 class="form-signin-heading">SIGN IN</h2>
<label for="inputEmail" class="sr-only">Email address</label>
<input type="email" id="inputEmail" name="email" class="form-control" placeholder="Email address" required autofocus>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" id="inputPassword" name="password" class="form-control" placeholder="Password" required>
<button class="btnbtn-lg btn-primary btn-block" type="submit">Sign in</button>
</form>
</body>
<footer>
<!-- All the Javascript will be load here... -->
<script type="text/javascript" src="assets/JS/jquery-3.1.1.min.js"></script>
<script type="text/javascript" src="assets/JS/main.js"></script>
<script type="text/javascript" src="assets/BS/js/bootstrap.min.js"></script>
</footer>
</html>
3. Index.php
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Credit Card Faurd Detecting System</title>
<!-- Load all static files -->
<link rel="stylesheet" type="text/css" href="assets/BS/css/bootstrap.min.css">
<link rel="stylesheet" type="text/css" href="assets/css/styles.css">
</head>
<body class="container">
<!-- Navbar included -->
<?php include 'helper/navbar.html' ?>
<!-- Config included -->
<?php include 'helper/config.php' ?>
<!-- Let's do something more -->
<?php include 'dashboard.php' ?>
</body>
<footer>
<!-- All the Javascript will be load here... -->
<script type="text/javascript" src="assets/JS/jquery-3.1.1.min.js"></script>
<script type="text/javascript" src="assets/JS/main.js"></script>
<script type="text/javascript" src="assets/BS/js/bootstrap.min.js"></script>
</footer>
</html>
4. History.php
<?php
include 'helper/config.php';
session_start();
if (isset($_SESSION['username'])) {
// logged in
// Something will happen here....
} else {
// not logged in
header('Location: login.php');
}
?>
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>History | Credit Card</title>
<!-- Load all static files -->
<link rel="stylesheet" type="text/css" href="assets/BS/css/bootstrap.min.css">
<link rel="stylesheet" type="text/css" href="assets/css/styles.css">
</head>
<body class="container">
<!-- Config included -->
<?php
include 'helper/navbar.html';
?>
<!-- Transaction history -->
<div class="row">
<div class="col-sm-12 col-md-12">
<div class="panel panel-success">
<div class="panel-heading">
<p class="text-22px text-center">Transaction History</p>
</div>
<div class="panel-body">
<table class="table">
<?php
$email = $_SESSION['username'];
$user_data_sql = "SELECT id FROM users WHERE email='".$email."'";
$user_data = $conn->query($user_data_sql);
if($user_data->num_rows == 1){
$user_pk = $user_data->fetch_row()[0];
}
$get_account_sql = "SELECT id from account WHERE user_id=".$user_pk;
$account_data = $conn->query($get_account_sql);
if($account_data->num_rows == 1) {
$account_pk = $account_data->fetch_row()[0];
}
$sql = "SELECT transaction.account_id, transaction.amount, transaction.branch_id, created_at, account.id, account.user_id, users.id, users.name AS user_name, branch.id, branch.name AS branch_name FROM transaction, account, users, branch WHERE transaction.account_id=".$account_pk." AND account.user_id=".$user_pk." AND branch.id=transaction.branch_id AND users.id=".$user_pk." ORDER BY transaction.id";
$transaction_data = $conn->query($sql);
if($transaction_data->num_rows> 0) {
echo '
<thead>
<tr>
<th>User Name</th>
<th>Branch Name</th>
<th>Amount</th>
<th>Transaction Date & Time</th>
</tr>
</thead>
';
while($row = $transaction_data->fetch_assoc()){
echo '
<tbody>
<tr>
<td>'.$row["user_name"].'</td>
<td>'.$row["branch_name"].'</td>
<td>'.$row["amount"].'</td>
<td>'.$row["created_at"].'</td>
</tr>
</tbody>
';
}
}else{
echo '<p class="text-center">No data to show</p>';
}
?>
</table>
</div>
</div>
</div>
</div>
<!-- Blocking History -->
<div class="row">
<div class="col-sm-12 col-md-12">
<div class="panel panel-success">
<div class="panel-heading">
<p class="text-22px text-center">Blocking History</p>
</div>
<div class="panel-body">
<table class="table">
<?php
$email = $_SESSION['username'];
$user_data_sql = "SELECT id FROM users WHERE email='".$email."'";
$user_data = $conn->query($user_data_sql);
if($user_data->num_rows == 1){
$user_pk = $user_data->fetch_row()[0];
}
$get_account_sql = "SELECT id from account WHERE user_id=".$user_pk;
$account_data = $conn->query($get_account_sql);
if($account_data->num_rows == 1) {
$account_pk = $account_data->fetch_row()[0];
}
$sql = "SELECT block_history.account_id, block_history.branch_id, created_at, account.user_id, users.id, users.name AS user_name, branch.id, branch.name AS branch_name FROM block_history, account, users, branch WHERE block_history.account_id=".$account_pk." AND block_history.branch_id=branch.id AND account.user_id=".$user_pk." AND users.id=".$user_pk." ORDER BY created_at";
$blocking_history = $conn->query($sql);
if($blocking_history->num_rows> 0) {
echo '
<thead>
<tr>
<th>Branch Name</th>
<th>Account User Name</th>
<th>Date & Time</th>
</tr>
</thead>
';
while($row = $blocking_history->fetch_assoc()){
echo '
<tbody>
<tr>
<td>'.$row["branch_name"].'</td>
<td>'.$row["user_name"].'</td>
<td>'.$row["created_at"].'</td>
</tr>
</tbody>
';
}
}else{
echo '<p class="text-center">No data to show</p>';
}
?>
</table>
</div>
</div>
</div>
</div>
</body>
<footer>
<!-- All the Javascript will be load here... -->
<script type="text/javascript" src="assets/JS/jquery-3.1.1.min.js"></script>
<script type="text/javascript" src="assets/JS/main.js"></script>
<script type="text/javascript" src="assets/BS/js/bootstrap.min.js"></script>
</footer>
</html>
5. Dashboard.php
<!-- After submiting the form -->
<?php
// Initialize the session
session_start();
if($_SERVER['REQUEST_METHOD'] == 'POST') {
$card_number = $_POST['card_number'];
$pin = $_POST['pin'];
$branch_id = $_POST['branch_id'];
// Get all the the pins with card number then I'll match with inputed data
$query = "SELECT * FROM credit_card";
$credit_cards = $conn->query($query);
if ($credit_cards->num_rows> 0) {
// Declare some helper arrays
$card_number_array = array();
while($row = $credit_cards->fetch_assoc()) {
array_push($card_number_array, $row["ac_number"]);
}
}
$matched = False;
// Match with the inputed data
for($i=0; $i<count($card_number_array); $i++){
if($card_number == $card_number_array[$i]){
$matched = True;
break;
}
}
// After matching
if($matched) {
// Again call db for specific response
$card_data_sql = "SELECT * FROM credit_card WHERE ac_number=".$card_number." AND pin=".$pin;
$card_data = $conn->query($card_data_sql);
if($card_data->num_rows == 0){
echo '<p class="error-message">You are not authorised!!</p>';
}
if($card_data->num_rows == 1){
$row = $card_data->fetch_row();
$allowed_branches = $row[1];
$ac_status = $row[5];
if($ac_status == 1){
if(strpos($allowed_branches, $branch_id)) {
// set AC num and pin to session
$_SESSION['account'] = $card_number;
$_SESSION['account_id'] = $row[4];
$_SESSION['branch_pk'] = $branch_id;
header("Location: transaction.php");
}else {
echo '<p class="error-message">SORRY! This Branch is not Allowed!!</p>';
// Account will be locked now.
/*
0 = Block
1 = Active
*/
$update_block_sql = "UPDATE credit_card SET status=0 WHERE ac_number=".$card_number;
$updated_block_status = $conn->query($update_block_sql);
if($updated_block_status) {
echo '<p class="error-message">Account will be blocked!!</p>';
$block_history_sql = "INSERT INTO block_history (account_id, branch_id) VALUES(".$row[4].", ".$branch_id.")";
$conn->query($block_history_sql);
}
}
}else {
echo '<p class="error-message">Your account has blocked!!</p>';
}
}
}else {
echo '<p class="error-message">You are not authorised!!</p>';
}
}
?>
<div class="row">
<h2 class="text-center">Dashboard</h2>
<p class="text-center">Authorized Card Number: 5531886652142950, Pin code: 3310</p>
<p class="text-center">Login Email: [email protected], Password: 12345</p>
<?php
// Get branches data from database
$sql = "SELECT * FROM branch";
$result = $conn->query($sql);
if ($result->num_rows> 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
$name = $row["name"];
echo '
<div class="col-xs-6 col-md-4">
<div class="panel panel-success">
<div class="panel-heading">
<h3>'.$name.' Branch</h3>
</div>
<div class="panel-body">
<form method="POST" action="" class="form-group">
<label>Your Card Number</label>
<input type="text" name="card_number" class="form-control" required/>
<br/>
<label>Your PIN</label>
<input type="password" name="pin" class="form-control" required/>
<input type="hidden" name="branch_id" value="'.$row["id"].'"/>
<br/>
<input class="btnbtn-success btn-block" type="submit" name="submit" value="Withdraw"/>
</form>
</div>
</div>
</div>
';
}
} else {
echo "0 results";
}
// $conn->close();
?>
</div>
Did this file decode correctly?
Original Code
1. Transaction.php
<!-- Check for a valid transaction -->
<?php
session_start();
if(isset($_SESSION['account'])) {
// Do something if anything special you need.
}else{
header("Location: index.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Credit Card Faurd Detecting System</title>
<!-- Load all static files -->
<link rel="stylesheet" type="text/css" href="assets/BS/css/bootstrap.min.css">
<link rel="stylesheet" type="text/css" href="assets/css/styles.css">
</head>
<body class="container">
<!-- Navbar included -->
<?php include 'helper/navbar.html' ?>
<!-- Config included -->
<?php include 'helper/config.php' ?>
<div class="row m-r-0 m-l-0">
<!-- After submitting the form -->
<?php
if($_SERVER['REQUEST_METHOD'] == 'POST') {
// get data from form
$amount = $_POST['amount'];
$total_balance = $_POST['total_balance'];
$trans_limit = $_POST['trans_limit'];
$acc_table_id = $_POST['id'];
// Withdrawal business logic
if($amount <= $total_balance) {
if($amount <= $trans_limit) {
$branch_pk = $_SESSION['branch_pk'];
// update will be rest of the amount
$rest_amount = $total_balance - $amount;
$update_query = "UPDATE account SET balance=".$rest_amount." WHERE id=".$acc_table_id;
$conn->query($update_query);
// Now it's time to add a row on transaction table
$add_trans_sql = "INSERT INTO transaction (account_id, branch_id, amount) VALUES (".$acc_table_id.", ".$branch_pk.", ".$amount.")";
$conn->query($add_trans_sql);
unset($_SESSION["branch_pk"]);
// show success message
echo '<p class="success-message">Successfully Withdrawn!!</p>';
}else {
// show error message (when maximum limit)
echo '<p class="error-message">Sorry!! Maximum limit reached. Try Again!!</p>';
}
}else {
// show error message (When insufficient funds)
echo '<p class="error-message">Not Enough Fund!!</p>';
}
}
?>
</div>
<!-- This part will show first -->
<div class="row m-r-0 m-l-0">
<?php
if(isset($_SESSION['account'])) {
$account_pk = $_SESSION['account_id'];
// Warning OR Notification about last blocking message
$blocked_sql = "SELECT block_history.account_id, block_history.branch_id, created_at, branch.id, branch.name as branch_name FROM block_history, branch WHERE block_history.account_id=".$account_pk." AND block_history.branch_id=branch.id ORDER BY created_at DESC";
$blocked_last_row = $conn->query($blocked_sql);
if($blocked_last_row->num_rows> 0) {
$blocked_row = $blocked_last_row->fetch_row();
$blocked_timestamp = $blocked_row[2];
$blocked_branch_name = $blocked_row[4];
// Show Warning
echo '<p class="warning-message">You account was tryng to access from <strong>'.$blocked_branch_name.'</strong> at <strong>'.$blocked_timestamp.'</strong></p>';
}
$ac_number = $_SESSION['account'];
$account_id = $_SESSION['account_id'];
// Get data from account table
$sql = "SELECT * FROM account WHERE id=".$account_id;
$result = $conn->query($sql);
if($result->num_rows == 1) {
$row = $result->fetch_row();
echo '
<div class="col-sm-12 col-md-6">
<div class="panel panel-primary">
<div class="panel-heading">
<h3>Transaction</h3>
</div>
<div class="panel-body">
<form method="POST" action="" class="form-group">
<p>Available Balance: '.$row[4].'</p>
<label>Enter Amount</label>
<input type="number" name="amount" class="form-control" required/>
<input type="hidden" name="total_balance" value="'.$row[4].'"/>
<input type="hidden" name="trans_limit" value="'.$row[5].'"/>
<input type="hidden" name="id" value="'.$row[0].'"/>
<br/>
<input class="btnbtn-primary btn-block" type="submit" name="submit" value="Withdraw"/>
</form>
</div>
</div>
</div>
';
}
}
?>
<!-- The clock / time limit will be here -->
<div class="col-sm-12 col-md-4 jumbotron pull-right m-r-15">
<h2 class="alert-message-color">You are running out of time.</h2>
<div id="s_timer"></div>
<p class="p-t-sm f-16 alert-message-color">
<strong>Note:</strong> You just have 60 seconds to finish this transaction.
If you missed to finish you have re-enter your AC number and PIN.
</p>
</div>
</div>
</body>
<footer>
<!-- All the Javascript will be load here... -->
<script type="text/javascript" src="assets/JS/jquery-3.1.1.min.js"></script>
<script type="text/javascript" src="assets/JS/jquery.countdownTimer.min.js"></script>
<script type="text/javascript" src="assets/JS/main.js"></script>
<script type="text/javascript" src="assets/JS/timer.js"></script>
<script type="text/javascript" src="assets/BS/js/bootstrap.min.js"></script>
</footer>
</html>
2. Settings.php
<?php
include 'helper/config.php';
session_start();
if (isset($_SESSION['username'])) {
// logged in
// Something will happen here....
} else {
// not logged in
header('Location: login.php');
}
?>
<!-- Login view -->
<form class="form-signin"method="POST" action="">
<h2 class="form-signin-heading">SIGN IN</h2>
<label for="inputEmail" class="sr-only">Email address</label>
<input type="email" id="inputEmail" name="email" class="form-control" placeholder="Email address" required autofocus>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" id="inputPassword" name="password" class="form-control" placeholder="Password" required>
<button class="btnbtn-lg btn-primary btn-block" type="submit">Sign in</button>
</form>
</body>
<footer>
<!-- All the Javascript will be load here... -->
<script type="text/javascript" src="assets/JS/jquery-3.1.1.min.js"></script>
<script type="text/javascript" src="assets/JS/main.js"></script>
<script type="text/javascript" src="assets/BS/js/bootstrap.min.js"></script>
</footer>
</html>
3. Index.php
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Credit Card Faurd Detecting System</title>
<!-- Load all static files -->
<link rel="stylesheet" type="text/css" href="assets/BS/css/bootstrap.min.css">
<link rel="stylesheet" type="text/css" href="assets/css/styles.css">
</head>
<body class="container">
<!-- Navbar included -->
<?php include 'helper/navbar.html' ?>
<!-- Config included -->
<?php include 'helper/config.php' ?>
<!-- Let's do something more -->
<?php include 'dashboard.php' ?>
</body>
<footer>
<!-- All the Javascript will be load here... -->
<script type="text/javascript" src="assets/JS/jquery-3.1.1.min.js"></script>
<script type="text/javascript" src="assets/JS/main.js"></script>
<script type="text/javascript" src="assets/BS/js/bootstrap.min.js"></script>
</footer>
</html>
4. History.php
<?php
include 'helper/config.php';
session_start();
if (isset($_SESSION['username'])) {
// logged in
// Something will happen here....
} else {
// not logged in
header('Location: login.php');
}
?>
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>History | Credit Card</title>
<!-- Load all static files -->
<link rel="stylesheet" type="text/css" href="assets/BS/css/bootstrap.min.css">
<link rel="stylesheet" type="text/css" href="assets/css/styles.css">
</head>
<body class="container">
<!-- Config included -->
<?php
include 'helper/navbar.html';
?>
<!-- Transaction history -->
<div class="row">
<div class="col-sm-12 col-md-12">
<div class="panel panel-success">
<div class="panel-heading">
<p class="text-22px text-center">Transaction History</p>
</div>
<div class="panel-body">
<table class="table">
<?php
$email = $_SESSION['username'];
$user_data_sql = "SELECT id FROM users WHERE email='".$email."'";
$user_data = $conn->query($user_data_sql);
if($user_data->num_rows == 1){
$user_pk = $user_data->fetch_row()[0];
}
$get_account_sql = "SELECT id from account WHERE user_id=".$user_pk;
$account_data = $conn->query($get_account_sql);
if($account_data->num_rows == 1) {
$account_pk = $account_data->fetch_row()[0];
}
$sql = "SELECT transaction.account_id, transaction.amount, transaction.branch_id, created_at, account.id, account.user_id, users.id, users.name AS user_name, branch.id, branch.name AS branch_name FROM transaction, account, users, branch WHERE transaction.account_id=".$account_pk." AND account.user_id=".$user_pk." AND branch.id=transaction.branch_id AND users.id=".$user_pk." ORDER BY transaction.id";
$transaction_data = $conn->query($sql);
if($transaction_data->num_rows> 0) {
echo '
<thead>
<tr>
<th>User Name</th>
<th>Branch Name</th>
<th>Amount</th>
<th>Transaction Date & Time</th>
</tr>
</thead>
';
while($row = $transaction_data->fetch_assoc()){
echo '
<tbody>
<tr>
<td>'.$row["user_name"].'</td>
<td>'.$row["branch_name"].'</td>
<td>'.$row["amount"].'</td>
<td>'.$row["created_at"].'</td>
</tr>
</tbody>
';
}
}else{
echo '<p class="text-center">No data to show</p>';
}
?>
</table>
</div>
</div>
</div>
</div>
<!-- Blocking History -->
<div class="row">
<div class="col-sm-12 col-md-12">
<div class="panel panel-success">
<div class="panel-heading">
<p class="text-22px text-center">Blocking History</p>
</div>
<div class="panel-body">
<table class="table">
<?php
$email = $_SESSION['username'];
$user_data_sql = "SELECT id FROM users WHERE email='".$email."'";
$user_data = $conn->query($user_data_sql);
if($user_data->num_rows == 1){
$user_pk = $user_data->fetch_row()[0];
}
$get_account_sql = "SELECT id from account WHERE user_id=".$user_pk;
$account_data = $conn->query($get_account_sql);
if($account_data->num_rows == 1) {
$account_pk = $account_data->fetch_row()[0];
}
$sql = "SELECT block_history.account_id, block_history.branch_id, created_at, account.user_id, users.id, users.name AS user_name, branch.id, branch.name AS branch_name FROM block_history, account, users, branch WHERE block_history.account_id=".$account_pk." AND block_history.branch_id=branch.id AND account.user_id=".$user_pk." AND users.id=".$user_pk." ORDER BY created_at";
$blocking_history = $conn->query($sql);
if($blocking_history->num_rows> 0) {
echo '
<thead>
<tr>
<th>Branch Name</th>
<th>Account User Name</th>
<th>Date & Time</th>
</tr>
</thead>
';
while($row = $blocking_history->fetch_assoc()){
echo '
<tbody>
<tr>
<td>'.$row["branch_name"].'</td>
<td>'.$row["user_name"].'</td>
<td>'.$row["created_at"].'</td>
</tr>
</tbody>
';
}
}else{
echo '<p class="text-center">No data to show</p>';
}
?>
</table>
</div>
</div>
</div>
</div>
</body>
<footer>
<!-- All the Javascript will be load here... -->
<script type="text/javascript" src="assets/JS/jquery-3.1.1.min.js"></script>
<script type="text/javascript" src="assets/JS/main.js"></script>
<script type="text/javascript" src="assets/BS/js/bootstrap.min.js"></script>
</footer>
</html>
5. Dashboard.php
<!-- After submiting the form -->
<?php
// Initialize the session
session_start();
if($_SERVER['REQUEST_METHOD'] == 'POST') {
$card_number = $_POST['card_number'];
$pin = $_POST['pin'];
$branch_id = $_POST['branch_id'];
// Get all the the pins with card number then I'll match with inputed data
$query = "SELECT * FROM credit_card";
$credit_cards = $conn->query($query);
if ($credit_cards->num_rows> 0) {
// Declare some helper arrays
$card_number_array = array();
while($row = $credit_cards->fetch_assoc()) {
array_push($card_number_array, $row["ac_number"]);
}
}
$matched = False;
// Match with the inputed data
for($i=0; $i<count($card_number_array); $i++){
if($card_number == $card_number_array[$i]){
$matched = True;
break;
}
}
// After matching
if($matched) {
// Again call db for specific response
$card_data_sql = "SELECT * FROM credit_card WHERE ac_number=".$card_number." AND pin=".$pin;
$card_data = $conn->query($card_data_sql);
if($card_data->num_rows == 0){
echo '<p class="error-message">You are not authorised!!</p>';
}
if($card_data->num_rows == 1){
$row = $card_data->fetch_row();
$allowed_branches = $row[1];
$ac_status = $row[5];
if($ac_status == 1){
if(strpos($allowed_branches, $branch_id)) {
// set AC num and pin to session
$_SESSION['account'] = $card_number;
$_SESSION['account_id'] = $row[4];
$_SESSION['branch_pk'] = $branch_id;
header("Location: transaction.php");
}else {
echo '<p class="error-message">SORRY! This Branch is not Allowed!!</p>';
// Account will be locked now.
/*
0 = Block
1 = Active
*/
$update_block_sql = "UPDATE credit_card SET status=0 WHERE ac_number=".$card_number;
$updated_block_status = $conn->query($update_block_sql);
if($updated_block_status) {
echo '<p class="error-message">Account will be blocked!!</p>';
$block_history_sql = "INSERT INTO block_history (account_id, branch_id) VALUES(".$row[4].", ".$branch_id.")";
$conn->query($block_history_sql);
}
}
}else {
echo '<p class="error-message">Your account has blocked!!</p>';
}
}
}else {
echo '<p class="error-message">You are not authorised!!</p>';
}
}
?>
<div class="row">
<h2 class="text-center">Dashboard</h2>
<p class="text-center">Authorized Card Number: 5531886652142950, Pin code: 3310</p>
<p class="text-center">Login Email: [email protected], Password: 12345</p>
<?php
// Get branches data from database
$sql = "SELECT * FROM branch";
$result = $conn->query($sql);
if ($result->num_rows> 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
$name = $row["name"];
echo '
<div class="col-xs-6 col-md-4">
<div class="panel panel-success">
<div class="panel-heading">
<h3>'.$name.' Branch</h3>
</div>
<div class="panel-body">
<form method="POST" action="" class="form-group">
<label>Your Card Number</label>
<input type="text" name="card_number" class="form-control" required/>
<br/>
<label>Your PIN</label>
<input type="password" name="pin" class="form-control" required/>
<input type="hidden" name="branch_id" value="'.$row["id"].'"/>
<br/>
<input class="btnbtn-success btn-block" type="submit" name="submit" value="Withdraw"/>
</form>
</div>
</div>
</div>
';
}
} else {
echo "0 results";
}
// $conn->close();
?>
</div>
Function Calls
None |
Stats
MD5 | e8cb0b8260c96f30191ef12ff7fef724 |
Eval Count | 0 |
Decode Time | 113 ms |