Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- require_once (__DIR__.'/../config.php');
- require_once (__DIR__.'/jsonRPCClient.php');
- require (__DIR__.'/../dbconnect.php');
- require '../../phpmail/PHPMailerAutoload.php';
- function send($address, $subject, $body) {
- $mail = new PHPMailer;
- $mail->isSMTP(); // Set mailer to use SMTP
- $mail->Host = 'mail.privateemail.com'; // Specify main and backup SMTP servers
- $mail->SMTPAuth = true; // Enable SMTP authentication
- $mail->Username = 'info@1337casino.com'; // SMTP username
- $mail->Password = 'YOURPASSWORDHERE'; // SMTP password
- $mail->SMTPSecure = 'ssl'; // Enable TLS encryption, `ssl` also accepted
- $mail->Port = 465; // TCP port to connect to
- $mail->setFrom('info@1337casino.com', '1337 Casino Admin');
- $mail->addAddress($address, $address); // Add a recipient
- $mail->addReplyTo('info@1337casino.com', 'info@1337casino.com');
- $mail->isHTML(true); // Set email format to HTML
- $mail->Subject = $subject;
- $mail->Body = $body;
- $mail->AltBody = $body;
- if(!$mail->send()) {
- echo 'Message could not be sent.';
- echo 'Mailer Error: ' . $mail->ErrorInfo;
- }
- }
- $mysql_hostname = $DB_host;
- $mysql_user = $DB_user;
- $mysql_password = $DB_pass;
- $mysql_database = $DB_name;
- $prefix = "";
- $bd = mysql_connect($mysql_hostname, $mysql_user, $mysql_password) or die("Could not connect database");
- mysql_select_db($mysql_database, $bd) or die("Could not select database");
- $user = $_SESSION['userID'];
- #$balance = filter_input(INPUT_POST, 'b', FILTER_SANITIZE_STRING);
- $add = filter_input(INPUT_POST, 'to', FILTER_SANITIZE_STRING);
- $amount = filter_input(INPUT_POST, 'a', FILTER_VALIDATE_FLOAT);
- $ip = filter_input(INPUT_POST, 'i', FILTER_VALIDATE_IP);
- $secret = filter_input(INPUT_POST, 'csrf', FILTER_SANITIZE_STRING);
- $us = mysql_query("SELECT * FROM blackjack_users WHERE id = '" . $user . "'");
- $fetch = mysql_fetch_assoc($us);
- if ($secret != $_SESSION['secret'] || empty($_SESSION['secret'])) {
- echo 'csrf protection triggered';
- exit;
- }
- if ($add){
- if ($fetch['balance'] > 0 && $fetch['balance'] >= $amount && $fetch['balance'] >= 1.0) {
- $now = strtotime('now');
- $t = mysql_real_escape_string(hash('sha1', rand()));
- $t2 = mysql_real_escape_string(hash('sha1', rand()));
- mysql_query("UPDATE blackjack_users SET balance = (balance-$amount) WHERE id = '" . $user . "'");
- mysql_query(
- "INSERT INTO withdraw(userID,btcadd,amount,timest,token,token2,ip,activated) "
- . "VALUES ('$user','$add','$amount','$now','$t','$t2','$ip','0')"
- );
- $mail = trim($fetch['email']);
- $ipadd = explode(".", $ip);
- $ipnew = $ipadd[0] . $ipadd[1] . $ipadd[2] . "*";
- $headers = "From: $adminEmail\r\n"
- ."Reply-To: $adminEmail\r\n"
- ."Return-Path: $adminEmail\r\n"
- ."MIME-Version: 1.0\r\n"
- ."Content-Type: text/html; charset=UTF-8\r\n";
- $message = "<html><head>
- <title>$shortTitle Withdraw</title>
- </head><body><br><p></p>Please Confirm your withdraw of <b>"
- .($amount * 100)."</b> " . $coinSymbol . " to <b>" . $add . "</b>, by clicking here:
- <br>
- <a href='" . $domain . "accounts/confirm.php?t=" . $t
- . "'>" . $domain . "accounts/confirm.php?t=" . $t . "</a>
- <br>
- <br>
- <p>Withdraw requested by ip: " . $ipnew . "</p>
- </body>
- </html>";
- $adminMessage = "<html><body>User $user wants to withdraw ".number_format($amount,7)."<br>"
- ."<a href='" . $domain . "accounts/confirm.php?t=$t2&a=1'>Approve</a></body></html>";
- $subject = 'Withdrawal Request';
- $sent1 = send($mail, $subject, $message);
- $subject2 = '1337Casino.com Withdraw Approval';
- $sent2 = send($adminEmail, $subject2, $adminMessage);
- if ($sent1 && $sent2) echo "Please check your email ($mail)";
- else echo 'Could not send mail to '.$mail.' !';
- } else {
- echo "Insufficient fund";
- }
- } else echo 'Need to specify receiving address';
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
