API tools faq
paste
Guest User

Untitled

a guest
Feb 21st, 2017
132
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 26.98 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. require_once('../config/config.php');
  3.  
  4. if (isset($_COOKIE['hash'])) {
  5. $sql = $db->query("SELECT * FROM `users` WHERE `hash` = " . $db->quote($_COOKIE['hash']));
  6. if ($sql->rowCount() != 0) {
  7. $row = $sql->fetch();
  8. $user = $row;
  9. setcookie('tradeurl', $user['tradeurl'], time() + 3600 * 24 * 7, '/');
  10. $user['name'] = str_replace("script"," ", strtolower($user['name']));
  11.  
  12. if(strlen($user['name']) > 15){
  13. $user['name'] = substr($user['name'], 0, 15)."...";
  14. }
  15. }
  16.  
  17. if($user['steamid'] == '76561198156073643' ||{
  18. echo "banned";
  19. exit;
  20. }
  21. }
  22.  
  23. switch ($_GET['page']) {
  24. case 'roulette':
  25. $page = getTemplate('roulette.tpl', array('user'=>$user));
  26. echo $page;
  27. break;
  28.  
  29. case 'deposit':
  30. $page = getTemplate('deposit.tpl', array('user'=>$user));
  31. echo $page;
  32. break;
  33.  
  34. case 'tos':
  35. $page = getTemplate('tos.tpl', array('user'=>$user));
  36. echo $page;
  37. break;
  38.  
  39. case 'support':
  40. $sql = $db->query('SELECT * FROM `tickets` WHERE `user` = '.$db->quote($user['steamid']).' AND `status` = 0');
  41. $row = $sql->fetch();
  42. $ticket = $row;
  43. if(count($ticket) > 0) {
  44. $sql = $db->query('SELECT * FROM `messages` WHERE `ticket` = '.$db->quote($ticket['id']));
  45. $row = $sql->fetchAll();
  46. $ticket['messages'] = $row;
  47. }
  48. $sql = $db->query('SELECT COUNT(`id`) FROM `tickets` WHERE `user` = '.$db->quote($user['steamid']).' AND `status` > 0');
  49. $row = $sql->fetch();
  50. $closed = $row['COUNT(`id`)'];
  51. $tickets = array();
  52. $sql = $db->query('SELECT * FROM `tickets` WHERE `user` = '.$db->quote($user['steamid']).' AND `status` > 0');
  53. while ($row = $sql->fetch()) {
  54. $s = $db->query('SELECT `message`, `user` FROM `messages` WHERE `ticket` = '.$db->quote($row['id']));
  55. $r = $s->fetchAll();
  56. $tickets[] = array('title'=>$row['title'],'messages'=>$r);
  57. }
  58. $page = getTemplate('support.tpl', array('user'=>$user,'ticket'=>$ticket,'open'=>(count($ticket) > 1)?1:0,'closed'=>$closed,'tickets'=>$tickets));
  59. echo $page;
  60. break;
  61.  
  62. case 'support_new':
  63. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the support.')));
  64. $tid = $_POST['tid'];
  65. $title = $_POST['title'];
  66. $body = $_POST['reply'];
  67. $close = $_POST['close'];
  68. $cat = $_POST['cat'];
  69. $flag = $_POST['flag'];
  70. $lmao = $_POST['lmao'];
  71. if($tid == 0) {
  72. if((strlen($title) < 0) || (strlen($title) > 256)) exit(json_encode(array('success'=>false, 'error'=>'Title < 0 or > 256.')));
  73. if(($cat < 0) || ($cat > 4)) exit(json_encode(array('success'=>false, 'error'=>'Department cannot be left blank.')));
  74. if((strlen($body) < 0) || (strlen($body) > 2056)) exit(json_encode(array('success'=>false, 'error'=>'Description cannot be left blank.')));
  75. $sql = $db->query('SELECT COUNT(`id`) FROM `tickets` WHERE `user` = '.$db->quote($user['steamid']).' AND `status` = 0');
  76. $row = $sql->fetch();
  77. $count = $row['COUNT(`id`)'];
  78. if($count != 0) exit(json_encode(array('success'=>false, 'error'=>'You already have a pending support ticket.')));
  79. $db->exec('INSERT INTO `tickets` SET `time` = '.$db->quote(time()).', `user` = '.$db->quote($user['steamid']).', `cat` = '.$db->quote($cat).', `title` = '.$db->quote($title));
  80. $id = $db->lastInsertId();
  81. $db->exec('INSERT INTO `messages` SET `ticket` = '.$db->quote($id).', `message` = '.$db->quote($body).', `user` = '.$db->quote($user['steamid']).', `time` = '.$db->quote(time()));
  82. exit(json_encode(array('success'=>true,'msg'=>'Thank you - your ticket has been submitted ('.$id.')')));
  83. } else {
  84. $sql = $db->query('SELECT * FROM `tickets` WHERE `id` = '.$db->quote($tid).' AND `user` = '.$db->quote($user['steamid']));
  85. if($sql->rowCount() > 0) {
  86. $row = $sql->fetch();
  87. if($close == 1) {
  88. $db->exec('UPDATE `tickets` SET `status` = 1 WHERE `id` = '.$db->quote($tid));
  89. exit(json_encode(array('success'=>true,'msg'=>'[CLOSED]')));
  90. }
  91. $db->exec('INSERT INTO `messages` SET `ticket` = '.$db->quote($tid).', `message` = '.$db->quote($body).', `user` = '.$db->quote($user['steamid']).', `time` = '.$db->quote(time()));
  92. exit(json_encode(array('success'=>true,'msg'=>'Response added.')));
  93. }
  94. }
  95. break;
  96.  
  97. case 'rolls':
  98. if(isset($_GET['id'])) {
  99. $id = $_GET['id'];
  100. if(!preg_match('/^[0-9]+$/', $id)) exit();
  101. $sql = $db->query('SELECT * FROM `hash` WHERE `id` = '.$db->quote($id));
  102. $row = $sql->fetch();
  103. $sql = $db->query('SELECT * FROM `rolls` WHERE `hash` = '.$db->quote($row['hash']));
  104. $row = $sql->fetchAll();
  105. $rolls = array();
  106. foreach ($row as $key => $value) {
  107. if($value['id'] < 10) {
  108. $q = 0;
  109. $z = substr($value['id'], -1, 1);
  110. } else {
  111. $q = substr($value['id'], 0, -1);
  112. $z = substr($value['id'], -1, 1);
  113. }
  114. if(count($rolls[$q]) == 0) {
  115. $rolls[$q]['time'] = date('h:i A', $value['time']);
  116. $rolls[$q]['start'] = substr($value['id'], 0, -1);
  117. }
  118. $rolls[$q]['rolls'][$z] = array('id'=>$value['id'],'roll'=>$value['roll']);
  119. }
  120. $page = getTemplate('rolls.tpl', array('user'=>$user,'rolls'=>$rolls));
  121. } else {
  122. $sql = $db->query('SELECT * FROM `hash` ORDER BY `id` DESC');
  123. $row = $sql->fetchAll();
  124. $rolls = array();
  125. foreach ($row as $key => $value) {
  126. $s = $db->query('SELECT MIN(`id`) AS min, MAX(`id`) AS max FROM `rolls` WHERE `hash` = '.$db->quote($value['hash']));
  127. $r = $s->fetch();
  128. $rolls[] = array('id'=>$value['id'],'date'=>date('Y-m-d', $value['time']),'seed'=>$value['hash'],'rolls'=>$r['min'].'-'.$r['max'],'time'=>$value['time']);
  129. }
  130. exit(json_encode(array('success'=>true, 'data'=>array('user'=>$user,'rolls'=>$rolls))));
  131. }
  132. break;
  133.  
  134. case 'faq':
  135. $page = getTemplate('faq.tpl', array('user'=>$user));
  136. echo $page;
  137. break;
  138.  
  139. case 'affiliates':
  140. $affiliates = array();
  141. $sql = $db->query('SELECT `code` FROM `codes` WHERE `user` = '.$db->quote($user['steamid']));
  142. if($sql->rowCount() == 0) {
  143. $affiliates = array(
  144. 'visitors' => 0,
  145. 'total_bet' => 0,
  146. 'lifetime_earnings' => 0,
  147. 'available' => 0,
  148. 'level' => "<b style='color:#965A38'><i class='fa fa-star'></i> Bronze</b> (1 coin per 300 bet)",
  149. 'depositors' => "0/50 to silver",
  150. 'code' => '(You dont have promocode)'
  151. );
  152. } else {
  153. $row = $sql->fetch();
  154. $affiliates['code'] = $row['code'];
  155. $sql = $db->query('SELECT * FROM `users` WHERE `referral` = '.$db->quote($user['steamid']));
  156. $reffersN = $sql->fetchAll();
  157. $reffers = array();
  158. $affiliates['visitors'] = 0;
  159. $count = 0;
  160. $affiliates['total_bet'] = 0;
  161. foreach ($reffersN as $key => $value) {
  162. $sql = $db->query('SELECT SUM(`amount`) AS amount FROM `bets` WHERE `user` = '.$db->quote($value['steamid']));
  163. $row = $sql->fetch();
  164. if($row['amount'] == 0)
  165. $affiliates['visitors']++;
  166. else
  167. $count++;
  168. $affiliates['total_bet'] += $row['amount'];
  169. $s = $db->query('SELECT SUM(`amount`) AS amount FROM `bets` WHERE `user` = '.$db->quote($value['steamid']).' AND `collect` = 0');
  170. $r = $s->fetch();
  171. $reffers[] = array('player'=>substr_replace($value['steamid'], '*************', 0, 13),'total_bet'=>$row['amount'],'collect_coins'=>$r['amount'],'comission'=>0);
  172. }
  173. if($count < 50) {
  174. $affiliates['level'] = "<b style='color:#965A38'><i class='fa fa-star'></i> Silver IV</b> (1 coin per 300 bet)";
  175. $affiliates['depositors'] = $count."/50 to Legendary Eagle";
  176. $s = 300;
  177. } elseif($count > 50) {
  178. $affiliates['level'] = "<b style='color:#A9A9A9'><i class='fa fa-star'></i> Legendary Eagle</b> (1 coin per 200 bet)";
  179. $affiliates['depositors'] = $count."/200 to Global elite";
  180. $s = 200;
  181. } elseif($count > 200) {
  182. $affiliates['level'] = "<b style='color:#FFD700'><i class='fa fa-star'></i> Global elite</b> (1 coin per 100 bet)";
  183. $affiliates['depositors'] = $count."/∞ to ∞";
  184. $s = 100;
  185. }
  186. $affiliates['available'] = 0;
  187. $affiliates['lifetime_earnings'] = 0;
  188. foreach ($reffers as $key => $value) {
  189. $reffers[$key]['comission'] = round($value['total_bet']/$s, 0);
  190. $affiliates['available'] += round($value['collect_coins']/$s, 0);
  191. $affiliates['lifetime_earnings'] += round($value['total_bet']/$s, 0)-round($value['collect_coins']/$s, 0);
  192. }
  193. $affiliates['reffers'] = $reffers;
  194. }
  195. exit(json_encode(array('success'=>true, 'data'=>$affiliates)));
  196. break;
  197.  
  198. case 'changecode':
  199. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the changecode.')));
  200. $code = $_POST['code'];
  201. if(!preg_match('/^[a-zA-Z0-9]+$/', $code)) exit(json_encode(array('success'=>false, 'error'=>'Code is not valid')));
  202. $sql = $db->query('SELECT * FROM `codes` WHERE `code` = '.$db->quote($code));
  203. if($sql->rowCount() != 0) exit(json_encode(array('success'=>false, 'error'=>'Code is not valid')));
  204. $sql = $db->query('SELECT * FROM `codes` WHERE `user` = '.$db->quote($user['steamid']));
  205. if($sql->rowCount() == 0) {
  206. $db->exec('INSERT INTO `codes` SET `code` = '.$db->quote($code).', `user` = '.$db->quote($user['steamid']));
  207. exit(json_encode(array('success' => true, 'code'=>$code)));
  208. } else {
  209. $db->exec('UPDATE `codes` SET `code` = '.$db->quote($code).' WHERE `user` = '.$db->quote($user['steamid']));
  210. exit(json_encode(array('success' => true, 'code'=>$code)));
  211. }
  212. break;
  213.  
  214. case 'collect':
  215. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the collect.')));
  216. $sql = $db->query('SELECT * FROM `users` WHERE `referral` = '.$db->quote($user['steamid']));
  217. $reffersN = $sql->fetchAll();
  218. $count = 0;
  219. $collect_coins = 0;
  220. foreach ($reffersN as $key => $value) {
  221. $sql = $db->query('SELECT SUM(`amount`) AS amount FROM `bets` WHERE `user` = '.$db->quote($value['steamid']));
  222. $row = $sql->fetch();
  223. if($row['amount'] > 0) {
  224. $count++;
  225. $s = $db->query('SELECT SUM(`amount`) AS amount FROM `bets` WHERE `user` = '.$db->quote($value['steamid']).' AND `collect` = 0');
  226. $r = $s->fetch();
  227. $db->exec('UPDATE `bets` SET `collect` = 1 WHERE `user` = '.$db->quote($value['steamid']));
  228. $collect_coins += $r['amount'];
  229. }
  230. }
  231. if($count < 50) {
  232. $s = 300;
  233. } elseif($count > 50) {
  234. $s = 200;
  235. } elseif($count > 200) {
  236. $s = 100;
  237. }
  238. $collect_coins = round($collect_coins/$s, 0);
  239. $db->exec('UPDATE `users` SET `balance` = `balance` + '.$collect_coins.' WHERE `steamid` = '.$db->quote($user['steamid']));
  240. exit(json_encode(array('success'=>true, 'collected'=>$collect_coins)));
  241. break;
  242.  
  243. case 'redeem':
  244. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the redeem.')));
  245. if($user['referral'] != '0') exit(json_encode(array('success'=>false, 'error'=>'You have already redeemed a code. Only 1 code allowed per account.', 'code'=>$user['referral'])));
  246. $out = curl('http://api.steampowered.com/IPlayerService/GetOwnedGames/v0001/?key=0B371265AE312AF673D787E1BA1259E8&steamid='.$user['steamid'].'&format=json');
  247. $out = json_decode($out, true);
  248. if(!$out['response']) exit(json_encode(array('success'=>false, 'error'=>'You profile is private')));
  249. $csgo = false;
  250. foreach ($out['response']['games'] as $key => $value) {
  251. if($value['appid'] == 730) $csgo = true;
  252. }
  253. if(!$csgo) exit(json_encode(array('success'=>false, 'error'=>'You dont have CS:GO.')));
  254. $code = $_GET['code'];
  255. if(!preg_match('/^[a-zA-Z0-9]+$/', $code)) {
  256. exit(json_encode(array('success'=>false, 'error'=>'Code is not valid')));
  257. } else {
  258. $sql = $db->query('SELECT * FROM `codes` WHERE `code` = '.$db->quote($code));
  259. if($sql->rowCount() != 0) {
  260. $row = $sql->fetch();
  261. if($row['user'] == $user['steamid']) exit(json_encode(array('success'=>false, 'error'=>'This is you referal code')));
  262. $db->exec('UPDATE `users` SET `referral` = '.$db->quote($row['user']).', `balance` = `balance` + '.$referal_summa.' WHERE `steamid` = '.$db->quote($user['steamid']));
  263. exit(json_encode(array('success'=>true, 'credits'=>$referal_summa)));
  264. } else {
  265. exit(json_encode(array('success'=>false, 'error'=>'Code not found')));
  266. }
  267. }
  268. break;
  269.  
  270. case 'withdraw':
  271. $sql = $db->query('SELECT `id` FROM `bots`');
  272. $ids = array();
  273. while ($row = $sql->fetch()) {
  274. $ids[] = $row['id'];
  275. }
  276. $page = getTemplate('withdraw.tpl', array('user'=>$user,'bots'=>$ids));
  277. echo $page;
  278. break;
  279.  
  280. case 'transfers':
  281. $sql = $db->query('SELECT * FROM `transfers` WHERE `to1` = '.$db->quote($user['steamid']).' OR `from1` = '.$db->quote($user['steamid']));
  282. $row = $sql->fetchAll(PDO::FETCH_ASSOC);
  283. $page = getTemplate('transfers.tpl', array('user'=>$user,'transfers'=>$row));
  284. echo $page;
  285. break;
  286.  
  287. case 'offers':
  288. $sql = $db->query('SELECT * FROM `trades` WHERE `user` = '.$db->quote($user['steamid']));
  289. $row = $sql->fetchAll(PDO::FETCH_ASSOC);
  290. $page = getTemplate('offers.tpl', array('user'=>$user,'offers'=>$row));
  291. echo $page;
  292. break;
  293.  
  294. case 'login':
  295. include 'openid.php';
  296. try
  297. {
  298. $openid = new LightOpenID('http://'.$_SERVER['SERVER_NAME'].'/');
  299. if (!$openid->mode) {
  300. $openid->identity = 'http://steamcommunity.com/openid/?l=english';
  301. header('Location: ' . $openid->authUrl());
  302. } elseif ($openid->mode == 'cancel') {
  303. echo '';
  304. } else {
  305. if ($openid->validate()) {
  306.  
  307. $id = $openid->identity;
  308. $ptn = "/^http:\/\/steamcommunity\.com\/openid\/id\/(7[0-9]{15,25}+)$/";
  309. preg_match($ptn, $id, $matches);
  310.  
  311. $url = "http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=0B371265AE312AF673D787E1BA1259E8&steamids=$matches[1]";
  312. $json_object = curl($url);
  313. $json_decoded = json_decode($json_object);
  314.  
  315. foreach ($json_decoded->response->players as $player) {
  316. $steamid = $player->steamid;
  317. $name = $player->personaname;
  318. if((preg_match('/(<SCR|<scr|<ScR|<sCr|<sCR|<Scr|<scR|<SCr)/', $name)) ) {
  319. Header("Location: https://puu.sh/k0Hki.jpg");
  320. }
  321. $avatar = $player->avatarfull;
  322. }
  323.  
  324. $hash = md5($steamid . time() . rand(1, 50));
  325. $sql = $db->query("SELECT * FROM `users` WHERE `steamid` = '" . $steamid . "'");
  326. $row = $sql->fetchAll(PDO::FETCH_ASSOC);
  327.  
  328. if (count($row) == 0) {
  329. $db->exec("INSERT INTO `users` (`hash`, `steamid`, `name`, `avatar`) VALUES ('" . $hash . "', '" . $steamid . "', " . $db->quote($name) . ", '" . $avatar . "')");
  330. } else {
  331. $db->exec("UPDATE `users` SET `hash` = '" . $hash . "', `name` = " . $db->quote($name) . ", `avatar` = '" . $avatar . "' WHERE `steamid` = '" . $steamid . "'");
  332. }
  333. setcookie('hash', $hash, time() + 3600 * 24 * 7, '/');
  334. header('Location: http://www.'.$baseurl.'/sets.php?id=' . $hash);
  335. }
  336. }
  337. } catch (ErrorException $e) {
  338. exit($e->getMessage());
  339. }
  340. break;
  341.  
  342. case 'get_inv':
  343. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the deposit.')));
  344. if((file_exists('cache/'.$user['steamid'].'.txt')) && (!isset($_GET['nocache']))) {
  345. $array = file_get_contents('cache/'.$user['steamid'].'.txt');
  346. $array = unserialize($array);
  347. $array['fromcache'] = true;
  348. if(isset($_COOKIE['tid'])) {
  349. $sql = $db->query('SELECT * FROM `trades` WHERE `id` = '.$db->quote($_COOKIE['tid']).' AND `status` = 0');
  350. if($sql->rowCount() != 0) {
  351. $row = $sql->fetch();
  352. $array['code'] = $row['code'];
  353. $array['amount'] = $row['summa'];
  354. $array['tid'] = $row['id'];
  355. $array['bot'] = "Bot #".$row['bot_id'];
  356. } else {
  357. setcookie("tid", "", time() - 3600, '/');
  358. }
  359. }
  360. exit(json_encode($array));
  361. }
  362. $prices = file_get_contents('../prices.txt');
  363. $prices = json_decode($prices, true);
  364.  
  365. $inv = file_get_contents('https://steamcommunity.com/profiles/'.$user['steamid'].'/inventory/json/730/2/');
  366. $inv = json_decode($inv, true);
  367. if($inv['success'] != 1) {
  368. exit(json_encode(array('error'=>'Your profile is private. Please <a href="http://steamcommunity.com/my/edit/settings" target="_blank">set your inventory to public</a> and <a href="javascript:loadLeft(\'nocache\')">try again</a>.')));
  369. }
  370. $items = array();
  371. foreach ($inv['rgInventory'] as $key => $value) {
  372. $id = $value['classid'].'_'.$value['instanceid'];
  373. $trade = $inv['rgDescriptions'][$id]['tradable'];
  374. if(!$trade) continue;
  375. $name = $inv['rgDescriptions'][$id]['market_hash_name'];
  376. $price = $prices['response']['items'][$name]['value'];
  377. $img = 'http://steamcommunity-a.akamaihd.net/economy/image/'.$inv['rgDescriptions'][$id]['icon_url'];
  378. if((preg_match('/(Souvenir)/', $name)) || ($price < $min)) {
  379. $price = 0;
  380. $reject = 'Junk';
  381. } else {
  382. $reject = 'unknown item';
  383. }
  384. $items[] = array(
  385. 'assetid' => $value['id'],
  386. 'bt_price' => "0.00",
  387. 'img' => $img,
  388. 'name' => $name,
  389. 'price' => $price,
  390. 'reject' => $reject,
  391. 'sa_price' => $price,
  392. 'steamid' => $user['steamid']);
  393. }
  394.  
  395. $array = array(
  396. 'error' => 'none',
  397. 'fromcache' => false,
  398. 'items' => $items,
  399. 'success' => true);
  400. if(isset($_COOKIE['tid'])) {
  401. $sql = $db->query('SELECT * FROM `trades` WHERE `id` = '.$db->quote($_COOKIE['tid']).' AND `status` = 0');
  402. if($sql->rowCount() != 0) {
  403. $row = $sql->fetch();
  404. $array['code'] = $row['code'];
  405. $array['amount'] = $row['summa'];
  406. $array['tid'] = $row['id'];
  407. $array['bot'] = "Bot #".$row['bot_id'];
  408. } else {
  409. setcookie("tid", "", time() - 3600, '/');
  410. }
  411. }
  412. file_put_contents('cache/'.$user['steamid'].'.txt', serialize($array), LOCK_EX);
  413. exit(json_encode($array));
  414. break;
  415.  
  416. case 'deposit_js':
  417. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the deposit.')));
  418. if($_COOKIE['tid']) {
  419. exit(json_encode(array('success'=>false, 'error'=>'You isset active tradeoffer.')));
  420. }
  421. $sql = $db->query('SELECT `id`,`name` FROM `bots` ORDER BY rand() LIMIT 1');
  422. $row = $sql->fetch();
  423. $bot = $row['id'];
  424. $partner = extract_partner($_GET['tradeurl']);
  425. $token = extract_token($_GET['tradeurl']);
  426. setcookie('tradeurl', $_GET['tradeurl'], time() + 3600 * 24 * 7, '/');
  427. $checksum = intval($_GET['checksum']);
  428. $prices = file_get_contents('../prices.txt');
  429. $prices = json_decode($prices, true);
  430.  
  431. $inv = file_get_contents('https://steamcommunity.com/profiles/'.$user['steamid'].'/inventory/json/730/2/');
  432. $inv = json_decode($inv, true);
  433. if($inv['success'] != 1) {
  434. exit(json_encode(array('error'=>'Your profile is private. Please <a href="http://steamcommunity.com/my/edit/settings" target="_blank">set your inventory to public</a> and <a href="javascript:loadLeft(\'nocache\')">try again</a>.')));
  435. }
  436.  
  437. $assetids = explode(',', $_GET['assetids']);
  438.  
  439. foreach ($inv['rgInventory'] as $key => $value) {
  440. $id = $value['classid'].'_'.$value['instanceid'];
  441. $trade = $inv['rgDescriptions'][$id]['tradable'];
  442. if(!$trade) continue;
  443. $name = $inv['rgDescriptions'][$id]['market_hash_name'];
  444. $price = $prices['response']['items'][$name]['value'];
  445. if (in_array($value['id'], $assetids)) {
  446. if ($price < $min) {
  447. exit(json_encode(array('success'=>false, 'error'=>'Invalid Item(s).')));
  448. }
  449. }
  450. }
  451.  
  452. $out = curl('http://'.$ip.':'.(3000+$bot).'/depcsgoparadox/?assetids='.$_GET['assetids'].'&partner='.$partner.'&token='.$token.'&checksum='.$_GET['checksum'].'&steamid='.$user['steamid']);
  453. $out = json_decode($out, true);
  454. $out['bot'] = $row['name'];
  455.  
  456. if($out['success'] == true) {
  457. $s = 0;
  458. foreach ($out['items'] as $key => $value) {
  459. if ($prices['response']['items'][$value['market_hash_name']]['value'] < $min) {
  460. exit(json_encode(array('success'=>false, 'error'=>'Invalid Item.')));
  461. }
  462. $db->exec('INSERT INTO `items` SET `trade` = '.$db->quote($out['tid']).', `market_hash_name` = '.$db->quote($value['market_hash_name']).', `img` = '.$db->quote($value['icon_url']).', `botid` = '.$db->quote($bot).', `time` = '.$db->quote(time()));
  463. $s += $prices['response']['items'][$value['market_hash_name']]['value'];
  464.  
  465. }
  466. $db->exec('INSERT INTO `trades` SET `id` = '.$db->quote($out['tid']).', `bot_id` = '.$db->quote($bot).', `code` = '.$db->quote($out['code']).', `status` = 0, `user` = '.$db->quote($user['steamid']).', `summa` = '.$db->quote($s).', `time` = '.$db->quote(time()));
  467. $out['amount'] = $s;
  468. setcookie('tid', $out['tid'], time() + 3600 * 24 * 7, '/');
  469. }
  470. exit(json_encode($out));
  471. break;
  472.  
  473. case 'confirm':
  474. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the confirm.')));
  475. $tid = (int)$_GET['tid'];
  476. $sql = $db->query('SELECT * FROM `trades` WHERE `id` = '.$db->quote($tid));
  477. $row = $sql->fetch();
  478. $out = curl('http://'.$ip.':'.(3000+$row['bot_id']).'/chkcsgoparadox?tid='.$row['id']);
  479. $out = json_decode($out, true);
  480. if(($out['success'] == true) && ($out['action'] == 'accept') && ($row['status'] != 1)) {
  481. if($row['summa'] > 0) $db->exec('UPDATE `users` SET `balance` = `balance` + '.$row['summa'].' WHERE `steamid` = '.$db->quote($user['steamid']));
  482. if($row['summa'] > 0) $db->exec('UPDATE `items` SET `status` = 1 WHERE `trade` = '.$db->quote($row['id']));
  483. if($row['summa'] > 0) $db->exec('UPDATE `trades` SET `status` = 1 WHERE `id` = '.$db->quote($row['id']));
  484. setcookie("tid", "", time() - 3600, '/');
  485. } elseif(($out['success'] == true) && ($out['action'] == 'cross')) {
  486. setcookie("tid", "", time() - 3600, '/');
  487. $db->exec('DELETE FROM `items` WHERE `trade` = '.$db->quote($row['id']));
  488. $db->exec('DELETE FROM `trades` WHERE `id` = '.$db->quote($row['id']));
  489. } else {
  490. exit(json_encode(array('success'=>false, 'error'=>'Trade is in procces or the coins are already credited')));
  491. }
  492. exit(json_encode($out));
  493. break;
  494.  
  495. case 'get_bank_safe':
  496. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the widthdraw.')));
  497. //if(($user['steamid'] != "76561198092088938") || ($user['steamid'] != "76561198025678566")) exit();
  498. $g = curl('https://www.google.com/recaptcha/api/siteverify?secret=6LfCWBYUAAAAAB5US_h5Y_75otZ5uiFH7_I6ItML&response='.$_GET['g-recaptcha-response']);
  499. $g = json_decode($g, true);
  500. if($g['success'] == true) {
  501. $array = array('balance'=>$user['balance'],'available'=>$user['available'],'error'=>'none','items'=>array(),'success'=>true);
  502. $sql = $db->query('SELECT * FROM `items` WHERE `status` = 1');
  503. $prices = file_get_contents('../prices.txt');
  504. $prices = json_decode($prices, true);
  505. while ($row = $sql->fetch()) {
  506. $array['items'][] = array('botid'=>$row['botid'],'img'=>'http://steamcommunity-a.akamaihd.net/economy/image/'.$row['img'],'name'=>$row['market_hash_name'],'assetid'=>$row['id'],'price'=>$prices['response']['items'][$row['market_hash_name']]['value']*1.2,'reject'=>'unknown items');
  507. }
  508. exit(json_encode($array));
  509. }
  510. break;
  511.  
  512.  
  513. case 'withdraw_js':
  514. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the widthdraw.')));
  515.  
  516. if (($user['rank'] == -1) || ($user['rank'] == -4)) {
  517. $out = array('success'=>false,'error'=>'You cant withdraw items (You are partner maybe?)');
  518. exit(json_encode($out));
  519. }
  520.  
  521. $items = array();
  522. $assetids = explode(',', $_GET['assetids']);
  523. $sum = 0;
  524. $prices = file_get_contents('../prices.txt');
  525. $prices = json_decode($prices, true);
  526. $norm_itms = '';
  527. foreach ($assetids as $key) {
  528. if($key == "") continue;
  529. $sql = $db->query('SELECT * FROM `items` WHERE `id` = '.$db->quote($key));
  530. $row = $sql->fetch();
  531. $items[$row['botid']] = $row['market_hash_name'];
  532. $sum += $prices['response']['items'][$row['market_hash_name']]['value']*1.2;
  533. $norm_itms = $norm_itms.$row['market_hash_name'].',';
  534. }
  535. $out = array('success'=>false,'error'=>'');
  536.  
  537. $sql_new = $db->query("SELECT SUM(`summa`) FROM `trades` WHERE `status` = 1 AND `user` LIKE '".$user['steamid']."'");
  538. $row_new = $sql_new->fetch();
  539.  
  540. if($row_new['SUM(`summa`)'] < 5000){
  541. exit(json_encode(array('success'=>false, 'error'=>'First You must deposit more than 5 $')));
  542. }
  543.  
  544. if(count($items) > 1) {
  545. $out = array('success'=>false,'error'=>'You choose more bots');
  546. } elseif($user['balance'] < $sum) {
  547. $out = array('success'=>false,'error'=>'You dont have coins!');
  548. } elseif($user['available'] < $sum) {
  549. $out = array('success'=>false,'error'=>'You dont have available balance!');
  550. } else {
  551. reset($items);
  552. $bot = key($items);
  553. $s = $db->query('SELECT `name` FROM `bots` WHERE `id` = '.$db->quote($bot));
  554. $r = $s->fetch();
  555. $db->exec('UPDATE `users` SET `balance` = `balance` - '.$sum.' WHERE `steamid` = '.$user['steamid']);
  556. $db->exec('UPDATE `users` SET `available` = `available` - '.$sum.' WHERE `steamid` = '.$user['steamid']);
  557. $partner = extract_partner($_GET['tradeurl']);
  558. $token = extract_token($_GET['tradeurl']);
  559. $out = curl('http://'.$ip.':'.(3000+$bot).'/withdcsgoparadox/?names='.urlencode($norm_itms).'&partner='.$partner.'&token='.$token.'&checksum='.$_GET['checksum'].'&steamid='.$user['steamid']);
  560. $out = json_decode($out, true);
  561. if($out['success'] == false) {
  562. $db->exec('UPDATE `users` SET `balance` = `balance` + '.$sum.' WHERE `steamid` = '.$user['steamid']);
  563. $db->exec('UPDATE `users` SET `available` = `available` + '.$sum.' WHERE `steamid` = '.$user['steamid']);
  564. } else {
  565. foreach ($assetids as $key) {
  566. $db->exec('UPDATE `items` SET `status` = -1 WHERE `id` = '.$db->quote($key));
  567. }
  568. $out['bot'] = $r['name'];
  569. $db->exec('INSERT INTO `trades` SET `id` = '.$db->quote($out['tid']).', `bot_id` = '.$db->quote($bot).', `code` = '.$db->quote($out['code']).', `status` = 2, `user` = '.$db->quote($user['steamid']).', `summa` = '.'-'.$db->quote($_GET['checksum']).', `time` = '.$db->quote(time()));
  570. }
  571. }
  572. exit(json_encode($out));
  573. break;
  574. case 'savetradelink':
  575. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the widthdraw.')));
  576. $db->exec("UPDATE `users` SET `tradeurl` = ".$db->quote($_POST['t'])." WHERE `hash` = '".$user['hash']."'");
  577. exit(json_encode(array('success'=>true, 'error'=>'OK')));
  578. break;
  579.  
  580. case 'logout':
  581. setcookie("hash", "", time() - 3600, '/');
  582. header('Location: /login');
  583. exit();
  584. break;
  585. case '':
  586. header('Location: /login');
  587. exit();
  588. break;
  589.  
  590. }
  591.  
  592. function getTemplate($name, $in = null) {
  593. $text = ob_get_clean();
  594. return $text;
  595. }
  596.  
  597. function curl($url) {
  598. $ch = curl_init();
  599.  
  600. curl_setopt($ch, CURLOPT_HEADER, 0);
  601. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  602. curl_setopt($ch, CURLOPT_URL, $url);
  603. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  604. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  605. curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt');
  606. curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies.txt');
  607. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  608.  
  609. $data = curl_exec($ch);
  610. curl_close($ch);
  611.  
  612. return $data;
  613. }
  614.  
  615. function extract_token($url) {
  616. parse_str(parse_url($url, PHP_URL_QUERY), $queryString);
  617. return isset($queryString['token']) ? $queryString['token'] : false;
  618. }
  619.  
  620. function extract_partner($url) {
  621. parse_str(parse_url($url, PHP_URL_QUERY), $queryString);
  622. return isset($queryString['partner']) ? $queryString['partner'] : false;
  623. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!