- <?php
- ini_set('display_errors', 'Off');
- require_once('config.php');
- if (isset($_COOKIE['hash']))
- {
- $sql = "SELECT * FROM users WHERE hash=:hash";
- $stmt = $db->prepare($sql);
- $stmt->bindParam(':hash', $hash_stmt, PDO::PARAM_STR);
- $hash_stmt = $db->quote($_COOKIE['hash']);
- $stmt->execute();
- if ($stmt->rowCount() != 0)
- {
- $row = $stmt->fetch();
- $user = $row;
- }
- }
- if (isset($_GET["language"]))
- {
- $lang = $_GET["language"];
- setcookie('lang', $lang, time() + (86400 * 360));
- $_COOKIE["lang"] = $lang;
- //print "<script>";
- //print "setCookie('lang', '$lang')";
- //print "</script>";
- }
- if (isset($_COOKIE["lang"]))
- switch ($_COOKIE["lang"]) {
- case "pl":
- include "lang/pl.php";
- break;
- case "en":
- include "lang/en.php";
- break;
- } else
- include "lang/en.php";
- $min = 10;
- $ip = '';
- $referal_summa = 100;
- switch ($_GET['page']) {
- case '':
- $steamid = strtolower($db->quote($user['steamid']));
- $polskie = array("'");
- $miedzyn = array("");
- $steamid = str_replace($polskie, $miedzyn, $steamid);
- $query = $db->prepare('SELECT count(*) FROM `bets` WHERE `user` = :user');
- $query->bindValue(':user', $steamid, PDO::PARAM_INT);
- $query->execute();
- $countBetsForUser = $query->fetch();
- $query->closeCursor();
- $countBetsForUser = $countBetsForUser[0];
- $page = getTemplate('/security/main.tpl', array(
- 'user' => $user,
- 'countBetsForUser' => $countBetsForUser
- ));
- echo $page;
- break;
- case 'deposit':
- $page = getTemplate('/security/deposit.tpl', array(
- 'user' => $user
- ));
- echo $page;
- break;
- case 'tos':
- $page = getTemplate('/security/tos.tpl', array(
- 'user' => $user
- ));
- echo $page;
- break;
- /*
- case 'support':
- $sql = $db->query('SELECT * FROM `tickets` WHERE `user` = '.$db->quote($user['steamid']).' AND `status` = 0');
- $row = $sql->fetch();
- $ticket = clear($row);
- if(count($ticket) > 0) {
- $sql = $db->query('SELECT * FROM `messages` WHERE `ticket` = '.$db->quote($ticket['id']));
- $row = $sql->fetchAll();
- $ticket['messages'] = clear($row);
- }
- $sql = $db->query('SELECT COUNT(`id`) FROM `tickets` WHERE `user` = '.$db->quote($user['steamid']).' AND `status` > 0');
- $row = $sql->fetch();
- $closed = $row['COUNT(`id`)'];
- $tickets = array();
- $sql = $db->query('SELECT * FROM `tickets` WHERE `user` = '.$db->quote($user['steamid']).' AND `status` > 0');
- while ($row = $sql->fetch()) {
- $s = $db->query('SELECT `message`, `user` FROM `messages` WHERE `ticket` = '.$db->quote($row['id']));
- $r = $s->fetchAll();
- $tickets[] = array('title'=>clear($row['title']),'messages'=>clear($r));
- }
- $page = getTemplate('support.tpl', array('user'=>$user,'ticket'=>$ticket,'open'=>(count($ticket) > 1)?1:0,'closed'=>$closed,'tickets'=>$tickets));
- echo $page;
- break;
- case 'support_new':
- if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the support.')));
- $tid = clear($_POST['tid']);
- $title = clear($_POST['title']);
- $body = clear($_POST['reply']);
- $close = clear($_POST['close']);
- $cat = clear($_POST['cat']);
- $flag = clear($_POST['flag']);
- $lmao = clear($_POST['lmao']);
- if($tid == 0) {
- if((strlen($title) < 0) || (strlen($title) > 256)) exit(json_encode(array('success'=>false, 'error'=>'Title < 0 or > 256.')));
- if(($cat < 0) || ($cat > 4)) exit(json_encode(array('success'=>false, 'error'=>'Department cannot be left blank.')));
- if((strlen($body) < 0) || (strlen($body) > 2056)) exit(json_encode(array('success'=>false, 'error'=>'Description cannot be left blank.')));
- $sql = $db->query('SELECT COUNT(`id`) FROM `tickets` WHERE `user` = '.$db->quote($user['steamid']).' AND `status` = 0');
- $row = $sql->fetch();
- $count = $row['COUNT(`id`)'];
- if($count != 0) exit(json_encode(array('success'=>false, 'error'=>'You already have a pending support ticket.')));
- $db->exec('INSERT INTO `tickets` SET `time` = '.$db->quote(time()).', `user` = '.$db->quote($user['steamid']).', `cat` = '.$db->quote($cat).', `title` = '.$db->quote($title));
- $id = $db->lastInsertId();
- $db->exec('INSERT INTO `messages` SET `ticket` = '.$db->quote($id).', `message` = '.$db->quote($body).', `user` = '.$db->quote($user['steamid']).', `time` = '.$db->quote(time()));
- exit(json_encode(array('success'=>true,'msg'=>'Thank you - your ticket has been submitted ('.$id.')')));
- } else {
- $sql = $db->query('SELECT * FROM `tickets` WHERE `id` = '.$db->quote($tid).' AND `user` = '.$db->quote($user['steamid']));
- if($sql->rowCount() > 0) {
- $row = $sql->fetch();
- if($close == 1) {
- $db->exec('UPDATE `tickets` SET `status` = 1 WHERE `id` = '.$db->quote($tid));
- exit(json_encode(array('success'=>true,'msg'=>'[CLOSED]')));
- }
- $db->exec('INSERT INTO `messages` SET `ticket` = '.$db->quote($tid).', `message` = '.$db->quote($body).', `user` = '.$db->quote($user['steamid']).', `time` = '.$db->quote(time()));
- exit(json_encode(array('success'=>true,'msg'=>'Response added.')));
- }
- }
- break;
- */
- case 'rolls':
- if (isset($_GET['id'])) {
- $id = $_GET['id'];
- if (!preg_match('/^[0-9]+$/', $id))
- exit();
- $sql = "SELECT * FROM hash WHERE id = :id";
- $sth = $db->prepare($sql);
- $sth->bindParam(':id', $id_a, PDO::PARAM_INT);
- $id_a = $db->quote($id);
- $sth->execute();
- $row = $sth->fetch();
- $sql = "SELECT * FROM rolls WHERE hash = :hash";
- $std = $db->prepare($sql);
- $std->bindParam(':hash', $hash_que, PDO::PARAM_STR);
- $hash_que = $db->quote($row['hash']);
- $std->execute();
- $row = $std->fetchAll();
- $rolls = array();
- foreach ($row as $key => $value) {
- if ($value['id'] < 10) {
- $q = 0;
- $z = substr($value['id'], -1, 1);
- } else {
- $q = substr($value['id'], 0, -1);
- $z = substr($value['id'], -1, 1);
- }
- if (count($rolls[$q]) == 0) {
- $rolls[$q]['time'] = date('h:i A', $value['time']);
- $rolls[$q]['start'] = substr($value['id'], 0, -1);
- }
- $rolls[$q]['rolls'][$z] = array(
- 'id' => $value['id'],
- 'roll' => $value['roll']
- );
- }
- $page = getTemplate('/security/rolls.tpl', array(
- 'user' => $user,
- 'rolls' => $rolls
- ));
- } else {
- $sql = $db->query('SELECT * FROM hash ORDER BY id DESC');
- $row = $sql->fetchAll();
- $rolls = array();
- foreach ($row as $key => $value) {
- $sql = "SELECT MIN(`id`) AS min, MAX(`id`) AS max FROM `rolls` WHERE hash = :hash";
- $smt = $db->prepare($sql);
- $smt->bindParam(':hash', $hashc);
- $hashc = $db->quote($value['hash']);
- $smt->execute();
- $r = $smt->fetch();
- $rolls[] = array(
- 'id' => $value['id'],
- 'date' => date('Y-m-d', $value['time']),
- 'seed' => $value['hash'],
- 'rolls' => $r['min'] . '-' . $r['max'],
- 'time' => $value['time']
- );
- }
- $page = getTemplate('/security/rolls.tpl', array(
- 'user' => $user,
- 'rolls' => $rolls
- ));
- }
- echo $page;
- break;
- case 'faq':
- $page = getTemplate('/security/faq.tpl', array(
- 'user' => $user
- ));
- echo $page;
- break;
- case 'affiliates':
- $affiliates = array();
- $sql = "SELECT code FROM codes WHERE user = :user";
- $srt = $db->prepare($sql);
- $srt->bindParam(':user', $user_srt, PDO::PARAM_STR);
- $user_str = $db->quote($user['steamid']);
- $srt->execute();
- if ($srt->rowCount() == 0) {
- $affiliates = array(
- 'visitors' => 0,
- 'total_bet' => 0,
- 'lifetime_earnings' => 0,
- 'available' => 0,
- 'level' => $LNG['level'],
- 'depositors' => $LNG['depositors'],
- 'code' => $LNG['dcode']
- );
- } else {
- $row = $srt->fetch();
- $affiliates['code'] = $row['code'];
- $sql = "SELECT * FROM users WHERE referral = :referral";
- $stt = $db->prepare($sql);
- $stt->bindParam(':referral', $referral, PDO::PARAM_STR);
- $referall = $db->quote($user['steamid']);
- $stt->execute();
- $reffersN = $stt->fetchAll();
- $reffers = array();
- $affiliates['visitors'] = 0;
- $count = 0;
- $affiliates['total_bet'] = 0;
- foreach ($reffersN as $key => $value) {
- $sql = "SELECT SUM(`amount`) AS amount FROM bets WHERE user = :user";
- $suh = $db->prepare($sql);
- $suh->bindParam(':user', $user_b, PDO::PARAM_STR);
- $user_b = $db->quote($value['steamid']);
- $suh->execute();
- $row = $suh->fetch();
- if ($row['amount'] == 0)
- $affiliates['visitors']++;
- else
- $count++;
- $affiliates['total_bet'] += $row['amount'];
- $sql = "SELECT SUM(`amount`) AS amount FROM bets WHERE user = :user AND collect = 0";
- $st = $db->prepare($sql);
- $st->bindParam(':user', $user_t, PDO::PARAM_STR);
- $user_t = $db->quote($value['steamid']);
- $st->execute();
- $r = $st->fetch();
- $reffers[] = array(
- 'player' => substr_replace($value['steamid'], '*************', 0, 13),
- 'total_bet' => $row['amount'],
- 'collect_coins' => $r['amount'],
- 'comission' => 0
- );
- }
- if ($count < 50) {
- $affiliates['level'] = $LNG['lv_1'];
- $affiliates['depositors'] = $count . "/50" . $LNG['lv_to_1'];
- $s = 300;
- } elseif ($count > 50) {
- $affiliates['level'] = $LNG['lv_2'];
- $affiliates['depositors'] = $count . "/200" . $LNG['lv_to_2'];
- $s = 200;
- } elseif ($count > 200) {
- $affiliates['level'] = $LNG['lv_3'];
- $affiliates['depositors'] = $count . "/∞" . $LNG['lv_to_3'];
- $s = 100;
- }
- $affiliates['available'] = 0;
- $affiliates['lifetime_earnings'] = 0;
- foreach ($reffers as $key => $value) {
- $reffers[$key]['comission'] = round($value['total_bet'] / $s, 0);
- $affiliates['available'] += round($value['collect_coins'] / $s, 0);
- $affiliates['lifetime_earnings'] += round($value['total_bet'] / $s, 0) - round($value['collect_coins'] / $s, 0);
- }
- $affiliates['reffers'] = $reffers;
- }
- $page = getTemplate('/security/affiliates.tpl', array(
- 'user' => $user,
- 'affiliates' => $affiliates
- ));
- echo $page;
- break;
- case 'changecode':
- if (!$user)
- exit(json_encode(array(
- 'success' => false,
- 'error' => $LNG['must']
- )));
- $code = clear($_POST['code']);
- if (!preg_match('/^[a-zA-Z0-9]+$/', $code))
- exit(json_encode(array(
- 'success' => false,
- 'error' => 'Code is not valid'
- )));
- $sql = "SELECT * FROM codes WHERE code = :code";
- $ppp = $db->prepare($sql);
- $ppp->bindParam(':code', $code_ppp, PDO::PARAM_STR);
- $code_ppp = $db->quote($code);
- $ppp->execute();
- if ($ppp->rowCount() != 0)
- exit(json_encode(array(
- 'success' => false,
- 'error' => 'Code is not valid'
- )));
- $sql = "SELECT * FROM codes WHERE user = :user";
- $sti = $db->prepare($sql);
- $sti->bindParam(':user', $user_sti, PDO::PARAM_STR);
- $user_sti = $db->quote($user['steamid']);
- $sti->execute();
- if ($sti->rowCount() == 0) {
- $sql = "INSERT INTO codes VALUES ( :code, :user )";
- $erc = $db->prepare($sql);
- $erc->bindParam(':code', $code_erc, PDO::PARAM_STR);
- $erc->bindParam(':user', $user_erc, PDO::PARAM_INT);
- $code_erc = $db->quote($code);
- $user_erc = $db->quote($user['steamid']);
- $erc->execute();
- exit(json_encode(array(
- 'success' => true,
- 'code' => $code
- )));
- } else {
- $sql = "UPDATE codes SET code=:code WHERE user=:user";
- $qw = $db->prepare($sql);
- $qw->bindParam(':code', $code_qw, PDO::PARAM_STR);
- $qw->bindParam(':user', $user_qw, PDO::PARAM_INT);
- $code_qw = $db->quote($code);
- $user_qw = $db->quote($user['steamid']);
- $qw->execute();
- exit(json_encode(array(
- 'success' => true,
- 'code' => $code
- )));
- }
- break;
- case 'collect':
- if (!$user)
- exit(json_encode(array(
- 'success' => false,
- 'error' => $LNG['must']
- )));
- $sql = "SELECT * FROM users WHERE referral = :referral";
- $tt = $db->prepare($sql);
- $tt->bindParam(':referral', $referral_tt, PDO::PARAM_STR);
- $referral_tt = $db->quote($user['steamid']);
- $tt->execute();
- $reffersN = $tt->fetchAll();
- $count = 0;
- $collect_coins = 0;
- foreach ($reffersN as $key => $value) {
- $sql = "SELECT SUM(`amount`) AS amount FROM bets WHERE user = :user";
- $abc = $db->prepare($sql);
- $abc->bindParam(':user', $user_abc, PDO::PARAM_INT);
- $user_abc = $db->quote($value['steamid']);
- $abc->execute();
- $row = $abc->fetch();
- if ($row['amount'] > 0) {
- $count++;
- $sql = "SELECT SUM(`amount`) AS amount FROM bets WHERE user=:user AND collect=0";
- $bcd = $db->prepare($sql);
- $bcd->bindParam(':user', $user_bcd, PDO::PARAM_INT);
- $user_bcd = $db->quote($value['steamid']);
- $bcd->execute();
- $r = $bcd->fetch();
- $sql = "UPDATE bets SET collect = 1 WHERE user = :user";
- $ui = $db->prepare($sql);
- $ui->bindParam(':user', $user_ui, PDO::PARAM_INT);
- $user_ui = $db->quote($value['steamid']);
- $ui->execute();
- $collect_coins += $r['amount'];
- }
- }
- if ($count < 50) {
- $s = 300;
- } elseif ($count > 50) {
- $s = 200;
- } elseif ($count > 200) {
- $s = 100;
- }
- $collect_coins = round($collect_coins / $s, 0);
- $sql = "UPDATE users SET balance = balance + :collect_coins WHERE steamid = :steamid";
- $poi = $db->prepare($sql);
- $poi->bindParam(':collect_coins', $collect_coins);
- $poi->bindParam(':steamid', $steamid_poi, PDO::PARAM_INT);
- $steamid_poi = $db->quote($user['steamid']);
- $poi->execute();
- exit(json_encode(array(
- 'success' => true,
- 'collected' => $collect_coins
- )));
- break;
- case 'redeem':
- if (!$user)
- exit(json_encode(array(
- 'success' => false,
- 'error' => $LNG['must']
- )));
- if ($user['referral'] != '0')
- exit(json_encode(array(
- 'success' => false,
- 'error' => $LNG['code_5'],
- 'code' => $user['referral']
- )));
- $out = curl('http://api.steampowered.com/IPlayerService/GetOwnedGames/v0001/?key=C59002C6AF973D43E01CF7A4EC5EF3D9&steamid=' . $user['steamid'] . '&format=json');
- $out = json_decode($out, true);
- if (!$out['response'])
- exit(json_encode(array(
- 'success' => false,
- 'error' => $LNG['code_4']
- )));
- $csgo = false;
- foreach ($out['response']['games'] as $key => $value) {
- if ($value['appid'] == 730)
- $csgo = true;
- }
- if (!$csgo)
- exit(json_encode(array(
- 'success' => false,
- 'error' => $LNG['code_3']
- )));
- $code = $_GET['code'];
- if (!preg_match('/^[a-zA-Z0-9]+$/', $code)) {
- exit(json_encode(array(
- 'success' => false,
- 'error' => $LNG['code_2']
- )));
- } else {
- unset($stmt);
- $sql = "SELECT * FROM codes WHERE code=:code";
- $stmt = $db->prepare($sql);
- $stmt->bindParam(':code', $code_stmt, PDO::PARAM_STR);
- $code_stmt = $db->quote($code);
- $stmt->execute();
- if ($stmt->rowCount() != 0) {
- $row = $stmt->fetch();
- if ($row['user'] == $user['steamid'])
- exit(json_encode(array(
- 'success' => false,
- 'error' => $LNG['code_6']
- )));
- if($row['value'] == 0) {
- $banalnce = $referal_summa;
- } else {
- $banalnce = $row['value'];
- }
- unset ($stmt);
- $sql = "UPDATE users SET referral = :referral, balance = balance + :coins WHERE steamid = :steamid";
- $stmt = $db->prepare($sql);
- $stmt->bindParam(':referral', $referral_stmt, PDO::PARAM_STR);
- $stmt->bindParam(':coins', $banalnce);
- $stmt->bindParam(':steamid', $steamid_stmt, PDO::PARAM_INT);
- $referral_stmt = $db->quote($row['user']);
- $steamid_stmt = $db->quote($user['steamid']);
- $stmt->execute();
- exit(json_encode(array(
- 'success' => true,
- 'credits' => $banalnce
- )));
- } else {
- exit(json_encode(array(
- 'success' => false,
- 'error' => $LNG['code_1']
- )));
- }
- }
- break;
- case 'withdraw':
- $steamid = strtolower($db->quote($user['steamid']));
- $polskie = array("'");
- $miedzyn = array("");
- $steamid = str_replace($polskie, $miedzyn, $steamid);
- $query = $db->prepare('SELECT count(*) FROM `bets` WHERE `user` = :user');
- $query->bindValue(':user', $steamid, PDO::PARAM_INT);
- $query->execute();
- $countBetsForUser = $query->fetch();
- $query->closeCursor();
- $countBetsForUser = $countBetsForUser[0];
- $query = $db->prepare("SELECT SUM(`summa`) FROM `trades` WHERE `status` = 1 AND `user` = :user");
- $query->bindValue(':user', $steamid, PDO::PARAM_INT);
- $query->execute();
- list($checkSumSend) = $query->fetch(PDO::FETCH_NUM);
- $query->closeCursor();
- $checkSumSend = round($checkSumSend,2);
- $sql = $db->query('SELECT `id` FROM `bots`');
- $ids = array();
- while ($row = $sql->fetch()) {
- $ids[] = $row['id'];
- }
- $page = getTemplate('/security/withdraw.tpl', array(
- 'user' => $user,
- 'bots' => $ids,
- 'countBetsForUser' => $countBetsForUser,
- 'checkSumSend' => $checkSumSend
- ));
- echo $page;
- break;
- case 'transfers':
- unset ($stmt);
- $sql = "SELECT * FROM transfers WHERE to1 = :steamid, OR from1 = :steamid";
- $stmt = $db->prepare($sql);
- $stmt->bindParam(':steamid', $steamid_stmt, PDO::PARAM_INT);
- $stmt->execute();
- $row = $stmt->fetchAll(PDO::FETCH_ASSOC);
- $page = getTemplate('/security/transfers.tpl', array(
- 'user' => $user,
- 'transfers' => $row
- ));
- echo $page;
- break;
- case 'offers':
- unset($stmt);
- $sql = "SELECT * FROM trades WHERE user=:steamid";
- $stmt = $db->prepare($sql);
- $stmt->bindParam(':steamid', $steamid_stmt, PDO::PARAM_INT);
- $stmt->execute();
- $row = $stmt->fetchAll(PDO::FETCH_ASSOC);
- $page = getTemplate('/security/offers.tpl', array(
- 'user' => $user,
- 'offers' => $row
- ));
- echo $page;
- break;
- case 'login':
- /*include 'openid.php';
- try
- {
- $openid = new LightOpenID('http://'.$_SERVER['SERVER_NAME'].'/');
- if (!$openid->mode) {
- $openid->identity = 'http://steamcommunity.com/openid/?l=russian';
- header('Location: ' . str_replace("csgobananas", "csgorebel", $openid->authUrl()));
- } elseif ($openid->mode == 'cancel') {
- echo '';
- } else {
- if ($openid->validate()) {
- $id = $openid->identity;
- $ptn = "/^http:\/\/steamcommunity\.com\/openid\/id\/(7[0-9]{15,25}+)$/";
- preg_match($ptn, $id, $matches);
- $url = "http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=DF847FB936FBD70E08C0DFEAE7ED8A38&steamids=$matches[1]";
- $json_object = file_get_contents($url);
- $json_decoded = json_decode($json_object);
- foreach ($json_decoded->response->players as $player) {
- $steamid = $player->steamid;
- $name = $player->personaname;
- $avatar = $player->avatar;
- }
- var_dump($json_decoded);
- $hash = md5($steamid . time() . rand(1, 50));
- $sql = $db->query("SELECT * FROM `users` WHERE `steamid` = '" . $steamid . "'");
- $row = $sql->fetchAll(PDO::FETCH_ASSOC);
- if (count($row) == 0) {
- $db->exec("INSERT INTO `users` (`hash`, `steamid`, `name`, `avatar`) VALUES ('" . $hash . "', '" . $steamid . "', " . $db->quote($name) . ", '" . $avatar . "')");
- } else {
- $db->exec("UPDATE `users` SET `hash` = '" . $hash . "', `name` = " . $db->quote($name) . ", `avatar` = '" . $avatar . "' WHERE `steamid` = '" . $steamid . "'");
- }
- setcookie('hash', $hash, time() + 3600 * 24 * 7, '/');
- }
- }
- } catch (ErrorException $e) {
- exit($e->getMessage());
- }*/
- require_once('SteamAuth.php');
- $SteamAuth = new SteamAuth();
- $URL = $SteamAuth->GetURL();
- header("Location: " . $URL . "");
- break;
- case 'get_inv':
- if (!$user)
- exit(json_encode(array(
- 'success' => false,
- 'error' => $LNG['must']
- )));
- if ((file_exists('cache/' . $user['steamid'] . '.txt')) && (!isset($_GET['nocache']))) {
- $array = file_get_contents('cache/' . $user['steamid'] . '.txt');
- $array = unserialize($array);
- $array['fromcache'] = true;
- if (isset($_COOKIE['tid'])) {
- unset($stmt);
- $sql = "SELECT * FROM trades WHERE id=:id AND status=0";
- $stmt = $db->prepare($sql);
- $stmt->bindParam(':id', $tid_stmt, PDO::PARAM_STR);
- $tid_stmt = $db->quote($_COOKIE['tid']);
- $stmt->execute();
- if ($stmt->rowCount() != 0) {
- $row = $stmt->fetch();
- $array['code'] = $row['code'];
- $array['amount'] = $row['summa'];
- $array['tid'] = $row['id'];
- $array['bot'] = "Bot #" . $row['bot_id'];
- } else {
- setcookie("tid", "", time() - 3600, '/');
- }
- }
- exit(json_encode($array));
- }
- $prices = file_get_contents('prices.txt');
- $prices = json_decode($prices, true);
- $inv = curl('https://steamcommunity.com/profiles/' . $user['steamid'] . '/inventory/json/730/2/');
- $inv = json_decode($inv, true);
- if ($inv['success'] != 1) {
- exit(json_encode(array(
- 'error' => $LNG['priv_inv']
- )));
- }
- $items = array();
- foreach ($inv['rgInventory'] as $key => $value) {
- $id = $value['classid'] . '_' . $value['instanceid'];
- $trade = $inv['rgDescriptions'][$id]['tradable'];
- if (!$trade)
- continue;
- $name = $inv['rgDescriptions'][$id]['market_hash_name'];
- $price = $prices['response']['items'][$name]['value'] * 10;
- $img = 'http://steamcommunity-a.akamaihd.net/economy/image/' . $inv['rgDescriptions'][$id]['icon_url'];
- if ((preg_match('/(Souvenir)/', $name)) || ($price < $min)) {
- $price = 0;
- $reject = $LNG['junk'];
- } else {
- $reject = 'unknown item';
- }
- $items[] = array(
- 'assetid' => $value['id'],
- 'bt_price' => "0.00",
- 'img' => $img,
- 'name' => $name,
- 'price' => $price,
- 'reject' => $reject,
- 'sa_price' => $price,
- 'steamid' => $user['steamid']
- );
- }
- $array = array(
- 'error' => 'none',
- 'fromcache' => false,
- 'items' => $items,
- 'success' => true
- );
- if (isset($_COOKIE['tid'])) {
- unset($stmt);
- $sql = "SELECT * FROM trades WHERE id=:id and status=0";
- $stmt = $db->prepare($sql);
- $stmt->bindParam(':id', $tid_stmt, PDO::PARAM_STR);
- $stmt->execute();
- if ($stmt->rowCount() != 0) {
- $row = $stmt->fetch();
- $array['code'] = $row['code'];
- $array['amount'] = $row['summa'];
- $array['tid'] = $row['id'];
- $array['bot'] = "Bot #" . $row['bot_id'];
- } else {
- setcookie("tid", "", time() - 3600, '/');
- }
- }
- file_put_contents('cache/' . $user['steamid'] . '.txt', serialize($array), LOCK_EX);
- exit(json_encode($array));
- break;
- case 'deposit_js1':
- if (!$user)
- exit(json_encode(array(
- 'success' => false,
- 'error' => $LNG['must']
- )));
- if ($_COOKIE['tid']) {
- exit(json_encode(array(
- 'success' => false,
- 'error' => 'You isset active tradeoffer.'
- )));
- }
- $sql = $db->query('SELECT `id`,`name` FROM `bots` ORDER BY rand() LIMIT 1');
- $row = $sql->fetch();
- $bot = $row['id'];
- $partner = extract_partner($_GET['tradeurl']);
- $token = extract_token($_GET['tradeurl']);
- setcookie('tradeurl', $_GET['tradeurl'], time() + 3600 * 24 * 7, '/');
- $out = curl('http://' . $ip . ':' . (5735 + $bot) . '/sendTrade/?assetids=' . $_GET['assetids'] . '&partner=' . $partner . '&token=' . $token . '&checksum=' . $_GET['checksum'] . '&steamid=' . $user['steamid']);
- $out = json_decode($out, true);
- $out['bot'] = $row['name'];
- if ($out['success'] == true) {
- unset($stmt);
- $sql = "INSERT INTO trades VALUES ( :id, :bot_id, :code, :status, :user, :summa, :timee )";
- $stmt = $db->prepare($sql);
- $stmt->bindParam(':id', $tid_stmt, PDO::PARAM_STR);
- $stmt->bindParam(':bot_id', $bot_idstmt, PDO::PARAM_INT);
- $stmt->bindParam(':code', $code_stmt, PDO::PARAM_STR);
- $stmt->bindParam(':status', $status_stmt, PDO::PARAM_STR);
- $stmt->bindParam(':user', $steamid_stmt, PDO::PARAM_STR);
- $stmt->bindParam(':summa', $summa_stmt, PDO::PARAM_STR);
- $stmt->bindParam(':timee', $timee_stmt);
- $bot_idstmt = $db->quote($bot);
- $code_stmt = $db->quote($out['code']);
- $status_stmt = 0;
- $summa_stmt = $db->quote($_GET['checksum']);
- $timee_stmt = $db->quote(time());
- $stmt->execute();
- $db->exec('INSERT INTO `items` SET `trade` = ' . $db->quote($out['tid']) . ', `market_hash_name` = ' . $db->quote($value['market_hash_name']) . ', `img` = ' . $db->quote($value['icon_url']) . ', `botid` = ' . $db->quote($bot) . ', `time` = ' . $db->quote(time()));
- }
- setcookie('tid', $out['tid'], time() + 3600 * 24 * 7, '/');
- exit(json_encode($out));
- break;
- case 'deposit_js':
- if (!$user)
- exit(json_encode(array(
- 'success' => false,
- 'error' => $LNG['must']
- )));
- if ($_COOKIE['tid']) {
- exit(json_encode(array(
- 'success' => false,
- 'error' => 'You isset active tradeoffer.'
- )));
- }
- $sql = $db->query('SELECT `id`,`name` FROM `bots` ORDER BY rand() LIMIT 1');
- $row = $sql->fetch();
- $bot = $row['id'];
- $partner = extract_partner($_GET['tradeurl']);
- $token = extract_token($_GET['tradeurl']);
- setcookie('tradeurl', $_GET['tradeurl'], time() + 3600 * 24 * 7, '/');
- $checksum = intval($_GET['checksum']);
- $prices = file_get_contents('prices.txt');
- $prices = json_decode($prices, true);
- $out = curl('http://' . $ip . ':' . (5735 + $bot) . '/sendTrade/?assetids=' . $_GET['assetids'] . '&partner=' . $partner . '&token=' . $token . '&checksum=' . $_GET['checksum'] . '&steamid=' . $user['steamid']);
- $out = json_decode($out, true);
- $out['bot'] = $row['name'];
- if ($out['success'] == true) {
- $s = 0;
- foreach ($out['items'] as $key => $value) {
- $sql = "INSERT INTO items SET trade=:trade, market_hash_name = :hash_name, img = :img, botid = :bot_id, time=:timee";
- $stmt = $db->prepare($sql);
- $stmt->bindParam(':trade', $trade_stmt, PDO::PARAM_STR);
- $stmt->bindParam(':hash_name', $hashname, PDO::PARAM_STR);
- $stmt->bindParam(':img', $img_stmt, PDO::PARAM_STR);
- $stmt->bindParam(':bot_id', $botid_stmt, PDO::PARAM_STR);
- $stmt->bindParam(':timee', $time_stmt);
- $trade_stmt = $db->quote($out['tid']);
- $hashname = $db->quote($value['market_hash_name']);
- $img_stmt = $db->quote($value['icon_url']);
- $botid_stmt = $db->quote($bot);
- $time_stmt = $db->quote(time());
- $stmt->execute();
- $s += $prices['response']['items'][$value['market_hash_name']]['value'] * 10;
- }
- unset($stmt);
- $sql = "INSERT INTO trades SET id = :tid, bot_id = :bot_id, code = :code, status = 0, user = :user, summa = :summa, time = :timee";
- $stmt = $db->prepare($sql);
- $stmt->bindParam(':tid', $tid_stmt, PDO::PARAM_STR);
- $stmt->bindParam(':bot_id', $botid_stmt, PDO::PARAM_INT);
- $stmt->bindParam(':code', $code_stmt, PDO::PARAM_STR);
- $stmt->bindParam(':user', $user_stmt, PDO::PARAM_INT);
- $stmt->bindParam(':summa', $summa_stmt);
- $stmt->bindParam(':timee', $time_stmt);
- $tid_stmt = $db->quote($out['tid']);
- $botid_stmt = $db->quote($bot);
- $code_stmt = $db->quote($out['code']);
- $user_stmt = $db->quote($user['steamid']);
- $summa_stmt = $db->quote($s);
- $time_stmt = $db->quote(time());
- $stmt->execute();
- $out['amount'] = $s;
- setcookie('tid', $out['tid'], time() + 3600 * 24 * 7, '/');
- }
- exit(json_encode($out));
- break;
- case 'confirm':
- if (!$user)
- exit(json_encode(array(
- 'success' => false,
- 'error' => $LNG['must']
- )));
- $tid = (int) $_GET['tid'];
- unset($stmt);
- $sql = "SELECT * FROM trades WHERE id = :id";
- $stmt = $db->prepare($sql);
- $stmt->bindParam(':id', $id_stmt, PDO::PARAM_STR);
- $id_stmt = $db->quote($tid);
- $stmt->execute();
- $row = $stmt->fetch();
- $out = curl('http://' . $ip . ':' . (5735 + $row['bot_id']) . '/checkTrade?tid=' . $row['id']);
- $out = json_decode($out, true);
- if (($out['success'] == true) && ($out['action'] == 'accept') && ($row['status'] != 1)) {
- if ($row['summa'] > 0)
- unset($stmt);
- $sql = "UPDATE users SET balance = balance + :summa WHERE steamid = :steamid";
- $stmt = $db->prepare($sql);
- $stmt->bindParam(':summa', $summa_stmt, PDO::PARAM_STR);
- $stmt->bindParam(':steamid', $steamid_stmt, PDO::PARAM_INT);
- $summa_stmt = $row['summa'];
- $steamid_stmt = $db->quote($user['steamid']);
- $stmt->execute();
- if ($row['summa'] > 0)
- unset($stmt);
- $sql = "UPDATE items SET status = 1 WHERE trade = :trade";
- $stmt = $db->prepare($sql);
- $stmt->bindParam(':trade', $trade_stmt, PDO::PARAM_STR);
- $trade_stmt = $db->quote($row['id']);
- $stmt->execute();
- if ($row['summa'] > 0)
- unset($stmt);
- $sql = "UPDATE trades SET status = 1 WHERE id = :id";
- $stmt = $db->prepare($sql);
- $stmt->bindParam(':id', $id_stmt, PDO::PARAM_STR);
- $id_stmt = $db->quote($row['id']);
- $stmt->execute();
- setcookie("tid", "", time() - 3600, '/');
- } elseif (($out['success'] == true) && ($out['action'] == 'cross')) {
- setcookie("tid", "", time() - 3600, '/');
- unset($stmt);
- $sql = "DELETE FROM items WHERE trade = :trade";
- $stmt = $db->prepare($sql);
- $stmt->bindParam(':trade', $trade_stmt, PDO::PARAM_STR);
- $trade_stmt = $db->quote($row['id']);
- $stmt->execute();
- unset($stmt);
- $sql = "DELETE FROM trades WHERE id = :id";
- $stmt->prepare($sql);
- $stmt = $db->bindParam(':id', $id_stmt, PDO::PARAM_INT);
- $id_stmt = $db->quote($row['id']);
- $stmt->execute();
- } else {
- exit(json_encode(array(
- 'success' => false,
- 'error' => $LNG['trade_prog']
- )));
- }
- exit(json_encode($out));
- break;
- case 'get_bank_safe':
- if (!$user)
- exit(json_encode(array(
- 'success' => false,
- 'error' => $LNG['must']
- )));
- /*
- //if(($user['steamid'] != "76561198092088938") || ($user['steamid'] != "76561198025678566")) exit();
- $g = curl('https://www.google.com/recaptcha/api/siteverify?secret=6LfZxR8TAAAAAIywvj5aDSbINTbkwSi_0-TR_MjF&response='.$_GET['g-recaptcha-response']);
- $g = json_decode($g, true);
- //if($g['success'] == true)
- if($g->success == true){
- */
- $array = array(
- 'balance' => $user['balance'],
- 'error' => 'none',
- 'items' => array(),
- 'success' => true
- );
- $sql = $db->query('SELECT * FROM `items` WHERE `status` = 1');
- $prices = file_get_contents('prices.txt');
- $prices = json_decode($prices, true);
- while ($row = $sql->fetch()) {
- $array['items'][] = array(
- 'botid' => $row['botid'],
- 'img' => 'http://steamcommunity-a.akamaihd.net/economy/image/' . $row['img'],
- 'name' => $row['market_hash_name'],
- 'assetid' => $row['id'],
- 'price' => $prices['response']['items'][$row['market_hash_name']]['value'] * 10 * 1.2,
- 'reject' => 'unknown items'
- );
- }
- exit(json_encode($array));
- //}
- break;
- case 'withdraw_js':
- if (!$user)
- exit(json_encode(array(
- 'success' => false,
- 'error' => $LNG['must']
- )));
- $items = array();
- $assetids = explode(',', $_GET['assetids']);
- $checksum = $_GET['checksum'];
- $sum = 0;
- $steamid = strtolower($db->quote($user['steamid']));
- $polskie = array("'");
- $miedzyn = array("");
- $steamid = str_replace($polskie, $miedzyn, $steamid);
- $query = $db->prepare('SELECT count(*) FROM `bets` WHERE `user` = :user');
- $query->bindValue(':user', $steamid, PDO::PARAM_INT);
- $query->execute();
- $countBetsForUser = $query->fetch();
- $query->closeCursor();
- $query = $db->prepare("SELECT SUM(`summa`) FROM `trades` WHERE `status` = 1 AND `user` = :user");
- $query->bindValue(':user', $steamid, PDO::PARAM_INT);
- $query->execute();
- list($checkSumSend) = $query->fetch(PDO::FETCH_NUM);
- $query->closeCursor();
- $checkSumSend = round($checkSumSend,2);
- $out = array(
- 'success' => false,
- 'error' => ''
- );
- if (count($items) > 1) {
- $out = array(
- 'success' => false,
- 'error' => 'You choose more bots'
- );
- } elseif ($user['balance'] < $sum) {
- $out = array(
- 'success' => false,
- 'error' => '[#2234243] Aby wypłacić przedmioty, musisz posiadać przynajmniej 50 betów!'
- );
- } else if($countBetsForUser[0] < 5) {
- $out = array(
- 'success' => false,
- 'error' => '[#5766573] Aby wypłacić przedmioty, musisz posiadać przynajmniej 50 betów!'
- );
- } else if($checkSumSend < 2000) {
- $out = array(
- 'success' => false,
- 'error' => '[#8264773] Aby wypłacić przedmioty, musisz wpłacić minimum 2000 coinsów!'
- );
- } else {
- $prices = file_get_contents('prices.txt');
- $prices = json_decode($prices, true);
- foreach ($assetids as $key) {
- if ($key == "")
- continue;
- $sql = $db->query('SELECT * FROM `items` WHERE `id` = ' . $db->quote($key));
- $row = $sql->fetch();
- $items[$row['botid']] = $row['market_hash_name'];
- $sum += $prices['response']['items'][$row['market_hash_name']]['value'] * 10 * 1.2;
- $norm_itms = $norm_itms . $row['market_hash_name'] . ',';
- }
- if($checksum == $sum){
- reset($items);
- $bot = key($items);
- $s = $db->query('SELECT `name` FROM `bots` WHERE `id` = ' . $db->quote($bot));
- $r = $s->fetch();
- $db->exec('UPDATE `users` SET `balance` = `balance` - ' . $sum . ' WHERE `steamid` = ' . $user['steamid']);
- $partner = extract_partner($_GET['tradeurl']);
- $token = extract_token($_GET['tradeurl']);
- $out = curl('http://' . $ip . ':' . (5735 + $bot) . '/sendingTradesForMe/?names=' . urlencode($norm_itms) . '&partner=' . $partner . '&token=' . $token . '&checksum=' . $_GET['checksum'] . '&steamid=' . $user['steamid']);
- $out = json_decode($out, true);
- if ($out['success'] == false) {
- $db->exec('UPDATE `users` SET `balance` = `balance` + ' . $sum . ' WHERE `steamid` = ' . $user['steamid']);
- } else {
- foreach ($assetids as $key) {
- $db->exec('DELETE FROM `items` WHERE `id` = ' . $db->quote($key));
- }
- $out['bot'] = $r['name'];
- $db->exec('INSERT INTO `trades` SET `id` = ' . $db->quote($out['tid']) . ', `bot_id` = ' . $db->quote($bot) . ', `code` = ' . $db->quote($out['code']) . ', `status` = 2, `user` = ' . $db->quote($user['steamid']) . ', `summa` = ' . '-' . $db->quote($_GET['checksum']) . ', `time` = ' . $db->quote(time()));
- }
- }else{
- $out = array(
- 'success' => false,
- 'error' => 'Wartości skinów zostały zmienione.'
- );
- }
- }
- exit(json_encode($out));
- break;
- case 'exit':
- setcookie("hash", "", time() - 3600, '/');
- header('Location: /');
- exit();
- break;
- }
- function getTemplate($name, $in = null)
- {
- extract($in);
- ob_start();
- include "template/" . $name;
- $text = ob_get_clean();
- return $text;
- }
- function curl($url)
- {
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_HEADER, 0);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch, CURLOPT_URL, $url);
- curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt');
- curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies.txt');
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
- $data = curl_exec($ch);
- curl_close($ch);
- return $data;
- }
- function extract_token($url)
- {
- parse_str(parse_url($url, PHP_URL_QUERY), $queryString);
- return isset($queryString['token']) ? $queryString['token'] : false;
- }
- function extract_partner($url)
- {
- parse_str(parse_url($url, PHP_URL_QUERY), $queryString);
- return isset($queryString['partner']) ? $queryString['partner'] : false;
- }