API tools faq
paste
Advertisement
SlickSocials

Untitled

SlickSocials
Apr 16th, 2017
942
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.81 KB | None | 0 0
raw download clone embed print report
  1.  
  2. application/x-httpd-php api.php ( PHP script text )
  3.  
  4. <?php
  5.  
  6. require_once('./files/functions.php');
  7.  
  8. $messages = array();
  9.  
  10. if(isset($_REQUEST['key']) && !empty($_REQUEST['key']) && ctype_alnum($_REQUEST['key']) && isset($_REQUEST['action']) && $_REQUEST['action'] == 'order' &&
  11. (isset($_REQUEST['quantity']) && !empty($_REQUEST['quantity']) && ctype_digit($_REQUEST['quantity'])) || (isset($_REQUEST['comments']) && !empty($_REQUEST['comments']) && is_string($_REQUEST['comments'])) &&
  12. isset($_REQUEST['service']) && !empty($_REQUEST['service']) && ctype_digit($_REQUEST['service']) &&
  13. isset($_REQUEST['link']) && !empty($_REQUEST['link']) && is_string($_REQUEST['link'])) {
  14.  
  15. $APIKey = stripslashes(strip_tags($_REQUEST['key']));
  16. $stmt = $pdo->prepare('SELECT * FROM users WHERE UserAPI = :UserAPI');
  17. $stmt->bindParam(':UserAPI', $APIKey);
  18. $stmt->execute();
  19.  
  20. if($stmt->rowCount() > 0) {
  21. $service = strip_tags(stripslashes($_REQUEST['service']));
  22.  
  23. $stmt = $pdo->prepare('SELECT * FROM products WHERE ProductID = :ProductID');
  24. $stmt->execute(array(':ProductID' => $service));
  25.  
  26. if($stmt->rowCount() == 1) {
  27. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  28. $additional = '';
  29.  
  30. if($row['ProductType'] == 'default' || $row['ProductType'] == 'hashtag' || $row['ProductType'] == 'mentions') {
  31. if(isset($_REQUEST['quantity']) && ctype_digit($_REQUEST['quantity'])) {
  32. $quantity = strip_tags(stripslashes($_REQUEST['quantity']));
  33. } else {
  34. echo 'Invalid quantity.';
  35. exit();
  36. }
  37. if($row['ProductType'] == 'hashtag') {
  38. if(isset($_REQUEST['hashtag']) && is_string($_REQUEST['hashtag'])) {
  39. $hashtag = stripslashes(strip_tags($_REQUEST['hashtag']));
  40. $additional = $hashtag;
  41. } else {
  42. echo 'Hashtag must be provided.';
  43. exit();
  44. }
  45. } else if($row['ProductType'] == 'mentions') {
  46. if(isset($_REQUEST['mentions']) && is_string($_REQUEST['mentions'])) {
  47. $mentions = stripslashes(strip_tags($_REQUEST['mentions']));
  48. $additional = $mentions;
  49. } else {
  50. echo 'Mentions username must be provided.';
  51. exit();
  52. }
  53. }
  54. } else if($row['ProductType'] == 'comments') {
  55. if(isset($_REQUEST['comments']) && is_string($_REQUEST['comments']) && strpos($_REQUEST['comments'], '\n') !== false) {
  56. $comments = $_REQUEST['comments'];
  57. $quantity = substr_count($_REQUEST['comments'], '\n') + 1;
  58. $additional = $comments;
  59. } else {
  60. echo '{"error":"Incorrect comments format."}';
  61. exit();
  62. }
  63. } else {
  64. echo '{"error":"Invalid product ID."}';
  65. exit();
  66. }
  67.  
  68. $link = stripslashes(strip_tags($_REQUEST['link']));
  69. $time = time();
  70. $UserID = $user->GetData('UserID');
  71. $UserName = $user->GetData('UserName');
  72. $UserGroup = $user->GetData('UserLevel');
  73.  
  74. $max_quantity = $row['ProductMaxQuantity'];
  75. $product_quantity = $row['ProductMinimumQuantity'];
  76. $account_balance = $user->GetData('UserFunds');
  77.  
  78. if($quantity >= $product_quantity) {
  79. if($quantity <= $max_quantity) {
  80. if(empty($additional)) {
  81. $query = $pdo->prepare('SELECT * FROM orders WHERE OrderLink = :OrderLink AND OrderProductID = :OrderProductID');
  82. $query->execute(array(':OrderLink' => $link, ':OrderProductID' => $service));
  83. } else {
  84. $query = $pdo->prepare('SELECT * FROM orders WHERE OrderLink = :OrderLink AND OrderAdditional = :OrderAdditional AND OrderProductID = :OrderProductID');
  85. $query->execute(array(':OrderLink' => $link, ':OrderAdditional' => $additional, ':OrderProductID' => $service));
  86. }
  87.  
  88. if($query->rowCount() > 0) {
  89. if($query->rowCount() == 1) {
  90. $query_row = $query->fetch();
  91. $qu_am = $query_row['OrderQuantity'];
  92. } else {
  93. $qu_am = 0;
  94.  
  95. foreach($query->fetchAll() as $qu_row) {
  96. $qu_am += $qu_row['OrderQuantity'];
  97. }
  98. }
  99. $total = $qu_am + $quantity;
  100. $total_more = $max_quantity - $qu_am;
  101.  
  102. if($total_more < 0) {
  103. $total_more = 0;
  104. }
  105.  
  106. if($total > $max_quantity) {
  107. echo '{"error":"You can purchase '.$total_more.' more."}';
  108. exit();
  109. }
  110. }
  111.  
  112. $stmt = $pdo->prepare('SELECT * FROM individualprices WHERE IPUserID = :IPUserID AND IPProductID = :IPProductID');
  113. $stmt->execute(array(':IPUserID' => $UserID, ':IPProductID' => $service));
  114.  
  115. if($stmt->rowCount() == 1) {
  116. $IPPrice = $stmt->fetch(PDO::FETCH_ASSOC);
  117. $newprice = $product->DeclarePrice($IPPrice['IPPrice'], $row['ProductMinimumQuantity'], $quantity);
  118. } else {
  119. if($UserGroup == 'reseller') {
  120. if(!empty($row['ProductResellerPrice']))
  121. $newprice = $product->DeclarePrice($row['ProductResellerPrice'], $row['ProductMinimumQuantity'], $quantity);
  122. else
  123. $newprice = $product->DeclarePrice($row['ProductPrice'], $row['ProductMinimumQuantity'], $quantity);
  124. } else {
  125. $newprice = $product->DeclarePrice($row['ProductPrice'], $row['ProductMinimumQuantity'], $quantity);
  126. }
  127. }
  128. $price = round($newprice, 2);
  129. if($account_balance >= $price) {
  130. $api = $row['ProductAPI'];
  131.  
  132. if(!empty($api)) {
  133. if($row['ProductType'] == 'default' || $row['ProductType'] == 'hashtag' || $row['ProductType'] == 'mentions') {
  134. $api_link = str_replace('[LINK]', $link, $api);
  135. $api_final = str_replace('[QUANTITY]', $quantity, $api_link);
  136.  
  137. if($row['ProductType'] == 'hashtag') {
  138. $api_final = str_replace('[HASHTAG]', $hashtag, $api_final);
  139. } else if($row['ProductType'] == 'mentions') {
  140. $api_final = str_replace('[USERNAME]', $mentions, $api_final);
  141. }
  142. } else if($row['ProductType'] == 'comments') {
  143. $api_link = str_replace('[LINK]', $link, $api);
  144. $api_final = str_replace('[COMMENTS]', $comments, $api_link);
  145. }
  146.  
  147. $curl = curl_init();
  148. curl_setopt_array($curl, array(
  149. CURLOPT_RETURNTRANSFER => 1,
  150. CURLOPT_URL => $api_final,
  151. CURLOPT_USERAGENT => 'Enigma SMM API Caller'
  152. ));
  153.  
  154. $resp = curl_exec($curl);
  155. curl_close($curl);
  156. $resp = json_decode($resp);
  157.  
  158. if(isset($resp->order)) {
  159. $order_id = $resp->order;
  160.  
  161. $stmt = $pdo->prepare('INSERT INTO orders (OrderUserID, OrderProductID, OrderDate,
  162. OrderLink, OrderQuantity, OrderAmount, OrderStatus, OrderAPIID, OrderAdditional, OrderType) VALUES (:OrderUserID, :OrderProductID, :OrderDate, :OrderLink, :OrderQuantity, :OrderAmount, :OrderStatus, :OrderAPIID, :OrderAdditional, :OrderType)');
  163.  
  164. $stmt->execute(array(':OrderUserID' => $UserID, ':OrderProductID' => $service, ':OrderDate' => $time, ':OrderLink' => $link,
  165. ':OrderQuantity' => $quantity, ':OrderAmount' => $price, ':OrderStatus' => 'In Process', 'OrderAPIID' => $order_id, ':OrderAdditional' => $additional,
  166. ':OrderType' => $row['ProductType']));
  167. } else {
  168. $stmt = $pdo->prepare('INSERT INTO orders (OrderUserID, OrderProductID, OrderDate, OrderLink, OrderQuantity, OrderAmount, OrderAdditional, OrderType) VALUES (:OrderUserID, :OrderProductID, :OrderDate, :OrderLink, :OrderQuantity, :OrderAmount, :OrderAdditional, :OrderType)');
  169. $stmt->execute(array(':OrderUserID' => $UserID, ':OrderProductID' => $service, ':OrderDate' => $time, ':OrderLink' => $link, ':OrderQuantity' => $quantity, ':OrderAmount' => $price, ':OrderAdditional' => $additional, ':OrderType' => $row['ProductType']));
  170. }
  171. } else {
  172. $stmt = $pdo->prepare('INSERT INTO orders (OrderUserID, OrderProductID, OrderDate, OrderLink, OrderQuantity, OrderAmount, OrderAdditional, OrderType) VALUES (:OrderUserID, :OrderProductID, :OrderDate, :OrderLink, :OrderQuantity, :OrderAmount, :OrderAdditional, :OrderType)');
  173. $stmt->execute(array(':OrderUserID' => $UserID, ':OrderProductID' => $service, ':OrderDate' => $time, ':OrderLink' => $link, ':OrderQuantity' => $quantity, ':OrderAmount' => $price, ':OrderAdditional' => $additional, ':OrderType' => $row['ProductType']));
  174. }
  175.  
  176. $n_order_Id = $pdo->lastInsertId();
  177.  
  178. // Take balance from user's account
  179.  
  180. $UserFunds = $account_balance - $price;
  181.  
  182. $stmt = $pdo->prepare('UPDATE users SET UserFunds = :UserFunds WHERE UserID = :UserID');
  183. $stmt->execute(array(':UserFunds' => $UserFunds, ':UserID' => $UserID));
  184.  
  185. $ProductName = $product->GetData($service, 'ProductName');
  186.  
  187. if(!empty($NotificationEmail)) {
  188. $txt = "";
  189.  
  190. $subject = "New Service Order";
  191. $txt .= "+----------------------------------+\r\n";
  192. $txt .= "| New Service Order |\r\n";
  193. $txt .= "+----------------------------------+\r\n";
  194. $txt .= "| User ID: ".$UserID."\r\n";
  195. $txt .= "| User Name: ".$UserName."\r\n";
  196. $txt .= "| Service ID: ".$service."\r\n";
  197. $txt .= "| Service Name: ".$ProductName."\r\n";
  198. $txt .= "| Quantity: ".$quantity.".\r\n";
  199. $txt .= "| Link: ".$link."\r\n";
  200. $txt .= "| Price: ".$currency.$price."\r\n";
  201. $txt .= "+----------------------------------+\r\n";
  202. $headers = "From: purchase@".$_SERVER['SERVER_NAME']."" . "\r\n" .
  203. "CC: purchase@".$_SERVER['SERVER_NAME']."";
  204.  
  205. @mail($NotificationEmail,$subject,$txt,$headers);
  206. }
  207.  
  208. echo '{"order":"'.$n_order_Id.'"}';
  209. } else {
  210. echo '{"error":"Insufficient account balance."}';
  211. }
  212. } else {
  213. echo '{"error":"Maximum quantity: '.$max_quantity.'"}';
  214. }
  215. } else {
  216. echo '{"error":"Minimum quantity '.$product_quantity.'."}';
  217. }
  218. } else {
  219. echo '{"error":"Invalid product ID"}.';
  220. }
  221. } else {
  222. echo('{"error":"Unknwon API key"}');
  223. }
  224. } else if(isset($_REQUEST['action']) && $_REQUEST['action'] == 'status' && isset($_REQUEST['order']) && ctype_digit($_REQUEST['order']) &&
  225. isset($_REQUEST['key']) && !empty($_REQUEST['order'])) {
  226. $stmt = $pdo->prepare('SELECT * FROM users WHERE UserAPI = :UserAPI');
  227. $stmt->execute(array(':UserAPI' => $_REQUEST['key']));
  228.  
  229. if($stmt->rowCount() == 1) {
  230. $user_row = $stmt->fetch();
  231. $UserID = $user_row['UserID'];
  232.  
  233. $stmt = $pdo->prepare('SELECT * FROM orders WHERE OrderID = :OrderID AND OrderUserID = :OrderUserID');
  234. $stmt->execute(array(':OrderID' => $_REQUEST['order'], ':OrderUserID' => $UserID));
  235.  
  236. if($stmt->rowCount() == 1) {
  237. $order_row = $stmt->fetch();
  238. if(empty($row['OrderAPIID'])) {
  239. $status = $row['OrderStatus'];
  240. $start_count = $row['OrderStartCount'];
  241. $remains = 0;
  242. } else if($row['OrderStatus'] == 'In Process') {
  243. $stmt = $pdo->prepare('SELECT * FROM products WHERE ProductID = :ProductID');
  244. $stmt->execute(array(':ProductID' => $row['OrderProductID']));
  245. $service_api = $stmt->fetch();
  246.  
  247. $parts = parse_url($service_api['ProductAPI']);
  248. parse_str($parts['query'], $query);
  249. $api_key = $query['key'];
  250.  
  251. $current_url = explode("?", $service_api['ProductAPI']);
  252. $url = $current_url[0].'?key='.$api_key.'&action=status&order='.$row['OrderAPIID'];
  253.  
  254. $curl = curl_init();
  255. curl_setopt_array($curl, array(
  256. CURLOPT_RETURNTRANSFER => 1,
  257. CURLOPT_URL => $url,
  258. CURLOPT_USERAGENT => 'Enigma SMM API Caller'
  259. ));
  260.  
  261. $resp = curl_exec($curl);
  262. curl_close($curl);
  263.  
  264. $response = json_decode($resp);
  265. if(isset($response->status))
  266. $status = $response->status;
  267. else
  268. $status = $row['OrderStatus'];
  269.  
  270. if(isset($response->remains))
  271. $remains = $response->remains;
  272. else
  273. $remains = 0;
  274. if(empty($row['OrderStartCount']) && $row['OrderStartCount'] == 0) {
  275. if(isset($response->start_count))
  276. $start_count = $response->start_count;
  277. else
  278. $start_count = 0;
  279. } else {
  280. $start_count = $row['OrderStartCount'];
  281. }
  282.  
  283. if(!empty($row['OrderStartCount']) && isset($response->start_count)) {
  284. $start_count = $row['OrderStartCount'];
  285. }
  286.  
  287. if($status == 'Completed') {
  288. $stmt = $pdo->prepare('UPDATE orders SET OrderStatus = "Completed" WHERE OrderID = :OrderID');
  289. $stmt->execute(array(':OrderID' => $row['OrderID']));
  290. } else if($status == 'Canceled') {
  291. $stmt = $pdo->prepare('UPDATE orders SET OrderStatus = "Removed" WHERE OrderID = :OrderID');
  292. $stmt->execute(array(':OrderID' => $row['OrderID']));
  293. }
  294. } else {
  295. $status = $row['OrderStatus'];
  296. $start_count = $row['OrderStartCount'];
  297. $remains = 0;
  298. }
  299.  
  300. echo('{"charge":"'.$order_row['OrderAmount'].'",
  301. "status":"'.$status.'",
  302. "link":"'.$order_row['OrderLink'].'",
  303. "quantity":"'.$order_row['OrderQuantity'].'",
  304. "start_count":"'.$start_count.'",
  305. "remains":"'.$remains.'"');
  306. } else {
  307. echo('{"error":"Unknwon order id"}');
  308. }
  309. } else {
  310. echo('{"error":"Unknwon API key"}');
  311. }
  312. } else {
  313. echo '{"error":"Incorrect request.Current requests: order &amp; status."}';
  314. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!