prepare($sql); $stmt->bindParam(':hash', $hash_stmt); $hash_stmt = $_COOKIE['hash']; $stmt->execute(); if ($stmt->rowCount() != 0) { $row = $stmt->fetch(); $user = $row; } } if (isset($_GET["language"])) { $lang = $_GET["language"]; setcookie('lang', $lang, time() + (86400 * 360)); $_COOKIE["lang"] = $lang; //print ""; } if (isset($_COOKIE["lang"])) switch ($_COOKIE["lang"]) { case "pl": include "lang/pl.php"; break; case "en": include "lang/en.php"; break; } else include "lang/en.php"; $min = 10; $ip = ''; $referal_summa = 100; switch ($_GET['page']) { case '': $steamid = strtolower($db->quote($user['steamid'])); $polskie = array("'"); $miedzyn = array(""); $steamid = str_replace($polskie, $miedzyn, $steamid); $query = $db->prepare('SELECT count(*) FROM `bets` WHERE `user` = :user'); $query->bindValue(':user', $steamid, PDO::PARAM_INT); $query->execute(); $countBetsForUser = $query->fetch(); $query->closeCursor(); $countBetsForUser = $countBetsForUser[0]; $page = getTemplate('/security/main.tpl', array( 'user' => $user, 'countBetsForUser' => $countBetsForUser )); echo $page; break; case 'deposit': $page = getTemplate('/security/deposit.tpl', array( 'user' => $user )); echo $page; break; case 'tos': $page = getTemplate('/security/tos.tpl', array( 'user' => $user )); echo $page; break; /* case 'support': $sql = $db->query('SELECT * FROM `tickets` WHERE `user` = '.$db->quote($user['steamid']).' AND `status` = 0'); $row = $sql->fetch(); $ticket = clear($row); if(count($ticket) > 0) { $sql = $db->query('SELECT * FROM `messages` WHERE `ticket` = '.$db->quote($ticket['id'])); $row = $sql->fetchAll(); $ticket['messages'] = clear($row); } $sql = $db->query('SELECT COUNT(`id`) FROM `tickets` WHERE `user` = '.$db->quote($user['steamid']).' AND `status` > 0'); $row = $sql->fetch(); $closed = $row['COUNT(`id`)']; $tickets = array(); $sql = $db->query('SELECT * FROM `tickets` WHERE `user` = '.$db->quote($user['steamid']).' AND `status` > 0'); while ($row = $sql->fetch()) { $s = $db->query('SELECT `message`, `user` FROM `messages` WHERE `ticket` = '.$db->quote($row['id'])); $r = $s->fetchAll(); $tickets[] = array('title'=>clear($row['title']),'messages'=>clear($r)); } $page = getTemplate('support.tpl', array('user'=>$user,'ticket'=>$ticket,'open'=>(count($ticket) > 1)?1:0,'closed'=>$closed,'tickets'=>$tickets)); echo $page; break; case 'support_new': if(!$user) exit(json_encode(array('success'=>false, 'error'=>'You must login to access the support.'))); $tid = clear($_POST['tid']); $title = clear($_POST['title']); $body = clear($_POST['reply']); $close = clear($_POST['close']); $cat = clear($_POST['cat']); $flag = clear($_POST['flag']); $lmao = clear($_POST['lmao']); if($tid == 0) { if((strlen($title) < 0) || (strlen($title) > 256)) exit(json_encode(array('success'=>false, 'error'=>'Title < 0 or > 256.'))); if(($cat < 0) || ($cat > 4)) exit(json_encode(array('success'=>false, 'error'=>'Department cannot be left blank.'))); if((strlen($body) < 0) || (strlen($body) > 2056)) exit(json_encode(array('success'=>false, 'error'=>'Description cannot be left blank.'))); $sql = $db->query('SELECT COUNT(`id`) FROM `tickets` WHERE `user` = '.$db->quote($user['steamid']).' AND `status` = 0'); $row = $sql->fetch(); $count = $row['COUNT(`id`)']; if($count != 0) exit(json_encode(array('success'=>false, 'error'=>'You already have a pending support ticket.'))); $db->exec('INSERT INTO `tickets` SET `time` = '.$db->quote(time()).', `user` = '.$db->quote($user['steamid']).', `cat` = '.$db->quote($cat).', `title` = '.$db->quote($title)); $id = $db->lastInsertId(); $db->exec('INSERT INTO `messages` SET `ticket` = '.$db->quote($id).', `message` = '.$db->quote($body).', `user` = '.$db->quote($user['steamid']).', `time` = '.$db->quote(time())); exit(json_encode(array('success'=>true,'msg'=>'Thank you - your ticket has been submitted ('.$id.')'))); } else { $sql = $db->query('SELECT * FROM `tickets` WHERE `id` = '.$db->quote($tid).' AND `user` = '.$db->quote($user['steamid'])); if($sql->rowCount() > 0) { $row = $sql->fetch(); if($close == 1) { $db->exec('UPDATE `tickets` SET `status` = 1 WHERE `id` = '.$db->quote($tid)); exit(json_encode(array('success'=>true,'msg'=>'[CLOSED]'))); } $db->exec('INSERT INTO `messages` SET `ticket` = '.$db->quote($tid).', `message` = '.$db->quote($body).', `user` = '.$db->quote($user['steamid']).', `time` = '.$db->quote(time())); exit(json_encode(array('success'=>true,'msg'=>'Response added.'))); } } break; */ case 'rolls': if (isset($_GET['id'])) { $id = $_GET['id']; if (!preg_match('/^[0-9]+$/', $id)) exit(); $sql = "SELECT * FROM hash WHERE id = :id"; $sth = $db->prepare($sql); $sth->bindParam(':id', $id_a, PDO::PARAM_INT); $id_a = $db->quote($id); $sth->execute(); $row = $sth->fetch(); $sql = "SELECT * FROM rolls WHERE hash = :hash"; $std = $db->prepare($sql); $std->bindParam(':hash', $hash_que, PDO::PARAM_STR); $hash_que = $db->quote($row['hash']); $std->execute(); $row = $std->fetchAll(); $rolls = array(); foreach ($row as $key => $value) { if ($value['id'] < 10) { $q = 0; $z = substr($value['id'], -1, 1); } else { $q = substr($value['id'], 0, -1); $z = substr($value['id'], -1, 1); } if (count($rolls[$q]) == 0) { $rolls[$q]['time'] = date('h:i A', $value['time']); $rolls[$q]['start'] = substr($value['id'], 0, -1); } $rolls[$q]['rolls'][$z] = array( 'id' => $value['id'], 'roll' => $value['roll'] ); } $page = getTemplate('/security/rolls.tpl', array( 'user' => $user, 'rolls' => $rolls )); } else { $sql = $db->query('SELECT * FROM hash ORDER BY id DESC'); $row = $sql->fetchAll(); $rolls = array(); foreach ($row as $key => $value) { $sql = "SELECT MIN(`id`) AS min, MAX(`id`) AS max FROM `rolls` WHERE hash = :hash"; $smt = $db->prepare($sql); $smt->bindParam(':hash', $hashc); $hashc = $db->quote($value['hash']); $smt->execute(); $r = $smt->fetch(); $rolls[] = array( 'id' => $value['id'], 'date' => date('Y-m-d', $value['time']), 'seed' => $value['hash'], 'rolls' => $r['min'] . '-' . $r['max'], 'time' => $value['time'] ); } $page = getTemplate('/security/rolls.tpl', array( 'user' => $user, 'rolls' => $rolls )); } echo $page; break; case 'faq': $page = getTemplate('/security/faq.tpl', array( 'user' => $user )); echo $page; break; case 'affiliates': $affiliates = array(); $sql = "SELECT code FROM codes WHERE user = :user"; $srt = $db->prepare($sql); $srt->bindParam(':user', $user_srt, PDO::PARAM_STR); $user_str = $db->quote($user['steamid']); $srt->execute(); if ($srt->rowCount() == 0) { $affiliates = array( 'visitors' => 0, 'total_bet' => 0, 'lifetime_earnings' => 0, 'available' => 0, 'level' => $LNG['level'], 'depositors' => $LNG['depositors'], 'code' => $LNG['dcode'] ); } else { $row = $srt->fetch(); $affiliates['code'] = $row['code']; $sql = "SELECT * FROM users WHERE referral = :referral"; $stt = $db->prepare($sql); $stt->bindParam(':referral', $referral, PDO::PARAM_STR); $referall = $db->quote($user['steamid']); $stt->execute(); $reffersN = $stt->fetchAll(); $reffers = array(); $affiliates['visitors'] = 0; $count = 0; $affiliates['total_bet'] = 0; foreach ($reffersN as $key => $value) { $sql = "SELECT SUM(`amount`) AS amount FROM bets WHERE user = :user"; $suh = $db->prepare($sql); $suh->bindParam(':user', $user_b, PDO::PARAM_STR); $user_b = $db->quote($value['steamid']); $suh->execute(); $row = $suh->fetch(); if ($row['amount'] == 0) $affiliates['visitors']++; else $count++; $affiliates['total_bet'] += $row['amount']; $sql = "SELECT SUM(`amount`) AS amount FROM bets WHERE user = :user AND collect = 0"; $st = $db->prepare($sql); $st->bindParam(':user', $user_t, PDO::PARAM_STR); $user_t = $db->quote($value['steamid']); $st->execute(); $r = $st->fetch(); $reffers[] = array( 'player' => substr_replace($value['steamid'], '*************', 0, 13), 'total_bet' => $row['amount'], 'collect_coins' => $r['amount'], 'comission' => 0 ); } if ($count < 50) { $affiliates['level'] = $LNG['lv_1']; $affiliates['depositors'] = $count . "/50" . $LNG['lv_to_1']; $s = 300; } elseif ($count > 50) { $affiliates['level'] = $LNG['lv_2']; $affiliates['depositors'] = $count . "/200" . $LNG['lv_to_2']; $s = 200; } elseif ($count > 200) { $affiliates['level'] = $LNG['lv_3']; $affiliates['depositors'] = $count . "/∞" . $LNG['lv_to_3']; $s = 100; } $affiliates['available'] = 0; $affiliates['lifetime_earnings'] = 0; foreach ($reffers as $key => $value) { $reffers[$key]['comission'] = round($value['total_bet'] / $s, 0); $affiliates['available'] += round($value['collect_coins'] / $s, 0); $affiliates['lifetime_earnings'] += round($value['total_bet'] / $s, 0) - round($value['collect_coins'] / $s, 0); } $affiliates['reffers'] = $reffers; } $page = getTemplate('/security/affiliates.tpl', array( 'user' => $user, 'affiliates' => $affiliates )); echo $page; break; case 'changecode': if (!$user) exit(json_encode(array( 'success' => false, 'error' => $LNG['must'] ))); $code = clear($_POST['code']); if (!preg_match('/^[a-zA-Z0-9]+$/', $code)) exit(json_encode(array( 'success' => false, 'error' => 'Code is not valid' ))); $sql = "SELECT * FROM codes WHERE code = :code"; $ppp = $db->prepare($sql); $ppp->bindParam(':code', $code_ppp, PDO::PARAM_STR); $code_ppp = $db->quote($code); $ppp->execute(); if ($ppp->rowCount() != 0) exit(json_encode(array( 'success' => false, 'error' => 'Code is not valid' ))); $sql = "SELECT * FROM codes WHERE user = :user"; $sti = $db->prepare($sql); $sti->bindParam(':user', $user_sti, PDO::PARAM_STR); $user_sti = $db->quote($user['steamid']); $sti->execute(); if ($sti->rowCount() == 0) { $sql = "INSERT INTO codes VALUES ( :code, :user )"; $erc = $db->prepare($sql); $erc->bindParam(':code', $code_erc, PDO::PARAM_STR); $erc->bindParam(':user', $user_erc, PDO::PARAM_INT); $code_erc = $db->quote($code); $user_erc = $db->quote($user['steamid']); $erc->execute(); exit(json_encode(array( 'success' => true, 'code' => $code ))); } else { $sql = "UPDATE codes SET code=:code WHERE user=:user"; $qw = $db->prepare($sql); $qw->bindParam(':code', $code_qw, PDO::PARAM_STR); $qw->bindParam(':user', $user_qw, PDO::PARAM_INT); $code_qw = $db->quote($code); $user_qw = $db->quote($user['steamid']); $qw->execute(); exit(json_encode(array( 'success' => true, 'code' => $code ))); } break; case 'collect': if (!$user) exit(json_encode(array( 'success' => false, 'error' => $LNG['must'] ))); $sql = "SELECT * FROM users WHERE referral = :referral"; $tt = $db->prepare($sql); $tt->bindParam(':referral', $referral_tt, PDO::PARAM_STR); $referral_tt = $db->quote($user['steamid']); $tt->execute(); $reffersN = $tt->fetchAll(); $count = 0; $collect_coins = 0; foreach ($reffersN as $key => $value) { $sql = "SELECT SUM(`amount`) AS amount FROM bets WHERE user = :user"; $abc = $db->prepare($sql); $abc->bindParam(':user', $user_abc, PDO::PARAM_INT); $user_abc = $db->quote($value['steamid']); $abc->execute(); $row = $abc->fetch(); if ($row['amount'] > 0) { $count++; $sql = "SELECT SUM(`amount`) AS amount FROM bets WHERE user=:user AND collect=0"; $bcd = $db->prepare($sql); $bcd->bindParam(':user', $user_bcd, PDO::PARAM_INT); $user_bcd = $db->quote($value['steamid']); $bcd->execute(); $r = $bcd->fetch(); $sql = "UPDATE bets SET collect = 1 WHERE user = :user"; $ui = $db->prepare($sql); $ui->bindParam(':user', $user_ui, PDO::PARAM_INT); $user_ui = $db->quote($value['steamid']); $ui->execute(); $collect_coins += $r['amount']; } } if ($count < 50) { $s = 300; } elseif ($count > 50) { $s = 200; } elseif ($count > 200) { $s = 100; } $collect_coins = round($collect_coins / $s, 0); $sql = "UPDATE users SET balance = balance + :collect_coins WHERE steamid = :steamid"; $poi = $db->prepare($sql); $poi->bindParam(':collect_coins', $collect_coins); $poi->bindParam(':steamid', $steamid_poi, PDO::PARAM_INT); $steamid_poi = $db->quote($user['steamid']); $poi->execute(); exit(json_encode(array( 'success' => true, 'collected' => $collect_coins ))); break; case 'redeem': if (!$user) exit(json_encode(array( 'success' => false, 'error' => $LNG['must'] ))); if ($user['referral'] != '0') exit(json_encode(array( 'success' => false, 'error' => $LNG['code_5'], 'code' => $user['referral'] ))); $out = curl('http://api.steampowered.com/IPlayerService/GetOwnedGames/v0001/?key=C59002C6AF973D43E01CF7A4EC5EF3D9&steamid=' . $user['steamid'] . '&format=json'); $out = json_decode($out, true); if (!$out['response']) exit(json_encode(array( 'success' => false, 'error' => $LNG['code_4'] ))); $csgo = false; foreach ($out['response']['games'] as $key => $value) { if ($value['appid'] == 730) $csgo = true; } if (!$csgo) exit(json_encode(array( 'success' => false, 'error' => $LNG['code_3'] ))); $code = $_GET['code']; if (!preg_match('/^[a-zA-Z0-9]+$/', $code)) { exit(json_encode(array( 'success' => false, 'error' => $LNG['code_2'] ))); } else { unset($stmt); $sql = "SELECT * FROM codes WHERE code=:code"; $stmt = $db->prepare($sql); $stmt->bindParam(':code', $code_stmt, PDO::PARAM_STR); $code_stmt = $db->quote($code); $stmt->execute(); if ($stmt->rowCount() != 0) { $row = $stmt->fetch(); if ($row['user'] == $user['steamid']) exit(json_encode(array( 'success' => false, 'error' => $LNG['code_6'] ))); if($row['value'] == 0) { $banalnce = $referal_summa; } else { $banalnce = $row['value']; } unset ($stmt); $sql = "UPDATE users SET referral = :referral, balance = balance + :coins WHERE steamid = :steamid"; $stmt = $db->prepare($sql); $stmt->bindParam(':referral', $referral_stmt, PDO::PARAM_STR); $stmt->bindParam(':coins', $banalnce); $stmt->bindParam(':steamid', $steamid_stmt, PDO::PARAM_INT); $referral_stmt = $db->quote($row['user']); $steamid_stmt = $db->quote($user['steamid']); $stmt->execute(); exit(json_encode(array( 'success' => true, 'credits' => $banalnce ))); } else { exit(json_encode(array( 'success' => false, 'error' => $LNG['code_1'] ))); } } break; case 'withdraw': $steamid = strtolower($db->quote($user['steamid'])); $polskie = array("'"); $miedzyn = array(""); $steamid = str_replace($polskie, $miedzyn, $steamid); $query = $db->prepare('SELECT count(*) FROM `bets` WHERE `user` = :user'); $query->bindValue(':user', $steamid, PDO::PARAM_INT); $query->execute(); $countBetsForUser = $query->fetch(); $query->closeCursor(); $countBetsForUser = $countBetsForUser[0]; $query = $db->prepare("SELECT SUM(`summa`) FROM `trades` WHERE `status` = 1 AND `user` = :user"); $query->bindValue(':user', $steamid, PDO::PARAM_INT); $query->execute(); list($checkSumSend) = $query->fetch(PDO::FETCH_NUM); $query->closeCursor(); $checkSumSend = round($checkSumSend,2); $sql = $db->query('SELECT `id` FROM `bots`'); $ids = array(); while ($row = $sql->fetch()) { $ids[] = $row['id']; } $page = getTemplate('/security/withdraw.tpl', array( 'user' => $user, 'bots' => $ids, 'countBetsForUser' => $countBetsForUser, 'checkSumSend' => $checkSumSend )); echo $page; break; case 'transfers': unset ($stmt); $sql = "SELECT * FROM transfers WHERE to1 = :steamid, OR from1 = :steamid"; $stmt = $db->prepare($sql); $stmt->bindParam(':steamid', $steamid_stmt, PDO::PARAM_INT); $stmt->execute(); $row = $stmt->fetchAll(PDO::FETCH_ASSOC); $page = getTemplate('/security/transfers.tpl', array( 'user' => $user, 'transfers' => $row )); echo $page; break; case 'offers': unset($stmt); $sql = "SELECT * FROM trades WHERE user=:steamid"; $stmt = $db->prepare($sql); $stmt->bindParam(':steamid', $steamid_stmt, PDO::PARAM_INT); $stmt->execute(); $row = $stmt->fetchAll(PDO::FETCH_ASSOC); $page = getTemplate('/security/offers.tpl', array( 'user' => $user, 'offers' => $row )); echo $page; break; case 'login': /*include 'openid.php'; try { $openid = new LightOpenID('http://'.$_SERVER['SERVER_NAME'].'/'); if (!$openid->mode) { $openid->identity = 'http://steamcommunity.com/openid/?l=russian'; header('Location: ' . str_replace("csgobananas", "csgorebel", $openid->authUrl())); } elseif ($openid->mode == 'cancel') { echo ''; } else { if ($openid->validate()) { $id = $openid->identity; $ptn = "/^http:\/\/steamcommunity\.com\/openid\/id\/(7[0-9]{15,25}+)$/"; preg_match($ptn, $id, $matches); $url = "http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=DF847FB936FBD70E08C0DFEAE7ED8A38&steamids=$matches[1]"; $json_object = file_get_contents($url); $json_decoded = json_decode($json_object); foreach ($json_decoded->response->players as $player) { $steamid = $player->steamid; $name = $player->personaname; $avatar = $player->avatar; } var_dump($json_decoded); $hash = md5($steamid . time() . rand(1, 50)); $sql = $db->query("SELECT * FROM `users` WHERE `steamid` = '" . $steamid . "'"); $row = $sql->fetchAll(PDO::FETCH_ASSOC); if (count($row) == 0) { $db->exec("INSERT INTO `users` (`hash`, `steamid`, `name`, `avatar`) VALUES ('" . $hash . "', '" . $steamid . "', " . $db->quote($name) . ", '" . $avatar . "')"); } else { $db->exec("UPDATE `users` SET `hash` = '" . $hash . "', `name` = " . $db->quote($name) . ", `avatar` = '" . $avatar . "' WHERE `steamid` = '" . $steamid . "'"); } setcookie('hash', $hash, time() + 3600 * 24 * 7, '/'); } } } catch (ErrorException $e) { exit($e->getMessage()); }*/ require_once('SteamAuth.php'); $SteamAuth = new SteamAuth(); $URL = $SteamAuth->GetURL(); header("Location: " . $URL . ""); break; case 'get_inv': if (!$user) exit(json_encode(array( 'success' => false, 'error' => $LNG['must'] ))); if ((file_exists('cache/' . $user['steamid'] . '.txt')) && (!isset($_GET['nocache']))) { $array = file_get_contents('cache/' . $user['steamid'] . '.txt'); $array = unserialize($array); $array['fromcache'] = true; if (isset($_COOKIE['tid'])) { unset($stmt); $sql = "SELECT * FROM trades WHERE id=:id AND status=0"; $stmt = $db->prepare($sql); $stmt->bindParam(':id', $tid_stmt, PDO::PARAM_STR); $tid_stmt = $db->quote($_COOKIE['tid']); $stmt->execute(); if ($stmt->rowCount() != 0) { $row = $stmt->fetch(); $array['code'] = $row['code']; $array['amount'] = $row['summa']; $array['tid'] = $row['id']; $array['bot'] = "Bot #" . $row['bot_id']; } else { setcookie("tid", "", time() - 3600, '/'); } } exit(json_encode($array)); } $prices = file_get_contents('prices.txt'); $prices = json_decode($prices, true); $inv = curl('https://steamcommunity.com/profiles/' . $user['steamid'] . '/inventory/json/730/2/'); $inv = json_decode($inv, true); if ($inv['success'] != 1) { exit(json_encode(array( 'error' => $LNG['priv_inv'] ))); } $items = array(); foreach ($inv['rgInventory'] as $key => $value) { $id = $value['classid'] . '_' . $value['instanceid']; $trade = $inv['rgDescriptions'][$id]['tradable']; if (!$trade) continue; $name = $inv['rgDescriptions'][$id]['market_hash_name']; $price = $prices['response']['items'][$name]['value'] * 10; $img = 'http://steamcommunity-a.akamaihd.net/economy/image/' . $inv['rgDescriptions'][$id]['icon_url']; if ((preg_match('/(Souvenir)/', $name)) || ($price < $min)) { $price = 0; $reject = $LNG['junk']; } else { $reject = 'unknown item'; } $items[] = array( 'assetid' => $value['id'], 'bt_price' => "0.00", 'img' => $img, 'name' => $name, 'price' => $price, 'reject' => $reject, 'sa_price' => $price, 'steamid' => $user['steamid'] ); } $array = array( 'error' => 'none', 'fromcache' => false, 'items' => $items, 'success' => true ); if (isset($_COOKIE['tid'])) { unset($stmt); $sql = "SELECT * FROM trades WHERE id=:id and status=0"; $stmt = $db->prepare($sql); $stmt->bindParam(':id', $tid_stmt, PDO::PARAM_STR); $stmt->execute(); if ($stmt->rowCount() != 0) { $row = $stmt->fetch(); $array['code'] = $row['code']; $array['amount'] = $row['summa']; $array['tid'] = $row['id']; $array['bot'] = "Bot #" . $row['bot_id']; } else { setcookie("tid", "", time() - 3600, '/'); } } file_put_contents('cache/' . $user['steamid'] . '.txt', serialize($array), LOCK_EX); exit(json_encode($array)); break; case 'deposit_js1': if (!$user) exit(json_encode(array( 'success' => false, 'error' => $LNG['must'] ))); if ($_COOKIE['tid']) { exit(json_encode(array( 'success' => false, 'error' => 'You isset active tradeoffer.' ))); } $sql = $db->query('SELECT `id`,`name` FROM `bots` ORDER BY rand() LIMIT 1'); $row = $sql->fetch(); $bot = $row['id']; $partner = extract_partner($_GET['tradeurl']); $token = extract_token($_GET['tradeurl']); setcookie('tradeurl', $_GET['tradeurl'], time() + 3600 * 24 * 7, '/'); $out = curl('http://' . $ip . ':' . (5735 + $bot) . '/sendTrade/?assetids=' . $_GET['assetids'] . '&partner=' . $partner . '&token=' . $token . '&checksum=' . $_GET['checksum'] . '&steamid=' . $user['steamid']); $out = json_decode($out, true); $out['bot'] = $row['name']; if ($out['success'] == true) { unset($stmt); $sql = "INSERT INTO trades VALUES ( :id, :bot_id, :code, :status, :user, :summa, :timee )"; $stmt = $db->prepare($sql); $stmt->bindParam(':id', $tid_stmt, PDO::PARAM_STR); $stmt->bindParam(':bot_id', $bot_idstmt, PDO::PARAM_INT); $stmt->bindParam(':code', $code_stmt, PDO::PARAM_STR); $stmt->bindParam(':status', $status_stmt, PDO::PARAM_STR); $stmt->bindParam(':user', $steamid_stmt, PDO::PARAM_STR); $stmt->bindParam(':summa', $summa_stmt, PDO::PARAM_STR); $stmt->bindParam(':timee', $timee_stmt); $bot_idstmt = $db->quote($bot); $code_stmt = $db->quote($out['code']); $status_stmt = 0; $summa_stmt = $db->quote($_GET['checksum']); $timee_stmt = $db->quote(time()); $stmt->execute(); $db->exec('INSERT INTO `items` SET `trade` = ' . $db->quote($out['tid']) . ', `market_hash_name` = ' . $db->quote($value['market_hash_name']) . ', `img` = ' . $db->quote($value['icon_url']) . ', `botid` = ' . $db->quote($bot) . ', `time` = ' . $db->quote(time())); } setcookie('tid', $out['tid'], time() + 3600 * 24 * 7, '/'); exit(json_encode($out)); break; case 'deposit_js': if (!$user) exit(json_encode(array( 'success' => false, 'error' => $LNG['must'] ))); if ($_COOKIE['tid']) { exit(json_encode(array( 'success' => false, 'error' => 'You isset active tradeoffer.' ))); } $sql = $db->query('SELECT `id`,`name` FROM `bots` ORDER BY rand() LIMIT 1'); $row = $sql->fetch(); $bot = $row['id']; $partner = extract_partner($_GET['tradeurl']); $token = extract_token($_GET['tradeurl']); setcookie('tradeurl', $_GET['tradeurl'], time() + 3600 * 24 * 7, '/'); $checksum = intval($_GET['checksum']); $prices = file_get_contents('prices.txt'); $prices = json_decode($prices, true); $out = curl('http://' . $ip . ':' . (5735 + $bot) . '/sendTrade/?assetids=' . $_GET['assetids'] . '&partner=' . $partner . '&token=' . $token . '&checksum=' . $_GET['checksum'] . '&steamid=' . $user['steamid']); $out = json_decode($out, true); $out['bot'] = $row['name']; if ($out['success'] == true) { $s = 0; foreach ($out['items'] as $key => $value) { $sql = "INSERT INTO items SET trade=:trade, market_hash_name = :hash_name, img = :img, botid = :bot_id, time=:timee"; $stmt = $db->prepare($sql); $stmt->bindParam(':trade', $trade_stmt, PDO::PARAM_STR); $stmt->bindParam(':hash_name', $hashname, PDO::PARAM_STR); $stmt->bindParam(':img', $img_stmt, PDO::PARAM_STR); $stmt->bindParam(':bot_id', $botid_stmt, PDO::PARAM_STR); $stmt->bindParam(':timee', $time_stmt); $trade_stmt = $db->quote($out['tid']); $hashname = $db->quote($value['market_hash_name']); $img_stmt = $db->quote($value['icon_url']); $botid_stmt = $db->quote($bot); $time_stmt = $db->quote(time()); $stmt->execute(); $s += $prices['response']['items'][$value['market_hash_name']]['value'] * 10; } unset($stmt); $sql = "INSERT INTO trades SET id = :tid, bot_id = :bot_id, code = :code, status = 0, user = :user, summa = :summa, time = :timee"; $stmt = $db->prepare($sql); $stmt->bindParam(':tid', $tid_stmt, PDO::PARAM_STR); $stmt->bindParam(':bot_id', $botid_stmt, PDO::PARAM_INT); $stmt->bindParam(':code', $code_stmt, PDO::PARAM_STR); $stmt->bindParam(':user', $user_stmt, PDO::PARAM_INT); $stmt->bindParam(':summa', $summa_stmt); $stmt->bindParam(':timee', $time_stmt); $tid_stmt = $db->quote($out['tid']); $botid_stmt = $db->quote($bot); $code_stmt = $db->quote($out['code']); $user_stmt = $db->quote($user['steamid']); $summa_stmt = $db->quote($s); $time_stmt = $db->quote(time()); $stmt->execute(); $out['amount'] = $s; setcookie('tid', $out['tid'], time() + 3600 * 24 * 7, '/'); } exit(json_encode($out)); break; case 'confirm': if (!$user) exit(json_encode(array( 'success' => false, 'error' => $LNG['must'] ))); $tid = (int) $_GET['tid']; unset($stmt); $sql = "SELECT * FROM trades WHERE id = :id"; $stmt = $db->prepare($sql); $stmt->bindParam(':id', $id_stmt, PDO::PARAM_STR); $id_stmt = $db->quote($tid); $stmt->execute(); $row = $stmt->fetch(); $out = curl('http://' . $ip . ':' . (5735 + $row['bot_id']) . '/checkTrade?tid=' . $row['id']); $out = json_decode($out, true); if (($out['success'] == true) && ($out['action'] == 'accept') && ($row['status'] != 1)) { if ($row['summa'] > 0) unset($stmt); $sql = "UPDATE users SET balance = balance + :summa WHERE steamid = :steamid"; $stmt = $db->prepare($sql); $stmt->bindParam(':summa', $summa_stmt, PDO::PARAM_STR); $stmt->bindParam(':steamid', $steamid_stmt, PDO::PARAM_INT); $summa_stmt = $row['summa']; $steamid_stmt = $db->quote($user['steamid']); $stmt->execute(); if ($row['summa'] > 0) unset($stmt); $sql = "UPDATE items SET status = 1 WHERE trade = :trade"; $stmt = $db->prepare($sql); $stmt->bindParam(':trade', $trade_stmt, PDO::PARAM_STR); $trade_stmt = $db->quote($row['id']); $stmt->execute(); if ($row['summa'] > 0) unset($stmt); $sql = "UPDATE trades SET status = 1 WHERE id = :id"; $stmt = $db->prepare($sql); $stmt->bindParam(':id', $id_stmt, PDO::PARAM_STR); $id_stmt = $db->quote($row['id']); $stmt->execute(); setcookie("tid", "", time() - 3600, '/'); } elseif (($out['success'] == true) && ($out['action'] == 'cross')) { setcookie("tid", "", time() - 3600, '/'); unset($stmt); $sql = "DELETE FROM items WHERE trade = :trade"; $stmt = $db->prepare($sql); $stmt->bindParam(':trade', $trade_stmt, PDO::PARAM_STR); $trade_stmt = $db->quote($row['id']); $stmt->execute(); unset($stmt); $sql = "DELETE FROM trades WHERE id = :id"; $stmt = $db->prepare($sql); $stmt = $db->bindParam(':id', $id_stmt, PDO::PARAM_INT); $id_stmt = $db->quote($row['id']); $stmt->execute(); } else { exit(json_encode(array( 'success' => false, 'error' => $LNG['trade_prog'] ))); } exit(json_encode($out)); break; case 'get_bank_safe': if (!$user) exit(json_encode(array( 'success' => false, 'error' => $LNG['must'] ))); /* //if(($user['steamid'] != "76561198092088938") || ($user['steamid'] != "76561198025678566")) exit(); $g = curl('https://www.google.com/recaptcha/api/siteverify?secret=6LfZxR8TAAAAAIywvj5aDSbINTbkwSi_0-TR_MjF&response='.$_GET['g-recaptcha-response']); $g = json_decode($g, true); //if($g['success'] == true) if($g->success == true){ */ $array = array( 'balance' => $user['balance'], 'error' => 'none', 'items' => array(), 'success' => true ); $sql = $db->query('SELECT * FROM `items` WHERE `status` = 1'); $prices = file_get_contents('prices.txt'); $prices = json_decode($prices, true); while ($row = $sql->fetch()) { $array['items'][] = array( 'botid' => $row['botid'], 'img' => 'http://steamcommunity-a.akamaihd.net/economy/image/' . $row['img'], 'name' => $row['market_hash_name'], 'assetid' => $row['id'], 'price' => $prices['response']['items'][$row['market_hash_name']]['value'] * 10 * 1.2, 'reject' => 'unknown items' ); } exit(json_encode($array)); //} break; case 'withdraw_js': if (!$user) exit(json_encode(array( 'success' => false, 'error' => $LNG['must'] ))); $items = array(); $assetids = explode(',', $_GET['assetids']); $checksum = $_GET['checksum']; $sum = 0; $steamid = strtolower($db->quote($user['steamid'])); $polskie = array("'"); $miedzyn = array(""); $steamid = str_replace($polskie, $miedzyn, $steamid); $query = $db->prepare('SELECT count(*) FROM `bets` WHERE `user` = :user'); $query->bindValue(':user', $steamid, PDO::PARAM_INT); $query->execute(); $countBetsForUser = $query->fetch(); $query->closeCursor(); $query = $db->prepare("SELECT SUM(`summa`) FROM `trades` WHERE `status` = 1 AND `user` = :user"); $query->bindValue(':user', $steamid, PDO::PARAM_INT); $query->execute(); list($checkSumSend) = $query->fetch(PDO::FETCH_NUM); $query->closeCursor(); $checkSumSend = round($checkSumSend,2); $out = array( 'success' => false, 'error' => '' ); if (count($items) > 1) { $out = array( 'success' => false, 'error' => 'You choose more bots' ); } elseif ($user['balance'] < $sum) { $out = array( 'success' => false, 'error' => '[#2234243] Aby wypłacić przedmioty, musisz posiadać przynajmniej 50 betów!' ); } else if($countBetsForUser[0] < 5) { $out = array( 'success' => false, 'error' => '[#5766573] Aby wypłacić przedmioty, musisz posiadać przynajmniej 50 betów!' ); } else if($checkSumSend < 2000) { $out = array( 'success' => false, 'error' => '[#8264773] Aby wypłacić przedmioty, musisz wpłacić minimum 2000 coinsów!' ); } else { $prices = file_get_contents('prices.txt'); $prices = json_decode($prices, true); foreach ($assetids as $key) { if ($key == "") continue; $sql = $db->query('SELECT * FROM `items` WHERE `id` = ' . $db->quote($key)); $row = $sql->fetch(); $items[$row['botid']] = $row['market_hash_name']; $sum += $prices['response']['items'][$row['market_hash_name']]['value'] * 10 * 1.2; $norm_itms = $norm_itms . $row['market_hash_name'] . ','; } if($checksum == $sum){ reset($items); $bot = key($items); $s = $db->query('SELECT `name` FROM `bots` WHERE `id` = ' . $db->quote($bot)); $r = $s->fetch(); $db->exec('UPDATE `users` SET `balance` = `balance` - ' . $sum . ' WHERE `steamid` = ' . $user['steamid']); $partner = extract_partner($_GET['tradeurl']); $token = extract_token($_GET['tradeurl']); $out = curl('http://' . $ip . ':' . (5735 + $bot) . '/sendingTradesForMe/?names=' . urlencode($norm_itms) . '&partner=' . $partner . '&token=' . $token . '&checksum=' . $_GET['checksum'] . '&steamid=' . $user['steamid']); $out = json_decode($out, true); if ($out['success'] == false) { $db->exec('UPDATE `users` SET `balance` = `balance` + ' . $sum . ' WHERE `steamid` = ' . $user['steamid']); } else { foreach ($assetids as $key) { $db->exec('DELETE FROM `items` WHERE `id` = ' . $db->quote($key)); } $out['bot'] = $r['name']; $db->exec('INSERT INTO `trades` SET `id` = ' . $db->quote($out['tid']) . ', `bot_id` = ' . $db->quote($bot) . ', `code` = ' . $db->quote($out['code']) . ', `status` = 2, `user` = ' . $db->quote($user['steamid']) . ', `summa` = ' . '-' . $db->quote($_GET['checksum']) . ', `time` = ' . $db->quote(time())); } }else{ $out = array( 'success' => false, 'error' => 'Wartości skinów zostały zmienione.' ); } } exit(json_encode($out)); break; case 'exit': setcookie("hash", "", time() - 3600, '/'); header('Location: /'); exit(); break; } function getTemplate($name, $in = null) { extract($in); ob_start(); include "template/" . $name; $text = ob_get_clean(); return $text; } function curl($url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt'); curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies.txt'); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); $data = curl_exec($ch); curl_close($ch); return $data; } function extract_token($url) { parse_str(parse_url($url, PHP_URL_QUERY), $queryString); return isset($queryString['token']) ? $queryString['token'] : false; } function extract_partner($url) { parse_str(parse_url($url, PHP_URL_QUERY), $queryString); return isset($queryString['partner']) ? $queryString['partner'] : false; }