need help on this php script

G

gminds

New Member
Messages
8
Reaction score
0
Points
0
hello need a bit of help on this code, it give an 'insufficient units to send sms.'
hello need a bit of help on this code, it give an 'insufficient units to send sms.'

<?
include "igwt.php";
include "mysql.php";
include "../../api/smsapi.php";


session_start();

$message = $_POST[message];
$to = $_POST[receiver];
$from = $_POST[from];
/* if (strlen($to) == 10)
{
$error[] = "You have to specify the country code, too. Eg. 13333333333";
} */
if ($_SESSION['username'] == '')
{
include "loginerror.php";
die;
exit;
break;
}


$check = mysql_query("SELECT name, firstname, active, sms FROM users WHERE username = '$username'");
$row = mysql_fetch_row($check);


$_SESSION['name'] = $row[0];
$_SESSION['firstname'] = $row[1];
$_SESSION['active'] = $row[2];
$_SESSION['sms'] = $row[3];
$_SESSION['username'] = $username;
$left = $_SESSION['sms'];
$on = $_SESSION['active'];

// check the mobile number
$atom = '[-a-z!#$%&\'*+/=?^_`{|}~]';
if (eregi($atom, $to)) {
$error[] = 'Invalid mobile phone number';
}

if ($left == '0')
{
$error[] = 'Not enough SMS credits to deliver this message.';
}


if (empty ($to)) {
$error[] = 'You not specify destination address (TO)!';
}
if (empty ($from)) {
$error[] = 'You have not specified any sender id!';
}
if (strlen ($message) > 465) {
$error[] = 'Your message is too long';
}

if ($on == 'no')
{
$error[] = 'Your account status is not active.';
}


if ((strlen ($message)) <= 160) {
$balance = 1;
} else { //greater than 160
$count = ((strlen ($message)) / 153);
if ($count <= 3 && $count >2) {
$balance = 3;
}
if ($count <= 2 && $count >1) {
$balance = 2;
}
if ($count <= 4 && $count >3) {
$balance = 4;
}
}

$recipients = explode(",", $to);
$cost = count($recipients) * $balance;
if ($cost > $left) {
$error[] = 'insufficient units to send sms.';
}


if (!$error)
{
mysql_query("UPDATE users SET sms = sms-'$cost' WHERE username = '$username'");


$tudei = date('Y-m-d');
mysql_query("INSERT INTO sms (username, message, date, tono, fromno) VALUES('".$username."','".$message."','".$tudei."','".$to."','".$from."')") or die(mysql_error());


$mysms = new sms();
$results = $mysms->send($to,$from,$message);
}

echo $sus;
?>
 
Last edited:
Qombat

Qombat

New Member
Messages
25
Reaction score
1
Points
0
Code: 
$cost = count($recipients) * $balance;
        if ($cost > $left) {
            $error[] = 'insufficient units to send sms.';
            }
Your cost variable is more than the left variable. Are you setting a left variable anywhere?

Also it is in good practice to include a
Code: 
mysql_close();
at the end of a script using MySQL.
 
M

misson

Community Paragon
Community Support
Messages
2,572
Reaction score
72
Points
48
Please use
PHP: 
, [html] or [code] tags (as appropriate) to separate and format code.

There isn't enough information to diagnose the issue. You need to examine the values of the various variables. The best way is to use a debug extension for PHP (such as [URL="http://www.xdebug.org/"]Xdebug[/URL]) and an [URL="http://www.xdebug.org/docs/remote"]interactive debugger[/URL], which will let you step through the script and see the values at each step.

As for [FONT="Courier New"]mysql_close()[/FONT], resources are cleaned up automatically at the end of a script. However, if there is further processing to be done after you're done with the DB connection, closing a resource when you're done with it will prevent resource usage from growing too large during script execution.


[quote="gminds, post: 726692"][php]
<?
[/QUOTE]
Don't rely on short tags being enabled. Use the full "<?php" open tag.

gminds said:
PHP: 
$message = $_POST[message];
$to = $_POST[receiver];
$from = $_POST[from];
[...]
mysql_query("INSERT INTO sms (username, message, date, tono, fromno) VALUES('".$username."','".$message."','".$tudei."','".$to."','".$from."')") or die(mysql_error());
Click to expand...


This is vulnerable to SQL injection. Use PDO (the old mysql driver is quite out of date, having been supplanted twice over) and prepared statements to close this security hole. If you want a PDO tutorial, try "Writing MySQL Scripts with PHP and PDO".

As it says in the PHP manual, use quotes around string literal indices (e.g. "$_POST['messsage']").

gminds said:
PHP: 
if ($_SESSION['username'] == '')
{
include "loginerror.php";
die;
exit;
break;
}
Click to expand...
Be careful about using die (or exit) in scripts. If it's outputting HTML, don't do it, otherwise you'll wind up with invalid HTML. You also only need one of them. The break won't do anything, as it only exits loops and switches, and it can only exit those in the same script (that is, a break in an included script won't exit a loop in the including script).


gminds said:
PHP: 
$row = mysql_fetch_row($check); 

$_SESSION['name'] = $row[0];
[...]
Click to expand...
Fetching results as associative arrays (or objects) will be slightly more robust, since you will be able to change column order in the statement and also won't mix up the column order when referencing values (e.g. "$_SESSION['name'] = $row[1]"), and (more importantly) more readable.

gminds said:
PHP: 
if ((strlen ($message)) <= 160) {
                    $balance = 1; 
                } else { //greater than 160
                    $count = ((strlen ($message)) / 153); 
    [...]
Click to expand...

The $balance calculation can be simplified using ceil. Any time you have a sequence of ifs, there's usually a better way.

PHP: 
if ((strlen ($message)) <= 160) {
    $balance = 1; 
} else { //greater than 160
    $balance = ceil(strlen($message) / 153.0);
}
 
G

gminds

New Member
Messages
8
Reaction score
0
Points
0
thanks i have done that but the error is still there.
i think this aspect of the script generates the error.

"$recipients = explode(",", $to);
$cost = count($recipients) * $balance;
if ($cost > $left) {
$error[] = 'insufficient units to send sms
}"
 
You must log in or register to reply here.
Top