API tools faq
paste
Guest User

Untitled

a guest
Mar 5th, 2017
39
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 29.29 KB | None | 0 0
raw download clone embed print report
  1. <div id="withinvent" class="scroll"><!--?
  2. // Security & connect
  3. include $_SERVER["DOCUMENT_ROOT"] . '/engine/database.php';
  4. include $_SERVER["DOCUMENT_ROOT"] . '/steamauth/steamauth.php';
  5. include $_SERVER["DOCUMENT_ROOT"] . '/steamauth/userInfo.php';
  6.  
  7. // Order BY Values
  8. function orderbv($ari) {
  9.     $datas = json_decode($ari, true);
  10.     usort($datas, function($as, $bs) {
  11.         if ($as['price'] == $bs['price'])
  12.             return 0;
  13.         return $as['price'] < $bs['price'] ? 1 : -1;
  14.     });
  15.     $news = json_encode($datas);
  16.     return $news;
  17. }
  18. // Order BY Values
  19.  
  20. // Check for SQL injection
  21. function escape_inj($text) {
  22.     $text = strtolower($text); // Go to low text
  23.     if (!strpos($text, "select") && //
  24.         !strpos($text, "union") && //
  25.     !strpos($text, "select") && //
  26.     !strpos($text, "order") && // Searching a BAD word
  27.     !strpos($text, "where") && //
  28.     !strpos($text, "char") && //
  29.     !strpos($text, "from") //
  30.     ) {
  31.         return true; // If all is OK
  32.     } else {
  33.         return false; // If someone try to hack
  34.     }
  35. }
  36. // Check for SQL injection
  37.  
  38. // Random string
  39. function generateRandomString($length = 7) {
  40.     $characters       = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
  41.     $charactersLength = strlen($characters);
  42.     $randomString     = '';
  43.     for ($i = 0; $i < $length; $i++) {
  44.         $randomString .= $characters[rand(0, $charactersLength - 1)];
  45.     }
  46.     return $randomString;
  47. }
  48. // Random string
  49.  
  50. // Seconds to time
  51. function secondsToTime($seconds) {
  52.     $dtF = new \DateTime('@0');
  53.     $dtT = new \DateTime("@$seconds");
  54.     return $dtF--->diff($dtT)-&gt;format('%a days, %h hours, %i minutes');
  55. }
  56. // Seconds to time
  57.  
  58. // Chat list
  59. function chatlist() {
  60.         $messages = mysql_query("SELECT `username`, `message`, `status` FROM (SELECT * FROM `chat` ORDER BY `id` DESC LIMIT 20) AS `i` ORDER BY `i`.`id` ASC;");
  61.         while ($message = mysql_fetch_array($messages)) {
  62.             if($message['status'] == 1) {
  63.                 $adminif = '<div class="admin">Administrator</div>';
  64.             }
  65.             elseif($message['status'] == 2) {
  66.                 $adminif = '<div class="moder">Moderator</div>';
  67.             }
  68.             else {
  69.                 $adminif = '';
  70.             }
  71.             echo '<div class="short">
  72.                         <div class="name">'.$message['username'].''.$adminif.'</div>
  73.                         <div class="text">'.strip_tags($message['message']).'</div>
  74.                     </div>';
  75.         }
  76. }
  77. // Chat list
  78.  
  79. // Chat send
  80. function chatsend($message) {
  81.     global $steamprofile;
  82.     if (empty($message)) {
  83.         echo 4;
  84.         exit();
  85.     }
  86.     if (empty($steamprofile['steamid'])) {
  87.         echo 1;
  88.         exit();
  89.     }
  90.     $main_users_js = mysql_fetch_assoc(mysql_query("SELECT id, ban, username, admin FROM `users` WHERE `steamid` = '" . $steamprofile['steamid'] . "' LIMIT 1"));
  91.     $timing        = mysql_fetch_assoc(mysql_query("SELECT time FROM `chat` WHERE `user_id` = '" . $main_users_js['id'] . "' ORDER BY `id` DESC LIMIT 1"));
  92.     if (empty($timing['time'])) {
  93.         $zd = strtotime("-10 minutes");
  94.     } else {
  95.         $zd = $timing['time'] + 7;
  96.     }
  97.     $time = strtotime("now");
  98.     if ($zd &gt; $time) {
  99.         echo 2;
  100.         exit();
  101.     }
  102.     if ($main_users_js['ban'] == 1) {
  103.         echo 3;
  104.         exit();
  105.     }
  106.     mysql_query("INSERT INTO `chat` (`message`,`user_id`,`time`,`username`,`status`) VALUES ('" . (string) mysql_real_escape_string(strip_tags($message)) . "','" . $main_users_js['id'] . "','" . $time . "','" . $main_users_js['username'] . "','" . $main_users_js['admin'] . "')");
  107.     mysql_query("UPDATE `update` SET `status` = '1' WHERE `typegame` = '1'");
  108.     echo 'success';
  109. }
  110. // Chat send
  111.  
  112. // Rdeposit
  113. function rdeposit($sum, $coinpart) {
  114.     global $steamprofile;
  115.     global $rmaxbet;
  116.     $sum = $sum;
  117.     if ($sum &lt; 0.1) {
  118.         echo 4;
  119.         exit();
  120.     }
  121.     if (empty($steamprofile['steamid'])) {
  122.         echo 1;
  123.         exit();
  124.     }
  125.     if ($sum &gt; $rmaxbet) {
  126.         echo 2;
  127.         exit();
  128.     }
  129.     $mainjs = mysql_fetch_assoc(mysql_query("SELECT id, balance, avatar, username FROM `users` WHERE `steamid` = '" . $steamprofile['steamid'] . "' LIMIT 1"));
  130.     if ($mainjs['balance'] &lt; $sum) {
  131.         echo 3;
  132.         exit();
  133.     }
  134.     $gameifcan = mysql_fetch_assoc(mysql_query("SELECT time FROM `roulette` ORDER BY `id` DESC LIMIT 1"));
  135.     $butsure   = strtotime("now");
  136.     if ($butsure &gt;= $gameifcan['time']) {
  137.     } else {
  138.         echo 6;
  139.         exit();
  140.     }
  141.     if ($coinpart == 1 || $coinpart == 2 || $coinpart == 3) {
  142.     } else {
  143.         echo 5;
  144.         exit();
  145.     }
  146.     $lgame = mysql_fetch_assoc(mysql_query("SELECT id FROM `roulette` ORDER BY `id` DESC LIMIT 1"));
  147.     $lbet  = mysql_fetch_assoc(mysql_query("SELECT id, sum FROM `bets` WHERE `user_id` = '" . $mainjs['id'] . "' AND `type` = '" . $coinpart . "' LIMIT 1"));
  148.     if ($lbet['sum'] + $sum &gt; 150) {
  149.         echo 2;
  150.         exit();
  151.     }
  152.     mysql_query("UPDATE `users` SET `balance` = `balance` - '" . $sum . "' WHERE `id` = '" . $mainjs['id'] . "' LIMIT 1");
  153.     if (empty($lbet['sum'])) {
  154.         mysql_query("INSERT INTO `bets` (`game`,`user_id`,`sum`,`type`,`avatar`,`username`) VALUES ('" . $lgame['id'] . "', '" . $mainjs['id'] . "', '" . $sum . "', '" . $coinpart . "', '" . $mainjs['avatar'] . "', '" . $mainjs['username'] . "')");
  155.     } else {
  156.         mysql_query("UPDATE `bets` SET `sum` = `sum` + '" . $sum . "' WHERE `user_id` = '" . $mainjs['id'] . "' AND `type` = '" . $coinpart . "'");
  157.     }
  158.     mysql_query("UPDATE `update` SET `status` = '1' WHERE `typegame` = '2'");
  159.     echo 'Success!';
  160. }
  161. // Rdeposit
  162.  
  163. // Trade &amp; email
  164. function tradelink($tradelink, $email) {
  165.     global $steamprofile; // Steam data of player
  166.     // Logged in
  167.     if (empty($steamprofile['steamid'])) {
  168.         echo 1;
  169.         exit();
  170.     }
  171.     // Logged in
  172.     // Trade link
  173.     if (!empty($tradelink)) {
  174.         if (stristr($tradelink, 'https://steamcommunity.com/tradeoffer/new/?partner=') !== FALSE) {
  175.             $url = parse_url(mysql_escape_string($tradelink));
  176.         parse_str($url['query'], $params);
  177.         $value = '[' . json_encode($params) . ']';
  178.         foreach (json_decode($value) as $i) {
  179.             $partner = substr($i-&gt;partner, 0, 12);
  180.             $token   = substr($i-&gt;token, 0, 12);
  181.         }
  182.         if (strlen($partner) &gt; 12 || strlen($token) &gt; 12 || empty($partner) || empty($token)) {
  183.             echo 2;
  184.             exit;
  185.         }
  186.         $link = 'https://steamcommunity.com/tradeoffer/new/?partner=' . $partner . '&amp;token=' . $token . '';
  187.         mysql_query("UPDATE `users` SET `trade_link` = '" . $link . "' WHERE `steamid` = '" . $steamprofile['steamid'] . "'");
  188.         echo 1;
  189.     } else {
  190.         echo 2;
  191.         exit;
  192.     }
  193. }
  194. // Trade link
  195. // Email
  196. if (!empty($email)) {
  197.     if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
  198.         echo 3;
  199.         exit();
  200.     } else {
  201.         mysql_query("UPDATE `users` SET `email` = '" . $email . "' WHERE `steamid` = '" . $steamprofile['steamid'] . "'");
  202.     }
  203. }
  204. // Email
  205. echo 'Success';
  206. }
  207. // Trade &amp; email
  208.  
  209. // Transfer balance
  210. function sendbalance($stb, $tbal) {
  211.     global $steamprofile; // Steam data of player
  212.     // Logged in
  213.     if (empty($steamprofile['steamid'])) {
  214.         echo 1;
  215.         exit();
  216.     }
  217.     // Logged in
  218.     // If empty
  219.     if (empty($stb) || empty($tbal) || ($tbal &lt;= 0)) {
  220.         echo 5;
  221.         exit();
  222.     }
  223.     // Myself
  224.     if ($stb === $steamprofile['steamid']) {
  225.         echo 4;
  226.         exit();
  227.     }
  228.     // If dont exist
  229.     $usersent = mysql_fetch_assoc(mysql_query("SELECT id FROM `users` WHERE `steamid` = '" . $stb . "' LIMIT 1"));
  230.     if (empty($usersent['id'])) {
  231.         echo 3;
  232.         exit();
  233.     }
  234.     // If not enough balance
  235.     $myuser = mysql_fetch_assoc(mysql_query("SELECT balance FROM `users` WHERE `steamid` = '" . $steamprofile['steamid'] . "' LIMIT 1"));
  236.     if ($myuser['balance'] &lt; $tbal) {
  237.         echo 2;
  238.         exit();
  239.     }
  240.     // If all is ok
  241.     mysql_query("UPDATE `users` SET `balance` = `balance` - '" . $tbal . "' WHERE `steamid` = '" . $steamprofile['steamid'] . "' LIMIT 1");
  242.     mysql_query("UPDATE `users` SET `balance` = `balance` + '" . $tbal . "' WHERE `steamid` = '" . $stb . "' LIMIT 1");
  243.     echo 'Success';
  244. }
  245. // Transfer balance
  246.  
  247. // Inventory of player
  248. function loadinvent() {
  249.     global $minpriceofdeposititem;
  250.     global $steamprofile; // Steam data of player
  251.     // Logged in
  252.     if (empty($steamprofile['steamid'])) {
  253.         echo 1;
  254.         exit();
  255.     }
  256.     // Logged in
  257.     $brow     = mysql_fetch_assoc(mysql_query("SELECT * FROM `inventories` WHERE `steamid` = '" . $steamprofile['steamid'] . "' LIMIT 1"));
  258.     $timenow  = strtotime("+15 minutes"); // Time
  259.     $timenow1 = strtotime("now"); //
  260.     mysql_query("DELETE FROM `inventories` WHERE `time` &lt; '" . $timenow1 . "'");
  261.     // Proxies
  262.     if (empty($brow['id']) || ($timenow1 &gt; $brow['time']) || empty($brow['inventory'])) {
  263.         $onlinezs       = mysql_fetch_array(mysql_query("SELECT COUNT(DISTINCT id) FROM proxies"));
  264.         $midz           = mt_rand(1, $onlinezs[0]); // Getting random bot
  265.         $proxi          = mysql_fetch_assoc(mysql_query("SELECT * FROM `proxies` WHERE `id` = '" . $midz . "' LIMIT 1"));
  266.         $proxy_ip       = $proxi['ip'];
  267.         $proxy_login    = $proxi['login'];
  268.         $proxy_password = $proxi['password'];
  269.         $auth           = base64_encode("$proxy_login:$proxy_password");
  270.         $aContext       = array(
  271.         'http' =&gt; array(
  272.         'proxy' =&gt; "$proxy_ip",
  273.         'request_fulluri' =&gt; true,
  274.         'header' =&gt; "Proxy-Authorization: Basic $auth"
  275.         )
  276.         );
  277.         $cxContext      = stream_context_create($aContext);
  278.         // Proxies
  279.         $content        = file_get_contents("http://steamcommunity.com/profiles/" . $steamprofile['steamid'] . "/inventory/json/730/2?l=en", False, $cxContext);
  280.         $content        = str_replace("`", "", $content);
  281.         $content        = str_replace("'", "", $content);
  282.         if (empty($brow['id'])) {
  283.             mysql_query("INSERT INTO `inventories` (`inventory`,`steamid`, `time`) VALUES ('" . mysql_real_escape_string($content) . "','" . $steamprofile['steamid'] . "','" . $timenow . "')");
  284.         } else {
  285.             mysql_query("UPDATE `inventories` SET `inventory` = '" . mysql_real_escape_string($content) . "', `time` = '" . $timenow . "' WHERE `steamid` = '" . $steamprofile['steamid'] . "'");
  286.         }
  287.         $result = json_decode($content); // Decodify
  288.     } else {
  289.         $result = json_decode($brow['inventory']);
  290.     }
  291.     // Inventory data
  292.     // From DB
  293.     if ($result-&gt;success !== true) { // Verify for an success request
  294.         myinventory($zm);
  295.         exit;
  296.     }
  297.     // JSONify
  298.     $items = '';
  299.     foreach ($result-&gt;rgInventory AS $report) {
  300.         $check = 'count-' . $report-&gt;classid . '';
  301.         if (empty($$check)) {
  302.             $items .= '{"id":"' . $report-&gt;id . '","classid":"' . $report-&gt;classid . '"},';
  303.             $$check = 1;
  304.         } else {
  305.             $$check = $$check + 1;
  306.         }
  307.     }
  308.     $items = '[' . $items . ']';
  309. $items = str_replace("},]", "}]", $items);
  310. // JSONify
  311. // Get description of every item
  312. $allitem = '';
  313. foreach (json_decode($items) as $evitem) {
  314.     foreach ($result-&gt;rgDescriptions AS $desc) {
  315.         if ($evitem-&gt;classid == $desc-&gt;classid) {
  316.             $priceindb = 0;
  317.             $count     = 'count-' . $desc-&gt;classid . '';
  318.             $giro    = $desc-&gt;market_hash_name;
  319.             $newname = str_replace("'", "", $giro);
  320.             $newname = str_replace("`", "", $newname);
  321.             preg_match('/\((.+)\)/', $newname, $quality);
  322.             $thequa = $quality[1];
  323.             $price   = mysql_fetch_assoc(mysql_query("SELECT price FROM `items_csgo` WHERE `name_en` = '" . (string)mysql_real_escape_string($desc-&gt;market_hash_name) . "' LIMIT 1"));
  324.             $newname = str_replace("(".$thequa.")", "", $newname);
  325.             if ($price['price'] &lt; $minpriceofdeposititem) {
  326.                 $priceindb = 0;
  327.             } else {
  328.                 $priceindb = $price['price'];
  329.             }
  330.             if ($desc-&gt;tradable == 1) {
  331.                 $allitem .= '{"market_hash_name":"' . $newname . '","classid":"' . $desc-&gt;classid . '","id":"' . $evitem-&gt;id . '","price":"' . $priceindb . '","count":"' . $$count . '", "quality":"' . $thequa . '", "tradable":"' . $desc-&gt;tradable . '"},';
  332.             }
  333.             break;
  334.     }
  335. }
  336. }
  337. $allitem = '[' . $allitem . ']';
  338. $allitem = str_replace("},]", "}]", $allitem);
  339. // Get description of every item
  340. $news = orderbv($allitem);
  341. // Show items
  342. foreach (json_decode($news) as $showit) {
  343.     if($showit-&gt;price &lt;= 0) {
  344.         $text = 'Junk';
  345.         $onc = '';
  346.     }
  347.     else {
  348.         $text = round($showit-&gt;price -($showit-&gt;price * 0.1),2);
  349.         $onc = 'selectitem('.$showit-&gt;id.')';
  350.     }
  351.     echo '<div class="item">
  352.    <div onclick="'.$onc.'" class="inner" id="'.$showit->id.'">
  353.    <ul>
  354.    <li>'.$showit-&gt;market_hash_name.'</li>
  355.    <li>'.$showit-&gt;quality.'</li>
  356.    </ul>
  357.    <div class="pic"><img src="http://steamcommunity-a.akamaihd.net/economy/image/class/730/'.$showit-&gt;classid.'/200fx200f.png"></div>
  358.    <div class="price"><div class="coin_icon"></div>'.$text.'</div>
  359.    </div>
  360.    </div>';
  361. }
  362. // Show items
  363. }
  364. // Inventory of player
  365.  
  366. // Force refresh
  367. function forcerefresh() {
  368.     global $steamprofile; // Steam data of player
  369.     // Logged in
  370.     if (empty($steamprofile['steamid'])) {
  371.         echo 1;
  372.         exit();
  373.     }
  374.     // Logged in
  375.     mysql_query("DELETE FROM `inventories` WHERE `stemaid` = '".$steamprofile['steamid']."'");
  376.     loadinvent();
  377. }
  378. // Force refresh
  379.  
  380. // Deposit to jackpot
  381. function deposititem($playerpart) {
  382.     global $minpriceofdeposititem;
  383.     global $steamprofile;
  384.     global $countmaxi;
  385.     // Logged in
  386.     if (empty($steamprofile['steamid'])) {
  387.         echo 1;
  388.         exit();
  389.     }
  390.     // Logged in
  391.     // SQL injection
  392.     if (!escape_inj($playerpart)) {
  393.         echo 2;
  394.         exit();
  395.     }
  396.     // SQL injection
  397.     // Empty result
  398.     if (empty($playerpart)) {
  399.         echo 3;
  400.         exit();
  401.     }
  402.     // Empty result
  403.     // Trade-link
  404.     $tradelink = mysql_fetch_assoc(mysql_query("SELECT id, steamid, trade_link FROM `users` WHERE `steamid` = '" . $steamprofile['steamid'] . "' LIMIT 1"));
  405.     if (empty($tradelink['trade_link'])) {
  406.         echo 4;
  407.         exit();
  408.     }
  409.     // Trade-link
  410.     // Simple JSON
  411.     $playerpart = '[' . $playerpart . ']';
  412. $playerpart = str_replace("},]", "}]", $playerpart);
  413. // Simple JSON
  414. // Get your inventory
  415. // Proxies
  416. $brow = mysql_fetch_assoc(mysql_query("SELECT * FROM `inventories` WHERE `steamid` = '" . $steamprofile['steamid'] . "' LIMIT 1"));
  417. $content = json_decode($brow['inventory']);
  418. if ($content-&gt;success !== true) {
  419.     echo 5;
  420.     exit();
  421. }
  422. // Get your inventory
  423.  
  424. // Anti-spam
  425. $lprize = mysql_fetch_assoc(mysql_query("SELECT time, status FROM `prize` WHERE `steamid` = '" . $steamprofile['steamid'] . "' ORDER BY `id` DESC LIMIT 1"));
  426. $timec  = strtotime("now"); // Time
  427. if ($timec &gt;= $lprize['time']) {
  428. } else {
  429.     if ($lprize['status'] == 2 || $lprize['status'] == 3) {
  430.     } else {
  431.         echo 9;
  432.         exit();
  433.     }
  434. }
  435. // Anti-spam
  436.  
  437. $steaminventory = '';
  438. // Building Steam Inventory
  439. foreach ($content-&gt;rgInventory AS $report) {
  440.     $steaminventory .= '{"id":"' . $report-&gt;id . '", "classid":"' . $report-&gt;classid . '"},';
  441. }
  442. $steaminventory = '[' . $steaminventory . ']';
  443. $steaminventory = str_replace("},]", "}]", $steaminventory);
  444. // Building Steam Inventory
  445.  
  446. // Verify Profile Items &amp; Steam Items
  447. $cart = json_decode($steaminventory, true);
  448. foreach (json_decode($playerpart) as $vsv) {
  449.     // Search in array
  450.     $value = $vsv-&gt;id;
  451.     foreach ($cart as $i =&gt; $v) {
  452.         if ($v['id'] == $value) {
  453.             unset($cart[$i]);
  454.             $value = 'enough';
  455.             foreach ($content-&gt;rgDescriptions AS $item) {
  456.                 if ($v['classid'] == $item-&gt;classid) {
  457.                     $marketname = $item-&gt;market_hash_name;
  458.                     $tradable = '' . $item-&gt;tradable . '';
  459.                     break;
  460.             }
  461.         } // Get Market_Hash_Name
  462.         $hisitemnow .= '{"id":"' . $v['id'] . '", "classid":"' . $v['classid'] . '", "market_hash_name":"' . $marketname . '", "tradable":"' . $tradable . '"},';
  463.     }
  464. }
  465. // Search in array
  466. }
  467. $hisitemnow = '[' . $hisitemnow . ']';
  468. $hisitemnow = str_replace("},]", "}]", $hisitemnow);
  469. // Verify Profile Items &amp; Steam Items
  470. // Verify if items is enough
  471. if ((count(json_decode($hisitemnow))) == (count(json_decode($playerpart))) &amp;&amp; (count(json_decode($hisitemnow))) &gt; 0) {
  472.     $totalsum = 0;
  473.     $ccz      = 0;
  474.     foreach (json_decode($hisitemnow) as $pricezero) {
  475.         $giro    = $pricezero-&gt;market_hash_name;
  476.         $newname = str_replace("'", "", $giro);
  477.         $newname = str_replace("`", "", $newname);
  478.         $price = mysql_fetch_assoc(mysql_query("SELECT price FROM `items_csgo` WHERE `name_en` = '" . $newname . "' LIMIT 1"));
  479.         $totalsum = $totalsum + $price['price'];
  480.         if ($price['price'] &lt; $minpriceofdeposititem || $pricezero-&gt;tradable == 0) {
  481.             $priceindb = 0;
  482.         } else {
  483.             $priceindb = $price['price'];
  484.         }
  485.         if (($priceindb == 0) || empty($priceindb)) {
  486.             echo 7;
  487.             exit();
  488.         }
  489.         $ccz = $ccz + 1;
  490.     }
  491.     if ($ccz &gt; $countmaxi) {
  492.         echo 8;
  493.         exit();
  494.     }
  495.     $timenow    = strtotime("+15 minutes"); // Time
  496.     $online     = mysql_fetch_array(mysql_query("SELECT COUNT(DISTINCT id) FROM bots WHERE `type` = '0'"));
  497.     $mid        = mt_rand(1, $online[0]); // Getting random bot
  498.     $rsec       = generateRandomString();
  499.     $hisitemnow = str_replace("'", "", $hisitemnow);
  500.     $hisitemnow = str_replace("`", "", $hisitemnow);
  501.     mysql_query("INSERT INTO `prize` (`securitycode`,`status`, `items`, `token`, `steamid`, `bot_num`, `totalprice`, `value`, `time`, `typic`) VALUES ('" . $rsec . "','0','" . $hisitemnow . "','" . $tradelink['trade_link'] . "','" . $tradelink['steamid'] . "','" . $mid . "','" . $totalsum . "','1', '" . $timenow . "', '" . $getgame . "')");
  502.     echo 'success';
  503. } else {
  504.     echo 6;
  505.     exit();
  506. }
  507. // Verify if items is enough
  508. // Success
  509. echo 'Success';
  510. }
  511. // Deposit to jackpot
  512.  
  513. // Withdraw inventory
  514. function withinvent() {
  515.     global $steamprofile; // Steam data of player
  516.     // Logged in
  517.     if (empty($steamprofile['steamid'])) {
  518.         echo 1;
  519.         exit();
  520.     }
  521.     // Logged in
  522.     // From DB
  523.     $result = '';
  524.     $brow = mysql_query("SELECT id, item, time FROM `shop` WHERE `time` = '0' ORDER BY `price` DESC");
  525.     while ($bg = mysql_fetch_array($brow)) {
  526.     $vm = str_replace("}", "", $bg['item']);
  527. $result .= '' . $vm . ',"id":' . $bg['id'] . ',"timeme":' . $bg['time'] . '},';
  528. }
  529. $result  = '[' . $result . ']';
  530. $result  = str_replace("},]", "}]", $result);
  531. // From DB
  532. $allitem = '';
  533. foreach (json_decode($result) as $pricecheck) {
  534.     $giro    = $pricecheck-&gt;market_hash_name;
  535.     $newname = str_replace("'", "", $giro);
  536.     $newname = str_replace("`", "", $newname);
  537.     preg_match('/\((.+)\)/', $newname, $quality);
  538.     $thequa = $quality[1];
  539.     $price     = mysql_fetch_assoc(mysql_query("SELECT price FROM `items_csgo` WHERE `name_en` = '" . (string)mysql_real_escape_string($pricecheck-&gt;market_hash_name) . "' LIMIT 1"));
  540.     $newname = str_replace("(".$thequa.")", "", $newname);
  541.     $priceindb = $price['price'];
  542.     $allitem .= '{"market_hash_name":"' . $newname . '","id":"' . $pricecheck-&gt;id . '","classid":"' . $pricecheck-&gt;classid . '","quality": "'.$thequa.'","price":"' . $priceindb . '", "icon_url":"' . $pricecheck-&gt;icon_url . '", "timeme":"' . $pricecheck-&gt;timeme . '"},';
  543. }
  544. $allitem = '[' . $allitem . ']';
  545. $allitem = str_replace("},]", "}]", $allitem);
  546. $news    = orderbv($allitem);
  547. // Show Them
  548. foreach (json_decode($news) as $showit) {
  549.     echo '<div class="item">
  550.    <div onclick="selectitem('.$showit->id.')" class="inner" id="'.$showit->id.'">
  551.    <ul>
  552.    <li>'.$showit-&gt;market_hash_name.'</li>
  553.    <li>'.$showit-&gt;quality.'</li>
  554.    </ul>
  555.    <div class="pic"><img src="http://steamcommunity-a.akamaihd.net/economy/image/class/730/'.$showit-&gt;classid.'/200fx200f.png"></div>
  556.    <div class="price"><div class="coin_icon"></div>'.$showit-&gt;price.'</div>
  557.    </div>
  558.    </div>';
  559. }
  560. // Show Them
  561. }
  562. // Withdraw inventory
  563.  
  564. // Withdraw items
  565. function withdrawitem($sitems) {
  566.     global $steamprofile; // Steam data of player
  567.     global $countmaxi;
  568.     // Logged in
  569.     if (empty($steamprofile['steamid'])) {
  570.         echo 1;
  571.         exit();
  572.     }
  573.     // Logged in
  574.     // SQL injection
  575.     if (!escape_inj($sitems)) {
  576.         echo 2;
  577.         exit();
  578.     }
  579.     // SQL injection
  580.     // Empty result
  581.     if (empty($sitems)) {
  582.         echo 3;
  583.         exit();
  584.     }
  585.     // Empty result
  586.     // Trade-link
  587.     $tradelink = mysql_fetch_assoc(mysql_query("SELECT id,trade_link,steamid,balance FROM `users` WHERE `steamid` = '" . $steamprofile['steamid'] . "' LIMIT 1"));
  588.     if (empty($tradelink['trade_link'])) {
  589.         echo 4;
  590.         exit();
  591.     }
  592.     // Trade-link
  593.     $newsi = '[' . $sitems . ']';
  594. $newsi = str_replace("},]", "}]", $newsi);
  595. $newf  = '';
  596. foreach (json_decode($newsi) as $im) {
  597.     $imshop = mysql_fetch_assoc(mysql_query("SELECT item, market_hash_name,price FROM `shop` WHERE `id` = '" . $im-&gt;id . "' LIMIT 1"));
  598.     $price = mysql_fetch_assoc(mysql_query("SELECT price FROM `items_csgo` WHERE `name_en` = '".(string)mysql_real_escape_string($imshop['market_hash_name'])."' LIMIT 1"));
  599.     if (empty($imshop['item'])) {
  600.         echo 5;
  601.         exit();
  602.     }
  603.     if($imshop['price'] &lt;= 0) {
  604.         echo 6;
  605.         exit();
  606.     }
  607.     $newf .= '' . $imshop['item'] . ',';
  608.     $tprice = $tprice + $imshop['price'];
  609.     $tcount = $tcount + 1;
  610. }
  611. $newf   = '[' . $newf . ']';
  612. $newf   = str_replace("},]", "}]", $newf);
  613. $hzitem = '';
  614. if($tprice &gt; $tradelink['balance']) {
  615.     echo 7;
  616.     exit();
  617. }
  618. if ($tcount &gt; $countmaxi) {
  619.     echo 8;
  620.     exit();
  621. }
  622. mysql_query("UPDATE `users` SET `balance` = `balance` - '".$tprice."' WHERE `steamid` = '".$steamprofile['steamid']."' LIMIT 1");
  623. foreach (json_decode($newf) as $gom) {
  624.     $hzitem .= '{"id":"' . $gom-&gt;assetid . '", "classid":"' . $gom-&gt;classid . '", "market_hash_name":"' . $gom-&gt;name . '"},';
  625.     mysql_query("UPDATE `shop` SET `time` = '1' WHERE `assetid` = '".$gom-&gt;assetid ."'");
  626. }
  627. $hzitem  = '[' . $hzitem . ']';
  628. $hzitem  = str_replace("},]", "}]", $hzitem);
  629. $timenow = strtotime("+15 minutes"); // Time
  630. $online  = mysql_fetch_array(mysql_query("SELECT COUNT(DISTINCT id) FROM bots"));
  631. $mid     = mt_rand(1, $online[0]); // Getting random bot
  632. $rsec    = generateRandomString();
  633. $hzitem  = str_replace("'", "", $hzitem);
  634. $hzitem  = str_replace("`", "", $hzitem);
  635. mysql_query("INSERT INTO `prize` (`securitycode`,`status`, `items`, `token`, `steamid`, `bot_num`, `totalprice`, `value`, `time`) VALUES ('" . $rsec . "','0','" . $hzitem . "','" . $tradelink['trade_link'] . "','" . $tradelink['steamid'] . "','" . $mid . "','".$tprice."','2', '" . $timenow . "')");
  636.  
  637. echo 'Success';
  638. }
  639. // Withdraw items
  640.  
  641. // Join jackpot
  642. function joinjackpot($sum) {
  643.     global $steamprofile; // Steam data of player
  644.     global $minbetjackpot; // Min bet
  645.     // Logged in
  646.     if (empty($steamprofile['steamid'])) {
  647.         echo 1;
  648.         exit();
  649.     }
  650.     // Logged in
  651.     // 0 bet
  652.     if ($sum == 0) {
  653.         echo 3;
  654.         exit();
  655.     }
  656.     // 0 bet
  657.     // Min bet
  658.     if ($minbetjackpot &gt; $sum) {
  659.         echo 4;
  660.         exit();
  661.     }
  662.     // Min bet
  663.     // User balance
  664.     $userbalance = mysql_fetch_assoc(mysql_query("SELECT id, balance, username, avatar FROM `users` WHERE `steamid` = '".$steamprofile['steamid']."' LIMIT 1"));
  665.     if ($sum &gt; $userbalance['balance']) {
  666.         echo 2;
  667.         exit();
  668.     }
  669.     // User balance
  670.     mysql_query("UPDATE `users` SET `balance` = `balance` - '".$sum."' LIMIT 1");
  671.     $lastid = mysql_fetch_assoc(mysql_query("SELECT id FROM `jackpot` ORDER BY `id` DESC LIMIT 1"));
  672.     // GET TICKET
  673.     $lastticket = mysql_fetch_assoc(mysql_query("SELECT tt FROM `bets2` WHERE `game` = '".$lastid['id']."' ORDER BY `id` DESC LIMIT 1"));
  674.     $newticket = $lastticket['tt'] + 1;
  675.     $toticket = $newticket + ($sum * 100);
  676.     // GET TICKET
  677.     mysql_query("INSERT INTO `bets2` (`game`, `user_id`, `sum`, `username`, `avatar`, `ff`, `tt`) VALUES ('".$lastid['id']."', '".$userbalance['id']."', '".$sum."', '".$userbalance['username']."', '".$userbalance['avatar']."', '".$newticket."', '".$toticket."')");
  678.     mysql_query("UPDATE `jackpot` SET `count` = `count` + 1, `sum` = `sum` + '".$sum."' WHERE `id` = '".$lastid['id']."'");
  679.     mysql_query("UPDATE `update` SET `status` = '1' WHERE `typegame` = '4'");
  680. }
  681.  
  682. // Join jackpot
  683.  
  684. // Coinflip
  685. function coinflip($sumdeposit, $coinpartit) {
  686.     global $steamprofile;
  687.     global $mincoinflip;
  688.     $profile     = mysql_fetch_assoc(mysql_query("SELECT id, balance FROM `users` WHERE `steamid` = '" . $steamprofile['steamid'] . "' LIMIT 1"));
  689.     $mybalance = $profile['balance'];
  690.     if ($sumdeposit &lt; 0.1) {
  691.         echo 5;
  692.         exit();
  693.     }
  694.     if (($coinpartit != 1) &amp;&amp; ($coinpartit != 2)) {
  695.         echo 3;
  696.         exit;
  697.     }
  698.     if (empty($steamprofile['steamid'])) {
  699.         echo 1;
  700.         exit;
  701.     }
  702.     if (($sumdeposit &gt; $mybalance) || !is_numeric($sumdeposit) || ($sumdeposit &lt; $mincoinflip)) {
  703.         echo 2;
  704.         exit;
  705.     }
  706.     $userbets = mysql_fetch_array(mysql_query("SELECT COUNT(id) FROM `coinflip` WHERE `user_1` = '" . $steamprofile['steamid'] . "' and `user_2` = '0' LIMIT 5"));
  707.     if($userbets[0] &gt;= 5) { echo 4; exit; }
  708.     mysql_query("UPDATE `users` SET `balance` = `balance` - " . $sumdeposit . " WHERE `id` = '" . $profile['id'] . "'");
  709.     $rand_number = "0." . mt_rand(100000000, 999999999) . mt_rand(100000000, 999999999);
  710.     $timenow = strtotime("+7 day");
  711.     mysql_query("INSERT INTO `coinflip` (`user_1`, `user_2`, `sum`, `rand_number`, `coinpart`, `time`) VALUES ('" . $steamprofile['steamid'] . "', '0', '" . $sumdeposit . "', '" . $rand_number . "', '" . $coinpartit . "', '".$timenow."')");
  712.    
  713.     mysql_query("UPDATE `update` SET `status` = '1' WHERE `typegame` = '3'");
  714. }
  715. // Coinflip
  716.  
  717. // Join coinflip
  718. function joincoinflip($gamenumber) {
  719.     global $steamprofile;
  720.     global $coef;
  721.     // Select join profile
  722.     $profile = mysql_fetch_assoc(mysql_query("SELECT id, balance FROM `users` WHERE `steamid` = '" . $steamprofile['steamid'] . "' LIMIT 1"));
  723.     if (empty($steamprofile['steamid'])) {
  724.         echo 1;
  725.         exit;
  726.     }
  727.     // Select join profile
  728.     // Get balance &amp; game
  729.     $coinflip = mysql_fetch_assoc(mysql_query("SELECT id, sum, user_2, user_1, rand_number, coinpart FROM `coinflip` WHERE `id` = '" . $gamenumber . "' LIMIT 1"));
  730.     if ($coinflip['sum'] &gt; $profile['balance']) {
  731.         echo 2;
  732.         exit;
  733.     }
  734.     if ($coinflip['user_2'] != 0 || $steamprofile['steamid'] === $coinflip['user_1']) {
  735.         echo 3;
  736.         exit;
  737.     }
  738.     // Get balance &amp; game
  739.     // Update balance
  740.     $balancefirst = mysql_fetch_assoc(mysql_query("SELECT balance, bankwin FROM `users` WHERE `steamid` = '" . $coinflip['user_1'] . "' LIMIT 1"));
  741.     mysql_query("UPDATE `users` SET `balance` = `balance` - " . $coinflip['sum'] . " WHERE `id` = '" . $profile['id'] . "'");
  742.     // Update balance
  743.     $date1    = date('Y-m-d');
  744.     $timethis = strtotime("now") + 10;
  745.     mysql_query("UPDATE `coinflip` SET `user_2` = '" . $steamprofile['steamid'] . "', `status` = '1', `time` = '" . $timethis . "' WHERE `id` = '" . $coinflip['id'] . "'");
  746.     mysql_query("UPDATE `update` SET `status` = '1' WHERE `typegame` = '3'");
  747.     echo 'Success';
  748. }
  749. // Join coinflip
  750.  
  751. // Choose function
  752. $func = $_GET['function'];
  753. switch ($func) {
  754.     default:
  755.         break;
  756.    
  757.     case "chatsend":
  758.         chatsend($_POST['chatmessage']);
  759.         break;
  760.    
  761.     case "tradelink":
  762.         tradelink($_POST['tradelink'], $_POST['email']);
  763.         break;
  764.    
  765.     case "sendbalance":
  766.         sendbalance(intval($_POST['steamid64']), floatval($_POST['tamount']));
  767.         break;
  768.    
  769.     case "rdeposit":
  770.         rdeposit(floatval($_POST['sum']), intval($_POST['coin']));
  771.         break;
  772.    
  773.     case "loadinvent":
  774.         loadinvent();
  775.         break;
  776.    
  777.     case "chatlist":
  778.         chatlist();
  779.         break;
  780.  
  781.     case "forcerefresh":
  782.         forcerefresh();
  783.         break;
  784.    
  785.     case "withinvent":
  786.         withinvent();
  787.         break;
  788.    
  789.     case "deposititem":
  790.         deposititem($_POST['itemselected']);
  791.         break;
  792.    
  793.     case "withdrawitem":
  794.         withdrawitem($_POST['itemselected']);
  795.         break;
  796.    
  797.     case "joinjackpot":
  798.         joinjackpot(floatval($_POST['sum']));
  799.         break;
  800.    
  801.     case "coinflip":
  802.         coinflip(floatval($_POST['sum']), intval($_POST['coinpart']));
  803.         break;
  804.    
  805.     case "joincoinflip":
  806.         joincoinflip(intval($_POST['game']));
  807.         break;
  808. }
  809. // Choose function
  810.  
  811. ?&gt;</div>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!