$sql = "SELECT balance FROM movements WHERE account_id = {$act['id']} ORDER BY id DESC LIMIT 0,1";
$q = mysqli_query($GLOBALS["___mysqli_ston"], $sql);
if (mysqli_num_rows($q)) {
$pbal = mysqli_fetch_assoc($q);
$prevBal = $pbal['balance'];
}
$newBal = $prevBal + $a;
//Get the current block
$cBlock = $b[$x]->getblockcount();
mysqli_query($GLOBALS["___mysqli_ston"], "INSERT INTO movements(`account_id`,`dtime`,`description`,`amount`,`credit`,`balance`,`txblock`) VALUES({$act['id']},'" . date("Y-m-d H:i:s") . "','{$coin_list[$x]} deposit',{$a},1,{$newBal},{$cBlock})");
mysqli_query($GLOBALS["___mysqli_ston"], "UPDATE accounts SET balance = balance + {$a} WHERE id = {$act['id']}");
//Check if account is forwarded
if ($act['forward'] == 1) {
$isValid = $b[$x]->validateaddress($act['forward_to']);
if ($isValid['isvalid'] != 1) {
$invBTC = makeSQLSafe($act['forward_to']);
mysqli_query($GLOBALS["___mysqli_ston"], "INSERT INTO messages(`uid`,`dtime`,`message`) VALUES({$acc[1]},'" . date("Y-m-d H:i:s") . "','ERROR Invalid address to forward your deposits to :: {$invBTC}. Amount remains in your account!')");
} elseif ($isValid['ismine'] == 1) {
//It's forward to a local address, so we just move the balance
$recAct = explode("_", $isValid['account']);
if (!is_array($recAct) || sizeof($recAct) != 3) {
mysqli_query($GLOBALS["___mysqli_ston"], "INSERT INTO messages(`uid`,`dtime`,`message`) VALUES({$acc[1]},'" . date("Y-m-d H:i:s") . "','ERROR Invalid account to forward your deposits to - local account is not an user account :: {$invBTC}. Amount remains in your account!')");
} else {
$sql = "SELECT * FROM accounts WHERE uid = {$recAct[1]} AND account_id = {$recAct[2]}";
$q = mysqli_query($GLOBALS["___mysqli_ston"], $sql);
if (!mysqli_num_rows($q)) {
mysqli_query($GLOBALS["___mysqli_ston"], "INSERT INTO messages(`uid`,`dtime`,`message`) VALUES({$acc[1]},'" . date("Y-m-d H:i:s") . "','ERROR Invalid account to forward your deposits to - local account not found :: {$invBTC}. Amount remains in your account!')");
} else {
$receiver = mysqli_fetch_assoc($q);
$nextBal = $newBal - $a;
mysqli_query($GLOBALS["___mysqli_ston"], "INSERT INTO movements(`account_id`,`dtime`,`description`,`amount`,`credit`,`balance`,`txblock`) VALUES({$act['id']},'" . date("Y-m-d H:i:s") . "','Forward to {$act['forward_to']}',{$a},0,{$nextBal},{$cBlock})");
<?php
defined("_V") || die("Direct access not allowed!");
$e = array();
isset($_POST['account_id']) && is_numeric($_POST['account_id']) ? $aid = $_POST['account_id'] : ($e[] = "Account ID missing!");
isset($_POST['fwd']) && is_numeric($_POST['fwd']) && $_POST['fwd'] >= 0 && $_POST['fwd'] <= 1 ? $fwd = $_POST['fwd'] : ($e[] = "Account forwarding not set!");
isset($_POST['fwdto']) && trim($_POST['fwdto']) ? $fwdto = makeSQLSafe(trim($_POST['fwdto'])) : ($fwdto = "");
isset($_POST['name']) && trim($_POST['name']) ? $name = makeSQLSafe(trim($_POST['name'])) : ($e[] = "Account name missing!");
isset($_POST['pass']) && trim($_POST['pass']) ? $pass = trim($_POST['pass']) : ($e[] = "Password missing!");
$account_num = trim($_POST['account_type']);
if ($fwd == 1 && !$fwdto) {
$e[] = "You must enter a bitcoin address to forward to!";
}
if (empty($e)) {
$sql = "SELECT a.pass, b.salt FROM users AS a, salt AS b WHERE a.id = {$_SESSION['id']} AND b.uid = a.id";
$q = mysqli_query($GLOBALS["___mysqli_ston"], $sql);
$mu = mysqli_fetch_assoc($q);
$testPass = hash("ripemd160", $pass . $mu['salt']);
if ($testPass != $mu['pass']) {
$e[] = "Wrong current password!";
}
}
if (empty($e)) {
$sql = "SELECT * FROM accounts WHERE id = {$aid} AND uid = {$_SESSION['id']}";
$q = mysqli_query($GLOBALS["___mysqli_ston"], $sql);
if (!mysqli_num_rows($q)) {
$e[] = "Account not found!";
}
}
if (empty($e)) {
$sql = "SELECT * FROM accounts WHERE account_name LIKE '{$name}' AND uid = {$_SESSION['id']} AND id != {$aid}";
<?php
defined("_V") || die("Direct access not allowed!");
$e = array();
isset($_POST['user']) && trim($_POST['user']) ? $user = makeSQLSafe(trim($_POST['user'])) : ($e[] = "Username missing!");
isset($_POST['pass']) && trim($_POST['pass']) ? $pass = trim($_POST['pass']) : ($e[] = "Password missing!");
if (empty($e)) {
$sql = "SELECT a.*, b.salt FROM users AS a, salt AS b WHERE a.user LIKE '{$user}' AND b.uid = a.id";
$q = mysqli_query($GLOBALS["___mysqli_ston"], $sql);
if (!mysqli_num_rows($q)) {
$e[] = "Username not found or wrong password!";
}
}
if (empty($e)) {
$u = mysqli_fetch_assoc($q);
$tpass = hash("ripemd160", $pass . $u['salt']);
if ($tpass != $u['pass']) {
$e[] = "Username not found or wrong password!";
}
}
if (empty($e)) {
$_SESSION['id'] = $u['id'];
$_SESSION['user'] = $u['user'];
$_SESSION['name'] = $u['name'];
$_SESSION['email'] = $u['email'];
$_SESSION['is_admin'] = $u['is_admin'];
} else {
$error = implode("<br/>", $e);
}
<?php
defined("_V") || die("Direct access not allowed!");
$e = array();
$account_type = makeSQLSafe(trim($_POST['account_type']));
$sql = "SELECT COUNT(*) AS myAccounts FROM accounts WHERE uid = {$_SESSION['id']} and account_type = '{$account_type}'";
$q = mysqli_query($GLOBALS["___mysqli_ston"], $sql);
$r = mysqli_fetch_array($q);
$nrAccounts = $r['myAccounts'];
if ($nrAccounts > $config['user_l_accounts']['value']) {
$e[] = "You already have the maximum allowed accounts per user in this system!";
}
if (empty($e)) {
isset($_POST['name']) && trim($_POST['name']) ? $name = makeSQLSafe(trim($_POST['name'])) : ($e[] = "Account name missing!");
isset($_POST['fwd']) && is_numeric($_POST['fwd']) && $_POST['fwd'] >= 0 && $_POST['fwd'] <= 1 ? $fwd = $_POST['fwd'] : ($e[] = "Account forwarding not set!");
isset($_POST['fwdto']) && trim($_POST['fwdto']) ? $fwdto = makeSQLSafe(trim($_POST['fwdto'])) : ($fwdto = "");
}
if ($fwd == 1 && !$fwdto) {
$e[] = "You must enter a {$account_type} address to forward to!";
}
if (empty($e)) {
$sql = "SELECT * FROM accounts WHERE account_name LIKE '{$name}' AND uid = {$_SESSION['id']}";
## AND id != $aid";
$q = mysqli_query($GLOBALS["___mysqli_ston"], $sql);
if (mysqli_num_rows($q)) {
$e[] = "You already have another account with that same name!";
}
}
if (empty($e) && $fwd == 1) {
$valid = $b[$x]->validateaddress($fwdto);
if ($valid['isvalid'] != 1) {
<?php
defined("_V") || die("Direct access not allowed!");
$e = array();
isset($_POST['addrto']) && trim($_POST['addrto']) ? $addrto = makeSQLSafe(trim($_POST['addrto'])) : ($e[] = "Destination address missing!");
isset($_POST['amount']) && is_numeric($_POST['amount']) ? $amount = round($_POST['amount'], 8) : ($e[] = "Amount missing!");
isset($_POST['pass']) && trim($_POST['pass']) ? $pass = trim($_POST['pass']) : ($e[] = "Password missing!");
$account_num = trim($_POST['account_type']);
if (empty($e)) {
$sql = "SELECT a.pass, b.salt FROM users AS a, salt AS b WHERE a.id = {$_SESSION['id']} AND b.uid = a.id";
$q = mysqli_query($GLOBALS["___mysqli_ston"], $sql);
$mu = mysqli_fetch_assoc($q);
$testPass = hash("ripemd160", $pass . $mu['salt']);
if ($testPass != $mu['pass']) {
$e[] = "Wrong current password!";
}
}
if (empty($e)) {
$isValid = $b[$account_num]->validateaddress($addrto);
if ($isValid['isvalid'] != 1) {
$e[] = "Invalid destination address!";
}
}
if (empty($e)) {
$act = explode("_", $_SESSION['btaccount']);
if (!is_array($act) || sizeof($act) != 3) {
$e[] = "SESSION ERROR! Please logout and login again!";
}
}
if (empty($e)) {
$sql = "SELECT id,balance FROM accounts WHERE uid = {$_SESSION['id']} AND account_id = {$act[2]}";
<?php
defined("_V") || die("Direct access not allowed!");
$e = array();
isset($_POST['user']) && trim($_POST['user']) ? $user = makeSQLSafe(trim($_POST['user'])) : ($e[] = "Username missing!");
isset($_POST['pass']) && trim($_POST['pass']) ? $pass = trim($_POST['pass']) : ($e[] = "Password missing!");
isset($_POST['pass2']) && trim($_POST['pass2']) ? $pass2 = trim($_POST['pass2']) : ($e[] = "Password confirmation missing!");
isset($_POST['name']) && trim($_POST['name']) ? $name = makeSQLSafe(trim($_POST['name'])) : ($e[] = "Name missing!");
isset($_POST['email']) && trim($_POST['email']) ? $email = makeSQLSafe(trim($_POST['email'])) : ($email = "");
if (!$email && $config['require_email']['value'] == "true") {
$e[] = "Email missing!";
}
if (strlen($user) > 32) {
$e[] = "Username too long. Max. 32 chars!";
}
if (strlen($pass) < 5) {
$e[] = "Password too short! Min. 5 chars!";
}
if (empty($e) && $email && !isValidEmail($email)) {
$e[] = "Invalid email!";
}
if (empty($e) && $pass != $pass2) {
$e[] = "Password and confirmation doesn't match!";
}
if (empty($e)) {
$sql = "SELECT * FROM users WHERE user LIKE '{$user}'";
$q = mysqli_query($GLOBALS["___mysqli_ston"], $sql);
if (mysqli_num_rows($q)) {
$e[] = "Username in use!";
}
}
