I'm using laravel 5.1. This is the code of custom function so users can transfer coins.
<?php
public function postCoinTransfer( Request $request )
{
$user = Auth::user();
$validator = Validator::make( $request->all(), [
'recipient' => 'required|min:1|max:20',
'amount' => 'required|numeric|integer'
]);
if ( $validator->fails() )
{
return redirect( 'account/settings#transfer' )
->withErrors( $validator )
->withInput();
}
$username = $request->recipient;
$amount = $request->amount;
if ($user->name == $username)
{
flash()->error( 'You can\'t transfer coins to yourself.' );
return redirect()->back();
}
if (($amount <= 0) || ($amount > 9999))
{
flash()->error( 'Amount should be from 1 to 9999 Coins.' );
return redirect()->back();
}
if ($amount > $user->money)
{
flash()->error( 'Sorry, not enough coins to make this transaction.' );
return redirect()->back();
}
$recipient = User::where('name', $username) -> first();
if (!$recipient)
{
flash()->error( 'Can\'t find this user.' );
return redirect()->back();
}
Coin::create([
'sender_id' => $user->ID,
'recipient_id' => $recipient->ID,
'amount' => $amount
]);
$user = Auth::user();
$user->money = $user->money - $amount;
$user->save();
$recipient->money = $recipient->money + $amount;
$recipient->save();
flash()->success( 'Coins sent successfully.' );
return redirect( 'account/settings#transfer' );
}
Recently I saw this one in my database. Logs
User with ID 1456 has transferred the coins to himself. And this actions created unlimited and free coins for him. How to fix this bug please?
from Newest questions tagged laravel-5 - Stack Overflow https://ift.tt/2Hmswvi
via IFTTT
Aucun commentaire:
Enregistrer un commentaire