<?phprequire("mainconfig.php");header("Content-Type: application/json");

1. <?php
2. require("mainconfig.php");
3. header("Content-Type: application/json");
4.  
5. if (isset($_POST['key']) AND isset($_POST['action'])) {
6. $post_key = mysqli_real_escape_string($db, trim($_POST['key']));
7. $post_action = $_POST['action'];
8. if (empty($post_key) || empty($post_action)) {
9. $array = array("error" => "Incorrect request");
10. } else {
11. $check_user = mysqli_query($db, "SELECT * FROM users WHERE api_key = '$post_key'");
12. $data_user = mysqli_fetch_assoc($check_user);
13. if (mysqli_num_rows($check_user) == 1) {
14. $username = $data_user['username'];
15. if ($post_action == "add") {
16. if (isset($_POST['service']) AND isset($_POST['link']) AND isset($_POST['quantity'])) {
17. $post_service = $_POST['service'];
18. $post_link = $_POST['link'];
19. $post_quantity = $_POST['quantity'];
20. if (empty($post_service) || empty($post_link) || empty($post_quantity)) {
21. $array = array("error" => "Incorrect request");
22. } else {
23. $check_service = mysqli_query($db, "SELECT * FROM services WHERE sid = '$post_service' AND status = 'Active'");
24. $data_service = mysqli_fetch_assoc($check_service);
25. if (mysqli_num_rows($check_service) == 0) {
26. $array = array("error" => "Service not found");
27. } else {
28. $oid = rand(0000000,9999999);
29. $rate = $data_service['price'] / 1000;
30. $price = $rate*$post_quantity;
31. $service = $data_service['service'];
32. $provider = $data_service['provider'];
33. $pid = $data_service['pid'];
34. $wujudjnd=number_format($post_quantity,0,',','.');
35. if ($post_quantity < $data_service['min']) {
36. $array = array("error" => "Quantity inccorect");
37. } else if ($post_quantity > $data_service['max']) {
38. $array = array("error" => "Quantity inccorect");
39. } else if ($data_user['balance'] < $price) {
40. $array = array("error" => "Low balance");
41. } else {
42. $check_provider = mysqli_query($db, "SELECT * FROM provider WHERE code = '$provider'");
43. $data_provider = mysqli_fetch_assoc($check_provider);
44. $provider_key = $data_provider['api_key'];
45. $provider_link = $data_provider['link'];
46. if ($provider == "MANUAL") {
47. $provider_key="your key";
48. $provider_link="";
49. $api_postdata = "";
50. $to ="mhmdsyalsa@gmail.com";
51. $subject = "Orderan Manual";
52. $messages ="Hallo kak Andre nih data Orderanya
53. Pemesan :$sess_username
54. Service : $service
55. Quantity: $wujudjnd
56. Harga : $price
57. Link : $post_link";
58. $headers .= 'From: support@andremedia.co' . ""; //bagian ini diganti sesuai dengan email dari pengirim
59. $send_mail=@mail($to, $subject, $messages, $headers);
60. $to ="noveranitaamelia@gmail.com⁠⁠⁠⁠";
61. $subject = "Orderan Manual nih gblg";
62. $messages ="Hallo kak Andre nih data Orderanya
63. Pemesan :$sess_username
64. Service : $service
65. Quantity: $wujudjnd
66. Harga : $price
67. Link : $post_link";
68. $headers .= 'From: support@andremedia.co' . ""; //bagian ini diganti sesuai dengan email dari pengirim
69. $send_mail=@mail($to, $subject, $messages, $headers);
70. } else if ($provider == "") {
71. $provider_key="";
72. $provider_link="";
73. $provider_postdata="key=$provider_key&action=add_order&service=$pid&link=$post_link&quantity=$post_quantity";
74. } else if ($provider == "") {
75. $provider_key="";
76. $provider_link="http:///api.php";
77. $provider_postdata="key=$provider_key&action=add&service=$pid&link=$post_link&quantity=$post_quantity";
78. } else {
79. die("System Error!");
80. }
81.  
82.  
83. $ch = curl_init();
84. curl_setopt($ch, CURLOPT_URL, "$provider_link");
85. curl_setopt($ch, CURLOPT_POST, 1);
86. curl_setopt($ch, CURLOPT_POSTFIELDS, $provider_postdata);
87. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
88. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
89. $chresult = curl_exec($ch);
90. curl_close($ch);
91.  
92. $json_result = json_decode($chresult, true);
93.  
94.  
95. if ($provider == "TL" AND $json_result['error'] == TRUE) {
96. $msg_type = "error";
97. $msg_content = "<b>Gagal:</b> Server Maintenance (1).";
98. } else if ($provider == "ST" AND $json_result['error'] == TRUE) {
99. $msg_type = "error";
100. $msg_content = "<b>Gagal:</b> Server Maintenance (2).";
101. } else {
102. if ($provider == "TL") {
103. $poid = $json_result['order_id'];
104. } else if ($provider == "ST") {
105. $poid = $json_result['order_id'];
106. } else if ($provider == "MANUAL") {
107. $poid= $oid;
108. }
109. $update_user = mysqli_query($db, "UPDATE users SET balance = balance-$price WHERE username = '$username'");
110. if ($update_user == TRUE) {
111. $insert_order = mysqli_query($db, "INSERT INTO orders (oid, poid, user, service, link, quantity, price, status, date, provider, place_from) VALUES ('$oid', '$poid', '$username', '$service', '$post_link', '$post_quantity', '$price', 'Pending', '$date', '$provider', 'API')");
112. if ($insert_order == TRUE) {
113. $array = array("order_id" => "'.$oid.'");
114. } else {
115. $array = array("error" => "System error");
116. }
117. } else {
118. $array = array("error" => "System error");
119. }
120. }
121. }
122. }
123. }
124. } else {
125. $array = array("error" => "Incorrect request");
126. }
127. } else if ($post_action == "add_premium") {
128. if (isset($_POST['service']) AND isset($_POST['link']) AND isset($_POST['quantity'])) {
129. $post_service = $_POST['service'];
130. $post_link = $_POST['link'];
131. $post_quantity = $_POST['quantity'];
132. $leve_user = $data_user['level'];
133. if($leve_user == 'Premium'){
134. if (empty($post_service) || empty($post_link) || empty($post_quantity)) {
135. $array = array("error" => "Incorrect request");
136. } else {
137. $check_service = mysqli_query($db, "SELECT * FROM services1 WHERE sid = '$post_service' AND status = 'Active'");
138. $data_service = mysqli_fetch_assoc($check_service);
139. if (mysqli_num_rows($check_service) == 0) {
140. $array = array("error" => "Service not found");
141. } else {
142. $oid1 = rand(0000000,9999999);
143. $rate = $data_service['price'] / 1000;
144. $price = $rate*$post_quantity;
145. $service = $data_service['service'];
146. $provider = $data_service['provider'];
147. $pid = $data_service['pid'];
148. $wujudjnd=number_format($post_quantity,0,',','.');
149. if ($post_quantity < $data_service['min']) {
150. $array = array("error" => "Quantity inccorect");
151. } else if ($post_quantity > $data_service['max']) {
152. $array = array("error" => "Quantity inccorect");
153. } else if ($data_user['balance'] < $price) {
154. $array = array("error" => "Low balance");
155. } else {
156. $check_provider = mysqli_query($db, "SELECT * FROM provider WHERE code = '$provider'");
157. $data_provider = mysqli_fetch_assoc($check_provider);
158. $provider_key = $data_provider['api_key'];
159. $provider_link = $data_provider['link'];
160. if ($provider == "MANUAL") {
161. $provider_key="your key";
162. $provider_link="";
163. $api_postdata = "";
164. $to ="mhmdsyalsa@gmail.com";
165. $subject = "Orderan Manual";
166. $messages ="Hallo kak Andre nih data Orderanya
167. Pemesan :$sess_username
168. Service : $service
169. Quantity: $wujudjnd
170. Harga : $price
171. Link : $post_link";
172. $headers .= 'From: support@andremedia.co' . ""; //bagian ini diganti sesuai dengan email dari pengirim
173. $send_mail=@mail($to, $subject, $messages, $headers);
174. $to ="noveranitaamelia@gmail.com⁠⁠⁠⁠";
175. $subject = "Orderan Manual nih gblg";
176. $messages ="Hallo kak Andre nih data Orderanya
177. Pemesan :$sess_username
178. Service : $service
179. Quantity: $wujudjnd
180. Harga : $price
181. Link : $post_link";
182. $headers .= 'From: support@andremedia.co' . ""; //bagian ini diganti sesuai dengan email dari pengirim
183. $send_mail=@mail($to, $subject, $messages, $headers);
184. } else if ($provider == "") {
185. $provider_key="";
186. $provider_link="";
187. $provider_postdata="key=$provider_key&action=add_order&service=$pid&link=$post_link&quantity=$post_quantity";
188. } else if ($provider == "") {
189. $provider_key="";
190. $provider_link="";
191. $provider_postdata="key=$provider_key&action=add&service=$pid&link=$post_link&quantity=$post_quantity";
192. }else{
193. die("System Error!");
194. }
195.  
196.  
197. $ch = curl_init();
198. curl_setopt($ch, CURLOPT_URL, "$provider_link");
199. curl_setopt($ch, CURLOPT_POST, 1);
200. curl_setopt($ch, CURLOPT_POSTFIELDS, $provider_postdata);
201. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
202. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
203. $chresult = curl_exec($ch);
204. curl_close($ch);
205.  
206. $json_result = json_decode($chresult, true);
207.  
208.  
209. if ($provider == "TL" AND $json_result['error'] == TRUE) {
210. $msg_type = "error";
211. $msg_content = "<b>Gagal:</b> Server Maintenance (1).";
212. } else if ($provider == "ST" AND $json_result['error'] == TRUE) {
213. $msg_type = "error";
214. $msg_content = "<b>Gagal:</b> Server Maintenance (2).";
215. } else {
216. if ($provider == "TL") {
217. $poid = $json_result['order_id'];
218. } else if ($provider == "ST") {
219. $poid = $json_result['order_id'];
220. }else if ($provider == "MANUAL") {
221. $poid= $oid1;
222. }
223. $update_user = mysqli_query($db, "UPDATE users SET balance = balance-$price WHERE username = '$username'");
224. if ($update_user == TRUE) {
225. $insert_order = mysqli_query($db, "INSERT INTO orders (oid, poid, user, service, link, quantity, price, status, date, provider, place_from) VALUES ('$oid1', '$poid', '$username', '$service', '$post_link', '$post_quantity', '$price', 'Pending', '$date', '$provider', 'API')");
226. if ($insert_order == TRUE) {
227. $array = array("order_id" => "'.$oid1.'");
228. } else {
229. $array = array("error" => "System error");
230. }
231. } else {
232. $array = array("error" => "System error");
233. }
234. }
235. }
236. }
237. }
238. } else {
239. $array = array("error" => "Your Not Premium User");
240. }
241. } else {
242. $array = array("error" => "Incorrect request");
243. }
244. } else if ($post_action == "status") {
245. if (isset($_POST['order_id'])) {
246. $post_oid = $_POST['order_id'];
247. $post_oid = $_POST['order_id'];
248. $check_order = mysqli_query($db, "SELECT * FROM orders WHERE oid = '$post_oid' AND user = '$username'");
249. $data_order = mysqli_fetch_array($check_order);
250. if (mysqli_num_rows($check_order) == 0) {
251. $array = array("error" => "Order not found");
252. } else {
253. $array = array("charge" => $data_order['price'], "start_count" => $data_order['start_count'], "status" => $data_order['status'], "remains" => $data_order['remains']);
254. }
255. } else {
256. $array = array("error" => "Incorrect request");
257. }
258. } else if($post_action == "services") {
259. $check_service = mysqli_query($db, "SELECT * FROM services");
260. while ($data_service = mysqli_fetch_assoc($check_service)) {
261. $array[] = array(
262. "provider_id" => $data_service['sid'],
263. "category" => $data_service['category'],
264. "service" => $data_service['service'],
265. "min_order" => $data_service['min'],
266. "max_order" => $data_service['max'],
267. "note" => $data_service['note'],
268. "price" => $data_service['price']
269. );
270. }
271. } else{
272. $array = array("error" => "Wrong action");
273. }
274. } else {
275. $array = array("error" => "Invalid API key");
276. }
277. }
278. } else {
279. $array = array("error" => "Incorrect request");
280. }
281.  
282. $print = json_encode($array);
283. print_r($print);