$strRedirectURL = PAGE_HOME . $strQS; } //echo "errormsg=".$errorMSG; // send back to join page with errors header('Location: ' . $strRedirectURL); die; //Make sure code after is not executed } break; //!CASE forgotpassword //!CASE forgotpassword case "forgotpassword": //prepared statements locked down. select ,update //echo "strDo= " . $strDo; //Get Form Post Data $strEmailForgotForm = funct_GetandCleanVariables($_POST["forgot_email"]); if ($DB_MYSQLI->connect_errno) { echo "Failed to connect to MySQL: (" . $DB_MYSQLI->connect_errno . ") " . $DB_MYSQLI->connect_error; } if ($stmt = $DB_MYSQLI->prepare("SELECT id FROM " . TBL_USERS . " WHERE email = ? ")) { $stmt->bind_param("s", $strEmailForgotForm); //Bind parameters s - string, b - blob, i - int, etc $stmt->execute(); //Execute it $stmt->bind_result($intUserID); //bind results //$stmt -> fetch(); //fetch the value mysqli_stmt_store_result($stmt); $intTotalRowsFound = mysqli_stmt_num_rows($stmt); //echo "totalrows: $intTotalRowsFound <br>"; if ($intTotalRowsFound < 1) {
<?php require "inc/session.php"; $strError = funct_GetandCleanVariables($_GET["error"]); //set error msg manually in query $strEmail = funct_GetandCleanVariables($_GET["email"]); //set error msg manually in query $strPhone = funct_GetandCleanVariables($_GET["phonenumber"]); //set error msg manually in query $strFirst = funct_GetandCleanVariables($_GET["firstname"]); //set error msg manually in query $strLast = funct_GetandCleanVariables($_GET["lastname"]); //set error msg manually in query $strAddress = funct_GetandCleanVariables($_GET["address"]); //set error msg manually in query ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <!-- Favicon --> <link rel="icon" type="image/png" href="/img/favicon.png" /> <meta charset="UTF-8"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta name="viewport" content="width=device-width"> <?php if (!$intJquery) { $intJquery = 1; ?> <script src="<?php JQUERYSRC;
<?php /* */ $strDo = funct_GetandCleanVariables($_GET['do']); if ($strDo == "call") { //test call internal url $strCallbackURL = "https://10.68.9.138/~easybitz/mods/processorder.php"; //call processorder script $json_url = $strCallbackURL . "?secret={$strSecret}&transaction_hash={$strTransactionID}&address={$strAddress}&input_address={$strAddress}&userid={$strLabel2}&value={$intAmount}&confirms={$intConfirmations}&server=amsterdam"; echo "<br>url: {$json_url} <br>"; $json_data = file_get_contents($json_url); echo "data = {$json_data} <br>"; $json_feed = json_decode($json_data); $strCallbackResponse = $json_data; echo "strCallbackResponse = {$strCallbackResponse} <br>"; } $strTransaction = funct_GetandCleanVariables($_GET['txid']); //$strTransaction = "d3de9c8d5ed75ca9d265f5b4581795d002234246f19dafe4d83b17661a4e3473"; //echo $strTransaction ; if ($strTransaction) { //get transaction info as JSON object, only for local transactions $bitcoin = new jsonRPCClient(JSONRPC_CONNECTIONSTRING_CC); $trxinfo = $bitcoin->gettransaction($strTransaction); $new = "Transaction hash: " . $argv[1] . "\n balance: " . $trxinfo["balance"] . "\n amount: " . $trxinfo["amount"] . "\n confirmations: " . $trxinfo["confirmations"] . "\n blockhash: " . $trxinfo["blockhash"] . "\n blockindex: " . $trxinfo["blockindex"] . "\n blocktime: " . $trxinfo["blocktime"] . "\n txid: " . $trxinfo["txid"] . "\n time: " . $trxinfo["time"] . "\n timereceived: " . $trxinfo["timereceived"] . "\n account: " . $trxinfo["details"][0]["account"] . "\n address: " . $trxinfo["details"][0]["address"] . "\n category: " . $trxinfo["details"][0]["category"] . "\n amount: " . $trxinfo["details"][0]["amount"] . "\n fee: " . $trxinfo["details"][0]["fee"]; // According to https://en.bitcoin.it/wiki/Original_Bitcoin_client/API_calls_list, fee is returned, but it doesn't seem that way here echo nl2br($new) . "<br><br><br>"; //if we want the from address and more detail we can get the raw transaction, decode it, extract the values from Json and get more info //Enable txindex=1 in your bitcoin.conf (You'll need to rebuild the database as the transaction index is normally not maintained, start using -reindex to do so), and //use the getrawtransaction call to request information about any transaction $strRawHex = $bitcoin->getrawtransaction($strTransaction); $objJSON = $bitcoin->decoderawtransaction($strRawHex); //print_r($objJSON)."<br><br>";
<?php require "inc/session.php"; //Define Page Values $strThisPage = PAGE_SETTINGS; $intUserID = funct_GetandCleanVariables(DETECT_USERID); $strDo = funct_GetandCleanVariables($_GET['do']); //echo "do= " .$strDo. "<br>" ; $strError = funct_GetandCleanVariables($_GET['error']); $strError_passwordupdate = funct_GetandCleanVariables($_GET['error_password']); $strError_testphone = funct_GetandCleanVariables($_GET['error_testphone']); $strError_confirmphone = funct_GetandCleanVariables($_GET['error_confirmphone']); $strError_confirmemail = funct_GetandCleanVariables($_GET['error_confirmemail']); if ($strDo == "welcome") { $strError = "Email Confirmed. Please Fill in your Address below"; } //Check if logged in. If not then send to login page with an error. if ($intUserID == "") { header('Location: ' . PAGE_ERROR . '?error=you are not logged in'); die; //Make sure code after is not executed } if ($DB_MYSQLI->connect_errno) { echo "Failed to connect to MySQL: (" . $DB_MYSQLI->connect_errno . ") " . $DB_MYSQLI->connect_error; } $strSQL = "SELECT id,password,email,cellphone,first_name,last_name,address,address2,cityname,state,postal,country_id,country_phonecode,currency_id,currency_symbol,crypto_miner_fee,verification_level,verification_phone,verification_email FROM " . TBL_USERS . " WHERE id = ? "; //echo "$strSQL $intUserID <br>"; if ($stmt = $DB_MYSQLI->prepare($strSQL)) { $stmt->bind_param("i", $intUserID); //Bind parameters s - string, b - blob, i - int, etc $stmt->execute();
// If we are on production, ensure page is ssl encrypted for entering in credit card info // Todo: move to global include if (SERVERTAG == "hg" || SERVERTAG == "prod") { if ($_SERVER["HTTPS"] != "on") { header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); exit; } } else { error_reporting(E_ERROR | E_PARSE); //ini_set('display_errors',2); } if (DETECT_USERID) { header("Location: " . PAGE_WALLET); } $strEmail = funct_GetandCleanVariables($_GET['email']); $strError = funct_GetandCleanVariables($_GET['error']); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <title><?php echo WEBSITENAME; ?> </title> <!-- Favicon --> <link rel="icon" type="image/png" href="img/favicon.png" /> <script src="<?php
$strFiatCode = "usd"; } //#### Get the qr code , label and amount from qrcode scanning app if ($strWallet_Address_preload2) { $strWallet_Address_preload = $strWallet_Address_preload2; } //$strWallet_Address_preload = "bitcoin:1Hwau6DA1dAfjhMtakhpkf6jgVmTSfTx5a?amount=0.008003&label=Pizza and Pint"; //get preloaded values for if (!$strWallet_Address_preload) { $strWallet_Address_preload = funct_GetandCleanVariables($_POST["wallet_hash_preload"]); } if (!$intWallet_Crypto_Amt_preload) { $intWallet_Crypto_Amt_preload = funct_GetandCleanVariables($_POST["wallet_crypto_amt_preload"]); } if (!$intWallet_Label_preload) { $intWallet_Label_preload = funct_GetandCleanVariables($_POST["wallet_label_preload"]); } //echo "address= ".$strWallet_Address_preload = $strAddress."<br>"; //echo "amount= ".$amount."<br>" ; // value //echo "label= ". $label."<br><br>" ; // foo bar $BIPSFormat = strstr($strWallet_Address_preload, "bitcoin"); if ($BIPSFormat) { //if BIPS format passed as address then //hack together bips format $strString1 = str_replace("bitcoin:", "", $strWallet_Address_preload); $arr = explode("?", $strString1, 2); $strAddress = $arr[0]; $strQS2 = $arr[1]; //echo "qs= ".$strQS2."<br>"; parse_str($strQS2); $strWallet_Address_preload = $strAddress;
*/ //get values from query string $real_secret = funct_GetandCleanVariables($_GET['secret']); //this I entered into the blockchain wallet form $transaction_hash = funct_GetandCleanVariables($_GET['transaction_hash']); //The transaction hash. $input_address = funct_GetandCleanVariables($_GET['input_address']); //The bitcoin address that received the transaction $value_in_satoshi = funct_GetandCleanVariables($_GET['value']); $intNewCallBackID = funct_GetandCleanVariables($_GET['callbackid']); //callback id of script that called it.. so we can amtch the callback log to the transaction when it updates //coincafe.co amsterdam sends confirms as well so we need to be able to handle updates $confirmations = funct_GetandCleanVariables($_GET['confirms']); //The bitcoin address that received the transaction $intUserID = funct_GetandCleanVariables($_GET['userid']); $strServer = funct_GetandCleanVariables($_GET['server']); //if zero satoshi value then kill script if (!$value_in_satoshi or $value_in_satoshi <= 0) { echo "satoshi:" . $value_in_satoshi; die; } //############ % security checks //################################### //if coming from the loaded send from address then skip this transaction //this is our hack to keep uses from getting free btc via blockchain.info random change address bug! if ($input_address == BLOCKCHAIN_SENDFROMADDRESS) { echo "ignore"; die; } //checks secret key //echo "real_secret=$real_secret - bc secret=".BLOCKCHAIN_SECRET."<br>"; //COINCAFE_API_SECRET
//!$strDo sendcrypto if ($strDo == "sendcrypto") { if (!SEND_ACTIVE) { die('Sending temporarily disabled.'); } $Form_PageFrom = funct_GetandCleanVariables($_POST['page']); $intBTCamt = funct_GetandCleanVariables($_POST['send_amount_crypto']); $intUSDamt = funct_GetandCleanVariables($_POST['send_amount_fiat']); $strWalletHash = funct_GetandCleanVariables($_POST['send_address']); //hackable $strPassword = funct_GetandCleanVariables($_POST['password']); //hackable $strLabel = funct_GetandCleanVariables($_POST['label']); //hackable $strCrypto = funct_GetandCleanVariables($_POST['crypto']); $strFiat = funct_GetandCleanVariables($_POST['fiat']); /* //why do we allow get here??? for testing.... easier to hack get $strMethod = funct_GetandCleanVariables($_GET['get']); if($strMethod){ // /mods/sendcrypto.php?do=sendcrypto&send_amount_crypto=.01&send_address=1FTJXv8FjqyQ1HUTx7HeLxVaZTnc8E3muW&label=testing $Form_PageFrom = funct_GetandCleanVariables($_GET['page']); $intBTCamt = funct_GetandCleanVariables($_GET['send_amount_crypto']); $intUSDamt = funct_GetandCleanVariables($_GET['send_amount_fiat']); $strWalletHash = funct_GetandCleanVariables($_GET['send_address']); $strPassword = funct_GetandCleanVariables($_GET['password']); $strLabel = funct_GetandCleanVariables($_GET['label']); $strCrypto = funct_GetandCleanVariables($_GET['crypto']); $strFiat = funct_GetandCleanVariables($_GET['fiat']); } */
<?php require "inc/session.php"; //$strErrorMSG = trim($_GET["msg"]); //set error msg manually in query $strErrorMSG = funct_GetandCleanVariables($_GET["msg"]); //set error msg manually in query $strEmail = funct_GetandCleanVariables($_GET['email']); $strError = funct_GetandCleanVariables($_GET['error']); $strError_forgot = funct_GetandCleanVariables($_GET['error_forgot']); $_SESSION['last_post'] = time(); $_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; //if(!$strErrorMSG){ $strErrorMSG=$strError;} if (!$strEmail) { $strEmail = $_COOKIE[SESSION_EMAIL]; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta charset="UTF-8"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta name="viewport" content="width=device-width"> <link rel="icon" type="image/png" href="img/favicon.png" /> <link href="css/bootstrap.min.css" rel="stylesheet"> <link href="css/custom.css" rel="stylesheet" /> <link rel="stylesheet" href="css/bootstrapValidator.min.css"/> <?php
</a> </div> <!-- Collect the nav links, forms, and other content for toggling --> <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1"> <ul class="nav navbar-nav"> <li class="active"><a href="<?php echo PAGE_WALLET; ?> ">Wallet</a></li> </ul> <?php if (DETECT_USERID) { $strUserIDhud = funct_GetandCleanVariables(DETECT_USERID); //Get User Data from DataBase $query = "SELECT * FROM " . TBL_USERS . " WHERE id = " . $strUserIDhud; //echo "SQL STMNT = " . $query . "<br>"; $rs = mysqli_query($DB_LINK, $query) or die(mysqli_error()); $row = mysqli_fetch_array($rs); $intUserID_hud = $row["id"]; $Password_hud = $row["password"]; $Email_hud = $row["email"]; $strFirstName_hud = $row["first_name"]; $strLastName_hud = $row["last_name"]; $strPhone_hud = $row["cellphone"]; //$strWelcomeName = $Email_hud ; if ($strFirstName_hud) { $strWelcomeName = $strFirstName_hud; }
$intType = funct_GetandCleanVariables($_GET["type"]); //1=songs, 2=pics, 3=ringtones, 7=albums, 9=people $intUserID2 = funct_GetandCleanVariables($_GET["user2"]); //for me.php , comments $sortby = funct_GetandCleanVariables($_GET["sort"]); $intFilter = funct_GetandCleanVariables($_GET["f"]); if (!$intFilter) { $intFilter = 0; } //show all types //$strSearchTXT = functCleanSQLText(trim($_GET["searchtxt"])); $intMod = funct_GetandCleanVariables($_GET["m"]); //is this user a moderator? $intRecID = funct_GetandCleanVariables($_GET["recid"]); //to return single cell of record just uploaded $intUserID_viewer = funct_GetandCleanVariables($_GET["viewer"]); //userid of user currently viewing the content if ($strDo == "iframe") { ?> <link href="css/web.css" media="screen" rel="stylesheet" type="text/css"> <script src="js/web.js" type="text/javascript"></script> <?php } } else { //file is being included and values are preset //...? nothing.. values should already be set in included file } //security check... $intUserID_viewer = DETECT_USERID; //always get current user from function-cookie if (!$intUserID_viewer) {