MyBanco

Making external applications add money to accounts in MyBanco

/ by | Leave a comment

I got an email earlier this morning, asking me how hard it would be to “make something that can activate a transaction when an action happens in another code”. I thought about it for thirty seconds, and realised that it would not be too hard. Infact, it was super easy to do.

There are two ways that it can be done, the MyInfo way, which is complicated, and the MySQL way, which will be the easiest (for the moment). A simple transaction taking place will take about 12 lines of code.

In Psuedocode:

mysql_connect("database.server.com", "root", "password");
mysql_selectdb("myinfo");
if (mysql_error) die "Can't connect to DB";
$SQL = 'INSERT INTO `transactions` (
          `transactionTime`, `from_aid`,
          `to_aid`, `amount`, `description`
        ) VALUES (
          UNIX_TIME(), "$from", "$to",
          "$amount", "Transaction from app"
        )'
mysql_query($SQL);
if (mysql_error) die "fail.";

And that is pretty much it. Not only does it add money to an account (the $to variable)… but it takes it out of an existing account in MyBanco. The only bad thing with using this is that there are no checks done to ensure that the central bank account (the $from) does actually have the right amount of money in there.

Adding this is done with a simple peice of code (in PHP):

if (!$aid) return array('error' => 982);

$SQL = 'SELECT SUM(`amount`) as `positive`
	FROM `transactions`
	WHERE (`to_aid`="' . $aid . '")';

$mr1 = mysql_fetch_array(mysql_query($SQL));
$money_pos = 0;
if($mr1) {
        $money_pos = (is_numeric($mr1["positive"])) ?
                $mr1["positive"]:0;
}

$SQL = 'SELECT SUM(`amount`) as `negative`
        FROM `transactions`
        WHERE `from_aid`="' . $aid . '"
                AND `from_aid`<>`to_aid`';

$mr2 = mysql_fetch_array(mysql_query($SQL));
$money_neg=0;
if($mr2) {
	$money_neg=(is_numeric($mr2["negative"])) ?
                $mr2["negative"]:0;
}

return number_format($money_pos - $money_neg, 2);

Pretty easy, huh? Now all you have to do is before you insert the row into the transactions table, make sure that __bank_amountForAccount($from) is >$amount … and then you will never have “magic” money being circulated around the MyBanco bank system that ultimately should not exist.

Leave a Comment

Your email address will not be published. Required fields are marked *