function issue($commodity, $amount)
{
if (!is_numeric($amount) || $amount <= 0) {
// Not a suitable number.
error('field/invalid', 'amount');
}
// Make and store the address pair:
$keypair = generateKeyPair();
$publicKey = storeKeyPair($keypair);
// Build the API message. It requires the tag, amount and an address.
$payload = '{"tag":"' . $commodity . '","amount":' . $amount . ',"address":"' . $publicKey . '"}';
// Call the issue API:
$error;
$result = callRoot('commodity/issue', $payload, $error);
if ($error) {
// Failed.
return false;
}
// Ok!
return true;
}
postedTo();
// Get the payment reference - this is simply as-is as it can be anything:
$reference = escape(safe('reference', true));
// The username of who is being paid. Required as this essentially gets converted into an address:
$username = safe('username', VALID_NAME);
// A title for the payment. E.g. 'Shirt Order':
$title = safe('title', VALID_TITLE);
// The from username (optional). E.g. 'starling.shirts':
$from = safe('from', VALID_NAME, null, true);
// The from name (optional). E.g. 'Starling Shirts':
$name = safe('name', VALID_TITLE, null, true);
// The item data:
$itemData = safe('items', VALID_ARRAY);
// Must contain at least products:
safe('products', VALID_ARRAY, $itemData);
// Does the account exist here?
$account = $dz->get_row('select ID from `Bank.Accounts` where Username="******"');
if (!$account) {
// Nope!
error('account/notfound');
}
// Generate a new keypair. This is where they primarily originate from.
// When a transaction is seen on the public key, we'll know it completed for this reference.
$keypair = generateKeyPair();
$publicKey = storeKeyPair($keypair);
// Add to table of pending incomings:
$dz->query('insert into `Bank.Incomings`(`Reference`,`Key`,`Account`,`Title`,`From`,`ItemInformation`,`Name`) values("' . $reference . '",unhex("' . $publicKey . '"),' . $account['ID'] . ',"' . $title . '","' . $from . '","' . escape(json_encode($itemData), true) . '","' . $name . '")');
// An address is always available and the TX will happen instantly.
// Note that if this is an address cache, delay will typically be set.
// The address pool may have been exhausted (in which case we return {"status":"EMPTY","refill":a_unix_timestamp} instead)
echo '{"address":{"status":"OK","value":"' . $publicKey . '"},"delay":0}';
// Email address:
$email = strtolower(safe('email', VALID_EMAIL));
// Has the device already got an account assigned to it? If so, another device entry is required.
// This prevents one device having access to potentially thousands of accounts (i.e. badly implemented API users).
if ($verifiedAccount != 0) {
// Device already has an account assigned to it.
error('device/assigned');
}
// Username available?
$row = $dz->get_row('select Username from `Root.Usernames` where `Username`="' . $user . '"');
if ($row) {
// Username used.
error('username/exists');
}
// Generate a keypair which is used to sign for this user:
$signPair = generateKeyPair();
// Get the public key as hex:
$pubSignKey = bin2hex($signPair['public']);
// 'Claim' the username by calling the root API:
$error;
$result = callRoot('username/create', '{"username":"******","public_key":"' . $pubSignKey . '"}', $error);
if ($error) {
// Error claiming the username.
// This mainly indicates that one or more people tried to obtain it at the same time.
error('username/unclaimed');
}
// Hex the private key too:
$privSignKey = bin2hex($signPair['private']);
// Create the account now:
$dz->query('insert into `Bank.Accounts`(`Username`,`FullName`,`Registered`,`Country`,`SignKey`) values ("' . $user . '","' . $fullName . '",' . time() . ',0,unhex("' . $privSignKey . '"))');
// Get the account row ID:
