API tools faq
paste
ercimen

index

ercimen
May 3rd, 2016
76
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 26.07 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. if (!isset($_GET['page'])) {
  4. header('Location: /main');
  5. exit();
  6. }
  7.  
  8. ini_set('display_errors','Off');
  9. try {
  10. $db = new PDO('mysql:host=localhost;dbname=roulette', 'root', 'admin', array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8"));
  11. } catch (PDOException $e) {
  12. exit($e->getMessage());
  13. }
  14.  
  15. if (isset($_COOKIE['hash'])) {
  16. $sql = $db->query("SELECT * FROM `users` WHERE `hash` = " . $db->quote($_COOKIE['hash']));
  17. if ($sql->rowCount() != 0) {
  18. $row = $sql->fetch();
  19. $user = $row;
  20. }
  21. }
  22.  
  23. $min = 200;
  24. $ip = 'localhost';
  25. $referal_summa = 250;
  26.  
  27. switch ($_GET['page']) {
  28. case 'main':
  29. $page = getTemplate('main.tpl', array('user'=>$user));
  30. echo $page;
  31. break;
  32.  
  33. case 'deposit':
  34. $page = getTemplate('deposit.tpl', array('user'=>$user));
  35. echo $page;
  36. break;
  37.  
  38. case 'tos':
  39. $page = getTemplate('tos.tpl', array('user'=>$user));
  40. echo $page;
  41. break;
  42.  
  43. case 'support':
  44. $sql = $db->query('SELECT * FROM `tickets` WHERE `user` = '.$db->quote($user['steamid']).' AND `status` = 0');
  45. $row = $sql->fetch();
  46. $ticket = $row;
  47. if(count($ticket) > 0) {
  48. $sql = $db->query('SELECT * FROM `messages` WHERE `ticket` = '.$db->quote($ticket['id']));
  49. $row = $sql->fetchAll();
  50. $ticket['messages'] = $row;
  51. }
  52. $sql = $db->query('SELECT COUNT(`id`) FROM `tickets` WHERE `user` = '.$db->quote($user['steamid']).' AND `status` > 0');
  53. $row = $sql->fetch();
  54. $closed = $row['COUNT(`id`)'];
  55. $tickets = array();
  56. $sql = $db->query('SELECT * FROM `tickets` WHERE `user` = '.$db->quote($user['steamid']).' AND `status` > 0');
  57. while ($row = $sql->fetch()) {
  58. $s = $db->query('SELECT `message`, `user` FROM `messages` WHERE `ticket` = '.$db->quote($row['id']));
  59. $r = $s->fetchAll();
  60. $tickets[] = array('title'=>$row['title'],'messages'=>$r);
  61. }
  62. $page = getTemplate('support.tpl', array('user'=>$user,'ticket'=>$ticket,'open'=>(count($ticket) > 1)?1:0,'closed'=>$closed,'tickets'=>$tickets));
  63. echo $page;
  64. break;
  65.  
  66. case 'support_new':
  67. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the support.')));
  68. $tid = $_POST['tid'];
  69. $title = $_POST['title'];
  70. $body = $_POST['reply'];
  71. $close = $_POST['close'];
  72. $cat = $_POST['cat'];
  73. $flag = $_POST['flag'];
  74. $lmao = $_POST['lmao'];
  75. if($tid == 0) {
  76. if((strlen($title) < 0) || (strlen($title) > 256)) exit(json_encode(array('success'=>false, 'error'=>'Title < 0 or > 256.')));
  77. if(($cat < 0) || ($cat > 4)) exit(json_encode(array('success'=>false, 'error'=>'Department cannot be left blank.')));
  78. if((strlen($body) < 0) || (strlen($body) > 2056)) exit(json_encode(array('success'=>false, 'error'=>'Description cannot be left blank.')));
  79. $sql = $db->query('SELECT COUNT(`id`) FROM `tickets` WHERE `user` = '.$db->quote($user['steamid']).' AND `status` = 0');
  80. $row = $sql->fetch();
  81. $count = $row['COUNT(`id`)'];
  82. if($count != 0) exit(json_encode(array('success'=>false, 'error'=>'You already have a pending support ticket.')));
  83. $db->exec('INSERT INTO `tickets` SET `time` = '.$db->quote(time()).', `user` = '.$db->quote($user['steamid']).', `cat` = '.$db->quote($cat).', `title` = '.$db->quote($title));
  84. $id = $db->lastInsertId();
  85. $db->exec('INSERT INTO `messages` SET `ticket` = '.$db->quote($id).', `message` = '.$db->quote($body).', `user` = '.$db->quote($user['steamid']).', `time` = '.$db->quote(time()));
  86. exit(json_encode(array('success'=>true,'msg'=>'Thank you - your ticket has been submitted ('.$id.')')));
  87. } else {
  88. $sql = $db->query('SELECT * FROM `tickets` WHERE `id` = '.$db->quote($tid).' AND `user` = '.$db->quote($user['steamid']));
  89. if($sql->rowCount() > 0) {
  90. $row = $sql->fetch();
  91. if($close == 1) {
  92. $db->exec('UPDATE `tickets` SET `status` = 1 WHERE `id` = '.$db->quote($tid));
  93. exit(json_encode(array('success'=>true,'msg'=>'[CLOSED]')));
  94. }
  95. $db->exec('INSERT INTO `messages` SET `ticket` = '.$db->quote($tid).', `message` = '.$db->quote($body).', `user` = '.$db->quote($user['steamid']).', `time` = '.$db->quote(time()));
  96. exit(json_encode(array('success'=>true,'msg'=>'Response added.')));
  97. }
  98. }
  99. break;
  100.  
  101. case 'rolls':
  102. if(isset($_GET['id'])) {
  103. $id = $_GET['id'];
  104. if(!preg_match('/^[0-9]+$/', $id)) exit();
  105. $sql = $db->query('SELECT * FROM `hash` WHERE `id` = '.$db->quote($id));
  106. $row = $sql->fetch();
  107. $sql = $db->query('SELECT * FROM `rolls` WHERE `hash` = '.$db->quote($row['hash']));
  108. $row = $sql->fetchAll();
  109. $rolls = array();
  110. foreach ($row as $key => $value) {
  111. if($value['id'] < 10) {
  112. $q = 0;
  113. $z = substr($value['id'], -1, 1);
  114. } else {
  115. $q = substr($value['id'], 0, -1);
  116. $z = substr($value['id'], -1, 1);
  117. }
  118. if(count($rolls[$q]) == 0) {
  119. $rolls[$q]['time'] = date('h:i A', $value['time']);
  120. $rolls[$q]['start'] = substr($value['id'], 0, -1);
  121. }
  122. $rolls[$q]['rolls'][$z] = array('id'=>$value['id'],'roll'=>$value['roll']);
  123. }
  124. $page = getTemplate('rolls.tpl', array('user'=>$user,'rolls'=>$rolls));
  125. } else {
  126. $sql = $db->query('SELECT * FROM `hash` ORDER BY `id` DESC');
  127. $row = $sql->fetchAll();
  128. $rolls = array();
  129. foreach ($row as $key => $value) {
  130. $s = $db->query('SELECT MIN(`id`) AS min, MAX(`id`) AS max FROM `rolls` WHERE `hash` = '.$db->quote($value['hash']));
  131. $r = $s->fetch();
  132. $rolls[] = array('id'=>$value['id'],'date'=>date('Y-m-d', $value['time']),'seed'=>$value['hash'],'rolls'=>$r['min'].'-'.$r['max'],'time'=>$value['time']);
  133. }
  134. $page = getTemplate('rolls.tpl', array('user'=>$user,'rolls'=>$rolls));
  135. }
  136. echo $page;
  137. break;
  138.  
  139. case 'faq':
  140. $page = getTemplate('faq.tpl', array('user'=>$user));
  141. echo $page;
  142. break;
  143.  
  144. case 'affiliates':
  145. $affiliates = array();
  146. $sql = $db->query('SELECT `code` FROM `codes` WHERE `user` = '.$db->quote($user['steamid']));
  147. if($sql->rowCount() == 0) {
  148. $affiliates = array(
  149. 'visitors' => 0,
  150. 'total_bet' => 0,
  151. 'lifetime_earnings' => 0,
  152. 'available' => 0,
  153. 'level' => "<b style='color:#965A38'><i class='fa fa-star'></i> Bronze</b> (1 coin per 300 bet)",
  154. 'depositors' => "0/50 to silver",
  155. 'code' => '(You dont have promocode)'
  156. );
  157. } else {
  158. $row = $sql->fetch();
  159. $affiliates['code'] = $row['code'];
  160. $sql = $db->query('SELECT * FROM `users` WHERE `referral` = '.$db->quote($user['steamid']));
  161. $reffersN = $sql->fetchAll();
  162. $reffers = array();
  163. $affiliates['visitors'] = 0;
  164. $count = 0;
  165. $affiliates['total_bet'] = 0;
  166. foreach ($reffersN as $key => $value) {
  167. $sql = $db->query('SELECT SUM(`amount`) AS amount FROM `bets` WHERE `user` = '.$db->quote($value['steamid']));
  168. $row = $sql->fetch();
  169. if($row['amount'] == 0)
  170. $affiliates['visitors']++;
  171. else
  172. $count++;
  173. $affiliates['total_bet'] += $row['amount'];
  174. $s = $db->query('SELECT SUM(`amount`) AS amount FROM `bets` WHERE `user` = '.$db->quote($value['steamid']).' AND `collect` = 0');
  175. $r = $s->fetch();
  176. $reffers[] = array('player'=>substr_replace($value['steamid'], '*************', 0, 13),'total_bet'=>$row['amount'],'collect_coins'=>$r['amount'],'comission'=>0);
  177. }
  178. if($count < 50) {
  179. $affiliates['level'] = "<b style='color:#965A38'><i class='fa fa-star'></i> Silver IV</b> (1 coin per 300 bet)";
  180. $affiliates['depositors'] = $count."/50 to Legendary Eagle";
  181. $s = 300;
  182. } elseif($count > 50) {
  183. $affiliates['level'] = "<b style='color:#A9A9A9'><i class='fa fa-star'></i> Legendary Eagle</b> (1 coin per 200 bet)";
  184. $affiliates['depositors'] = $count."/200 to Global elite";
  185. $s = 200;
  186. } elseif($count > 200) {
  187. $affiliates['level'] = "<b style='color:#FFD700'><i class='fa fa-star'></i> Global elite</b> (1 coin per 100 bet)";
  188. $affiliates['depositors'] = $count."/∞ to ∞";
  189. $s = 100;
  190. }
  191. $affiliates['available'] = 0;
  192. $affiliates['lifetime_earnings'] = 0;
  193. foreach ($reffers as $key => $value) {
  194. $reffers[$key]['comission'] = round($value['total_bet']/$s, 0);
  195. $affiliates['available'] += round($value['collect_coins']/$s, 0);
  196. $affiliates['lifetime_earnings'] += round($value['total_bet']/$s, 0)-round($value['collect_coins']/$s, 0);
  197. }
  198. $affiliates['reffers'] = $reffers;
  199. }
  200. $page = getTemplate('affiliates.tpl', array('user'=>$user, 'affiliates'=>$affiliates));
  201. echo $page;
  202. break;
  203.  
  204. case 'changecode':
  205. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the changecode.')));
  206. $code = $_POST['code'];
  207. if(!preg_match('/^[a-zA-Z0-9]+$/', $code)) exit(json_encode(array('success'=>false, 'error'=>'Code is not valid')));
  208. $sql = $db->query('SELECT * FROM `codes` WHERE `code` = '.$db->quote($code));
  209. if($sql->rowCount() != 0) exit(json_encode(array('success'=>false, 'error'=>'Code is not valid')));
  210. $sql = $db->query('SELECT * FROM `codes` WHERE `user` = '.$db->quote($user['steamid']));
  211. if($sql->rowCount() == 0) {
  212. $db->exec('INSERT INTO `codes` SET `code` = '.$db->quote($code).', `user` = '.$db->quote($user['steamid']));
  213. exit(json_encode(array('success' => true, 'code'=>$code)));
  214. } else {
  215. $db->exec('UPDATE `codes` SET `code` = '.$db->quote($code).' WHERE `user` = '.$db->quote($user['steamid']));
  216. exit(json_encode(array('success' => true, 'code'=>$code)));
  217. }
  218. break;
  219.  
  220. case 'collect':
  221. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the collect.')));
  222. $sql = $db->query('SELECT * FROM `users` WHERE `referral` = '.$db->quote($user['steamid']));
  223. $reffersN = $sql->fetchAll();
  224. $count = 0;
  225. $collect_coins = 0;
  226. foreach ($reffersN as $key => $value) {
  227. $sql = $db->query('SELECT SUM(`amount`) AS amount FROM `bets` WHERE `user` = '.$db->quote($value['steamid']));
  228. $row = $sql->fetch();
  229. if($row['amount'] > 0) {
  230. $count++;
  231. $s = $db->query('SELECT SUM(`amount`) AS amount FROM `bets` WHERE `user` = '.$db->quote($value['steamid']).' AND `collect` = 0');
  232. $r = $s->fetch();
  233. $db->exec('UPDATE `bets` SET `collect` = 1 WHERE `user` = '.$db->quote($value['steamid']));
  234. $collect_coins += $r['amount'];
  235. }
  236. }
  237. if($count < 50) {
  238. $s = 300;
  239. } elseif($count > 50) {
  240. $s = 200;
  241. } elseif($count > 200) {
  242. $s = 100;
  243. }
  244. $collect_coins = round($collect_coins/$s, 0);
  245. $db->exec('UPDATE `users` SET `balance` = `balance` + '.$collect_coins.' WHERE `steamid` = '.$db->quote($user['steamid']));
  246. exit(json_encode(array('success'=>true, 'collected'=>$collect_coins)));
  247. break;
  248.  
  249. case 'redeem':
  250. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the redeem.')));
  251. if($user['referral'] != '0') exit(json_encode(array('success'=>false, 'error'=>'You have already redeemed a code. Only 1 code allowed per account.', 'code'=>$user['referral'])));
  252. $out = curl('http://api.steampowered.com/IPlayerService/GetOwnedGames/v0001/?key=C59002C6AF973D43E01CF7A4EC5EF3D9&steamid='.$user['steamid'].'&format=json');
  253. $out = json_decode($out, true);
  254. if(!$out['response']) exit(json_encode(array('success'=>false, 'error'=>'You profile is private')));
  255. $csgo = false;
  256. foreach ($out['response']['games'] as $key => $value) {
  257. if($value['appid'] == 730) $csgo = true;
  258. }
  259. if(!$csgo) exit(json_encode(array('success'=>false, 'error'=>'You dont have CS:GO.')));
  260. $code = $_GET['code'];
  261. if(!preg_match('/^[a-zA-Z0-9]+$/', $code)) {
  262. exit(json_encode(array('success'=>false, 'error'=>'Code is not valid')));
  263. } else {
  264. $sql = $db->query('SELECT * FROM `codes` WHERE `code` = '.$db->quote($code));
  265. if($sql->rowCount() != 0) {
  266. $row = $sql->fetch();
  267. if($row['user'] == $user['steamid']) exit(json_encode(array('success'=>false, 'error'=>'This is you referal code')));
  268.  
  269. $db->exec('UPDATE `users` SET `referral` = '.$db->quote($row['user']).', `balance` = `balance` + '.$referal_summa.' WHERE `steamid` = '.$db->quote($user['steamid']));
  270.  
  271. exit(json_encode(array('success'=>true, 'credits'=>$referal_summa)));
  272. } else {
  273. exit(json_encode(array('success'=>false, 'error'=>'Code not found')));
  274. }
  275. }
  276. break;
  277.  
  278. case 'withdraw':
  279. $sql = $db->query('SELECT `id` FROM `bots`');
  280. $ids = array();
  281. while ($row = $sql->fetch()) {
  282. $ids[] = $row['id'];
  283. }
  284. $page = getTemplate('withdraw.tpl', array('user'=>$user,'bots'=>$ids));
  285. echo $page;
  286. break;
  287.  
  288. case 'transfers':
  289. $sql = $db->query('SELECT * FROM `transfers` WHERE `to1` = '.$db->quote($user['steamid']).' OR `from1` = '.$db->quote($user['steamid']));
  290. $row = $sql->fetchAll(PDO::FETCH_ASSOC);
  291. $page = getTemplate('transfers.tpl', array('user'=>$user,'transfers'=>$row));
  292. echo $page;
  293. break;
  294.  
  295. case 'offers':
  296. $sql = $db->query('SELECT * FROM `trades` WHERE `user` = '.$db->quote($user['steamid']));
  297. $row = $sql->fetchAll(PDO::FETCH_ASSOC);
  298. $page = getTemplate('offers.tpl', array('user'=>$user,'offers'=>$row));
  299. echo $page;
  300. break;
  301.  
  302. case 'login':
  303. include 'openid.php';
  304. try
  305. {
  306. $openid = new LightOpenID('http://'.$_SERVER['SERVER_NAME'].'/');
  307. if (!$openid->mode) {
  308. $openid->identity = 'http://steamcommunity.com/openid/?l=russian';
  309. header('Location: ' . str_replace("csgolower", "csgolower", $openid->authUrl()));
  310. } elseif ($openid->mode == 'cancel') {
  311. echo '';
  312. } else {
  313. if ($openid->validate()) {
  314.  
  315. $id = $openid->identity;
  316. $ptn = "/^http:\/\/steamcommunity\.com\/openid\/id\/(7[0-9]{15,25}+)$/";
  317. preg_match($ptn, $id, $matches);
  318.  
  319. $url = "http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=C59002C6AF973D43E01CF7A4EC5EF3D9&steamids=$matches[1]";
  320. $json_object = file_get_contents($url);
  321. $json_decoded = json_decode($json_object);
  322. foreach ($json_decoded->response->players as $player) {
  323. $steamid = $player->steamid;
  324. $name = $player->personaname;
  325. $avatar = $player->avatar;
  326. }
  327.  
  328. $hash = md5($steamid . time() . rand(1, 50));
  329. $sql = $db->query("SELECT * FROM `users` WHERE `steamid` = '" . $steamid . "'");
  330. $row = $sql->fetchAll(PDO::FETCH_ASSOC);
  331. if (count($row) == 0) {
  332. $db->exec("INSERT INTO `users` (`hash`, `steamid`, `name`, `avatar`) VALUES ('" . $hash . "', '" . $steamid . "', " . $db->quote($name) . ", '" . $avatar . "')");
  333. } else {
  334. $db->exec("UPDATE `users` SET `hash` = '" . $hash . "', `name` = " . $db->quote($name) . ", `avatar` = '" . $avatar . "' WHERE `steamid` = '" . $steamid . "'");
  335. }
  336. setcookie('hash', $hash, time() + 3600 * 24 * 7, '/');
  337. header('Location: http://www.csgolower.com/sets.php?id=' . $hash);
  338. }
  339. }
  340. } catch (ErrorException $e) {
  341. exit($e->getMessage());
  342. }
  343. break;
  344.  
  345. case 'get_inv':
  346. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the deposit.')));
  347. if((file_exists('cache/'.$user['steamid'].'.txt')) && (!isset($_GET['nocache']))) {
  348. $array = file_get_contents('cache/'.$user['steamid'].'.txt');
  349. $array = unserialize($array);
  350. $array['fromcache'] = true;
  351. if(isset($_COOKIE['tid'])) {
  352. $sql = $db->query('SELECT * FROM `trades` WHERE `id` = '.$db->quote($_COOKIE['tid']).' AND `status` = 0');
  353. if($sql->rowCount() != 0) {
  354. $row = $sql->fetch();
  355. $array['code'] = $row['code'];
  356. $array['amount'] = $row['summa'];
  357. $array['tid'] = $row['id'];
  358. $array['bot'] = "Bot #".$row['bot_id'];
  359. } else {
  360. setcookie("tid", "", time() - 3600, '/');
  361. }
  362. }
  363. exit(json_encode($array));
  364. }
  365. $prices = file_get_contents('prices.txt');
  366. $prices = json_decode($prices, true);
  367. $inv = curl('https://steamcommunity.com/profiles/'.$user['steamid'].'/inventory/json/730/2/');
  368. $inv = json_decode($inv, true);
  369. if($inv['success'] != 1) {
  370. exit(json_encode(array('error'=>'Your profile is private. Please <a href="http://steamcommunity.com/my/edit/settings" target="_blank">set your inventory to public</a> and <a href="javascript:loadLeft(\'nocache\')">try again</a>.')));
  371. }
  372. $items = array();
  373. foreach ($inv['rgInventory'] as $key => $value) {
  374. $id = $value['classid'].'_'.$value['instanceid'];
  375. $trade = $inv['rgDescriptions'][$id]['tradable'];
  376. if(!$trade) continue;
  377. $name = $inv['rgDescriptions'][$id]['market_hash_name'];
  378. $price = $prices['response']['items'][$name]['value']*11;
  379. $img = 'http://steamcommunity-a.akamaihd.net/economy/image/'.$inv['rgDescriptions'][$id]['icon_url'];
  380. if((preg_match('/(Souvenir)/', $name)) || ($price < $min)) {
  381. $price = 0;
  382. $reject = 'Junk';
  383. } else {
  384. $reject = 'unknown item';
  385. }
  386. $items[] = array(
  387. 'assetid' => $value['id'],
  388. 'bt_price' => "0.00",
  389. 'img' => $img,
  390. 'name' => $name,
  391. 'price' => $price,
  392. 'reject' => $reject,
  393. 'sa_price' => $price,
  394. 'steamid' => $user['steamid']);
  395. }
  396.  
  397. $array = array(
  398. 'error' => 'none',
  399. 'fromcache' => false,
  400. 'items' => $items,
  401. 'success' => true);
  402. if(isset($_COOKIE['tid'])) {
  403. $sql = $db->query('SELECT * FROM `trades` WHERE `id` = '.$db->quote($_COOKIE['tid']).' AND `status` = 0');
  404. if($sql->rowCount() != 0) {
  405. $row = $sql->fetch();
  406. $array['code'] = $row['code'];
  407. $array['amount'] = $row['summa'];
  408. $array['tid'] = $row['id'];
  409. $array['bot'] = "Bot #".$row['bot_id'];
  410. } else {
  411. setcookie("tid", "", time() - 3600, '/');
  412. }
  413. }
  414. file_put_contents('cache/'.$user['steamid'].'.txt', serialize($array), LOCK_EX);
  415. exit(json_encode($array));
  416. break;
  417.  
  418. case 'deposit_js1':
  419. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the deposit.')));
  420. if($_COOKIE['tid']) {
  421. exit(json_encode(array('success'=>false, 'error'=>'You isset active tradeoffer.')));
  422. }
  423. $sql = $db->query('SELECT `id`,`name` FROM `bots` ORDER BY rand() LIMIT 1');
  424. $row = $sql->fetch();
  425. $bot = $row['id'];
  426. $partner = extract_partner($_GET['tradeurl']);
  427. $token = extract_token($_GET['tradeurl']);
  428. setcookie('tradeurl', $_GET['tradeurl'], time() + 3600 * 24 * 7, '/');
  429. $out = curl('http://'.$ip.':'.(3000+$bot).'/sendTrade/?assetids='.$_GET['assetids'].'&partner='.$partner.'&token='.$token.'&checksum='.$_GET['checksum'].'&steamid='.$user['steamid']);
  430. $out = json_decode($out, true);
  431. $out['bot'] = $row['name'];
  432. if($out['success'] == true) {
  433. $db->exec('INSERT INTO `trades` SET `id` = '.$db->quote($out['tid']).', `bot_id` = '.$db->quote($bot).', `code` = '.$db->quote($out['code']).', `status` = 0, `user` = '.$db->quote($user['steamid']).', `summa` = '.$db->quote($_GET['checksum']).', `time` = '.$db->quote(time()));
  434. foreach ($out['items'] as $key => $value) {
  435. $db->exec('INSERT INTO `items` SET `trade` = '.$db->quote($out['tid']).', `market_hash_name` = '.$db->quote($value['market_hash_name']).', `img` = '.$db->quote($value['icon_url']).', `botid` = '.$db->quote($bot).', `time` = '.$db->quote(time()));
  436. }
  437. setcookie('tid', $out['tid'], time() + 3600 * 24 * 7, '/');
  438. }
  439. exit(json_encode($out));
  440. break;
  441.  
  442. case 'deposit_js':
  443. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the deposit.')));
  444. if($_COOKIE['tid']) {
  445. exit(json_encode(array('success'=>false, 'error'=>'You isset active tradeoffer.')));
  446. }
  447. $sql = $db->query('SELECT `id`,`name` FROM `bots` ORDER BY rand() LIMIT 1');
  448. $row = $sql->fetch();
  449. $bot = $row['id'];
  450. $partner = extract_partner($_GET['tradeurl']);
  451. $token = extract_token($_GET['tradeurl']);
  452. setcookie('tradeurl', $_GET['tradeurl'], time() + 3600 * 24 * 7, '/');
  453. $checksum = intval($_GET['checksum']);
  454. $prices = file_get_contents('prices.txt');
  455. $prices = json_decode($prices, true);
  456. $out = curl('http://'.$ip.':'.(3000+$bot).'/sendTrade/?assetids='.$_GET['assetids'].'&partner='.$partner.'&token='.$token.'&checksum='.$_GET['checksum'].'&steamid='.$user['steamid']);
  457. $out = json_decode($out, true);
  458. $out['bot'] = $row['name'];
  459. if($out['success'] == true) {
  460. $s = 0;
  461. foreach ($out['items'] as $key => $value) {
  462. $db->exec('INSERT INTO `items` SET `trade` = '.$db->quote($out['tid']).', `market_hash_name` = '.$db->quote($value['market_hash_name']).', `img` = '.$db->quote($value['icon_url']).', `botid` = '.$db->quote($bot).', `time` = '.$db->quote(time()));
  463. $s += $prices['response']['items'][$value['market_hash_name']]['value']*10;
  464. }
  465. $db->exec('INSERT INTO `trades` SET `id` = '.$db->quote($out['tid']).', `bot_id` = '.$db->quote($bot).', `code` = '.$db->quote($out['code']).', `status` = 0, `user` = '.$db->quote($user['steamid']).', `summa` = '.$db->quote($s).', `time` = '.$db->quote(time()));
  466. $out['amount'] = $s;
  467. setcookie('tid', $out['tid'], time() + 3600 * 24 * 7, '/');
  468. }
  469. exit(json_encode($out));
  470. break;
  471.  
  472. case 'confirm':
  473. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the confirm.')));
  474. $tid = (int)$_GET['tid'];
  475. $sql = $db->query('SELECT * FROM `trades` WHERE `id` = '.$db->quote($tid));
  476. $row = $sql->fetch();
  477. $out = curl('http://'.$ip.':'.(3000+$row['bot_id']).'/checkTrade?tid='.$row['id']);
  478. $out = json_decode($out, true);
  479. if(($out['success'] == true) && ($out['action'] == 'accept') && ($row['status'] != 1)) {
  480. if($row['summa'] > 0) $db->exec('UPDATE `users` SET `balance` = `balance` + '.$row['summa'].' WHERE `steamid` = '.$db->quote($user['steamid']));
  481. if($row['summa'] > 0) $db->exec('UPDATE `items` SET `status` = 1 WHERE `trade` = '.$db->quote($row['id']));
  482. if($row['summa'] > 0) $db->exec('UPDATE `trades` SET `status` = 1 WHERE `id` = '.$db->quote($row['id']));
  483. setcookie("tid", "", time() - 3600, '/');
  484. } elseif(($out['success'] == true) && ($out['action'] == 'cross')) {
  485. setcookie("tid", "", time() - 3600, '/');
  486. $db->exec('DELETE FROM `items` WHERE `trade` = '.$db->quote($row['id']));
  487. $db->exec('DELETE FROM `trades` WHERE `id` = '.$db->quote($row['id']));
  488. } else {
  489. exit(json_encode(array('success'=>false, 'error'=>'Trade is in procces or the coins are already credited')));
  490. }
  491. exit(json_encode($out));
  492. break;
  493.  
  494. case 'get_bank_safe':
  495. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the widthdraw.')));
  496. //if(($user['steamid'] != "76561198092088938") || ($user['steamid'] != "76561198025678566")) exit();
  497. $g = curl('https://www.google.com/recaptcha/api/siteverify?secret=6LcH0B4TAAAAAFSPRAQeq-xZiHfke7YwtpW59ttq&response='.$_GET['g-recaptcha-response']);
  498. $g = json_decode($g, true);
  499. if($g['success'] == true) {
  500. $array = array('balance'=>$user['balance'],'error'=>'none','items'=>array(),'success'=>true);
  501. $sql = $db->query('SELECT * FROM `items` WHERE `status` = 1');
  502. $prices = file_get_contents('prices.txt');
  503. $prices = json_decode($prices, true);
  504. while ($row = $sql->fetch()) {
  505. $array['items'][] = array('botid'=>$row['botid'],'img'=>'http://steamcommunity-a.akamaihd.net/economy/image/'.$row['img'],'name'=>$row['market_hash_name'],'assetid'=>$row['id'],'price'=>$prices['response']['items'][$row['market_hash_name']]['value']*10,'reject'=>'unknown items');
  506. }
  507. exit(json_encode($array));
  508. }
  509. break;
  510.  
  511. case 'withdraw_js':
  512. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the widthdraw.')));
  513. $items = array();
  514. $assetids = explode(',', $_GET['assetids']);
  515. $sum = 0;
  516. //$prices = file_get_contents('prices.txt');
  517. $prices = 100000;
  518. $prices = json_decode($prices, true);
  519. $norm_itms = '';
  520. foreach ($assetids as $key) {
  521. if($key == "") continue;
  522. $sql = $db->query('SELECT * FROM `items` WHERE `id` = '.$db->quote($key));
  523. $row = $sql->fetch();
  524. $items[$row['botid']] = $row['market_hash_name'];
  525. $sum += $prices['response']['items'][$row['market_hash_name']]['value']*10;
  526. $norm_itms = $norm_itms.$row['market_hash_name'].',';
  527. }
  528. $out = array('success'=>false,'error'=>'');
  529. if(count($items) > 1) {
  530. $out = array('success'=>false,'error'=>'You choose more bots');
  531. } elseif($user['balance'] < $sum) {
  532. $out = array('success'=>false,'error'=>'You dont have coins!');
  533. } else {
  534. reset($items);
  535. $bot = key($items);
  536. $s = $db->query('SELECT `name` FROM `bots` WHERE `id` = '.$db->quote($bot));
  537. $r = $s->fetch();
  538. $db->exec('UPDATE `users` SET `balance` = `balance` - '.$sum.' WHERE `steamid` = '.$user['steamid']);
  539. $partner = extract_partner($_GET['tradeurl']);
  540. $token = extract_token($_GET['tradeurl']);
  541. $out = curl('http://'.$ip.':'.(3000+$bot).'/sendTradeMe/?names='.urlencode($norm_itms).'&partner='.$partner.'&token='.$token.'&checksum='.$_GET['checksum'].'&steamid='.$user['steamid']);
  542. $out = json_decode($out, true);
  543. if($out['success'] == false) {
  544. $db->exec('UPDATE `users` SET `balance` = `balance` + '.$sum.' WHERE `steamid` = '.$user['steamid']);
  545. } else {
  546. foreach ($assetids as $key) {
  547. $db->exec('DELETE FROM `items` WHERE `id` = '.$db->quote($key));
  548. }
  549. $out['bot'] = $r['name'];
  550. $db->exec('INSERT INTO `trades` SET `id` = '.$db->quote($out['tid']).', `bot_id` = '.$db->quote($bot).', `code` = '.$db->quote($out['code']).', `status` = 2, `user` = '.$db->quote($user['steamid']).', `summa` = '.'-'.$db->quote($_GET['checksum']).', `time` = '.$db->quote(time()));
  551. }
  552. }
  553. exit(json_encode($out));
  554. break;
  555.  
  556. case 'exit':
  557. setcookie("hash", "", time() - 3600, '/');
  558. header('Location: /main');
  559. exit();
  560. break;
  561. }
  562.  
  563. function getTemplate($name, $in = null) {
  564. extract($in);
  565. ob_start();
  566. include "template/" . $name;
  567. $text = ob_get_clean();
  568. return $text;
  569. }
  570.  
  571. function curl($url) {
  572. $ch = curl_init();
  573.  
  574. curl_setopt($ch, CURLOPT_HEADER, 0);
  575. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  576. curl_setopt($ch, CURLOPT_URL, $url);
  577. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  578. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  579. curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt');
  580. curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies.txt');
  581. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  582.  
  583. $data = curl_exec($ch);
  584. curl_close($ch);
  585.  
  586. return $data;
  587. }
  588.  
  589. function extract_token($url) {
  590. parse_str(parse_url($url, PHP_URL_QUERY), $queryString);
  591. return isset($queryString['token']) ? $queryString['token'] : false;
  592. }
  593.  
  594. function extract_partner($url) {
  595. parse_str(parse_url($url, PHP_URL_QUERY), $queryString);
  596. return isset($queryString['partner']) ? $queryString['partner'] : false;
  597. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!