Guest User

Untitled

a guest
Oct 6th, 2017
158
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.07 KB | None | 0 0
  1. <?php
  2. require("mainconfig.php");
  3. header("Content-Type: application/json");
  4.  
  5. if (isset($_POST['key']) AND isset($_POST['action'])) {
  6. $post_key = mysqli_real_escape_string($db, trim($_POST['key']));
  7. $post_action = $_POST['action'];
  8. if (empty($post_key) || empty($post_action)) {
  9. $array = array("error" => "Incorrect request");
  10. } else {
  11. $check_user = mysqli_query($db, "SELECT * FROM users WHERE api_key = '$post_key'");
  12. $data_user = mysqli_fetch_assoc($check_user);
  13. if (mysqli_num_rows($check_user) == 1) {
  14. $username = $data_user['username'];
  15. if ($post_action == "add") {
  16. if (isset($_POST['service']) AND isset($_POST['link']) AND isset($_POST['quantity'])) {
  17. $post_service = $_POST['service'];
  18. $post_link = $_POST['link'];
  19. $post_quantity = $_POST['quantity'];
  20. if (empty($post_service) || empty($post_link) || empty($post_quantity)) {
  21. $array = array("error" => "Incorrect request");
  22. } else {
  23. $check_service = mysqli_query($db, "SELECT * FROM services WHERE sid = '$post_service' AND status = 'Active'");
  24. $data_service = mysqli_fetch_assoc($check_service);
  25. if (mysqli_num_rows($check_service) == 0) {
  26. $array = array("error" => "Service not found");
  27. } else {
  28. $oid = rand(0000000,9999999);
  29. $rate = $data_service['price'] / 1000;
  30. $price = $rate*$post_quantity;
  31. $service = $data_service['service'];
  32. $provider = $data_service['provider'];
  33. $pid = $data_service['pid'];
  34. $wujudjnd=number_format($post_quantity,0,',','.');
  35. if ($post_quantity < $data_service['min']) {
  36. $array = array("error" => "Quantity inccorect");
  37. } else if ($post_quantity > $data_service['max']) {
  38. $array = array("error" => "Quantity inccorect");
  39. } else if ($data_user['balance'] < $price) {
  40. $array = array("error" => "Low balance");
  41. } else {
  42. $check_provider = mysqli_query($db, "SELECT * FROM provider WHERE code = '$provider'");
  43. $data_provider = mysqli_fetch_assoc($check_provider);
  44. $provider_key = $data_provider['api_key'];
  45. $provider_link = $data_provider['link'];
  46. if ($provider == "MANUAL") {
  47. $provider_key="your key";
  48. $provider_link="";
  49. $api_postdata = "";
  50. $subject = "Orderan Manual";
  51. $messages ="Hallo kak Andre nih data Orderanya
  52. Pemesan :$sess_username
  53. Service : $service
  54. Quantity: $wujudjnd
  55. Harga : $price
  56. Link : $post_link";
  57. $headers .= 'From: [email protected]' . ""; //bagian ini diganti sesuai dengan email dari pengirim
  58. $send_mail=@mail($to, $subject, $messages, $headers);
  59. $to ="[email protected]⁠⁠⁠⁠";
  60. $subject = "Orderan Manual nih gblg";
  61. $messages ="Hallo kak Andre nih data Orderanya
  62. Pemesan :$sess_username
  63. Service : $service
  64. Quantity: $wujudjnd
  65. Harga : $price
  66. Link : $post_link";
  67. $headers .= 'From: [email protected]' . ""; //bagian ini diganti sesuai dengan email dari pengirim
  68. $send_mail=@mail($to, $subject, $messages, $headers);
  69. } else if ($provider == "") {
  70. $provider_key="";
  71. $provider_link="";
  72. $provider_postdata="key=$provider_key&action=add_order&service=$pid&link=$post_link&quantity=$post_quantity";
  73. } else if ($provider == "") {
  74. $provider_key="";
  75. $provider_link="http:///api.php";
  76. $provider_postdata="key=$provider_key&action=add&service=$pid&link=$post_link&quantity=$post_quantity";
  77. } else {
  78. die("System Error!");
  79. }
  80.  
  81.  
  82. $ch = curl_init();
  83. curl_setopt($ch, CURLOPT_URL, "$provider_link");
  84. curl_setopt($ch, CURLOPT_POST, 1);
  85. curl_setopt($ch, CURLOPT_POSTFIELDS, $provider_postdata);
  86. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  87. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  88. $chresult = curl_exec($ch);
  89. curl_close($ch);
  90.  
  91. $json_result = json_decode($chresult, true);
  92.  
  93.  
  94. if ($provider == "TL" AND $json_result['error'] == TRUE) {
  95. $msg_type = "error";
  96. $msg_content = "<b>Gagal:</b> Server Maintenance (1).";
  97. } else if ($provider == "ST" AND $json_result['error'] == TRUE) {
  98. $msg_type = "error";
  99. $msg_content = "<b>Gagal:</b> Server Maintenance (2).";
  100. } else {
  101. if ($provider == "TL") {
  102. $poid = $json_result['order_id'];
  103. } else if ($provider == "ST") {
  104. $poid = $json_result['order_id'];
  105. } else if ($provider == "MANUAL") {
  106. $poid= $oid;
  107. }
  108. $update_user = mysqli_query($db, "UPDATE users SET balance = balance-$price WHERE username = '$username'");
  109. if ($update_user == TRUE) {
  110. $insert_order = mysqli_query($db, "INSERT INTO orders (oid, poid, user, service, link, quantity, price, status, date, provider, place_from) VALUES ('$oid', '$poid', '$username', '$service', '$post_link', '$post_quantity', '$price', 'Pending', '$date', '$provider', 'API')");
  111. if ($insert_order == TRUE) {
  112. $array = array("order_id" => "$oid");
  113. } else {
  114. $array = array("error" => "System error");
  115. }
  116. } else {
  117. $array = array("error" => "System error");
  118. }
  119. }
  120. }
  121. }
  122. }
  123. } else {
  124. $array = array("error" => "Incorrect request");
  125. }
  126. } else if ($post_action == "add_premium") {
  127. if (isset($_POST['service']) AND isset($_POST['link']) AND isset($_POST['quantity'])) {
  128. $post_service = $_POST['service'];
  129. $post_link = $_POST['link'];
  130. $post_quantity = $_POST['quantity'];
  131. $leve_user = $data_user['level'];
  132. if($leve_user == 'Premium'){
  133. if (empty($post_service) || empty($post_link) || empty($post_quantity)) {
  134. $array = array("error" => "Incorrect request");
  135. } else {
  136. $check_service = mysqli_query($db, "SELECT * FROM services1 WHERE sid = '$post_service' AND status = 'Active'");
  137. $data_service = mysqli_fetch_assoc($check_service);
  138. if (mysqli_num_rows($check_service) == 0) {
  139. $array = array("error" => "Service not found");
  140. } else {
  141. $oid1 = rand(0000000,9999999);
  142. $rate = $data_service['price'] / 1000;
  143. $price = $rate*$post_quantity;
  144. $service = $data_service['service'];
  145. $provider = $data_service['provider'];
  146. $pid = $data_service['pid'];
  147. $wujudjnd=number_format($post_quantity,0,',','.');
  148. if ($post_quantity < $data_service['min']) {
  149. $array = array("error" => "Quantity inccorect");
  150. } else if ($post_quantity > $data_service['max']) {
  151. $array = array("error" => "Quantity inccorect");
  152. } else if ($data_user['balance'] < $price) {
  153. $array = array("error" => "Low balance");
  154. } else {
  155. $check_provider = mysqli_query($db, "SELECT * FROM provider WHERE code = '$provider'");
  156. $data_provider = mysqli_fetch_assoc($check_provider);
  157. $provider_key = $data_provider['api_key'];
  158. $provider_link = $data_provider['link'];
  159. if ($provider == "MANUAL") {
  160. $provider_key="your key";
  161. $provider_link="";
  162. $api_postdata = "";
  163. $subject = "Orderan Manual";
  164. $messages ="Hallo kak Andre nih data Orderanya
  165. Pemesan :$sess_username
  166. Service : $service
  167. Quantity: $wujudjnd
  168. Harga : $price
  169. Link : $post_link";
  170. $headers .= 'From: [email protected]' . ""; //bagian ini diganti sesuai dengan email dari pengirim
  171. $send_mail=@mail($to, $subject, $messages, $headers);
  172. $to ="[email protected]⁠⁠⁠⁠";
  173. $subject = "Orderan Manual nih gblg";
  174. $messages ="Hallo kak Andre nih data Orderanya
  175. Pemesan :$sess_username
  176. Service : $service
  177. Quantity: $wujudjnd
  178. Harga : $price
  179. Link : $post_link";
  180. $headers .= 'From: [email protected]' . ""; //bagian ini diganti sesuai dengan email dari pengirim
  181. $send_mail=@mail($to, $subject, $messages, $headers);
  182. } else if ($provider == "") {
  183. $provider_key="";
  184. $provider_link="";
  185. $provider_postdata="key=$provider_key&action=add_order&service=$pid&link=$post_link&quantity=$post_quantity";
  186. } else if ($provider == "") {
  187. $provider_key="";
  188. $provider_link="";
  189. $provider_postdata="key=$provider_key&action=add&service=$pid&link=$post_link&quantity=$post_quantity";
  190. }else{
  191. die("System Error!");
  192. }
  193.  
  194.  
  195. $ch = curl_init();
  196. curl_setopt($ch, CURLOPT_URL, "$provider_link");
  197. curl_setopt($ch, CURLOPT_POST, 1);
  198. curl_setopt($ch, CURLOPT_POSTFIELDS, $provider_postdata);
  199. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  200. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  201. $chresult = curl_exec($ch);
  202. curl_close($ch);
  203.  
  204. $json_result = json_decode($chresult, true);
  205.  
  206.  
  207. if ($provider == "TL" AND $json_result['error'] == TRUE) {
  208. $msg_type = "error";
  209. $msg_content = "<b>Gagal:</b> Server Maintenance (1).";
  210. } else if ($provider == "ST" AND $json_result['error'] == TRUE) {
  211. $msg_type = "error";
  212. $msg_content = "<b>Gagal:</b> Server Maintenance (2).";
  213. } else {
  214. if ($provider == "TL") {
  215. $poid = $json_result['order_id'];
  216. } else if ($provider == "ST") {
  217. $poid = $json_result['order_id'];
  218. }else if ($provider == "MANUAL") {
  219. $poid= $oid1;
  220. }
  221. $update_user = mysqli_query($db, "UPDATE users SET balance = balance-$price WHERE username = '$username'");
  222. if ($update_user == TRUE) {
  223. $insert_order = mysqli_query($db, "INSERT INTO orders (oid, poid, user, service, link, quantity, price, status, date, provider, place_from) VALUES ('$oid1', '$poid', '$username', '$service', '$post_link', '$post_quantity', '$price', 'Pending', '$date', '$provider', 'API')");
  224. if ($insert_order == TRUE) {
  225. $array = array("order_id" => "$oid1");
  226. } else {
  227. $array = array("error" => "System error");
  228. }
  229. } else {
  230. $array = array("error" => "System error");
  231. }
  232. }
  233. }
  234. }
  235. }
  236. } else {
  237. $array = array("error" => "Your Not Premium User");
  238. }
  239. } else {
  240. $array = array("error" => "Incorrect request");
  241. }
  242. } else if ($post_action == "status") {
  243. if (isset($_POST['order_id'])) {
  244. $post_oid = $_POST['order_id'];
  245. $post_oid = $_POST['order_id'];
  246. $check_order = mysqli_query($db, "SELECT * FROM orders WHERE oid = '$post_oid' AND user = '$username'");
  247. $data_order = mysqli_fetch_array($check_order);
  248. if (mysqli_num_rows($check_order) == 0) {
  249. $array = array("error" => "Order not found");
  250. } else {
  251. $array = array("charge" => $data_order['price'], "start_count" => $data_order['start_count'], "status" => $data_order['status'], "remains" => $data_order['remains']);
  252. }
  253. } else {
  254. $array = array("error" => "Incorrect request");
  255. }
  256. } else if($post_action == "services") {
  257. $check_service = mysqli_query($db, "SELECT * FROM services");
  258. while ($data_service = mysqli_fetch_assoc($check_service)) {
  259. $array[] = array(
  260. "provider_id" => $data_service['sid'],
  261. "category" => $data_service['category'],
  262. "service" => $data_service['service'],
  263. "min_order" => $data_service['min'],
  264. "max_order" => $data_service['max'],
  265. "note" => $data_service['note'],
  266. "price" => $data_service['price']
  267. );
  268. }
  269. } else{
  270. $array = array("error" => "Wrong action");
  271. }
  272. } else {
  273. $array = array("error" => "Invalid API key");
  274. }
  275. }
  276. } else {
  277. $array = array("error" => "Incorrect request");
  278. }
  279.  
  280. $print = json_encode($array);
  281. print_r($print);
Advertisement
Add Comment
Please, Sign In to add comment