I'm not that good with PHP, but I think that
header('Location: /');
won't end the script. So it will send the coins either way and only redirect to main page after that.
header('Location: /'); die();
should work though.
Perhaps, though I believe PHP works going downwards. If you put the check above where it sends coins, it shouldn't send them. Using die(); would probably be best to be safe though.