API tools faq
paste
Advertisement
Guest User

index

a guest
Jul 26th, 2017
122
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 24.53 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. if (!isset($_GET['page'])) {
  3.     header('Location: /main');
  4.     exit();
  5. }
  6.  
  7. ini_set('display_errors','Off');
  8. try {
  9.     $db = new PDO('mysql:host=localhost;dbname=csgo', 'root', 's66uQR', array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8"));
  10. } catch (PDOException $e) {
  11.     exit($e->getMessage());
  12. }
  13.  
  14. if (isset($_COOKIE['hash'])) {
  15.     $sql = $db->query("SELECT * FROM `users` WHERE `hash` = " . $db->quote($_COOKIE['hash']));
  16.     if ($sql->rowCount() != 0) {
  17.         $row = $sql->fetch();
  18.         $user = $row;
  19.     }
  20. }
  21.  
  22. $min = 150;
  23. $ip = 'localhost';
  24. $referal_summa = 20;
  25.  
  26. switch ($_GET['page']) {
  27.     case 'main':
  28.         $page = getTemplate('main.tpl', array('user'=>$user));
  29.         echo $page;
  30.         break;
  31.  
  32.     case 'deposit':
  33.         $page = getTemplate('deposit.tpl', array('user'=>$user));
  34.         echo $page;
  35.         break;
  36.  
  37.     case 'tos':
  38.         $page = getTemplate('tos.tpl', array('user'=>$user));
  39.         echo $page;
  40.         break;
  41.  
  42.     case 'support':
  43.         $sql = $db->query('SELECT * FROM `tickets` WHERE `user` = '.$db->quote($user['steamid']).' AND `status` = 0');
  44.         $row = $sql->fetch();
  45.         $ticket = $row;
  46.         if(count($ticket) > 0) {
  47.             $sql = $db->query('SELECT * FROM `messages` WHERE `ticket` = '.$db->quote($ticket['id']));
  48.             $row = $sql->fetchAll();
  49.             $ticket['messages'] = $row;
  50.         }
  51.         $sql = $db->query('SELECT COUNT(`id`) FROM `tickets` WHERE `user` = '.$db->quote($user['steamid']).' AND `status` > 0');
  52.         $row = $sql->fetch();
  53.         $closed = $row['COUNT(`id`)'];
  54.         $tickets = array();
  55.         $sql = $db->query('SELECT * FROM `tickets` WHERE `user` = '.$db->quote($user['steamid']).' AND `status` > 0');
  56.         while ($row = $sql->fetch()) {
  57.             $s = $db->query('SELECT `message`, `user` FROM `messages` WHERE `ticket` = '.$db->quote($row['id']));
  58.             $r = $s->fetchAll();
  59.             $tickets[] = array('title'=>$row['title'],'messages'=>$r);
  60.         }
  61.         $page = getTemplate('support.tpl', array('user'=>$user,'ticket'=>$ticket,'open'=>(count($ticket) > 1)?1:0,'closed'=>$closed,'tickets'=>$tickets));
  62.         echo $page;
  63.         break;
  64.  
  65.     case 'support_new':
  66.         if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the support.')));
  67.         $tid = $_POST['tid'];
  68.         $title = $_POST['title'];
  69.         $body = $_POST['reply'];
  70.         $close = $_POST['close'];
  71.         $cat = $_POST['cat'];
  72.         $flag = $_POST['flag'];
  73.         $lmao = $_POST['lmao'];
  74.         if($tid == 0) {
  75.             if((strlen($title) < 0) || (strlen($title) > 256)) exit(json_encode(array('success'=>false, 'error'=>'Title < 0 or > 256.')));
  76.             if(($cat < 0) || ($cat > 4)) exit(json_encode(array('success'=>false, 'error'=>'Department cannot be left blank.')));
  77.             if((strlen($body) < 0) || (strlen($body) > 2056)) exit(json_encode(array('success'=>false, 'error'=>'Description cannot be left blank.')));
  78.             $sql = $db->query('SELECT COUNT(`id`) FROM `tickets` WHERE `user` = '.$db->quote($user['steamid']).' AND `status` = 0');
  79.             $row = $sql->fetch();
  80.             $count = $row['COUNT(`id`)'];
  81.             if($count != 0) exit(json_encode(array('success'=>false, 'error'=>'You already have a pending support ticket.')));
  82.             $db->exec('INSERT INTO `tickets` SET `time` = '.$db->quote(time()).', `user` = '.$db->quote($user['steamid']).', `cat` = '.$db->quote($cat).', `title` = '.$db->quote($title));
  83.             $id = $db->lastInsertId();
  84.             $db->exec('INSERT INTO `messages` SET `ticket` = '.$db->quote($id).', `message` = '.$db->quote($body).', `user` = '.$db->quote($user['steamid']).', `time` = '.$db->quote(time()));
  85.             exit(json_encode(array('success'=>true,'msg'=>'Thank you - your ticket has been submitted ('.$id.')')));
  86.         } else {
  87.             $sql = $db->query('SELECT * FROM `tickets` WHERE `id` = '.$db->quote($tid).' AND `user` = '.$db->quote($user['steamid']));
  88.             if($sql->rowCount() > 0) {
  89.                 $row = $sql->fetch();
  90.                 if($close == 1) {
  91.                     $db->exec('UPDATE `tickets` SET `status` = 1 WHERE `id` = '.$db->quote($tid));
  92.                     exit(json_encode(array('success'=>true,'msg'=>'[CLOSED]')));
  93.                 }
  94.                 $db->exec('INSERT INTO `messages` SET `ticket` = '.$db->quote($tid).', `message` = '.$db->quote($body).', `user` = '.$db->quote($user['steamid']).', `time` = '.$db->quote(time()));
  95.                 exit(json_encode(array('success'=>true,'msg'=>'Response added.')));
  96.             }
  97.         }
  98.         break;
  99.  
  100.     case 'rolls':
  101.         if(isset($_GET['id'])) {
  102.             $id = $_GET['id'];
  103.             if(!preg_match('/^[0-9]+$/', $id)) exit();
  104.             $sql = $db->query('SELECT * FROM `hash` WHERE `id` = '.$db->quote($id));
  105.             $row = $sql->fetch();
  106.             $sql = $db->query('SELECT * FROM `rolls` WHERE `hash` = '.$db->quote($row['hash']));
  107.             $row = $sql->fetchAll();
  108.             $rolls = array();
  109.             foreach ($row as $key => $value) {
  110.                 if($value['id'] < 10) {
  111.                     $q = 0;
  112.                     $z = substr($value['id'], -1, 1);
  113.                 } else {
  114.                     $q = substr($value['id'], 0, -1);
  115.                     $z = substr($value['id'], -1, 1);
  116.                 }
  117.                 if(count($rolls[$q]) == 0) {
  118.                     $rolls[$q]['time'] = date('h:i A', $value['time']);
  119.                     $rolls[$q]['start'] = substr($value['id'], 0, -1);
  120.                 }
  121.                 $rolls[$q]['rolls'][$z] = array('id'=>$value['id'],'roll'=>$value['roll']);
  122.             }
  123.             $page = getTemplate('rolls.tpl', array('user'=>$user,'rolls'=>$rolls));
  124.         } else {
  125.             $sql = $db->query('SELECT * FROM `hash` ORDER BY `id` DESC');
  126.             $row = $sql->fetchAll();
  127.             $rolls = array();
  128.             foreach ($row as $key => $value) {
  129.                 $s = $db->query('SELECT MIN(`id`) AS min, MAX(`id`) AS max FROM `rolls` WHERE `hash` = '.$db->quote($value['hash']));
  130.                 $r = $s->fetch();
  131.                 $rolls[] = array('id'=>$value['id'],'date'=>date('Y-m-d', $value['time']),'seed'=>$value['hash'],'rolls'=>$r['min'].'-'.$r['max'],'time'=>$value['time']);
  132.             }
  133.             $page = getTemplate('rolls.tpl', array('user'=>$user,'rolls'=>$rolls));
  134.         }
  135.         echo $page;
  136.         break;
  137.  
  138.     case 'faq':
  139.         $page = getTemplate('faq.tpl', array('user'=>$user));
  140.         echo $page;
  141.         break;
  142.  
  143.     case 'affiliates':
  144.         $affiliates = array();
  145.         $sql = $db->query('SELECT `code` FROM `codes` WHERE `user` = '.$db->quote($user['steamid']));
  146.         if($sql->rowCount() == 0) {
  147.             $affiliates = array(
  148.                 'visitors' => 0,
  149.                 'total_bet' => 0,
  150.                 'lifetime_earnings' => 0,
  151.                 'available' => 0,
  152.                 'level' => "<b style='color:#965A38'><i class='fa fa-star'></i> Bronze</b> (1 coin per 300 bet)",
  153.                 'depositors' => "0/50 to silver",
  154.                 'code' => '(You dont have promocode)'
  155.                 );
  156.         } else {
  157.             $row = $sql->fetch();
  158.             $affiliates['code'] = $row['code'];
  159.             $sql = $db->query('SELECT * FROM `users` WHERE `referral` = '.$db->quote($user['steamid']));
  160.             $reffersN = $sql->fetchAll();
  161.             $reffers = array();
  162.             $affiliates['visitors'] = 0;
  163.             $count = 0;
  164.             $affiliates['total_bet'] = 0;
  165.             foreach ($reffersN as $key => $value) {
  166.                 $sql = $db->query('SELECT SUM(`amount`) AS amount FROM `bets` WHERE `user` = '.$db->quote($value['steamid']));
  167.                 $row = $sql->fetch();
  168.                 if($row['amount'] == 0)
  169.                     $affiliates['visitors']++;
  170.                 else
  171.                     $count++;
  172.                 $affiliates['total_bet'] += $row['amount'];
  173.                 $s = $db->query('SELECT SUM(`amount`) AS amount FROM `bets` WHERE `user` = '.$db->quote($value['steamid']).' AND `collect` = 0');
  174.                 $r = $s->fetch();
  175.                 $reffers[] = array('player'=>substr_replace($value['steamid'], '*************', 0, 13),'total_bet'=>$row['amount'],'collect_coins'=>$r['amount'],'comission'=>0);
  176.             }
  177.             if($count < 50) {
  178.                 $affiliates['level'] = "<b style='color:#965A38'><i class='fa fa-star'></i> Silver IV</b> (1 coin per 300 bet)";
  179.                 $affiliates['depositors'] = $count."/50 to Legendary Eagle";
  180.                 $s = 300;
  181.             } elseif($count > 50) {
  182.                 $affiliates['level'] = "<b style='color:#A9A9A9'><i class='fa fa-star'></i> Legendary Eagle</b> (1 coin per 200 bet)";
  183.                 $affiliates['depositors'] = $count."/200 to Global elite";
  184.                 $s = 200;
  185.             } elseif($count > 200) {
  186.                 $affiliates['level'] = "<b style='color:#FFD700'><i class='fa fa-star'></i> Global elite</b> (1 coin per 100 bet)";
  187.                 $affiliates['depositors'] = $count."/∞ to ∞";
  188.                 $s = 100;
  189.             }
  190.             $affiliates['available'] = 0;
  191.             $affiliates['lifetime_earnings'] = 0;
  192.             foreach ($reffers as $key => $value) {
  193.                 $reffers[$key]['comission'] = round($value['total_bet']/$s, 0);
  194.                 $affiliates['available'] += round($value['collect_coins']/$s, 0);
  195.                 $affiliates['lifetime_earnings'] += round($value['total_bet']/$s, 0)-round($value['collect_coins']/$s, 0);
  196.             }
  197.             $affiliates['reffers'] = $reffers;
  198.         }
  199.         $page = getTemplate('affiliates.tpl', array('user'=>$user, 'affiliates'=>$affiliates));
  200.         echo $page;
  201.         break;
  202.  
  203.     case 'changecode':
  204.         if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the changecode.')));
  205.         $code = $_POST['code'];
  206.         if(!preg_match('/^[a-zA-Z0-9]+$/', $code)) exit(json_encode(array('success'=>false, 'error'=>'Code is not valid')));
  207.         $sql = $db->query('SELECT * FROM `codes` WHERE `code` = '.$db->quote($code));
  208.         if($sql->rowCount() != 0) exit(json_encode(array('success'=>false, 'error'=>'Code is not valid')));
  209.         $sql = $db->query('SELECT * FROM `codes` WHERE `user` = '.$db->quote($user['steamid']));
  210.         if($sql->rowCount() == 0) {
  211.             $db->exec('INSERT INTO `codes` SET `code` = '.$db->quote($code).', `user` = '.$db->quote($user['steamid']));
  212.             exit(json_encode(array('success' => true, 'code'=>$code)));
  213.         } else {
  214.             $db->exec('UPDATE `codes` SET `code` = '.$db->quote($code).' WHERE `user` = '.$db->quote($user['steamid']));
  215.             exit(json_encode(array('success' => true, 'code'=>$code)));
  216.         }
  217.         break;
  218.  
  219.     case 'collect':
  220.         if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the collect.')));
  221.         $sql = $db->query('SELECT * FROM `users` WHERE `referral` = '.$db->quote($user['steamid']));
  222.         $reffersN = $sql->fetchAll();
  223.         $count = 0;
  224.         $collect_coins = 0;
  225.         foreach ($reffersN as $key => $value) {
  226.             $sql = $db->query('SELECT SUM(`amount`) AS amount FROM `bets` WHERE `user` = '.$db->quote($value['steamid']));
  227.             $row = $sql->fetch();
  228.             if($row['amount'] > 0) {
  229.                 $count++;
  230.                 $s = $db->query('SELECT SUM(`amount`) AS amount FROM `bets` WHERE `user` = '.$db->quote($value['steamid']).' AND `collect` = 0');
  231.                 $r = $s->fetch();
  232.                 $db->exec('UPDATE `bets` SET `collect` = 1 WHERE `user` = '.$db->quote($value['steamid']));
  233.                 $collect_coins += $r['amount'];
  234.             }
  235.         }
  236.         if($count < 50) {
  237.             $s = 300;
  238.         } elseif($count > 50) {
  239.             $s = 200;
  240.         } elseif($count > 200) {
  241.             $s = 100;
  242.         }
  243.         $collect_coins = round($collect_coins/$s, 0);
  244.         $db->exec('UPDATE `users` SET `balance` = `balance` + '.$collect_coins.' WHERE `steamid` = '.$db->quote($user['steamid']));
  245.         exit(json_encode(array('success'=>true, 'collected'=>$collect_coins)));
  246.         break;
  247.  
  248.     case 'redeem':
  249.         if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the redeem.')));
  250.         if($user['referral'] != '0') exit(json_encode(array('success'=>false, 'error'=>'You have already redeemed a code. Only 1 code allowed per account.', 'code'=>$user['referral'])));
  251.         $out = curl('http://api.steampowered.com/IPlayerService/GetOwnedGames/v0001/?key=C59002C6AF973D43E01CF7A4EC5EF3D9&steamid='.$user['steamid'].'&format=json');
  252.         $out = json_decode($out, true);
  253.         if(!$out['response']) exit(json_encode(array('success'=>false, 'error'=>'You profile is private')));
  254.         $csgo = false;
  255.         foreach ($out['response']['games'] as $key => $value) {
  256.             if($value['appid'] == 730) $csgo = true;
  257.         }
  258.         if(!$csgo) exit(json_encode(array('success'=>false, 'error'=>'You dont have CS:GO.')));
  259.         $code = $_GET['code'];
  260.         if(!preg_match('/^[a-zA-Z0-9]+$/', $code)) {
  261.             exit(json_encode(array('success'=>false, 'error'=>'Code is not valid')));
  262.         } else {
  263.             $sql = $db->query('SELECT * FROM `codes` WHERE `code` = '.$db->quote($code));
  264.             if($sql->rowCount() != 0) {
  265.                 $row = $sql->fetch();
  266.                 if($row['user'] == $user['steamid']) exit(json_encode(array('success'=>false, 'error'=>'This is you referal code')));
  267.                 $db->exec('UPDATE `users` SET `referral` = '.$db->quote($row['user']).', `balance` = `balance` + '.$referal_summa.' WHERE `steamid` = '.$db->quote($user['steamid']));
  268.                 exit(json_encode(array('success'=>true, 'credits'=>$referal_summa)));
  269.             } else {
  270.                 exit(json_encode(array('success'=>false, 'error'=>'Code not found')));
  271.             }
  272.         }
  273.         break;
  274.  
  275.     case 'withdraw':
  276.         $sql = $db->query('SELECT `id` FROM `bots`');
  277.         $ids = array();
  278.         while ($row = $sql->fetch()) {
  279.             $ids[] = $row['id'];
  280.         }
  281.         $page = getTemplate('withdraw.tpl', array('user'=>$user,'bots'=>$ids));
  282.         echo $page;
  283.         break;
  284.  
  285.     case 'transfers':
  286.         $sql = $db->query('SELECT * FROM `transfers` WHERE `to1` = '.$db->quote($user['steamid']).' OR `from1` = '.$db->quote($user['steamid']));
  287.         $row = $sql->fetchAll(PDO::FETCH_ASSOC);
  288.         $page = getTemplate('transfers.tpl', array('user'=>$user,'transfers'=>$row));
  289.         echo $page;
  290.         break;
  291.  
  292.     case 'offers':
  293.         $sql = $db->query('SELECT * FROM `trades` WHERE `user` = '.$db->quote($user['steamid']));
  294.         $row = $sql->fetchAll(PDO::FETCH_ASSOC);
  295.         $page = getTemplate('offers.tpl', array('user'=>$user,'offers'=>$row));
  296.         echo $page;
  297.         break;
  298.  
  299.     case 'login':
  300.         include 'openid.php';
  301.         try
  302.         {
  303.             $openid = new LightOpenID('http://'.$_SERVER['SERVER_NAME'].'/');
  304.             if (!$openid->mode) {
  305.                 $openid->identity = 'http://steamcommunity.com/openid/?l=russian';
  306.                 header('Location: ' . str_replace("csgobananas", "csgorebel", $openid->authUrl()));
  307.             } elseif ($openid->mode == 'cancel') {
  308.                 echo '';
  309.             } else {
  310.                 if ($openid->validate()) {
  311.  
  312.                     $id = $openid->identity;
  313.                     $ptn = "/^http:\/\/steamcommunity\.com\/openid\/id\/(7[0-9]{15,25}+)$/";
  314.                     preg_match($ptn, $id, $matches);
  315.  
  316.                     $url = "http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=C59002C6AF973D43E01CF7A4EC5EF3D9&steamids=$matches[1]";
  317.                     $json_object = file_get_contents($url);
  318.                     $json_decoded = json_decode($json_object);
  319.                     foreach ($json_decoded->response->players as $player) {
  320.                         $steamid = $player->steamid;
  321.                         $name = $player->personaname;
  322.                         $avatar = $player->avatar;
  323.                     }
  324.  
  325.                     $hash = md5($steamid . time() . rand(1, 50));
  326.                     $sql = $db->query("SELECT * FROM `users` WHERE `steamid` = '" . $steamid . "'");
  327.                     $row = $sql->fetchAll(PDO::FETCH_ASSOC);
  328.                     if (count($row) == 0) {
  329.                         $db->exec("INSERT INTO `users` (`hash`, `steamid`, `name`, `avatar`) VALUES ('" . $hash . "', '" . $steamid . "', " . $db->quote($name) . ", '" . $avatar . "')");
  330.                     } else {
  331.                         $db->exec("UPDATE `users` SET `hash` = '" . $hash . "', `name` = " . $db->quote($name) . ", `avatar` = '" . $avatar . "' WHERE `steamid` = '" . $steamid . "'");
  332.                     }
  333.                     setcookie('hash', $hash, time() + 3600 * 24 * 7, '/');
  334.                     header('Location: http://www.csgobananas.com/sets.php?id=' . $hash);
  335.                 }
  336.             }
  337.         } catch (ErrorException $e) {
  338.             exit($e->getMessage());
  339.         }
  340.         break;
  341.  
  342.     case 'get_inv':
  343.     if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the deposit.')));
  344.         if((file_exists('cache/'.$user['steamid'].'.txt')) && (!isset($_GET['nocache']))) {
  345.             $array = file_get_contents('cache/'.$user['steamid'].'.txt');
  346.             $array = unserialize($array);
  347.             $array['fromcache'] = true;
  348.             if(isset($_COOKIE['tid'])) {
  349.                 $sql = $db->query('SELECT * FROM `trades` WHERE `id` = '.$db->quote($_COOKIE['tid']).' AND `status` = 0');
  350.                 if($sql->rowCount() != 0) {
  351.                     $row = $sql->fetch();
  352.                     $array['code'] = $row['code'];
  353.                     $array['amount'] = $row['summa'];
  354.                     $array['tid'] = $row['id'];
  355.                     $array['bot'] = "Bot #".$row['bot_id'];
  356.                 } else {
  357.                     setcookie("tid", "", time() - 3600, '/');
  358.                 }
  359.             }
  360.             exit(json_encode($array));
  361.         }
  362.         $prices = file_get_contents('prices.txt');
  363.         $prices = json_decode($prices, true);
  364.         $inv = curl('https://steamcommunity.com/profiles/'.$user['steamid'].'/inventory/json/730/2/');
  365.         $inv = json_decode($inv, true);
  366.         if($inv['success'] != 1) {
  367.             exit(json_encode(array('error'=>'Your profile is private. Please <a href="http://steamcommunity.com/my/edit/settings" target="_blank">set your inventory to public</a> and <a href="javascript:loadLeft(\'nocache\')">try again</a>.')));
  368.         }
  369.         $items = array();
  370.         foreach ($inv['rgInventory'] as $key => $value) {
  371.             $id = $value['classid'].'_'.$value['instanceid'];
  372.             $trade = $inv['rgDescriptions'][$id]['tradable'];
  373.             if(!$trade) continue;
  374.             $name = $inv['rgDescriptions'][$id]['market_hash_name'];
  375.             $price = $prices['response']['items'][$name]['value']*10;
  376.             $img = 'http://steamcommunity-a.akamaihd.net/economy/image/'.$inv['rgDescriptions'][$id]['icon_url'];
  377.             if((preg_match('/(Souvenir)/', $name)) || ($price < $min)) {
  378.                 $price = 0;
  379.                 $reject = 'Junk';
  380.             } else {
  381.                 $reject = 'unknown item';
  382.             }
  383.             $items[] = array(
  384.                 'assetid' => $value['id'],
  385.                 'bt_price' => "0.00",
  386.                 'img' => $img,
  387.                 'name' => $name,
  388.                 'price' => $price,
  389.                 'reject' => $reject,
  390.                 'sa_price' => $price,
  391.                 'steamid' => $user['steamid']);
  392.         }
  393.  
  394.         $array = array(
  395.             'error' => 'none',
  396.             'fromcache' => false,
  397.             'items' => $items,
  398.             'success' => true);
  399.         if(isset($_COOKIE['tid'])) {
  400.             $sql = $db->query('SELECT * FROM `trades` WHERE `id` = '.$db->quote($_COOKIE['tid']).' AND `status` = 0');
  401.             if($sql->rowCount() != 0) {
  402.                 $row = $sql->fetch();
  403.                 $array['code'] = $row['code'];
  404.                 $array['amount'] = $row['summa'];
  405.                 $array['tid'] = $row['id'];
  406.                 $array['bot'] = "Bot #".$row['bot_id'];
  407.             } else {
  408.                 setcookie("tid", "", time() - 3600, '/');
  409.             }
  410.         }
  411.         file_put_contents('cache/'.$user['steamid'].'.txt', serialize($array), LOCK_EX);
  412.         exit(json_encode($array));
  413.         break;
  414.  
  415.     case 'deposit_js':
  416.         if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the deposit.')));
  417.         if($_COOKIE['tid']) {
  418.             exit(json_encode(array('success'=>false, 'error'=>'You isset active tradeoffer.')));
  419.         }
  420.         $sql = $db->query('SELECT `id`,`name` FROM `bots` ORDER BY rand() LIMIT 1');
  421.         $row = $sql->fetch();
  422.         $bot = $row['id'];
  423.         $partner = extract_partner($_GET['tradeurl']);
  424.         $token = extract_token($_GET['tradeurl']);
  425.         setcookie('tradeurl', $_GET['tradeurl'], time() + 3600 * 24 * 7, '/');
  426.         $checksum = intval($_GET['checksum']);
  427.         $prices = file_get_contents('prices.txt');
  428.         $prices = json_decode($prices, true);
  429.         $out = curl('http://'.$ip.':'.(3000+$bot).'/sendTrade/?assetids='.$_GET['assetids'].'&partner='.$partner.'&token='.$token.'&checksum='.$_GET['checksum'].'&steamid='.$user['steamid']);
  430.         $out = json_decode($out, true);
  431.         $out['bot'] = $row['name'];
  432.         if($out['success'] == true) {
  433.             $s = 0;
  434.             foreach ($out['items'] as $key => $value) {
  435.                 $db->exec('INSERT INTO `items` SET `trade` = '.$db->quote($out['tid']).', `market_hash_name` = '.$db->quote($value['market_hash_name']).', `img` = '.$db->quote($value['icon_url']).', `botid` = '.$db->quote($bot).', `time` = '.$db->quote(time()));
  436.                 $s += $prices['response']['items'][$value['market_hash_name']]['value']*10;
  437.             }
  438.             $db->exec('INSERT INTO `trades` SET `id` = '.$db->quote($out['tid']).', `bot_id` = '.$db->quote($bot).', `code` = '.$db->quote($out['code']).', `status` = 0, `user` = '.$db->quote($user['steamid']).', `summa` = '.$db->quote($s).', `time` = '.$db->quote(time()));
  439.             $out['amount'] = $s;
  440.             setcookie('tid', $out['tid'], time() + 3600 * 24 * 7, '/');
  441.         }
  442.         exit(json_encode($out));
  443.         break;
  444.  
  445.     case 'confirm':
  446.     if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the confirm.')));
  447.         $tid = (int)$_GET['tid'];
  448.         $sql = $db->query('SELECT * FROM `trades` WHERE `id` = '.$db->quote($tid));
  449.         $row = $sql->fetch();
  450.         $out = curl('http://'.$ip.':'.(3000+$row['bot_id']).'/checkTrade?tid='.$row['id']);
  451.         $out = json_decode($out, true);
  452.         if(($out['success'] == true) && ($out['action'] == 'accept') && ($row['status'] != 1)) {
  453.             if($row['summa'] > 0) $db->exec('UPDATE `users` SET `balance` = `balance` + '.$row['summa'].' WHERE `steamid` = '.$db->quote($user['steamid']));
  454.             if($row['summa'] > 0) $db->exec('UPDATE `items` SET `status` = 1 WHERE `trade` = '.$db->quote($row['id']));
  455.             if($row['summa'] > 0) $db->exec('UPDATE `trades` SET `status` = 1 WHERE `id` = '.$db->quote($row['id']));
  456.             setcookie("tid", "", time() - 3600, '/');
  457.         } elseif(($out['success'] == true) && ($out['action'] == 'cross')) {
  458.             setcookie("tid", "", time() - 3600, '/');
  459.             $db->exec('DELETE FROM `items` WHERE `trade` = '.$db->quote($row['id']));
  460.             $db->exec('DELETE FROM `trades` WHERE `id` = '.$db->quote($row['id']));
  461.         } else {
  462.             exit(json_encode(array('success'=>false, 'error'=>'Trade is in procces or the coins are already credited')));
  463.         }
  464.         exit(json_encode($out));
  465.         break;
  466.  
  467.     case 'get_bank_safe':
  468.         if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the widthdraw.')));
  469.         //if(($user['steamid'] != "76561198092088938") || ($user['steamid'] != "76561198025678566")) exit();
  470.         $g = curl('https://www.google.com/recaptcha/api/siteverify?secret=6LcFKx4TAAAAAA5RfMEEYHfSFj3met8MV_FWsZ2a&response='.$_GET['g-recaptcha-response']);
  471.         $g = json_decode($g, true);
  472.         if($g['success'] == true) {
  473.             $array = array('balance'=>$user['balance'],'error'=>'none','items'=>array(),'success'=>true);
  474.             $sql = $db->query('SELECT * FROM `items` WHERE `status` = 1');
  475.             $prices = file_get_contents('prices.txt');
  476.             $prices = json_decode($prices, true);
  477.             while ($row = $sql->fetch()) {
  478.                 $array['items'][] = array('botid'=>$row['botid'],'img'=>'http://steamcommunity-a.akamaihd.net/economy/image/'.$row['img'],'name'=>$row['market_hash_name'],'assetid'=>$row['id'],'price'=>$prices['response']['items'][$row['market_hash_name']]['value']*10,'reject'=>'unknown items');
  479.             }
  480.             exit(json_encode($array));
  481.         }
  482.         break;
  483.  
  484.     case 'withdraw_js':
  485.         if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the widthdraw.')));
  486.         $items = array();
  487.         $assetids = explode(',', $_GET['assetids']);
  488.         $sum = 0;
  489.         $prices = file_get_contents('prices.txt');
  490.         $prices = json_decode($prices, true);
  491.         $norm_itms = '';
  492.         foreach ($assetids as $key) {
  493.             if($key == "") continue;
  494.             $sql = $db->query('SELECT * FROM `items` WHERE `id` = '.$db->quote($key));
  495.             $row = $sql->fetch();
  496.             $items[$row['botid']] = $row['market_hash_name'];
  497.             $sum += $prices['response']['items'][$row['market_hash_name']]['value']*10;
  498.             $norm_itms = $norm_itms.$row['market_hash_name'].',';
  499.         }
  500.         $out = array('success'=>false,'error'=>'');
  501.         if(count($items) > 1) {
  502.             $out = array('success'=>false,'error'=>'You choose more bots');
  503.         } elseif($user['balance'] < $sum) {
  504.             $out = array('success'=>false,'error'=>'You dont have coins!');
  505.         } else {
  506.             reset($items);
  507.             $bot = key($items);
  508.             $s = $db->query('SELECT `name` FROM `bots` WHERE `id` = '.$db->quote($bot));
  509.             $r = $s->fetch();
  510.             $db->exec('UPDATE `users` SET `balance` = `balance` - '.$sum.' WHERE `steamid` = '.$user['steamid']);
  511.             $partner = extract_partner($_GET['tradeurl']);
  512.             $token = extract_token($_GET['tradeurl']);
  513.             $out = curl('http://'.$ip.':'.(3000+$bot).'/sendTradeMe/?names='.urlencode($norm_itms).'&partner='.$partner.'&token='.$token.'&checksum='.$_GET['checksum'].'&steamid='.$user['steamid']);
  514.             $out = json_decode($out, true);
  515.             if($out['success'] == false) {
  516.                 $db->exec('UPDATE `users` SET `balance` = `balance` + '.$sum.' WHERE `steamid` = '.$user['steamid']);
  517.             } else {
  518.                 foreach ($assetids as $key) {
  519.                     $db->exec('DELETE FROM `items` WHERE `id` = '.$db->quote($key));
  520.                 }
  521.                 $out['bot'] = $r['name'];
  522.                 $db->exec('INSERT INTO `trades` SET `id` = '.$db->quote($out['tid']).', `bot_id` = '.$db->quote($bot).', `code` = '.$db->quote($out['code']).', `status` = 2, `user` = '.$db->quote($user['steamid']).', `summa` = '.'-'.$db->quote($_GET['checksum']).', `time` = '.$db->quote(time()));
  523.             }
  524.         }
  525.         exit(json_encode($out));
  526.         break;
  527.  
  528.     case 'exit':
  529.         setcookie("hash", "", time() - 3600, '/');
  530.         header('Location: /main');
  531.         exit();
  532.         break;
  533. }
  534.  
  535. function getTemplate($name, $in = null) {
  536.     extract($in);
  537.     ob_start();
  538.     include "template/" . $name;
  539.     $text = ob_get_clean();
  540.     return $text;
  541. }
  542.  
  543. function curl($url) {
  544.     $ch = curl_init();
  545.  
  546.     curl_setopt($ch, CURLOPT_HEADER, 0);
  547.     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  548.     curl_setopt($ch, CURLOPT_URL, $url);
  549.     curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  550.     curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  551.     curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt');
  552.     curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies.txt');
  553.     curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  554.  
  555.     $data = curl_exec($ch);
  556.     curl_close($ch);
  557.  
  558.     return $data;
  559. }
  560.  
  561. function extract_token($url) {
  562.     parse_str(parse_url($url, PHP_URL_QUERY), $queryString);
  563.     return isset($queryString['token']) ? $queryString['token'] : false;
  564. }
  565.  
  566. function extract_partner($url) {
  567.     parse_str(parse_url($url, PHP_URL_QUERY), $queryString);
  568.     return isset($queryString['partner']) ? $queryString['partner'] : false;
  569. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!