money transfer in from user profile

<?php

define('_IN_JOHNCMS', 1);
require_once('../incfiles/core.php');
require_once('../incfiles/head.php');
$textl = 'Web Store';
echo '<div class="mainblok">';
if (!$user_id) {
echo '<div class="error"><b>ERROR!</b><br />Need to be a registered member to access this content!</div>';
} else {
echo '<div class="title">Transfer Mobo points</div>';

switch ($act) {
case 'ok':

$kod = isset($_POST['kod']) ? trim($_POST['kod']) : '';
$logid = isset($_POST['logid']) ? trim($_POST['logid']) : '';
$sum = isset($_POST['sum']) ? abs(intval($_POST['sum'])) : '';
$error = false;

if (empty($logid))
$error = $error . 'Nick is not included / ID<br/>';
elseif (mb_strlen($logid) > 20)
$error = $error . '<div class="error">You Entered Username Words invalid length, please check and try again.!</div>';
if (preg_match('/[^\da-zA-Z\-\@\*\(\)\?\!\~\_\=\[\]] /', $logid))
$error = $error . '<div class="error">Invalid Characters in Username. Please Contact with your Manager.</div>';
if (empty($sum))
$error = $error . 'You did not enter amount to be sent!<br/>';
if (preg_match('/[^\d] /', $sum))
$error = $error . '<div class="error">Your Mobopoints are low, Please Contact with your Manager.</div>';
if (empty($error)) {
if (is_numeric($logid) != false) {
$req = mysql_query("select * from `users` where `id`='$logid'");
if (mysql_num_rows($req) == 0) $error = '<div class="error">No such User.</div>';
} else {
$uid = mysql_fetch_assoc(mysql_query("SELECT `id` FROM `users` WHERE `name`='$logid'"));
$req = mysql_query("select * from `users` where `id`='".$uid['id']."'");
$logid = $uid['id'];
if (mysql_num_rows($req) == 0) $error = '<div class="error">No such User.</div>';
}
if ($datauser['balans'] < $sum || $datauser['balans'] == 0) {
$error = '<div class="error">You do not have a lot of mobopoints.!</div>';
}
}

if (empty($error)) {
$mon = mysql_fetch_assoc(mysql_query("SELECT `balans` FROM `users` WHERE `id`='$logid'"));
mysql_query("UPDATE `users` SET `balans` = '" . ($mon['balans'] + $sum) . "' WHERE `id` = '$logid'");
mysql_query("UPDATE `users` SET `balans` = '" . ($datauser['balans'] - $sum) . "' WHERE `id` = '$user_id'");
mysql_query("INSERT INTO `cms_mail` SET `user_id` = '0',`from_id` = '" . $logid . "',`text` = '".$login." transferred to you [".$sum."] Mobopoints',`time` = '" . time() . "',`sys` = '1',`them` = 'Transfer mobopoints'");
$polz = mysql_fetch_assoc(mysql_query("SELECT `name` FROM `users` WHERE `id`='$logid'"));
mysql_query("INSERT INTO `cms_mail` SET `user_id` = '0',`from_id` = '" . $user_id . "',`text` = 'You transferred ".$sum." mobopoints to ".$polz['name']."',`time` = '" . time() . "',`sys` = '1',`them` = 'Transfer mobopoints'");
echo '<div class="action">Your (' . $sum . ') Mobopoints Transferred Successfully to ' . $polz['name'] . '</div>';
} else {
echo '<div class="error"><b>ERROR!</b><br/>' . $error . '</div>';
}

break;

default:
echo '<div class="list2"><b>'.$login.'</b>, you can transfer mobopoints to other users. <a href="/super_powers/read_more.php">Read More...</a></div>';
echo '<form action="money.php?act=ok" method="post"><div class="list1">';
if ($user) {
$usr = mysql_fetch_assoc(mysql_query("SELECT `name` FROM `users` WHERE `id`=".$user.""));
}
echo '<b>User ID or Username:</b><br/><input type="text" name="logid" maxlength="20" '.($user ? 'value="' . $usr['name'] . '"' : '').' /><br/>';
echo '<b>Mobopoints:</b><br/><small>(Choose points you can shared)</small><br/><input type="radio" value="50" name="sum" id="chat_text" dir="auto"/> 50<br/><input type="radio" value="100" name="sum" id="chat_text" dir="auto"/> 100 <br/> <input type="radio" value="500" name="sum" id="chat_text" dir="auto"/> 500 <br/> <input type="radio" value="1000" name="sum" id="chat_text" dir="auto"/> 1,000 <br/><input type="radio" value="5000" name="sum" id="chat_text" dir="auto"/> 5,000<br/><input type="radio" value="10000" name="sum" id="chat_text" dir="auto"/> 10,000<br/><input type="radio" value="20000" name="sum" id="chat_text" dir="auto"/> 20,000 <br/><input type="radio" value="50000" name="sum" id="chat_text" dir="auto"/> 50,000 <br/><input type="radio" value="100000" name="sum" id="chat_text" dir="auto"/> 1,00,000<br/><input type="radio" value="500000" name="sum" id="chat_text" dir="auto"/> 5,00,000<br/><input type="radio" value="1000000" name="sum" id="chat_text" dir="auto"/> 10,00,000<br/></div>';
echo '<input type="submit" name="submit" value="Transfer"/></form>';
break;
}
}

echo '</div>';
require_once('../incfiles/random_link.php');
echo '<br/><div class="back">< <a href="/super_powers/index.php"><font color="#fff">Mobo Bank</font></a><br/>< <a href="/users/profile.php?act=office"><font color="#fff">My Zone</font></a></div>';
require_once('../incfiles/end.php');
?>

# Koenig (04.10.2016 / 21:38)
The-Undertaker, this code v.3+ jcms