API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 22nd, 2018
85
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 26.00 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. if (!isset($_GET['page'])) {
  3. header('Location: /main');
  4. exit();
  5. }
  6.  
  7. ini_set('display_errors','Off');
  8. try {
  9. $db = new PDO('mysql:host=localhost;dbname=csgo', 'root', 'leeee123', array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8"));
  10. } catch (PDOException $e) {
  11. exit($e->getMessage());
  12. }
  13.  
  14. if (isset($_COOKIE['hash'])) {
  15. $sql = $db->query("SELECT * FROM `users` WHERE `hash` = " . $db->quote($_COOKIE['hash']));
  16. if ($sql->rowCount() != 0) {
  17. $row = $sql->fetch();
  18. $user = $row;
  19. }
  20. }
  21.  
  22. $min = 1;
  23. $ip = 'localhost';
  24. $referal_summa = 20;
  25.  
  26. switch ($_GET['page']) {
  27. case 'main':
  28. $page = getTemplate('main.tpl', array('user'=>$user));
  29. echo $page;
  30. break;
  31.  
  32. case 'deposit':
  33. $page = getTemplate('deposit.tpl', array('user'=>$user));
  34. echo $page;
  35. break;
  36.  
  37. case 'tos':
  38. $page = getTemplate('tos.tpl', array('user'=>$user));
  39. echo $page;
  40. break;
  41.  
  42. case 'support':
  43. $sql = $db->query('SELECT * FROM `tickets` WHERE `user` = '.$db->quote($user['steamid']).' AND `status` = 0');
  44. $row = $sql->fetch();
  45. $ticket = $row;
  46. if(count($ticket) > 0) {
  47. $sql = $db->query('SELECT * FROM `messages` WHERE `ticket` = '.$db->quote($ticket['id']));
  48. $row = $sql->fetchAll();
  49. $ticket['messages'] = $row;
  50. }
  51. $sql = $db->query('SELECT COUNT(`id`) FROM `tickets` WHERE `user` = '.$db->quote($user['steamid']).' AND `status` > 0');
  52. $row = $sql->fetch();
  53. $closed = $row['COUNT(`id`)'];
  54. $tickets = array();
  55. $sql = $db->query('SELECT * FROM `tickets` WHERE `user` = '.$db->quote($user['steamid']).' AND `status` > 0');
  56. while ($row = $sql->fetch()) {
  57. $s = $db->query('SELECT `message`, `user` FROM `messages` WHERE `ticket` = '.$db->quote($row['id']));
  58. $r = $s->fetchAll();
  59. $tickets[] = array('title'=>$row['title'],'messages'=>$r);
  60. }
  61. $page = getTemplate('support.tpl', array('user'=>$user,'ticket'=>$ticket,'open'=>(count($ticket) > 1)?1:0,'closed'=>$closed,'tickets'=>$tickets));
  62. echo $page;
  63. break;
  64.  
  65. case 'support_new':
  66. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the support.')));
  67. $tid = $_POST['tid'];
  68. $title = $_POST['title'];
  69. $body = $_POST['reply'];
  70. $close = $_POST['close'];
  71. $cat = $_POST['cat'];
  72. $flag = $_POST['flag'];
  73. $lmao = $_POST['lmao'];
  74. if($tid == 0) {
  75. if((strlen($title) < 0) || (strlen($title) > 256)) exit(json_encode(array('success'=>false, 'error'=>'Title < 0 or > 256.')));
  76. if(($cat < 0) || ($cat > 4)) exit(json_encode(array('success'=>false, 'error'=>'Department cannot be left blank.')));
  77. if((strlen($body) < 0) || (strlen($body) > 2056)) exit(json_encode(array('success'=>false, 'error'=>'Description cannot be left blank.')));
  78. $sql = $db->query('SELECT COUNT(`id`) FROM `tickets` WHERE `user` = '.$db->quote($user['steamid']).' AND `status` = 0');
  79. $row = $sql->fetch();
  80. $count = $row['COUNT(`id`)'];
  81. if($count != 0) exit(json_encode(array('success'=>false, 'error'=>'You already have a pending support ticket.')));
  82. $db->exec('INSERT INTO `tickets` SET `time` = '.$db->quote(time()).', `user` = '.$db->quote($user['steamid']).', `cat` = '.$db->quote($cat).', `title` = '.$db->quote($title));
  83. $id = $db->lastInsertId();
  84. $db->exec('INSERT INTO `messages` SET `ticket` = '.$db->quote($id).', `message` = '.$db->quote($body).', `user` = '.$db->quote($user['steamid']).', `time` = '.$db->quote(time()));
  85. exit(json_encode(array('success'=>true,'msg'=>'Thank you - your ticket has been submitted ('.$id.')')));
  86. } else {
  87. $sql = $db->query('SELECT * FROM `tickets` WHERE `id` = '.$db->quote($tid).' AND `user` = '.$db->quote($user['steamid']));
  88. if($sql->rowCount() > 0) {
  89. $row = $sql->fetch();
  90. if($close == 1) {
  91. $db->exec('UPDATE `tickets` SET `status` = 1 WHERE `id` = '.$db->quote($tid));
  92. exit(json_encode(array('success'=>true,'msg'=>'[CLOSED]')));
  93. }
  94. $db->exec('INSERT INTO `messages` SET `ticket` = '.$db->quote($tid).', `message` = '.$db->quote($body).', `user` = '.$db->quote($user['steamid']).', `time` = '.$db->quote(time()));
  95. exit(json_encode(array('success'=>true,'msg'=>'Response added.')));
  96. }
  97. }
  98. break;
  99.  
  100. case 'rolls':
  101. if(isset($_GET['id'])) {
  102. $id = $_GET['id'];
  103. if(!preg_match('/^[0-9]+$/', $id)) exit();
  104. $sql = $db->query('SELECT * FROM `hash` WHERE `id` = '.$db->quote($id));
  105. $row = $sql->fetch();
  106. $sql = $db->query('SELECT * FROM `rolls` WHERE `hash` = '.$db->quote($row['hash']));
  107. $row = $sql->fetchAll();
  108. $rolls = array();
  109. foreach ($row as $key => $value) {
  110. if($value['id'] < 10) {
  111. $q = 0;
  112. $z = substr($value['id'], -1, 1);
  113. } else {
  114. $q = substr($value['id'], 0, -1);
  115. $z = substr($value['id'], -1, 1);
  116. }
  117. if(count($rolls[$q]) == 0) {
  118. $rolls[$q]['time'] = date('h:i A', $value['time']);
  119. $rolls[$q]['start'] = substr($value['id'], 0, -1);
  120. }
  121. $rolls[$q]['rolls'][$z] = array('id'=>$value['id'],'roll'=>$value['roll']);
  122. }
  123. $page = getTemplate('rolls.tpl', array('user'=>$user,'rolls'=>$rolls));
  124. } else {
  125. $sql = $db->query('SELECT * FROM `hash` ORDER BY `id` DESC');
  126. $row = $sql->fetchAll();
  127. $rolls = array();
  128. foreach ($row as $key => $value) {
  129. $s = $db->query('SELECT MIN(`id`) AS min, MAX(`id`) AS max FROM `rolls` WHERE `hash` = '.$db->quote($value['hash']));
  130. $r = $s->fetch();
  131. $rolls[] = array('id'=>$value['id'],'date'=>date('Y-m-d', $value['time']),'seed'=>$value['hash'],'rolls'=>$r['min'].'-'.$r['max'],'time'=>$value['time']);
  132. }
  133. $page = getTemplate('rolls.tpl', array('user'=>$user,'rolls'=>$rolls));
  134. }
  135. echo $page;
  136. break;
  137.  
  138. case 'faq':
  139. $page = getTemplate('faq.tpl', array('user'=>$user));
  140. echo $page;
  141. break;
  142.  
  143. case 'affiliates':
  144. $affiliates = array();
  145. $sql = $db->query('SELECT `code` FROM `codes` WHERE `user` = '.$db->quote($user['steamid']));
  146. if($sql->rowCount() == 0) {
  147. $affiliates = array(
  148. 'visitors' => 0,
  149. 'total_bet' => 0,
  150. 'lifetime_earnings' => 0,
  151. 'available' => 0,
  152. 'level' => "<b style='color:#965A38'><i class='fa fa-star'></i> Bronze</b> (1 coin per 300 bet)",
  153. 'depositors' => "0/50 to silver",
  154. 'code' => '(You dont have promocode)'
  155. );
  156. } else {
  157. $row = $sql->fetch();
  158. $affiliates['code'] = $row['code'];
  159. $sql = $db->query('SELECT * FROM `users` WHERE `referral` = '.$db->quote($user['steamid']));
  160. $reffersN = $sql->fetchAll();
  161. $reffers = array();
  162. $affiliates['visitors'] = 0;
  163. $count = 0;
  164. $affiliates['total_bet'] = 0;
  165. foreach ($reffersN as $key => $value) {
  166. $sql = $db->query('SELECT SUM(`amount`) AS amount FROM `bets` WHERE `user` = '.$db->quote($value['steamid']));
  167. $row = $sql->fetch();
  168. if($row['amount'] == 0)
  169. $affiliates['visitors']++;
  170. else
  171. $count++;
  172. $affiliates['total_bet'] += $row['amount'];
  173. $s = $db->query('SELECT SUM(`amount`) AS amount FROM `bets` WHERE `user` = '.$db->quote($value['steamid']).' AND `collect` = 0');
  174. $r = $s->fetch();
  175. $reffers[] = array('player'=>substr_replace($value['steamid'], '*************', 0, 13),'total_bet'=>$row['amount'],'collect_coins'=>$r['amount'],'comission'=>0);
  176. }
  177. if($count < 50) {
  178. $affiliates['level'] = "<b style='color:#965A38'><i class='fa fa-star'></i> Silver IV</b> (1 coin per 300 bet)";
  179. $affiliates['depositors'] = $count."/50 to Legendary Eagle";
  180. $s = 300;
  181. } elseif($count > 50) {
  182. $affiliates['level'] = "<b style='color:#A9A9A9'><i class='fa fa-star'></i> Legendary Eagle</b> (1 coin per 200 bet)";
  183. $affiliates['depositors'] = $count."/200 to Global elite";
  184. $s = 200;
  185. } elseif($count > 200) {
  186. $affiliates['level'] = "<b style='color:#FFD700'><i class='fa fa-star'></i> Global elite</b> (1 coin per 100 bet)";
  187. $affiliates['depositors'] = $count."/∞ to ∞";
  188. $s = 100;
  189. }
  190. $affiliates['available'] = 0;
  191. $affiliates['lifetime_earnings'] = 0;
  192. foreach ($reffers as $key => $value) {
  193. $reffers[$key]['comission'] = round($value['total_bet']/$s, 0);
  194. $affiliates['available'] += round($value['collect_coins']/$s, 0);
  195. $affiliates['lifetime_earnings'] += round($value['total_bet']/$s, 0)-round($value['collect_coins']/$s, 0);
  196. }
  197. $affiliates['reffers'] = $reffers;
  198. }
  199. $page = getTemplate('affiliates.tpl', array('user'=>$user, 'affiliates'=>$affiliates));
  200. echo $page;
  201. break;
  202.  
  203. case 'changecode':
  204. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the changecode.')));
  205. $code = $_POST['code'];
  206. if(!preg_match('/^[a-zA-Z0-9]+$/', $code)) exit(json_encode(array('success'=>false, 'error'=>'Code is not valid')));
  207. $sql = $db->query('SELECT * FROM `codes` WHERE `code` = '.$db->quote($code));
  208. if($sql->rowCount() != 0) exit(json_encode(array('success'=>false, 'error'=>'Code is not valid')));
  209. $sql = $db->query('SELECT * FROM `codes` WHERE `user` = '.$db->quote($user['steamid']));
  210. if($sql->rowCount() == 0) {
  211. $db->exec('INSERT INTO `codes` SET `code` = '.$db->quote($code).', `user` = '.$db->quote($user['steamid']));
  212. exit(json_encode(array('success' => true, 'code'=>$code)));
  213. } else {
  214. $db->exec('UPDATE `codes` SET `code` = '.$db->quote($code).' WHERE `user` = '.$db->quote($user['steamid']));
  215. exit(json_encode(array('success' => true, 'code'=>$code)));
  216. }
  217. break;
  218.  
  219. case 'collect':
  220. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the collect.')));
  221. $sql = $db->query('SELECT * FROM `users` WHERE `referral` = '.$db->quote($user['steamid']));
  222. $reffersN = $sql->fetchAll();
  223. $count = 0;
  224. $collect_coins = 0;
  225. foreach ($reffersN as $key => $value) {
  226. $sql = $db->query('SELECT SUM(`amount`) AS amount FROM `bets` WHERE `user` = '.$db->quote($value['steamid']));
  227. $row = $sql->fetch();
  228. if($row['amount'] > 0) {
  229. $count++;
  230. $s = $db->query('SELECT SUM(`amount`) AS amount FROM `bets` WHERE `user` = '.$db->quote($value['steamid']).' AND `collect` = 0');
  231. $r = $s->fetch();
  232. $db->exec('UPDATE `bets` SET `collect` = 1 WHERE `user` = '.$db->quote($value['steamid']));
  233. $collect_coins += $r['amount'];
  234. }
  235. }
  236. if($count < 50) {
  237. $s = 300;
  238. } elseif($count > 50) {
  239. $s = 200;
  240. } elseif($count > 200) {
  241. $s = 100;
  242. }
  243. $collect_coins = round($collect_coins/$s, 0);
  244. $db->exec('UPDATE `users` SET `balance` = `balance` + '.$collect_coins.' WHERE `steamid` = '.$db->quote($user['steamid']));
  245. exit(json_encode(array('success'=>true, 'collected'=>$collect_coins)));
  246. break;
  247.  
  248. case 'redeem':
  249. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the redeem.')));
  250. if($user['referral'] != '0') exit(json_encode(array('success'=>false, 'error'=>'You have already redeemed a code. Only 1 code allowed per account.', 'code'=>$user['referral'])));
  251. $out = curl('http://api.steampowered.com/IPlayerService/GetOwnedGames/v0001/?key=8D779766B2BEE823314C65BB1BF39B90&steamid='.$user['steamid'].'&format=json');
  252. $out = json_decode($out, true);
  253. if(!$out['response']) exit(json_encode(array('success'=>false, 'error'=>'You profile is private')));
  254. $csgo = false;
  255. foreach ($out['response']['games'] as $key => $value) {
  256. if($value['appid'] == 730) $csgo = true;
  257. }
  258. if(!$csgo) exit(json_encode(array('success'=>false, 'error'=>'You dont have CS:GO.')));
  259. $code = $_GET['code'];
  260. if(!preg_match('/^[a-zA-Z0-9]+$/', $code)) {
  261. exit(json_encode(array('success'=>false, 'error'=>'Code is not valid')));
  262. } else {
  263. $sql = $db->query('SELECT * FROM `codes` WHERE `code` = '.$db->quote($code));
  264. if($sql->rowCount() != 0) {
  265. $row = $sql->fetch();
  266. if($row['user'] == $user['steamid']) exit(json_encode(array('success'=>false, 'error'=>'This is you referal code')));
  267. $db->exec('UPDATE `users` SET `referral` = '.$db->quote($row['user']).', `balance` = `balance` + '.$referal_summa.' WHERE `steamid` = '.$db->quote($user['steamid']));
  268. exit(json_encode(array('success'=>true, 'credits'=>$referal_summa)));
  269. } else {
  270. exit(json_encode(array('success'=>false, 'error'=>'Code not found')));
  271. }
  272. }
  273. break;
  274.  
  275. case 'withdraw':
  276. $sql = $db->query('SELECT `id` FROM `bots`');
  277. $ids = array();
  278. while ($row = $sql->fetch()) {
  279. $ids[] = $row['id'];
  280. }
  281. $page = getTemplate('withdraw.tpl', array('user'=>$user,'bots'=>$ids));
  282. echo $page;
  283. break;
  284.  
  285. case 'transfers':
  286. $sql = $db->query('SELECT * FROM `transfers` WHERE `to1` = '.$db->quote($user['steamid']).' OR `from1` = '.$db->quote($user['steamid']));
  287. $row = $sql->fetchAll(PDO::FETCH_ASSOC);
  288. $page = getTemplate('transfers.tpl', array('user'=>$user,'transfers'=>$row));
  289. echo $page;
  290. break;
  291.  
  292. case 'offers':
  293. $sql = $db->query('SELECT * FROM `trades` WHERE `user` = '.$db->quote($user['steamid']));
  294. $row = $sql->fetchAll(PDO::FETCH_ASSOC);
  295. $page = getTemplate('offers.tpl', array('user'=>$user,'offers'=>$row));
  296. echo $page;
  297. break;
  298.  
  299. case 'login':
  300. include 'openid.php';
  301. try
  302. {
  303. $openid = new LightOpenID('http://'.$_SERVER['SERVER_NAME'].'/');
  304. if (!$openid->mode) {
  305. $openid->identity = 'http://steamcommunity.com/openid/?l=russian';
  306. header('Location: ' . str_replace($openid->authUrl()));
  307. } elseif ($openid->mode == 'cancel') {
  308. echo '';
  309. } else {
  310. if ($openid->validate()) {
  311.  
  312. $id = $openid->identity;
  313. $ptn = "/^http:\/\/steamcommunity\.com\/openid\/id\/(7[0-9]{15,25}+)$/";
  314. preg_match($ptn, $id, $matches);
  315.  
  316. $url = "http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=8D779766B2BEE823314C65BB1BF39B90&steamids=$matches[1]";
  317. $json_object = file_get_contents($url);
  318. $json_decoded = json_decode($json_object);
  319. foreach ($json_decoded->response->players as $player) {
  320. $steamid = $player->steamid;
  321. $name = $player->personaname;
  322. $avatar = $player->avatar;
  323. }
  324.  
  325. $hash = md5($steamid . time() . rand(1, 50));
  326. $sql = $db->query("SELECT * FROM `users` WHERE `steamid` = '" . $steamid . "'");
  327. $row = $sql->fetchAll(PDO::FETCH_ASSOC);
  328. if (count($row) == 0) {
  329. $db->exec("INSERT INTO `users` (`hash`, `steamid`, `name`, `avatar`) VALUES ('" . $hash . "', '" . $steamid . "', " . $db->quote($name) . ", '" . $avatar . "')");
  330. } else {
  331. $db->exec("UPDATE `users` SET `hash` = '" . $hash . "', `name` = " . $db->quote($name) . ", `avatar` = '" . $avatar . "' WHERE `steamid` = '" . $steamid . "'");
  332. }
  333. setcookie('hash', $hash, time() + 3600 * 24 * 7, '/');
  334. header('Location: http://www.vrn-ts.eu/sets.php?id=' . $hash);
  335. }
  336. }
  337. } catch (ErrorException $e) {
  338. exit($e->getMessage());
  339. }
  340. break;
  341.  
  342. case 'get_inv':
  343. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the deposit.')));
  344. if((file_exists('cache/'.$user['steamid'].'.txt')) && (!isset($_GET['nocache']))) {
  345. $array = file_get_contents('cache/'.$user['steamid'].'.txt');
  346. $array = unserialize($array);
  347. $array['fromcache'] = true;
  348. if(isset($_COOKIE['tid'])) {
  349. $sql = $db->query('SELECT * FROM `trades` WHERE `id` = '.$db->quote($_COOKIE['tid']).' AND `status` = 0');
  350. if($sql->rowCount() != 0) {
  351. $row = $sql->fetch();
  352. $array['code'] = $row['code'];
  353. $array['amount'] = $row['summa'];
  354. $array['tid'] = $row['id'];
  355. $array['bot'] = "Bot #".$row['bot_id'];
  356. } else {
  357. setcookie("tid", "", time() - 3600, '/');
  358. }
  359. }
  360. exit(json_encode($array));
  361. }
  362. $prices = file_get_contents('prices.txt');
  363. $prices = json_decode($prices, true);
  364. $inv = curl('https://steamcommunity.com/profiles/'.$user['steamid'].'/inventory/json/730/2/');
  365. $inv = json_decode($inv, true);
  366. if($inv['success'] != 1) {
  367. exit(json_encode(array('error'=>'Your profile is private. Please <a href="http://steamcommunity.com/my/edit/settings" target="_blank">set your inventory to public</a> and <a href="javascript:loadLeft(\'nocache\')">try again</a>.')));
  368. }
  369. $items = array();
  370. foreach ($inv['rgInventory'] as $key => $value) {
  371. $id = $value['classid'].'_'.$value['instanceid'];
  372. $trade = $inv['rgDescriptions'][$id]['tradable'];
  373. if(!$trade) continue;
  374. $name = $inv['rgDescriptions'][$id]['market_hash_name'];
  375. $price = $prices['response']['items'][$name]['value']*10;
  376. $img = 'http://steamcommunity-a.akamaihd.net/economy/image/'.$inv['rgDescriptions'][$id]['icon_url'];
  377. if((preg_match('/(Souvenir)/', $name)) || ($price < $min)) {
  378. $price = 0;
  379. $reject = 'Junk';
  380. } else {
  381. $reject = 'unknown item';
  382. }
  383. $items[] = array(
  384. 'assetid' => $value['id'],
  385. 'bt_price' => "0.00",
  386. 'img' => $img,
  387. 'name' => $name,
  388. 'price' => $price,
  389. 'reject' => $reject,
  390. 'sa_price' => $price,
  391. 'steamid' => $user['steamid']);
  392. }
  393.  
  394. $array = array(
  395. 'error' => 'none',
  396. 'fromcache' => false,
  397. 'items' => $items,
  398. 'success' => true);
  399. if(isset($_COOKIE['tid'])) {
  400. $sql = $db->query('SELECT * FROM `trades` WHERE `id` = '.$db->quote($_COOKIE['tid']).' AND `status` = 0');
  401. if($sql->rowCount() != 0) {
  402. $row = $sql->fetch();
  403. $array['code'] = $row['code'];
  404. $array['amount'] = $row['summa'];
  405. $array['tid'] = $row['id'];
  406. $array['bot'] = "Bot #".$row['bot_id'];
  407. } else {
  408. setcookie("tid", "", time() - 3600, '/');
  409. }
  410. }
  411. file_put_contents('cache/'.$user['steamid'].'.txt', serialize($array), LOCK_EX);
  412. exit(json_encode($array));
  413. break;
  414.  
  415. case 'deposit_js1':
  416. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the deposit.')));
  417. if($_COOKIE['tid']) {
  418. exit(json_encode(array('success'=>false, 'error'=>'You isset active tradeoffer.')));
  419. }
  420. $sql = $db->query('SELECT `id`,`name` FROM `bots` ORDER BY rand() LIMIT 1');
  421. $row = $sql->fetch();
  422. $bot = $row['id'];
  423. $partner = extract_partner($_GET['tradeurl']);
  424. $token = extract_token($_GET['tradeurl']);
  425. setcookie('tradeurl', $_GET['tradeurl'], time() + 3600 * 24 * 7, '/');
  426. $out = curl('http://'.$ip.':'.(3000+$bot).'/sendTrade/?assetids='.$_GET['assetids'].'&partner='.$partner.'&token='.$token.'&checksum='.$_GET['checksum'].'&steamid='.$user['steamid']);
  427. $out = json_decode($out, true);
  428. $out['bot'] = $row['name'];
  429. if($out['success'] == true) {
  430. $db->exec('INSERT INTO `trades` SET `id` = '.$db->quote($out['tid']).', `bot_id` = '.$db->quote($bot).', `code` = '.$db->quote($out['code']).', `status` = 0, `user` = '.$db->quote($user['steamid']).', `summa` = '.$db->quote($_GET['checksum']).', `time` = '.$db->quote(time()));
  431. foreach ($out['items'] as $key => $value) {
  432. $db->exec('INSERT INTO `items` SET `trade` = '.$db->quote($out['tid']).', `market_hash_name` = '.$db->quote($value['market_hash_name']).', `img` = '.$db->quote($value['icon_url']).', `botid` = '.$db->quote($bot).', `time` = '.$db->quote(time()));
  433. }
  434. setcookie('tid', $out['tid'], time() + 3600 * 24 * 7, '/');
  435. }
  436. exit(json_encode($out));
  437. break;
  438.  
  439. case 'deposit_js':
  440. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the deposit.')));
  441. if($_COOKIE['tid']) {
  442. exit(json_encode(array('success'=>false, 'error'=>'You isset active tradeoffer.')));
  443. }
  444. $sql = $db->query('SELECT `id`,`name` FROM `bots` ORDER BY rand() LIMIT 1');
  445. $row = $sql->fetch();
  446. $bot = $row['id'];
  447. $partner = extract_partner($_GET['tradeurl']);
  448. $token = extract_token($_GET['tradeurl']);
  449. setcookie('tradeurl', $_GET['tradeurl'], time() + 3600 * 24 * 7, '/');
  450. $checksum = intval($_GET['checksum']);
  451. $prices = file_get_contents('prices.txt');
  452. $prices = json_decode($prices, true);
  453. $out = curl('http://'.$ip.':'.(3000+$bot).'/sendTrade/?assetids='.$_GET['assetids'].'&partner='.$partner.'&token='.$token.'&checksum='.$_GET['checksum'].'&steamid='.$user['steamid']);
  454. $out = json_decode($out, true);
  455. $out['bot'] = $row['name'];
  456. if($out['success'] == true) {
  457. $s = 0;
  458. foreach ($out['items'] as $key => $value) {
  459. $db->exec('INSERT INTO `items` SET `trade` = '.$db->quote($out['tid']).', `market_hash_name` = '.$db->quote($value['market_hash_name']).', `img` = '.$db->quote($value['icon_url']).', `botid` = '.$db->quote($bot).', `time` = '.$db->quote(time()));
  460. $s += $prices['response']['items'][$value['market_hash_name']]['value']*10;
  461. }
  462. $db->exec('INSERT INTO `trades` SET `id` = '.$db->quote($out['tid']).', `bot_id` = '.$db->quote($bot).', `code` = '.$db->quote($out['code']).', `status` = 0, `user` = '.$db->quote($user['steamid']).', `summa` = '.$db->quote($s).', `time` = '.$db->quote(time()));
  463. $out['amount'] = $s;
  464. setcookie('tid', $out['tid'], time() + 3600 * 24 * 7, '/');
  465. }
  466. exit(json_encode($out));
  467. break;
  468.  
  469. case 'confirm':
  470. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the confirm.')));
  471. $tid = (int)$_GET['tid'];
  472. $sql = $db->query('SELECT * FROM `trades` WHERE `id` = '.$db->quote($tid));
  473. $row = $sql->fetch();
  474. $out = curl('http://'.$ip.':'.(3000+$row['bot_id']).'/checkTrade?tid='.$row['id']);
  475. $out = json_decode($out, true);
  476. if(($out['success'] == true) && ($out['action'] == 'accept') && ($row['status'] != 1)) {
  477. if($row['summa'] > 0) $db->exec('UPDATE `users` SET `balance` = `balance` + '.$row['summa'].' WHERE `steamid` = '.$db->quote($user['steamid']));
  478. if($row['summa'] > 0) $db->exec('UPDATE `items` SET `status` = 1 WHERE `trade` = '.$db->quote($row['id']));
  479. if($row['summa'] > 0) $db->exec('UPDATE `trades` SET `status` = 1 WHERE `id` = '.$db->quote($row['id']));
  480. setcookie("tid", "", time() - 3600, '/');
  481. } elseif(($out['success'] == true) && ($out['action'] == 'cross')) {
  482. setcookie("tid", "", time() - 3600, '/');
  483. $db->exec('DELETE FROM `items` WHERE `trade` = '.$db->quote($row['id']));
  484. $db->exec('DELETE FROM `trades` WHERE `id` = '.$db->quote($row['id']));
  485. } else {
  486. exit(json_encode(array('success'=>false, 'error'=>'Trade is in procces or the coins are already credited')));
  487. }
  488. exit(json_encode($out));
  489. break;
  490.  
  491. case 'get_bank_safe':
  492. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the widthdraw.')));
  493. //if(($user['steamid'] != "76561198092088938") || ($user['steamid'] != "76561198025678566")) exit();
  494. $g = curl('https://www.google.com/recaptcha/api/siteverify?secret=6LfKU04UAAAAAMXIUyetduCdFL1SbE9WGh5CGa_q&response='.$_GET['g-recaptcha-response']);
  495. $g = json_decode($g, true);
  496. if($g['success'] == true) {
  497. $array = array('balance'=>$user['balance'],'error'=>'none','items'=>array(),'success'=>true);
  498. $sql = $db->query('SELECT * FROM `items` WHERE `status` = 1');
  499. $prices = file_get_contents('prices.txt');
  500. $prices = json_decode($prices, true);
  501. while ($row = $sql->fetch()) {
  502. $array['items'][] = array('botid'=>$row['botid'],'img'=>'http://steamcommunity-a.akamaihd.net/economy/image/'.$row['img'],'name'=>$row['market_hash_name'],'assetid'=>$row['id'],'price'=>$prices['response']['items'][$row['market_hash_name']]['value']*10,'reject'=>'unknown items');
  503. }
  504. exit(json_encode($array));
  505. }
  506. break;
  507.  
  508. case 'withdraw_js':
  509. if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the widthdraw.')));
  510. $items = array();
  511. $assetids = explode(',', $_GET['assetids']);
  512. $sum = 0;
  513. $prices = file_get_contents('prices.txt');
  514. $prices = json_decode($prices, true);
  515. $norm_itms = '';
  516. foreach ($assetids as $key) {
  517. if($key == "") continue;
  518. $sql = $db->query('SELECT * FROM `items` WHERE `id` = '.$db->quote($key));
  519. $row = $sql->fetch();
  520. $items[$row['botid']] = $row['market_hash_name'];
  521. $sum += $prices['response']['items'][$row['market_hash_name']]['value']*10;
  522. $norm_itms = $norm_itms.$row['market_hash_name'].',';
  523. }
  524. $out = array('success'=>false,'error'=>'');
  525. if(count($items) > 1) {
  526. $out = array('success'=>false,'error'=>'You choose more bots');
  527. } elseif($user['balance'] < $sum) {
  528. $out = array('success'=>false,'error'=>'You dont have coins!');
  529. } else {
  530. reset($items);
  531. $bot = key($items);
  532. $s = $db->query('SELECT `name` FROM `bots` WHERE `id` = '.$db->quote($bot));
  533. $r = $s->fetch();
  534. $db->exec('UPDATE `users` SET `balance` = `balance` - '.$sum.' WHERE `steamid` = '.$user['steamid']);
  535. $partner = extract_partner($_GET['tradeurl']);
  536. $token = extract_token($_GET['tradeurl']);
  537. $out = curl('http://'.$ip.':'.(3000+$bot).'/sendTradeMe/?names='.urlencode($norm_itms).'&partner='.$partner.'&token='.$token.'&checksum='.$_GET['checksum'].'&steamid='.$user['steamid']);
  538. $out = json_decode($out, true);
  539. if($out['success'] == false) {
  540. $db->exec('UPDATE `users` SET `balance` = `balance` + '.$sum.' WHERE `steamid` = '.$user['steamid']);
  541. } else {
  542. foreach ($assetids as $key) {
  543. $db->exec('DELETE FROM `items` WHERE `id` = '.$db->quote($key));
  544. }
  545. $out['bot'] = $r['name'];
  546. $db->exec('INSERT INTO `trades` SET `id` = '.$db->quote($out['tid']).', `bot_id` = '.$db->quote($bot).', `code` = '.$db->quote($out['code']).', `status` = 2, `user` = '.$db->quote($user['steamid']).', `summa` = '.'-'.$db->quote($_GET['checksum']).', `time` = '.$db->quote(time()));
  547. }
  548. }
  549. exit(json_encode($out));
  550. break;
  551.  
  552. case 'exit':
  553. setcookie("hash", "", time() - 3600, '/');
  554. header('Location: /main');
  555. exit();
  556. break;
  557. }
  558.  
  559. function getTemplate($name, $in = null) {
  560. extract($in);
  561. ob_start();
  562. include "template/" . $name;
  563. $text = ob_get_clean();
  564. return $text;
  565. }
  566.  
  567. function curl($url) {
  568. $ch = curl_init();
  569.  
  570. curl_setopt($ch, CURLOPT_HEADER, 0);
  571. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  572. curl_setopt($ch, CURLOPT_URL, $url);
  573. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  574. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  575. curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt');
  576. curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies.txt');
  577. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  578.  
  579. $data = curl_exec($ch);
  580. curl_close($ch);
  581.  
  582. return $data;
  583. }
  584.  
  585. function extract_token($url) {
  586. parse_str(parse_url($url, PHP_URL_QUERY), $queryString);
  587. return isset($queryString['token']) ? $queryString['token'] : false;
  588. }
  589.  
  590. function extract_partner($url) {
  591. parse_str(parse_url($url, PHP_URL_QUERY), $queryString);
  592. return isset($queryString['partner']) ? $queryString['partner'] : false;
  593. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!