BUT what happens, they click the link and instead of it going to the page with the form, it just runs the script.
Here is the script
Code: Select all
if (($bonustransfer != "no") && ($answer="yes")){
if($time < $pimp[bonusturntime]){ $msg="You have to wait before receiving bonus turns"; }
elseif($time < $site[starts]){ $msg="You must wait until this game starts!"; }
elseif($bonustransfer > $user[credit]){ $msg="You dont have that many credits!"; }
else{
$pimp = mysql_fetch_array(mysql_query("SELECT bonusturnsuses,crewjoindate,crewbonusturns,bonusturns,loyality,crew FROM `{$tab[pimp]}` WHERE `id`='$id' AND `rid`='$rid';"))or die("Error : didnt pull pimps info" . mysql_error());
$user = mysql_fetch_array(mysql_query("SELECT credit FROM `{$tab[user]}` WHERE `id`='$id';"))or die("Error : didnt pull credit count" . mysql_error());
$bonustime=$time+172800;//bonus turns every 48 hours
$crewinfo = mysql_fetch_array(mysql_query("SELECT members,totalbtuses FROM `{$tab[crew]}` WHERE `id`='$pimp[crew]' AND `rid`='$rid';"))or die("Error : didnt pull crew info" . mysql_error());
$ct=$crewinfo["members"];
$tcbt=$crewinfo["totalbtuses"];
$cjd=$pimp["crewjoindate"];
$cbt=$pimp["crewbonusturns"];
$btu=$pimp["bonusturnsuses"];
$pcw=$pimp["crew"];
if($pcw<=0){$bt=0;}
else{$bt=10;}
$enddate=$time;
$diff=$enddate-$cjd;
// immediately convert to days
$temp=$diff/86400; // 60 sec/min*60 min/hr*24 hr/day=86400 sec/day
// days
$days=floor($temp); $temp=24*($temp-$days);
$ply=$pimp["loyality"];
if($pcw<=0){$xbt=0;}
else{$xbt=$days*$bt;}
if($pcw<=0){$lxbt=0;}
else{$lxbt=$bt*$ply;}
$bonusturns=$pimp["bonusturns"]+$cbt+$lxbt+$ct+$tcbt;
$adminmessage="Auto-Response: you received ". $bonusturns ." bonus turns.";
mysql_query("INSERT INTO `{$tab[mail]}` (rid,src,dest,msg,time,inbox) VALUES ('$rid','$adminid','$id','$adminmessage','$time',2);")or die("Error : " . mysql_error("tabmail error"));
mysql_query("UPDATE `{$tab[pimp]}` SET `messages`=messages+1 WHERE `id`='$id' AND `rid`='$rid'")or die("Error : did not update message bin" . mysql_error());
mysql_query("UPDATE `{$tab[pimp]}` SET `bonusturnsuses`=$btu+1 WHERE `id`='$id' AND `rid`='$rid'")or die("Error : did not update bonus turn count" . mysql_error());
mysql_query("UPDATE `{$tab[pimp]}` SET `loyalityturns`=$lxbt WHERE `id`='$id' AND `rid`='$rid'")or die("Error : did not update loyality turn count" . mysql_error());
mysql_query("UPDATE `{$tab[pimp]}` SET `turn`=turn+$bonustransfer+$cbt+$lxbt+$ct+$tcbt, `bonusturntime`=$bonustime WHERE `id`='$id' AND `rid`='$rid'")or die("Error : did not give turns" . mysql_error());
mysql_query("UPDATE `{$tab[pimp]}` SET `crewbonusturns`=crewbonusturns+$xbt WHERE `id`='$id' AND `rid`='$rid'")or die("Error : did not give crew bonus turns" . mysql_error());
mysql_query("UPDATE `{$tab[user]}` SET `credit`=credit-$bonustransfer WHERE `id`='$id'")or die("Error :did not deduct credits from account " . mysql_error());
mysql_query("UPDATE `{$tab[crew]}` SET `totalbtuses`=$btu+1 WHERE `id`='$pimp[crew]'")or die("Error :did not update crew bonusturn usest " . mysql_error());
mysql_query("INSERT INTO `{$tab[credits]}` (id,username,action,time,ip) VALUES ('','$un','$adminmessage','$time','$REMOTE_ADDR');")or die ("Did not INSERT info into credit table " .mysql_error ());
header("Location: main.php?rid=$rid");
}
}Code: Select all
<form method="post" action="bonuscredits.php?action=bonustransfer">
<div class="boxdef-hd"> <b>need more turns?</b>
<div class="boxdef" align="center">
<table align="center" cellspacing="1" cellpadding="4">
<tr>
<td><select name="answer" class="entry">
<option class="entry" value="">select</option>
<option class="entry" value="yes">yes</option>
<option class="entry" value="no">no</option>
</select></td>
</tr>
<tr>
<td><input type="hidden" class="entry" size="5" value="<?=$answer?>" name="bonustransfer">
<input type="submit" class="button" value="transfer"></td>
</tr>
</table>
</div>
</div>
</form>