<?php
require_once('config.php');
if (isset($_COOKIE['hash']))
{
$sql = "SELECT * FROM users WHERE hash=:hash";
$stmt = $db->prepare($sql);
$stmt->bindParam(':hash', $hash, PDO::PARAM_STR);
$hash = $db->quote($_COOKIE['hash']);
$stmt->execute();
if ($stmt->rowCount() != 0)
{
$row = $sql->fetch();
$user = $row;
}
}
if (isset($_GET["language"]))
{
$lang = $_GET["language"];
$_COOKIE["lang"] = $lang;
//print "<script>";
//print "setCookie('lang', '$lang')";
//print "</script>";
}
if (isset($_COOKIE["lang"]))
switch ($_COOKIE["lang"]) {
case "pl":
include "lang/pl.php";
break;
case "en":
include "lang/en.php";
break;
} else
include "lang/en.php";
$min = 10;
$ip = '';
$referal_summa = 100;
switch ($_GET['page']) {
case '':
$steamid = strtolower($db->quote($user['steamid']));
$query = $db->prepare('SELECT count(*) FROM `bets` WHERE `user` = :user');
$query->bindValue(':user', $steamid, PDO::PARAM_INT);
$query->execute();
$countBetsForUser = $query->fetch();
$query->closeCursor();
$countBetsForUser = $countBetsForUser[0];
$page = getTemplate
('/security/main.tpl', array(
'user' => $user,
'countBetsForUser' => $countBetsForUser
));
echo $page;
break;
case 'deposit':
$page = getTemplate
('/security/deposit.tpl', array(
'user' => $user
));
echo $page;
break;
case 'tos':
$page = getTemplate
('/security/tos.tpl', array(
'user' => $user
));
echo $page;
break;
/*
case 'support':
$sql = $db->query('SELECT * FROM `tickets` WHERE `user` = '.$db->quote($user['steamid']).' AND `status` = 0');
$row = $sql->fetch();
$ticket = clear($row);
if(count($ticket) > 0) {
$sql = $db->query('SELECT * FROM `messages` WHERE `ticket` = '.$db->quote($ticket['id']));
$row = $sql->fetchAll();
$ticket['messages'] = clear($row);
}
$sql = $db->query('SELECT COUNT(`id`) FROM `tickets` WHERE `user` = '.$db->quote($user['steamid']).' AND `status` > 0');
$row = $sql->fetch();
$closed = $row['COUNT(`id`)'];
$tickets = array();
$sql = $db->query('SELECT * FROM `tickets` WHERE `user` = '.$db->quote($user['steamid']).' AND `status` > 0');
while ($row = $sql->fetch()) {
$s = $db->query('SELECT `message`, `user` FROM `messages` WHERE `ticket` = '.$db->quote($row['id']));
$r = $s->fetchAll();
$tickets[] = array('title'=>clear($row['title']),'messages'=>clear($r));
}
$page = getTemplate('support.tpl', array('user'=>$user,'ticket'=>$ticket,'open'=>(count($ticket) > 1)?1:0,'closed'=>$closed,'tickets'=>$tickets));
echo $page;
break;
case 'support_new':
if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the support.')));
$tid = clear($_POST['tid']);
$title = clear($_POST['title']);
$body = clear($_POST['reply']);
$close = clear($_POST['close']);
$cat = clear($_POST['cat']);
$flag = clear($_POST['flag']);
$lmao = clear($_POST['lmao']);
if($tid == 0) {
if((strlen($title) < 0) || (strlen($title) > 256)) exit(json_encode(array('success'=>false, 'error'=>'Title < 0 or > 256.')));
if(($cat < 0) || ($cat > 4)) exit(json_encode(array('success'=>false, 'error'=>'Department cannot be left blank.')));
if((strlen($body) < 0) || (strlen($body) > 2056)) exit(json_encode(array('success'=>false, 'error'=>'Description cannot be left blank.')));
$sql = $db->query('SELECT COUNT(`id`) FROM `tickets` WHERE `user` = '.$db->quote($user['steamid']).' AND `status` = 0');
$row = $sql->fetch();
$count = $row['COUNT(`id`)'];
if($count != 0) exit(json_encode(array('success'=>false, 'error'=>'You already have a pending support ticket.')));
$db->exec('INSERT INTO `tickets` SET `time` = '.$db->quote(time()).', `user` = '.$db->quote($user['steamid']).', `cat` = '.$db->quote($cat).', `title` = '.$db->quote($title));
$id = $db->lastInsertId();
$db->exec('INSERT INTO `messages` SET `ticket` = '.$db->quote($id).', `message` = '.$db->quote($body).', `user` = '.$db->quote($user['steamid']).', `time` = '.$db->quote(time()));
exit(json_encode(array('success'=>true,'msg'=>'Thank you - your ticket has been submitted ('.$id.')')));
} else {
$sql = $db->query('SELECT * FROM `tickets` WHERE `id` = '.$db->quote($tid).' AND `user` = '.$db->quote($user['steamid']));
if($sql->rowCount() > 0) {
$row = $sql->fetch();
if($close == 1) {
$db->exec('UPDATE `tickets` SET `status` = 1 WHERE `id` = '.$db->quote($tid));
exit(json_encode(array('success'=>true,'msg'=>'[CLOSED]')));
}
$db->exec('INSERT INTO `messages` SET `ticket` = '.$db->quote($tid).', `message` = '.$db->quote($body).', `user` = '.$db->quote($user['steamid']).', `time` = '.$db->quote(time()));
exit(json_encode(array('success'=>true,'msg'=>'Response added.')));
}
}
break;
*/
case 'rolls':
if (isset($_GET['id'])) {
$id = $_GET['id'];
$sql = "SELECT * FROM hash WHERE id = :id";
$sth = $db->prepare($sql);
$sth->bindParam(':id', $id_a, PDO::PARAM_INT);
$id_a = $db->quote($id);
$sth->execute();
$row = $sth->fetch();
$sql = "SELECT * FROM rolls WHERE hash = :hash";
$std = $db->prepare($sql);
$std->bindParam(':hash', $hash_que, PDO::PARAM_STR);
$hash_que = $db->quote($row['hash']);
$std->execute();
$row = $std->fetchAll();
foreach ($row as $key => $value) {
if ($value['id'] < 10) {
$q = 0;
$z = substr($value['id'], -1, 1);
} else {
$q = substr($value['id'], 0, -1);
$z = substr($value['id'], -1, 1);
}
if (count($rolls[$q]) == 0) {
$rolls[$q]['time'] = date('h:i A', $value['time']);
$rolls[$q]['start'] = substr($value['id'], 0, -1);
}
$rolls[$q]['rolls'][$z] = array(
'id' => $value['id'],
'roll' => $value['roll']
);
}
$page = getTemplate
('/security/rolls.tpl', array(
'user' => $user,
'rolls' => $rolls
));
} else {
$sql = $db->query('SELECT * FROM hash ORDER BY id DESC');
$row = $sql->fetchAll();
foreach ($row as $key => $value) {
$sql = "SELECT MIN(`id`) AS min, MAX(`id`) AS max FROM `rolls` WHERE hash = :hash";
$smt = $db->prepare($sql);
$smt->bindParam(':hash', $hashc);
$hashc = $db->quote($value['hash']);
$smt->execute();
$r = $smt->fetch();
'id' => $value['id'],
'date' => date('Y-m-d', $value['time']),
'seed' => $value['hash'],
'rolls' => $r['min'] . '-' . $r['max'],
'time' => $value['time']
);
}
$page = getTemplate
('/security/rolls.tpl', array(
'user' => $user,
'rolls' => $rolls
));
}
echo $page;
break;
case 'faq':
$page = getTemplate
('/security/faq.tpl', array(
'user' => $user
));
echo $page;
break;
case 'affiliates':
$sql = "SELECT code FROM codes WHERE user = :user";
$srt = $db->prepare($sql);
$srt->bindParam(':user', $user_srt, PDO::PARAM_STR);
$user_str = $db->quote($user['steamid']);
$srt->execute();
if ($srt->rowCount() == 0) {
'visitors' => 0,
'total_bet' => 0,
'lifetime_earnings' => 0,
'available' => 0,
'level' => $LNG['level'],
'depositors' => $LNG['depositors'],
'code' => $LNG['dcode']
);
} else {
$row = $srt->fetch();
$affiliates['code'] = $row['code'];
$sql = "SELECT * FROM users WHERE referral = :referral";
$stt = $db->prepare($sql);
$stt->bindParam(':referral', $referral, PDO::PARAM_STR);
$referall = $db->quote($user['steamid']);
$stt->execute();
$reffersN = $stt->fetchAll();
$affiliates['visitors'] = 0;
$count = 0;
$affiliates['total_bet'] = 0;
foreach ($reffersN as $key => $value) {
$sql = "SELECT SUM(`amount`) AS amount FROM bets WHERE user = :user";
$suh = $db->prepare($sql);
$suh->bindParam(':user', $user_b, PDO::PARAM_STR);
$user_b = $db->quote($value['steamid']);
$suh->execute();
$row = $suh->fetch();
if ($row['amount'] == 0)
$affiliates['visitors']++;
else
$count++;
$affiliates['total_bet'] += $row['amount'];
$sql = "SELECT SUM(`amount`) AS amount FROM bets WHERE user = :user AND collect = 0";
$st = $db->prepare($sql);
$st->bindParam(':user', $user_t, PDO::PARAM_STR);
$user_t = $db->quote($value['steamid']);
$st->execute();
$r = $st->fetch();
'player' => substr_replace($value['steamid'], '*************', 0, 13),
'total_bet' => $row['amount'],
'collect_coins' => $r['amount'],
'comission' => 0
);
}
if ($count < 50) {
$affiliates['level'] = $LNG['lv_1'];
$affiliates['depositors'] = $count . "/50" . $LNG['lv_to_1'];
$s = 300;
} elseif ($count > 50) {
$affiliates['level'] = $LNG['lv_2'];
$affiliates['depositors'] = $count . "/200" . $LNG['lv_to_2'];
$s = 200;
} elseif ($count > 200) {
$affiliates['level'] = $LNG['lv_3'];
$affiliates['depositors'] = $count . "/∞" . $LNG['lv_to_3'];
$s = 100;
}
$affiliates['available'] = 0;
$affiliates['lifetime_earnings'] = 0;
foreach ($reffers as $key => $value) {
$reffers[$key]['comission'] = round($value['total_bet'] / $s, 0);
$affiliates['available'] += round($value['collect_coins'] / $s, 0);
$affiliates['lifetime_earnings'] += round($value['total_bet'] / $s, 0) - round($value['collect_coins'] / $s, 0);
}
$affiliates['reffers'] = $reffers;
}
$page = getTemplate
('/security/affiliates.tpl', array(
'user' => $user,
'affiliates' => $affiliates
));
echo $page;
break;
case 'changecode':
if (!$user)
'success' => false,
'error' => $LNG['must']
)));
$code = clear($_POST['code']);
'success' => false,
'error' => 'Code is not valid'
)));
$sql = "SELECT * FROM codes WHERE code = :code";
$ppp = $db->prepare($sql);
$ppp->bindParam(':code', $code_ppp, PDO::PARAM_STR);
$code_ppp = $db->quote($code);
$ppp->execute();
if ($ppp->rowCount() != 0)
'success' => false,
'error' => 'Code is not valid'
)));
$sql = "SELECT * FROM codes WHERE user = :user";
$sti = $db->prepare($sql);
$sti->bindParam(':user', $user_sti, PDO::PARAM_STR);
$user_sti = $db->quote($user['steamid']);
$sti->execute();
if ($sti->rowCount() == 0) {
$sql = "INSERT INTO codes VALUES ( :code, :user )";
$erc = $db->prepare($sql);
$erc->bindParam(':code', $code_erc, PDO::PARAM_STR);
$erc->bindParam(':user', $user_erc, PDO::PARAM_INT);
$code_erc = $db->quote($code);
$user_erc = $db->quote($user['steamid']);
$erc->execute();
'success' => true,
'code' => $code
)));
} else {
$sql = "UPDATE codes SET code=:code WHERE user=:user";
$qw = $db->prepare($sql);
$qw->bindParam(':code', $code_qw, PDO::PARAM_STR);
$qw->bindParam(':user', $user_qw, PDO::PARAM_INT);
$code_qw = $db->quote($code);
$user_qw = $db->quote($user['steamid']);
$qw->execute();
'success' => true,
'code' => $code
)));
}
break;
case 'collect':
if (!$user)
'success' => false,
'error' => $LNG['must']
)));
$sql = "SELECT * FROM users WHERE referral = :referral";
$tt = $db->prepare($sql);
$tt->bindParam(':referral', $referral_tt, PDO::PARAM_STR);
$referral_tt = $db->quote($user['steamid']);
$tt->execute();
$reffersN = $tt->fetchAll();
$count = 0;
$collect_coins = 0;
foreach ($reffersN as $key => $value) {
$sql = "SELECT SUM(`amount`) AS amount FROM bets WHERE user = :user";
$abc = $db->prepare($sql);
$abc->bindParam(':user', $user_abc, PDO::PARAM_INT);
$user_abc = $db->quote($value['steamid']);
$abc->execute();
$row = $abc->fetch();
if ($row['amount'] > 0) {
$count++;
$sql = "SELECT SUM(`amount`) AS amount FROM bets WHERE user=:user AND collect=0";
$bcd = $db->prepare($sql);
$bcd->bindParam(':user', $user_bcd, PDO::PARAM_INT);
$user_bcd = $db->quote($value['steamid']);
$bcd->execute();
$r = $bcd->fetch();
$sql = "UPDATE bets SET collect = 1 WHERE user = :user";
$ui = $db->prepare($sql);
$ui->bindParam(':user', $user_ui, PDO::PARAM_INT);
$user_ui = $db->quote($value['steamid']);
$ui->execute();
$collect_coins += $r['amount'];
}
}
if ($count < 50) {
$s = 300;
} elseif ($count > 50) {
$s = 200;
} elseif ($count > 200) {
$s = 100;
}
$collect_coins = round($collect_coins / $s, 0);
$sql = "UPDATE users SET balance = balance + :collect_coins WHERE steamid = :steamid";
$poi = $db->prepare($sql);
$poi->bindParam(':collect_coins', $collect_coins);
$poi->bindParam(':steamid', $steamid_poi, PDO::PARAM_INT);
$steamid_poi = $db->quote($user['steamid']);
$poi->execute();
'success' => true,
'collected' => $collect_coins
)));
break;
case 'redeem':
if (!$user)
'success' => false,
'error' => $LNG['must']
)));
if ($user['referral'] != '0')
'success' => false,
'error' => $LNG['code_5'],
'code' => $user['referral']
)));
$out = curl('http://api.steampowered.com/IPlayerService/GetOwnedGames/v0001/?key=C59002C6AF973D43E01CF7A4EC5EF3D9&steamid=' . $user['steamid'] . '&format=json');
if (!$out['response'])
'success' => false,
'error' => $LNG['code_4']
)));
$csgo = false;
foreach ($out['response']['games'] as $key => $value) {
if ($value['appid'] == 730)
$csgo = true;
}
if (!$csgo)
'success' => false,
'error' => $LNG['code_3']
)));
$code = $_GET['code'];
'success' => false,
'error' => $LNG['code_2']
)));
} else {
$sql = "SELECT * FROM codes WHERE code=:code";
$stmt = $db->prepare($sql);
$stmt->bindParam(':code', $code_stmt, PDO::PARAM_STR);
$code_stmt = $db->quote($code);
$stmt->execute();
if ($stmt->rowCount() != 0) {
$row = $stmt->fetch();
if ($row['user'] == $user['steamid'])
'success' => false,
'error' => $LNG['code_6']
)));
if($row['value'] == 0) {
$banalnce = $referal_summa;
} else {
$banalnce = $row['value'];
}
$sql = "UPDATE users SET referral = :referral, balance = balance + :coins WHERE steamid = :steamid";
$stmt = $db->prepare($sql);
$stmt->bindParam(':referral', $referral_stmt, PDO::PARAM_STR);
$stmt->bindParam(':coins', $banalnce);
$stmt->bindParam(':steamid', $steamid_stmt, PDO::PARAM_INT);
$referral_stmt = $db->quote($row['user']);
$steamid_stmt = $db->quote($user['steamid']);
$stmt->execute();
'success' => true,
'credits' => $banalnce
)));
} else {
'success' => false,
'error' => $LNG['code_1']
)));
}
}
break;
case 'withdraw':
$steamid = strtolower($db->quote($user['steamid']));
$query = $db->prepare('SELECT count(*) FROM `bets` WHERE `user` = :user');
$query->bindValue(':user', $steamid, PDO::PARAM_INT);
$query->execute();
$countBetsForUser = $query->fetch();
$query->closeCursor();
$countBetsForUser = $countBetsForUser[0];
$query = $db->prepare("SELECT SUM(`summa`) FROM `trades` WHERE `status` = 1 AND `user` = :user");
$query->bindValue(':user', $steamid, PDO::PARAM_INT);
$query->execute();
list($checkSumSend) = $query->fetch(PDO
::FETCH_NUM);
$query->closeCursor();
$checkSumSend = round($checkSumSend,2);
$sql = $db->query('SELECT `id` FROM `bots`');
while ($row = $sql->fetch()) {
$ids[] = $row['id'];
}
$page = getTemplate
('/security/withdraw.tpl', array(
'user' => $user,
'bots' => $ids,
'countBetsForUser' => $countBetsForUser,
'checkSumSend' => $checkSumSend
));
echo $page;
break;
case 'transfers':
$sql = "SELECT * FROM transfers WHERE to1 = :steamid, OR from1 = :steamid";
$stmt = $db->prepare($sql);
$stmt->bindParam(':steamid', $steamid_stmt, PDO::PARAM_INT);
$stmt->execute();
$row = $stmt->fetchAll(PDO::FETCH_ASSOC);
$page = getTemplate
('/security/transfers.tpl', array(
'user' => $user,
'transfers' => $row
));
echo $page;
break;
case 'offers':
$sql = "SELECT * FROM trades WHERE user=:steamid";
$stmt = $db->prepare($sql);
$stmt->bindParam(':steamid', $steamid_stmt, PDO::PARAM_INT);
$stmt->execute();
$row = $stmt->fetchAll(PDO::FETCH_ASSOC);
$page = getTemplate
('/security/offers.tpl', array(
'user' => $user,
'offers' => $row
));
echo $page;
break;
case 'login':
/*include 'openid.php';
try
{
$openid = new LightOpenID('http://'.$_SERVER['SERVER_NAME'].'/');
if (!$openid->mode) {
$openid->identity = 'http://steamcommunity.com/openid/?l=russian';
header('Location: ' . str_replace("csgobananas", "csgorebel", $openid->authUrl()));
} elseif ($openid->mode == 'cancel') {
echo '';
} else {
if ($openid->validate()) {
$id = $openid->identity;
$ptn = "/^http:\/\/steamcommunity\.com\/openid\/id\/(7[0-9]{15,25}+)$/";
preg_match($ptn, $id, $matches);
$url = "http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=DF847FB936FBD70E08C0DFEAE7ED8A38&steamids=$matches[1]";
$json_object = file_get_contents($url);
$json_decoded = json_decode($json_object);
foreach ($json_decoded->response->players as $player) {
$steamid = $player->steamid;
$name = $player->personaname;
$avatar = $player->avatar;
}
var_dump($json_decoded);
$hash = md5($steamid . time() . rand(1, 50));
$sql = $db->query("SELECT * FROM `users` WHERE `steamid` = '" . $steamid . "'");
$row = $sql->fetchAll(PDO::FETCH_ASSOC);
if (count($row) == 0) {
$db->exec("INSERT INTO `users` (`hash`, `steamid`, `name`, `avatar`) VALUES ('" . $hash . "', '" . $steamid . "', " . $db->quote($name) . ", '" . $avatar . "')");
} else {
$db->exec("UPDATE `users` SET `hash` = '" . $hash . "', `name` = " . $db->quote($name) . ", `avatar` = '" . $avatar . "' WHERE `steamid` = '" . $steamid . "'");
}
setcookie('hash', $hash, time() + 3600 * 24 * 7, '/');
}
}
} catch (ErrorException $e) {
exit($e->getMessage());
}*/
require_once('SteamAuth.php');
$SteamAuth = new SteamAuth();
$URL = $SteamAuth->GetURL();
header("Location: " . $URL . "");
break;
case 'get_inv':
if (!$user)
'success' => false,
'error' => $LNG['must']
)));
if ((file_exists('cache/' . $user['steamid'] . '.txt')) && (!isset($_GET['nocache']))) {
$array['fromcache'] = true;
if (isset($_COOKIE['tid'])) {
$sql = "SELECT * FROM trades WHERE id=:id AND status=0";
$stmt = $db->prepare($sql);
$stmt->bindParam(':id', $tid_stmt, PDO::PARAM_STR);
$tid_stmt = $db->quote($_COOKIE['tid']);
$stmt->execute();
if ($stmt->rowCount() != 0) {
$row = $stmt->fetch();
$array['code'] = $row['code'];
$array['amount'] = $row['summa'];
$array['tid'] = $row['id'];
$array['bot'] = "Bot #" . $row['bot_id'];
} else {
}
}
}
$inv = curl('https://steamcommunity.com/profiles/' . $user['steamid'] . '/inventory/json/730/2/');
if ($inv['success'] != 1) {
'error' => $LNG['priv_inv']
)));
}
foreach ($inv['rgInventory'] as $key => $value) {
$id = $value['classid'] . '_' . $value['instanceid'];
$trade = $inv['rgDescriptions'][$id]['tradable'];
if (!$trade)
continue;
$name = $inv['rgDescriptions'][$id]['market_hash_name'];
$price = $prices['response']['items'][$name]['value'] * 10;
$img = 'http://steamcommunity-a.akamaihd.net/economy/image/' . $inv['rgDescriptions'][$id]['icon_url'];
if ((preg_match('/(Souvenir)/', $name)) || ($price < $min)) {
$price = 0;
$reject = $LNG['junk'];
} else {
$reject = 'unknown item';
}
'assetid' => $value['id'],
'bt_price' => "0.00",
'img' => $img,
'name' => $name,
'price' => $price,
'reject' => $reject,
'sa_price' => $price,
'steamid' => $user['steamid']
);
}
'error' => 'none',
'fromcache' => false,
'items' => $items,
'success' => true
);
if (isset($_COOKIE['tid'])) {
$sql = "SELECT * FROM trades WHERE id=:id and status=0";
$stmt = $db->prepare($sql);
$stmt->bindParam(':id', $tid_stmt, PDO::PARAM_STR);
$stmt->execute();
if ($stmt->rowCount() != 0) {
$row = $stmt->fetch();
$array['code'] = $row['code'];
$array['amount'] = $row['summa'];
$array['tid'] = $row['id'];
$array['bot'] = "Bot #" . $row['bot_id'];
} else {
}
}
break;
case 'deposit_js1':
if (!$user)
'success' => false,
'error' => $LNG['must']
)));
if ($_COOKIE['tid']) {
'success' => false,
'error' => 'You isset active tradeoffer.'
)));
}
$sql = $db->query('SELECT `id`,`name` FROM `bots` ORDER BY rand() LIMIT 1');
$row = $sql->fetch();
$bot = $row['id'];
$partner = extract_partner($_GET['tradeurl']);
$token = extract_token($_GET['tradeurl']);
setcookie('tradeurl', $_GET['tradeurl'], time() + 3600 * 24 * 7, '/');
$out = curl('http://' . $ip . ':' . (5735 + $bot) . '/sendTrade/?assetids=' . $_GET['assetids'] . '&partner=' . $partner . '&token=' . $token . '&checksum=' . $_GET['checksum'] . '&steamid=' . $user['steamid']);
$out['bot'] = $row['name'];
if ($out['success'] == true) {
$sql = "INSERT INTO trades VALUES ( :id, :bot_id, :code, :status, :user, :summa, :timee )";
$stmt = $db->prepare($sql);
$stmt->bindParam(':id', $tid_stmt, PDO::PARAM_STR);
$stmt->bindParam(':bot_id', $bot_idstmt, PDO::PARAM_INT);
$stmt->bindParam(':code', $code_stmt, PDO::PARAM_STR);
$stmt->bindParam(':status', $status_stmt, PDO::PARAM_STR);
$stmt->bindParam(':user', $steamid_stmt, PDO::PARAM_STR);
$stmt->bindParam(':summa', $summa_stmt, PDO::PARAM_STR);
$stmt->bindParam(':timee', $timee_stmt);
$bot_idstmt = $db->quote($bot);
$code_stmt = $db->quote($out['code']);
$status_stmt = 0;
$summa_stmt = $db->quote($_GET['checksum']);
$timee_stmt = $db->quote(time());
$stmt->execute();
$db->exec('INSERT INTO `items` SET `trade` = ' . $db->quote($out['tid']) . ', `market_hash_name` = ' . $db->quote($value['market_hash_name']) . ', `img` = ' . $db->quote($value['icon_url']) . ', `botid` = ' . $db->quote($bot) . ', `time` = ' . $db->quote(time()));
}
}
break;
case 'deposit_js':
if (!$user)
'success' => false,
'error' => $LNG['must']
)));
if ($_COOKIE['tid']) {
'success' => false,
'error' => 'You isset active tradeoffer.'
)));
}
$sql = $db->query('SELECT `id`,`name` FROM `bots` ORDER BY rand() LIMIT 1');
$row = $sql->fetch();
$bot = $row['id'];
$partner = extract_partner($_GET['tradeurl']);
$token = extract_token($_GET['tradeurl']);
setcookie('tradeurl', $_GET['tradeurl'], time() + 3600 * 24 * 7, '/');
$checksum = intval($_GET['checksum']);
$out = curl('http://' . $ip . ':' . (5735 + $bot) . '/sendTrade/?assetids=' . $_GET['assetids'] . '&partner=' . $partner . '&token=' . $token . '&checksum=' . $_GET['checksum'] . '&steamid=' . $user['steamid']);
$out['bot'] = $row['name'];
if ($out['success'] == true) {
$s = 0;
foreach ($out['items'] as $key => $value) {
$sql = "INSERT INTO items SET trade=:trade, market_hash_name = :hash_name, img = :img, botid = :bot_id, time=:timee";
$stmt = $db->prepare($sql);
$stmt->bindParam(':trade', $trade_stmt, PDO::PARAM_STR);
$stmt->bindParam(':hash_name', $hashname, PDO::PARAM_STR);
$stmt->bindParam(':img', $img_stmt, PDO::PARAM_STR);
$stmt->bindParam(':bot_id', $botid_stmt, PDO::PARAM_STR);
$stmt->bindParam(':timee', $time_stmt);
$trade_stmt = $db->quote($out['tid']);
$hashname = $db->quote($value['market_hash_name']);
$img_stmt = $db->quote($value['icon_url']);
$botid_stmt = $db->quote($bot);
$time_stmt = $db->quote(time());
$stmt->execute();
$s += $prices['response']['items'][$value['market_hash_name']]['value'] * 10;
}
$sql = "INSERT INTO trades SET id = :tid, bot_id = :bot_id, code = :code, status = 0, user = :user, summa = :summa, time = :timee";
$stmt = $db->prepare($sql);
$stmt->bindParam(':tid', $tid_stmt, PDO::PARAM_STR);
$stmt->bindParam(':bot_id', $botid_stmt, PDO::PARAM_INT);
$stmt->bindParam(':code', $code_stmt, PDO::PARAM_STR);
$stmt->bindParam(':user', $user_stmt, PDO::PARAM_INT);
$stmt->bindParam(':summa', $summa_stmt);
$stmt->bindParam(':timee', $time_stmt);
$tid_stmt = $db->quote($out['tid']);
$botid_stmt = $db->quote($bot);
$code_stmt = $db->quote($out['code']);
$user_stmt = $db->quote($user['steamid']);
$summa_stmt = $db->quote($s);
$time_stmt = $db->quote(time());
$stmt->execute();
$out['amount'] = $s;
}
break;
case 'confirm':
if (!$user)
'success' => false,
'error' => $LNG['must']
)));
$tid = (int) $_GET['tid'];
$sql = "SELECT * FROM trades WHERE id = :id";
$stmt = $db->prepare($sql);
$stmt->bindParam(':id', $id_stmt, PDO::PARAM_STR);
$id_stmt = $db->quote($tid);
$stmt->execute();
$row = $stmt->fetch();
$out = curl('http://' . $ip . ':' . (5735 + $row['bot_id']) . '/checkTrade?tid=' . $row['id']);
if (($out['success'] == true) && ($out['action'] == 'accept') && ($row['status'] != 1)) {
if ($row['summa'] > 0)
$sql = "UPDATE users SET balance = balance + :summa WHERE steamid = :steamid";
$stmt = $db->prepare($sql);
$stmt->bindParam(':summa', $summa_stmt, PDO::PARAM_STR);
$stmt->bindParam(':steamid', $steamid_stmt, PDO::PARAM_INT);
$summa_stmt = $row['summa'];
$steamid_stmt = $db->quote($user['steamid']);
$stmt->execute();
if ($row['summa'] > 0)
$sql = "UPDATE items SET status = 1 WHERE trade = :trade";
$stmt = $db->prepare($sql);
$stmt->bindParam(':trade', $trade_stmt, PDO::PARAM_STR);
$trade_stmt = $db->quote($row['id']);
$stmt->execute();
if ($row['summa'] > 0)
$sql = "UPDATE trades SET status = 1 WHERE id = :id";
$stmt = $db->prepare($sql);
$stmt->bindParam(':id', $id_stmt, PDO::PARAM_STR);
$id_stmt = $db->quote($row['id']);
$stmt->execute();
} elseif (($out['success'] == true) && ($out['action'] == 'cross')) {
$sql = "DELETE FROM items WHERE trade = :trade";
$stmt = $db->prepare($sql);
$stmt->bindParam(':trade', $trade_stmt, PDO::PARAM_STR);
$trade_stmt = $db->quote($row['id']);
$stmt->execute();
$sql = "DELETE FROM trades WHERE id = :id";
$stmt->prepare($sql);
$stmt = $db->bindParam(':id', $id_stmt, PDO::PARAM_INT);
$id_stmt = $db->quote($row['id']);
$stmt->execute();
} else {
'success' => false,
'error' => $LNG['trade_prog']
)));
}
break;
case 'get_bank_safe':
if (!$user)
'success' => false,
'error' => $LNG['must']
)));
/*
//if(($user['steamid'] != "76561198092088938") || ($user['steamid'] != "76561198025678566")) exit();
$g = curl('https://www.google.com/recaptcha/api/siteverify?secret=6LfZxR8TAAAAAIywvj5aDSbINTbkwSi_0-TR_MjF&response='.$_GET['g-recaptcha-response']);
$g = json_decode($g, true);
//if($g['success'] == true)
if($g->success == true){
*/
'balance' => $user['balance'],
'error' => 'none',
'success' => true
);
$sql = $db->query('SELECT * FROM `items` WHERE `status` = 1');
while ($row = $sql->fetch()) {
$array['items'][] = array(
'botid' => $row['botid'],
'img' => 'http://steamcommunity-a.akamaihd.net/economy/image/' . $row['img'],
'name' => $row['market_hash_name'],
'assetid' => $row['id'],
'price' => $prices['response']['items'][$row['market_hash_name']]['value'] * 10 * 1.2,
'reject' => 'unknown items'
);
}
//}
break;
case 'withdraw_js':
if (!$user)
'success' => false,
'error' => $LNG['must']
)));
$assetids = explode(',', $_GET['assetids']);
$checksum = $_GET['checksum'];
$sum = 0;
$steamid = strtolower($db->quote($user['steamid']));
$query = $db->prepare('SELECT count(*) FROM `bets` WHERE `user` = :user');
$query->bindValue(':user', $steamid, PDO::PARAM_INT);
$query->execute();
$countBetsForUser = $query->fetch();
$query->closeCursor();
$query = $db->prepare("SELECT SUM(`summa`) FROM `trades` WHERE `status` = 1 AND `user` = :user");
$query->bindValue(':user', $steamid, PDO::PARAM_INT);
$query->execute();
list($checkSumSend) = $query->fetch(PDO
::FETCH_NUM);
$query->closeCursor();
$checkSumSend = round($checkSumSend,2);
'success' => false,
'error' => ''
);
'success' => false,
'error' => 'You choose more bots'
);
} elseif ($user['balance'] < $sum) {
'success' => false,
'error' => '[#2234243] Aby wypłacić przedmioty, musisz posiadać przynajmniej 50 betów!'
);
} else if($countBetsForUser[0] < 5) {
'success' => false,
'error' => '[#5766573] Aby wypłacić przedmioty, musisz posiadać przynajmniej 50 betów!'
);
} else if($checkSumSend < 2000) {
'success' => false,
'error' => '[#8264773] Aby wypłacić przedmioty, musisz wpłacić minimum 2000 coinsów!'
);
} else {
foreach ($assetids as $key) {
if ($key == "")
continue;
$sql = $db->query('SELECT * FROM `items` WHERE `id` = ' . $db->quote($key));
$row = $sql->fetch();
$items[$row['botid']] = $row['market_hash_name'];
$sum += $prices['response']['items'][$row['market_hash_name']]['value'] * 10 * 1.2;
$norm_itms = $norm_itms . $row['market_hash_name'] . ',';
}
if($checksum == $sum){
$s = $db->query('SELECT `name` FROM `bots` WHERE `id` = ' . $db->quote($bot));
$r = $s->fetch();
$db->exec('UPDATE `users` SET `balance` = `balance` - ' . $sum . ' WHERE `steamid` = ' . $user['steamid']);
$partner = extract_partner($_GET['tradeurl']);
$token = extract_token($_GET['tradeurl']);
$out = curl
('http://' . $ip . ':' . (5735 + $bot) . '/sendingTradesForMe/?names=' . urlencode($norm_itms) . '&partner=' . $partner . '&token=' . $token . '&checksum=' . $_GET['checksum'] . '&steamid=' . $user['steamid']);
if ($out['success'] == false) {
$db->exec('UPDATE `users` SET `balance` = `balance` + ' . $sum . ' WHERE `steamid` = ' . $user['steamid']);
} else {
foreach ($assetids as $key) {
$db->exec('DELETE FROM `items` WHERE `id` = ' . $db->quote($key));
}
$out['bot'] = $r['name'];
$db->exec('INSERT INTO `trades` SET `id` = ' . $db->quote($out['tid']) . ', `bot_id` = ' . $db->quote($bot) . ', `code` = ' . $db->quote($out['code']) . ', `status` = 2, `user` = ' . $db->quote($user['steamid']) . ', `summa` = ' . '-' . $db->quote($_GET['checksum']) . ', `time` = ' . $db->quote(time()));
}
}else{
'success' => false,
'error' => 'Wartości skinów zostały zmienione.'
);
}
}
break;
case 'exit':
break;
}
function getTemplate($name, $in = null)
{
include "template/" . $name;
return $text;
}
function curl($url)
{
return $data;
}
function extract_token($url)
{
return isset($queryString['token']) ?
$queryString['token'] : false;
}
function extract_partner($url)
{
return isset($queryString['partner']) ?
$queryString['partner'] : false;
}