Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- $steamid = mysql_real_escape_string($_GET['steamid']);
- if(isset($_SESSION['loggedin']) && $_SESSION['loggedin']) {
- if($steamid != $_SESSION['steamid']) {
- die("{\"success\": false, \"reason\":\"access_denied\"}");
- }
- } else {
- die("{\"success\": false, \"reason\":\"access_denied\"}");
- }
- require('api/db_connect.php');
- $url = "http://putinbet.com/withdrawblacklist.php";
- $response = file_get_contents($url) or die("{\"success\":false, \"reason\":\"failed_price_response\"}");
- $withdrawblacklist = json_decode($response);
- $type = mysql_real_escape_string($_GET['type']);
- if($type == 'withdraw' && in_array($steamid, $withdrawblacklist)) {
- die("{\"success\": false, \"reason\":\"blacklisted\"}");
- }
- $query0 = mysql_query("SELECT * FROM `steam_users` WHERE steamid='$steamid'") or die("{\"success\": false, \"reason\":\"".mysql_error()."\"}");
- if(mysql_num_rows($query0) == 0) {
- die("{\"success\": false, \"reason\":\"invalid_tradeurl\"}");
- }
- $result = mysql_fetch_array($query0);
- if($type == 'withdraw' && $result['totaldeposited'] < 5500) {
- die("{\"success\": false, \"reason\":\"deposit\"}");
- }
- /*if($type == 'withdraw' && $result['totalbet'] < 65000) {
- die("{\"success\": false, \"reason\":\"play\"}");
- }*/
- $value = $_GET['value'];
- if($type == 'withdraw' && floatval($value) > $result['balance']) {
- die("{\"success\": false, \"reason\":\"insufficient_balance\"}");
- }
- $items = json_decode($_GET['items']);
- foreach($items as $item) {
- $hash = $item[0];
- $unique_array[$hash]=$item;
- }
- $items = $unique_array;
- //DONE: withdraw exploit
- if($type == 'withdraw') {
- $url = "http://putinbet.com/getPlayerInventory.php?steamid=76561198292270366";
- } else {
- $url = "http://putinbet.com/getPlayerInventory.php?steamid=".$steamid;
- }
- $botInventoryResponse = file_get_contents($url) or die("{\"success\":false, \"reason\":\"failed_price_response\"}");
- $botInventory = json_decode($botInventoryResponse);
- foreach($items as $item) {
- if (isset($item[0], $botInventory->rgInventory)) {
- $itemHardCodeID = $botInventory->rgInventory->$item[0]->classid . "_" . $botInventory->rgInventory->$item[0]->instanceid;
- //$itemName = str_replace("{TM}", "™", $item[1]);
- $itemName = str_replace(['{STAR}', '{TM}'], ['★', '™'], $item[1]);
- if (strcmp($itemName,$botInventory->rgDescriptions->$itemHardCodeID->market_hash_name) !== 0) {
- die("{\"success\":false, \"reason\":\"rig\"}");
- /*
- $inp = file_get_contents('banned.json.file.i.don');
- $tempArray = json_decode($inp);
- array_push($tempArray, $data);
- $jsonData = json_encode($tempArray);
- file_put_contents('results.json', $jsonData)
- */
- } else {
- continue;
- }
- } else {
- die("{\"success\":false, \"reason\":\"rig\"}");
- }
- }
- }
- $url = "http://putinbet.com/getPriceList.php";
- $response = file_get_contents($url) or die("{\"success\":false, \"reason\":\"failed_price_response\"}");
- $response = str_replace("\u2122", "{TM}", $response);
- $response = str_replace("\u2605", "{STAR}", $response);
- $itemPrices = json_decode($response);
- $goToBot2 = 0;
- $value2 = 0.0;
- $botToUse = 1;
- foreach($items as $item) {
- $name = $item[1];
- //echo $itemPrices;//->items;
- $item_price = 0;
- if($itemPrices->items->$name->volume < 10) {
- $name = str_replace(" ", "%20", $name);
- $url = "http://putinbet.com/getItemPrice.php?market_hash_name=$name";
- $response = file_get_contents($url) or die("{\"success\":false, \"reason\":\"failed_price_response\"}");
- echo $response;
- $itemPriceStupid = json_decode($response);
- $item_price = floatval($itemPriceStupid->median_price) * 1000;
- } else {
- $item_price = floatval($itemPrices->items->$name->median_price) * 1000;
- }
- $value2 += $item_price;
- if($item_price >= 1000) {
- $goToBot2 = 1;
- }
- }
- if($value != $value2) {
- die("{\"success\": false, \"reason\":\"value_mismatch\", \"value\":$value2}");
- }
- $time = round(microtime(true) * 1000);
- $tradeurl = $result['tradeurl'];
- $matched = preg_match('/token=([\w-]+)/', $tradeurl, $token_matches);
- if($matched != 1) {
- die("{\"success\": false, \"reason\"\"invalid_tradeurl\"}");
- }
- $token = $token_matches[1];
- if($type == 'deposit' && $goToBot2 == 1) {
- $botToUse = 1;
- }
- if($type == 'withdraw' && $value2 >= 1) {
- $botToUse = -1;
- }
- $query1 = mysql_query("INSERT INTO `bot_tasks`(`id`, `task`, `steamid`, `value`, `status`, `tradetoken`, `botid`) VALUES ('$time', '$type', '$steamid', $value, 'new', '$token', $botToUse)") or die("{\"success\": false, \"reason\":\"".mysql_error()."\"}");
- foreach($items as $item) {
- $iid = mysql_real_escape_string($item[0]);
- $query2 = mysql_query("INSERT INTO `task_data`(`taskid`, `itemid`) VALUES('$time', '$iid')") or die("{\"success\": false, \"reason\":\"".mysql_error()."\"}");
- }
- if($type == 'withdraw') {
- mysql_query("UPDATE `steam_users` SET `balance`=`balance`-$value WHERE steamid='$steamid'") or die("{\"success\": false, \"reason\":\"".mysql_error()."\"}");
- }
- if($botToUse == -1) {
- echo "{\"success\":true, \"info\":\"adminApproval\"}";
- } else{
- echo "{\"success\":true, \"info\":false}";
- }
- mysql_close();
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement