API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 25th, 2016
105
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 19.50 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. /*
  4.  * Faucet in a BOX
  5.  * https://faucetinabox.com/
  6.  *
  7.  * Copyright (c) 2014-2016 LiveHome Sp. z o. o.
  8.  *
  9.  * This file is part of Faucet in a BOX.
  10.  *
  11.  * Faucet in a BOX is free software: you can redistribute it and/or modify
  12.  * it under the terms of the GNU General Public License as published by
  13.  * the Free Software Foundation, either version 3 of the License, or
  14.  * (at your option) any later version.
  15.  *
  16.  * Faucet in a BOX is distributed in the hope that it will be useful,
  17.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19.  * GNU General Public License for more details.
  20.  *
  21.  * You should have received a copy of the GNU General Public License
  22.  * along with Faucet in a BOX.  If not, see <http://www.gnu.org/licenses/>.
  23.  */
  24.  
  25. require_once("script/common.php");
  26.  
  27. if(!$pass) {
  28.     // first run
  29.     header("Location: admin.php");
  30.     die("Please wait...");
  31. }
  32.  
  33. if(array_key_exists("p", $_GET) && in_array($_GET["p"], ["admin", "password-reset"])) {
  34.     header("Location: admin.php?p={$_GET["p"]}");
  35.     die("Please wait...");
  36. }
  37.  
  38. #reCaptcha template
  39. $recaptcha_template = <<<TEMPLATE
  40. <script src="https://www.google.com/recaptcha/api.js" async defer></script>
  41. <div class="g-recaptcha" data-sitekey="<:: your_site_key ::>"></div>
  42. <noscript>
  43.   <div style="width: 302px; height: 352px;">
  44.     <div style="width: 302px; height: 352px; position: relative;">
  45.       <div style="width: 302px; height: 352px; position: absolute;">
  46.         <iframe src="https://www.google.com/recaptcha/api/fallback?k=<:: your_site_key ::>"
  47.                 frameborder="0" scrolling="no"
  48.                 style="width: 302px; height:352px; border-style: none;">
  49.         </iframe>
  50.       </div>
  51.       <div style="width: 250px; height: 80px; position: absolute; border-style: none;
  52.                   bottom: 21px; left: 25px; margin: 0px; padding: 0px; right: 25px;">
  53.         <textarea id="g-recaptcha-response" name="g-recaptcha-response"
  54.                   class="g-recaptcha-response"
  55.                   style="width: 250px; height: 80px; border: 1px solid #c1c1c1;
  56.                          margin: 0px; padding: 0px; resize: none;" value="">
  57.         </textarea>
  58.       </div>
  59.     </div>
  60.   </div>
  61. </noscript>
  62. TEMPLATE;
  63.  
  64. if(!empty($_POST["mmc"])) {
  65.     $_SESSION["$session_prefix-mouse_movement_detected"] = true;
  66.     die();
  67. }
  68.  
  69. // show main page
  70. $q = $sql->query("SELECT value FROM Faucetinabox_Settings WHERE name = 'template'");
  71. $template = $q->fetch();
  72. $template = $template[0];
  73. if(!file_exists("templates/{$template}/index.php")) {
  74.     $templates = glob("templates/*");
  75.     if($templates)
  76.         $template = substr($templates[0], strlen("templates/"));
  77.     else
  78.         die(str_replace('<:: content ::>', "<div class='alert alert-danger' role='alert'>No templates found!</div>", $master_template));
  79. }
  80.  
  81. if(array_key_exists("HTTPS", $_SERVER) && $_SERVER["HTTPS"])
  82.     $protocol = "https://";
  83. else
  84.     $protocol = "http://";
  85.  
  86. if (array_key_exists("$session_prefix-address_input_name", $_SESSION) && array_key_exists($_SESSION["$session_prefix-address_input_name"], $_POST)) {
  87.     $_POST['address'] = $_POST[$_SESSION["$session_prefix-address_input_name"]];
  88. } else {
  89.     if($display_errors && $_SERVER['REQUEST_METHOD'] == "POST") {
  90.         if(array_key_exists("$session_prefix-address_input_name", $_SESSION)) {
  91.             trigger_error("Post request, but session is invalid.");
  92.         } else {
  93.             trigger_error("Post request, but invalid address input name.");
  94.         }
  95.     }
  96.     unset($_POST['address']);
  97. }
  98.  
  99.  
  100. $data = array(
  101.     "paid" => false,
  102.     "disable_admin_panel" => $disable_admin_panel,
  103.     "address" => "",
  104.     "captcha_valid" => !array_key_exists('address', $_POST),
  105.     "captcha" => false,
  106.     "enabled" => false,
  107.     "error" => false,
  108.     "reflink" => $protocol.$_SERVER['HTTP_HOST'].strtok($_SERVER['REQUEST_URI'], '?').'?r='
  109. );
  110. if(array_key_exists('address', $_POST)) {
  111.     $data["reflink"] .= $_POST['address'];
  112. } else if (array_key_exists('address', $_COOKIE)) {
  113.     $data["reflink"] .= $_COOKIE['address'];
  114.     $data["address"] = $_COOKIE['address'];
  115. } else {
  116.     $data["reflink"] .= 'Your_Address';
  117. }
  118.  
  119.  
  120. $q = $sql->query("SELECT name, value FROM Faucetinabox_Settings WHERE name <> 'password'");
  121.  
  122. while($row = $q->fetch()) {
  123.     if ($row[0] == "safety_limits_end_time") {
  124.         $time = strtotime($row[1]);
  125.         if ($time !== false && $time < time()) {
  126.             $row[1] = "";
  127.         }
  128.     }
  129.     $data[$row[0]] = $row[1];
  130. }
  131.  
  132. if(time() - $data['last_balance_check'] > 60*10) {
  133.     $fb = new FaucetBOX($data['apikey'], $data['currency'], $connection_options);
  134.     $ret = $fb->getBalance();
  135.     if(array_key_exists('balance', $ret)) {
  136.         if($data['currency'] != 'DOGE')
  137.             $balance = $ret['balance'];
  138.         else
  139.             $balance = $ret['balance_bitcoin'];
  140.         $q = $sql->prepare("UPDATE Faucetinabox_Settings SET value = ? WHERE name = ?");
  141.         $q->execute(array(time(), 'last_balance_check'));
  142.         $q->execute(array($balance, 'balance'));
  143.         $data['balance'] = $balance;
  144.         $data['last_balance_check'] = time();
  145.     }
  146. }
  147.  
  148. $data['unit'] = 'satoshi';
  149. if($data["currency"] == 'DOGE')
  150.     $data["unit"] = 'DOGE';
  151.  
  152.  
  153. #MuliCaptcha: Firstly check chosen captcha system
  154. $captcha = array('available' => array(), 'selected' => null);
  155. if ($data['solvemedia_challenge_key'] && $data['solvemedia_verification_key'] && $data['solvemedia_auth_key']) {
  156.     $captcha['available'][] = 'SolveMedia';
  157. }
  158. if ($data['recaptcha_public_key'] && $data['recaptcha_private_key']) {
  159.     $captcha['available'][] = 'reCaptcha';
  160. }
  161. if ($data['ayah_publisher_key'] && $data['ayah_scoring_key']) {
  162.     $captcha['available'][] = 'AreYouAHuman';
  163. }
  164. if ($data['funcaptcha_public_key'] && $data['funcaptcha_private_key']) {
  165.     $captcha['available'][] = 'FunCaptcha';
  166. }
  167.  
  168. #MuliCaptcha: Secondly check if user switched captcha or choose default
  169. if (array_key_exists('cc', $_GET) && in_array($_GET['cc'], $captcha['available'])) {
  170.     $captcha['selected'] = $captcha['available'][array_search($_GET['cc'], $captcha['available'])];
  171.     $_SESSION["$session_prefix-selected_captcha"] = $captcha['selected'];
  172. } elseif (array_key_exists("$session_prefix-selected_captcha", $_SESSION) && in_array($_SESSION["$session_prefix-selected_captcha"], $captcha['available'])) {
  173.     $captcha['selected'] = $_SESSION["$session_prefix-selected_captcha"];
  174. } else {
  175.     if($captcha['available'])
  176.         $captcha['selected'] = $captcha['available'][0];
  177.     if (in_array($data['default_captcha'], $captcha['available'])) {
  178.         $captcha['selected'] = $data['default_captcha'];
  179.     } else if($captcha['available']) {
  180.         $captcha['selected'] = $captcha['available'][0];
  181.     }
  182. }
  183.  
  184.  
  185.  
  186. #MuliCaptcha: And finally handle chosen captcha system
  187. switch ($captcha['selected']) {
  188.     case 'SolveMedia':
  189.         require_once("libs/solvemedialib.php");
  190.         $data["captcha"] = solvemedia_get_html($data["solvemedia_challenge_key"], null, is_ssl());
  191.         if (array_key_exists('address', $_POST)) {
  192.             $resp = solvemedia_check_answer(
  193.                 $data['solvemedia_verification_key'],
  194.                 getIP(),
  195.                 (array_key_exists('adcopy_challenge', $_POST) ? $_POST['adcopy_challenge'] : ''),
  196.                 (array_key_exists('adcopy_response', $_POST) ? $_POST['adcopy_response'] : ''),
  197.                 $data["solvemedia_auth_key"]
  198.             );
  199.             $data["captcha_valid"] = $resp->is_valid;
  200.         }
  201.     break;
  202.     case 'reCaptcha':
  203.         $data["captcha"] = str_replace('<:: your_site_key ::>', $data["recaptcha_public_key"], $recaptcha_template);
  204.         if (array_key_exists('address', $_POST)) {
  205.             $url = 'https://www.google.com/recaptcha/api/siteverify?secret='.$data["recaptcha_private_key"].'&response='.(array_key_exists('g-recaptcha-response', $_POST) ? $_POST["g-recaptcha-response"] : '').'&remoteip='.getIP();
  206.             $resp = json_decode(file_get_contents($url), true);
  207.             $data['captcha_valid'] = $resp['success'];
  208.         }
  209.     break;
  210.     case 'AreYouAHuman':
  211.         require_once("libs/ayahlib.php");
  212.         $ayah = new AYAH(array(
  213.             'publisher_key' => $data['ayah_publisher_key'],
  214.             'scoring_key' => $data['ayah_scoring_key'],
  215.             'web_service_host' => 'ws.areyouahuman.com',
  216.             'debug_mode' => false,
  217.             'use_curl' => !($connection_options['disable_curl'])
  218.         ));
  219.         $data['captcha'] = $ayah->getPublisherHTML();
  220.         if (array_key_exists('address', $_POST)) {
  221.             $score = $ayah->scoreResult();
  222.             $data['captcha_valid'] = $score;
  223.         }
  224.     break;
  225.     case 'FunCaptcha':
  226.         require_once("libs/funcaptcha.php");
  227.         $funcaptcha = new FUNCAPTCHA();
  228.  
  229.         $data["captcha"] =  $funcaptcha->getFunCaptcha($data["funcaptcha_public_key"]);
  230.  
  231.         if (array_key_exists('address', $_POST)) {
  232.             $data['captcha_valid'] =  $funcaptcha->checkResult($data["funcaptcha_private_key"]);
  233.         }
  234.     break;
  235. }
  236.  
  237. $data['captcha_info'] = $captcha;
  238.  
  239. if($data['captcha'] && $data['apikey'] && $data['rewards'])
  240.     $data['enabled'] = true;
  241.  
  242.  
  243. // check if ip eligible
  244. $q = $sql->prepare("SELECT TIMESTAMPDIFF(MINUTE, last_used, CURRENT_TIMESTAMP()) FROM Faucetinabox_IPs WHERE ip = ?");
  245. $q->execute(array(getIP()));
  246. if ($time = $q->fetch()) {
  247.     $time = intval($time[0]);
  248.     $required = intval($data['timer']);
  249.     $data['time_left'] = ($required-$time).' minutes';
  250.     $data['eligible'] = $time >= intval($data['timer']);
  251. } else {
  252.     $data["eligible"] = true;
  253. }
  254.  
  255. $rewards = explode(',', $data['rewards']);
  256. $total_weight = 0;
  257. $nrewards = array();
  258. foreach($rewards as $reward) {
  259.     $reward = explode("*", trim($reward));
  260.     if(count($reward) < 2) {
  261.         $reward[1] = $reward[0];
  262.         $reward[0] = 1;
  263.     }
  264.     $total_weight += intval($reward[0]);
  265.     $nrewards[] = $reward;
  266. }
  267. $rewards = $nrewards;
  268. if(count($rewards) > 1) {
  269.     $possible_rewards = array();
  270.     foreach($rewards as $r) {
  271.         $chance_per = 100 * $r[0]/$total_weight;
  272.         if($chance_per < 0.1)
  273.             $chance_per = '< 0.1%';
  274.         else
  275.             $chance_per = round(floor($chance_per*10)/10, 1).'%';
  276.  
  277.         $possible_rewards[] = $r[1]." ($chance_per)";
  278.     }
  279. } else {
  280.     $possible_rewards = array($rewards[0][1]);
  281. }
  282.  
  283. $data['address_eligible'] = true;
  284.  
  285. if (array_key_exists('address', $_POST) &&
  286.    $data['captcha_valid'] &&
  287.    $data['enabled'] &&
  288.    $data['eligible']
  289. ) {
  290.  
  291.     $q = $sql->prepare("SELECT TIMESTAMPDIFF(MINUTE, last_used, CURRENT_TIMESTAMP()) FROM Faucetinabox_Addresses WHERE `address` = ?");
  292.     $q->execute(array(trim($_POST['address'])));
  293.     if ($time = $q->fetch()) {
  294.         $time = intval($time[0]);
  295.         $required = intval($data['timer']);
  296.         $data['time_left'] = ($required-$time).' minutes';
  297.         $eligible = $time >= intval($data['timer']);
  298.     } else {
  299.         $eligible = true;
  300.     }
  301.     $data['address_eligible'] = $eligible;
  302.     if($eligible) {
  303.         $r = mt_rand()/mt_getrandmax();
  304.         $t = 0;
  305.         foreach($rewards as $reward) {
  306.             $t += intval($reward[0])/$total_weight;
  307.             if($t > $r) {
  308.                 break;
  309.             }
  310.         }
  311.  
  312.         if (strpos($reward[1], '-') !== false) {
  313.             $reward_range = explode('-', $reward[1]);
  314.             $from = floatval($reward_range[0]);
  315.             $to = floatval($reward_range[1]);
  316.             $reward = mt_rand($from, $to);
  317.         } else {
  318.             $reward = floatval($reward[1]);
  319.         }
  320.         if($data["currency"] == "DOGE")
  321.             $reward = $reward * 100000000;
  322.  
  323.         $q = $sql->prepare("SELECT balance FROM Faucetinabox_Refs WHERE address = ?");
  324.         $q->execute(array(trim($_POST["address"])));
  325.         if($b = $q->fetch()) {
  326.             $refbalance = floatval($b[0]);
  327.         } else {
  328.             $refbalance = 0;
  329.         }
  330.         $fb = new FaucetBOX($data["apikey"], $data["currency"], $connection_options);
  331.         $address = trim($_POST["address"]);
  332.         if (empty($address)) {
  333.             $ret = array(
  334.                 "success" => false,
  335.                 "message" => "Invalid address.",
  336.                 "html" => "<div class=\"alert alert-danger\">Invalid address.</div>"
  337.             );
  338.         } else if (in_array($address, $security_settings["address_ban_list"])) {
  339.             $ret = array(
  340.                 "success" => false,
  341.                 "message" => "Unknown error.",
  342.                 "html" => "<div class=\"alert alert-danger\">Unknown error.</div>"
  343.             );
  344.         } else {
  345.             $ret = $fb->send($address, $reward);
  346.         }
  347.         if($ret["success"] && $refbalance > 0)
  348.             $ret = $fb->sendReferralEarnings(trim($_POST["address"]), $refbalance);
  349.         if($ret['success']) {
  350.             setcookie('address', trim($_POST['address']), time() + 60*60*24*60);
  351.             if(array_key_exists('balance', $ret)) {
  352.                 $q = $sql->prepare("UPDATE Faucetinabox_Settings SET `value` = ? WHERE `name` = 'balance'");
  353.  
  354.                 if($data['unit'] == 'satoshi')
  355.                     $data['balance'] = $ret['balance'];
  356.                 else
  357.                     $data['balance'] = $ret['balance_bitcoin'];
  358.                 $q->execute(array($data['balance']));
  359.             }
  360.  
  361.             $sql->exec("UPDATE Faucetinabox_Settings SET value = '' WHERE `name` = 'safety_limits_end_time' ");
  362.  
  363.             // handle refs
  364.             // deduce balance
  365.             $q = $sql->prepare("UPDATE Faucetinabox_Refs SET balance = balance - ? WHERE address = ?");
  366.             $q->execute(array($refbalance, trim($_POST['address'])));
  367.             // add balance
  368.             if(array_key_exists('r', $_GET) && trim($_GET['r']) != trim($_POST["address"])) {
  369.                 $q = $sql->prepare("INSERT IGNORE INTO Faucetinabox_Refs (address) VALUES (?)");
  370.                 $q->execute(array(trim($_GET["r"])));
  371.                 $q = $sql->prepare("INSERT IGNORE INTO Faucetinabox_Addresses (`address`, `ref_id`, `last_used`) VALUES (?, (SELECT id FROM Faucetinabox_Refs WHERE address = ?), CURRENT_TIMESTAMP())");
  372.                 $q->execute(array(trim($_POST['address']), trim($_GET['r'])));
  373.             }
  374.             $refamount = floatval($data['referral'])*$reward/100;
  375.             $q = $sql->prepare("SELECT address FROM Faucetinabox_Refs WHERE id = (SELECT ref_id FROM Faucetinabox_Addresses WHERE address = ?)");
  376.             $q->execute(array(trim($_POST['address'])));
  377.             if($ref = $q->fetch()) {
  378.                 if(!in_array(trim($ref[0]), $security_settings['address_ban_list'])) {
  379.                     $fb->sendReferralEarnings(trim($ref[0]), $refamount);
  380.                 }
  381.             }
  382.  
  383.             if($refbalance > 0) {
  384.                 $data['paid'] = '<div class="alert alert-success">'.htmlspecialchars($reward).' '.$unit.' + '.htmlspecialchars($refbalance).' '.$unit.' for referrals was sent to <a target="_blank" href="https://faucetbox.com/check/'.rawurlencode(trim($_POST["address"])).'">your FaucetBOX.com address</a>.</div>';
  385.             } else {
  386.                 if($data['unit'] == 'satoshi')
  387.                     $data['paid'] = $ret['html'];
  388.                 else
  389.                     $data['paid'] = $ret['html_coin'];
  390.             }
  391.         } else {
  392.             $response = json_decode($ret["response"]);
  393.             if ($response && property_exists($response, "status") && $response->status == 450) {
  394.                 // how many minutes until next safety limits reset?
  395.                 $end_minutes  = (date("i") > 30 ? 60 : 30) - date("i");
  396.                 // what date will it be exactly?
  397.                 $end_date = date("Y-m-d H:i:s", time()+$end_minutes*60-date("s"));
  398.                 $sql->prepare("UPDATE Faucetinabox_Settings SET value = ? WHERE `name` = 'safety_limits_end_time' ")->execute([$end_date]);
  399.             }
  400.             $data['error'] = $ret['html'];
  401.         }
  402.         if($ret['success'] || $fb->communication_error) {
  403.             $q = $sql->prepare("INSERT INTO Faucetinabox_IPs (`ip`, `last_used`) VALUES (?, CURRENT_TIMESTAMP()) ON DUPLICATE KEY UPDATE `last_used` = CURRENT_TIMESTAMP()");
  404.             $q->execute(array(getIP()));
  405.             $q = $sql->prepare("INSERT INTO Faucetinabox_Addresses (`address`, `last_used`) VALUES (?, CURRENT_TIMESTAMP()) ON DUPLICATE KEY UPDATE `last_used` = CURRENT_TIMESTAMP()");
  406.             $q->execute(array(trim($_POST["address"])));
  407.  
  408.             // suspicious checks
  409.             $q = $sql->query("SELECT value FROM Faucetinabox_Settings WHERE name = 'template'");
  410.             if($r = $q->fetch()) {
  411.                 if(stripos(file_get_contents('templates/'.$r[0].'/index.php'), 'libs/mmc.js') !== FALSE) {
  412.                     if($fake_address_input_used || !empty($_POST["honeypot"])) {
  413.                         suspicious($security_settings["ip_check_server"], "honeypot");
  414.                     }
  415.  
  416.                     if(empty($_SESSION["$session_prefix-mouse_movement_detected"])) {
  417.                         suspicious($security_settings["ip_check_server"], "mmc");
  418.                     }
  419.                 }
  420.             }
  421.         }
  422.     }
  423. }
  424.  
  425. if(!$data['enabled'])
  426.     $page = 'disabled';
  427. elseif($data['paid'])
  428.     $page = 'paid';
  429. elseif($data['eligible'] && $data['address_eligible'])
  430.     $page = 'eligible';
  431. else
  432.     $page = 'visit_later';
  433. $data['page'] = $page;
  434.  
  435. if (!empty($_SERVER["HTTP_X_REQUESTED_WITH"]) && strtolower($_SERVER["HTTP_X_REQUESTED_WITH"]) === "xmlhttprequest") {
  436.     trigger_error("AJAX call that would break session");
  437.     die();
  438. }
  439.  
  440. $_SESSION["$session_prefix-address_input_name"] = randHash(rand(25,35));
  441. $data['address_input_name'] = $_SESSION["$session_prefix-address_input_name"];
  442.  
  443. $data['rewards'] = implode(', ', $possible_rewards);
  444.  
  445. $q = $sql->query("SELECT url_name, name FROM Faucetinabox_Pages ORDER BY id");
  446. $data["user_pages"] = $q->fetchAll();
  447.  
  448. $allowed = array("page", "name", "rewards", "short", "error", "paid", "captcha_valid", "captcha", "captcha_info", "time_left", "referral", "reflink", "template", "user_pages", "timer", "unit", "address", "balance", "disable_admin_panel", "address_input_name", "block_adblock", "iframe_sameorigin_only", "button_timer", "safety_limits_end_time");
  449.  
  450. preg_match_all('/\$data\[([\'"])(custom_(?:(?!\1).)*)\1\]/', file_get_contents("templates/$template/index.php"), $matches);
  451. foreach(array_unique($matches[2]) as $box) {
  452.     $key = "{$box}_$template";
  453.     if(!array_key_exists($key, $data)) {
  454.         $data[$key] = '';
  455.     }
  456.     $allowed[] = $key;
  457. }
  458.  
  459. foreach(array_keys($data) as $key) {
  460.     if(!(in_array($key, $allowed))) {
  461.         unset($data[$key]);
  462.     }
  463. }
  464.  
  465. foreach(array_keys($data) as $key) {
  466.     if(array_key_exists($key, $data) && strpos($key, 'custom_') === 0) {
  467.         $data[substr($key, 0, strlen($key) - strlen($template) - 1)] = $data[$key];
  468.         unset($data[$key]);
  469.     }
  470. }
  471.  
  472. if(array_key_exists('p', $_GET)) {
  473.     $q = $sql->prepare("SELECT url_name, name, html FROM Faucetinabox_Pages WHERE url_name = ?");
  474.     $q->execute(array($_GET['p']));
  475.     if($page = $q->fetch()) {
  476.         $data['page'] = 'user_page';
  477.         $data['user_page'] = $page;
  478.     } else {
  479.         $data['error'] = "<div class='alert alert-danger'>That page doesn't exist!</div>";
  480.     }
  481. }
  482.  
  483. $data['address'] = htmlspecialchars($data['address']);
  484.  
  485. if(!empty($_SESSION["$session_prefix-mouse_movement_detected"])) {
  486.     unset($_SESSION["$session_prefix-mouse_movement_detected"]);
  487. }
  488.  
  489. require_once('templates/'.$template.'/index.php');
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!