need help on this php script

[gminds]

hello need a bit of help on this code, it give an 'insufficient units to send sms.'
hello need a bit of help on this code, it give an 'insufficient units to send sms.'

<?
include "igwt.php";
include "mysql.php";
include "../../api/smsapi.php";


session_start();

$message = $_POST[message];
$to = $_POST[receiver];
$from = $_POST[from];
/* if (strlen($to) == 10)
{
$error[] = "You have to specify the country code, too. Eg. 13333333333";
} */
if ($_SESSION['username'] == '')
{
include "loginerror.php";
die;
exit;
break;
}


$check = mysql_query("SELECT name, firstname, active, sms FROM users WHERE username = '$username'");
$row = mysql_fetch_row($check);


$_SESSION['name'] = $row[0];
$_SESSION['firstname'] = $row[1];
$_SESSION['active'] = $row[2];
$_SESSION['sms'] = $row[3];
$_SESSION['username'] = $username;
$left = $_SESSION['sms'];
$on = $_SESSION['active'];

// check the mobile number
$atom = '[-a-z!#$%&\'*+/=?^_`{|}~]';
if (eregi($atom, $to)) {
$error[] = 'Invalid mobile phone number';
}

if ($left == '0')
{
$error[] = 'Not enough SMS credits to deliver this message.';
}


if (empty ($to)) {
$error[] = 'You not specify destination address (TO)!';
}
if (empty ($from)) {
$error[] = 'You have not specified any sender id!';
}
if (strlen ($message) > 465) {
$error[] = 'Your message is too long';
}

if ($on == 'no')
{
$error[] = 'Your account status is not active.';
}


if ((strlen ($message)) <= 160) {
$balance = 1;
} else { //greater than 160
$count = ((strlen ($message)) / 153);
if ($count <= 3 && $count >2) {
$balance = 3;
}
if ($count <= 2 && $count >1) {
$balance = 2;
}
if ($count <= 4 && $count >3) {
$balance = 4;
}
}

$recipients = explode(",", $to);
$cost = count($recipients) * $balance;
if ($cost > $left) {
$error[] = 'insufficient units to send sms.';
}


if (!$error)
{
mysql_query("UPDATE users SET sms = sms-'$cost' WHERE username = '$username'");


$tudei = date('Y-m-d');
mysql_query("INSERT INTO sms (username, message, date, tono, fromno) VALUES('".$username."','".$message."','".$tudei."' ,'".$to."','".$from."')") or die(mysql_error());


$mysms = new sms();
$results = $mysms->send($to,$from,$message);
}

echo $sus;
?>

[Qombat]

Code:

$cost = count($recipients) * $balance;
        if ($cost > $left) {
            $error[] = 'insufficient units to send sms.';
            }

Your cost variable is more than the left variable. Are you setting a left variable anywhere?

Also it is in good practice to include a

Code:

mysql_close();

at the end of a script using MySQL.

[misson]

Please use [php], [html] or [code] tags (as appropriate) to separate and format code.

There isn't enough information to diagnose the issue. You need to examine the values of the various variables. The best way is to use a debug extension for PHP (such as Xdebug) and an interactive debugger, which will let you step through the script and see the values at each step.

As for mysql_close(), resources are cleaned up automatically at the end of a script. However, if there is further processing to be done after you're done with the DB connection, closing a resource when you're done with it will prevent resource usage from growing too large during script execution.

PHP Code:

<?

Don't rely on short tags being enabled. Use the full "<?php" open tag.

PHP Code:

$message = $_POST[message];
$to = $_POST[receiver];
$from = $_POST[from];
[...]
mysql_query("INSERT INTO sms (username, message, date, tono, fromno) VALUES('".$username."','".$message."','".$tudei."','".$to."','".$from."')") or die(mysql_error()); 


This is vulnerable to SQL injection. Use PDO (the old mysql driver is quite out of date, having been supplanted twice over) and prepared statements to close this security hole. If you want a PDO tutorial, try "Writing MySQL Scripts with PHP and PDO".

As it says in the PHP manual, use quotes around string literal indices (e.g. "$_POST['messsage']").

PHP Code:

if ($_SESSION['username'] == '')
{
include "loginerror.php";
die;
exit;
break;
} 


Be careful about using die (or exit) in scripts. If it's outputting HTML, don't do it, otherwise you'll wind up with invalid HTML. You also only need one of them. The break won't do anything, as it only exits loops and switches, and it can only exit those in the same script (that is, a break in an included script won't exit a loop in the including script).

PHP Code:

$row = mysql_fetch_row($check); 

$_SESSION['name'] = $row[0];
[...] 


Fetching results as associative arrays (or objects) will be slightly more robust, since you will be able to change column order in the statement and also won't mix up the column order when referencing values (e.g. "$_SESSION['name'] = $row[1]"), and (more importantly) more readable.

PHP Code:

if ((strlen ($message)) <= 160) {
                    $balance = 1; 
                } else { //greater than 160
                    $count = ((strlen ($message)) / 153); 
    [...] 


The $balance calculation can be simplified using ceil. Any time you have a sequence of ifs, there's usually a better way.

PHP Code:

if ((strlen ($message)) <= 160) {
    $balance = 1; 
} else { //greater than 160
    $balance = ceil(strlen($message) / 153.0);
} 


[gminds]

thanks i have done that but the error is still there.
i think this aspect of the script generates the error.

"$recipients = explode(",", $to);
$cost = count($recipients) * $balance;
if ($cost > $left) {
$error[] = 'insufficient units to send sms
}"