public function get_rows($start = 0)
{
// Get rows to display
$bip32 = new bip32();
$rows = DB::query("SELECT * FROM coin_wallets WHERE status = 'active' ORDER BY id");
// Go through rows
$results = array();
foreach ($rows as $row) {
$row['checkbox'] = "<center><input type=\"checkbox\" name=\"wallet_id[]\" value=\"{$row['id']}\"></center>";
$row['balance'] = $bip32->get_balance($row['id']) . ' BTC';
if ($row['address_type'] == 'multisig') {
$row['address_type'] = 'Multisig - ' . $row['sigs_required'] . ' of ' . $row['sigs_total'];
} else {
$row['address_type'] = 'Standard';
}
array_push($results, $row);
}
// Add total
$total = DB::queryFirstField("SELECT count(*) FROM coin_wallets WHERE status = 'active'");
if ($total > 1) {
// Get balance
$total_balance = DB::queryFirstField("SELECT sum(amount) FROM coin_inputs WHERE is_spent = 0");
if ($total_balance == '') {
$total_balance = 0;
}
// Set vars
$vars = array('checkbox' => " ", 'id' => " ", 'display_name' => '<b>Total</b>', 'address_type' => " ", 'balance' => '<b>' . fmoney_coin($total_balance) . ' BTC</b>');
array_push($results, $vars);
}
// Return
return $results;
}
public function create_pending_session($wallet_id, $product_id = 0, $amount = 0, $currency = 'btc')
{
// Initialize
global $config, $template;
$userid = LOGIN === true ? $GLOBALS['userid'] : 0;
$expire_time = time() + $config['payment_expire_seconds'];
// Get hash
do {
$hash = generate_random_string(120);
if ($row = DB::queryFirstRow("SELECT * FROM coin_pending_payment WHERE pay_hash = %s", hash('sha512', 120))) {
$exists = 1;
} else {
$exists = 0;
}
} while ($exists > 0);
// Get product, if needed
if ($product_id > 0) {
if (!($prow = DB::queryFirstRow("SELECT * FROM products WHERE id = %d", $product_id))) {
trigger_error("Product does not exist, ID# {$product_id}", E_USER_ERROR);
}
$amount = $prow['amount'];
$currency = $prow['currency'];
$item_name = $prow['display_name'];
} else {
$item_name = '';
}
// Get amount
if ($currency == 'fiat') {
$amount_btc = $amount / $config['exchange_rate'];
} else {
$amount_btc = $amount;
$amount = $amount_btc * $config['exchange_rate'];
}
// Get payment address
if ($userid > 0) {
$client = new bip32();
$payment_address = $client->get_user_address($wallet_id, $userid);
// Delete any existing pending payments
DB::query("DELETE FROM coin_pending_payment WHERE payment_address = %s AND status = 'pending'", $payment_address);
} else {
$payment_address = '';
}
// Add to db
DB::insert('coin_pending_payment', array('wallet_id' => $wallet_id, 'pay_hash' => $hash, 'userid' => $userid, 'item_id' => $product_id, 'amount' => $amount, 'amount_btc' => $amount_btc, 'expire_time' => $expire_time, 'payment_address' => $payment_address));
// Template variables
$template->assign('payment_address', $payment_address);
$template->assign('currency', $currency);
$template->assign('amount', fmoney_coin($amount_btc));
$template->assign('amount_fiat', fmoney($amount));
$template->assign('product_id', $product_id);
$template->assign('product_name', $item_name);
// Return hash
return $hash;
}
<?php
// Generate master key
$b32 = new bip32();
$private_key = $b32->generate_master_key();
$public_key = $b32->extended_private_to_public($private_key);
// Send response
$response = array('private_key' => $private_key, 'public_key' => $public_key);
echo json_encode($response);
exit(0);
public function __construct($parts = array())
{
// Initialize
global $config, $template;
// Set variables
if ($config['is_setup'] == 1 && preg_match("/^admin/", trim($_GET['route'], '/'))) {
$panel = 'admin';
$require_login = true;
} else {
$panel = 'public';
$require_login = false;
}
// Check IP restrictions
if ($panel == 'admin' && isset($config['ipallow']) && $config['ipallow'] != '') {
$ok = false;
$ips = explode("\n", $config['ipallow']);
foreach ($ips as $ip) {
if (preg_match("/^{$ip}/", $_SERVER['REMOTE_ADDR'])) {
$ok = true;
break;
}
}
if ($ok === false) {
echo "Access dened by IP restrictions.";
exit(0);
}
}
// Continue setup, if needed
if (DBNAME == '' && isset($_POST['submit']) && $_POST['submit'] == tr('Continue to Next Step')) {
// Initialize
$template = new template('admin/setup/first_time2');
require_once SITE_PATH . '/data/lib/sqlparser.php';
// Check database connection
if (!mysqli_connect($_POST['dbhost'], $_POST['dbuser'], $_POST['dbpass'], $_POST['dbname'], $_POST['dbport'])) {
$template->add_message("Unable to connect to mySQL database using information supplied. Please double check the mySQL information, and try again.", 'error');
}
if (!is_writeable(SITE_PATH . '/data/config.php')) {
$template->add_message("Unable to write to file at /data/config.php. Please change file permissions appropriately, and reload the page.", 'error');
}
if (!is_writeable(SITE_PATH . '/data/backups')) {
$template->add_message("Unable to write to directory at /data/backups/. Please change directory permissions appropriately, and reload the page.", 'error');
}
if (!is_writeable(SITE_PATH . '/data/log')) {
$template->add_message("Unable to write to directory at /data/log/. Please change directory permissions appropriately, and reload the page.", 'error');
}
if (!is_writeable(SITE_PATH . '/data/tpl_c')) {
$template->add_message("Unable to write to directory at /data/tpl_c/. Please change directory permissions appropriately, and reload the page.", 'error');
}
// Check for errors
if ($template->has_errors == 1) {
$template->route = 'admin/setup/first_time';
echo $template->parse();
exit(0);
}
// Define MeekroDB settings
DB::$dbName = $_POST['dbname'];
DB::$user = $_POST['dbuser'];
DB::$password = $_POST['dbpass'];
DB::$host = $_POST['dbhost'];
DB::$port = $_POST['dbport'];
// Parse sql
$sql_lines = SqlParser::parse(file_get_contents(SITE_PATH . '/data/sql/install.sql'));
foreach ($sql_lines as $line) {
DB::query($line);
}
// Save config.php file
$conf = "<?php\n";
$conf .= "define('DBNAME', '" . $_POST['dbname'] . "');\n";
$conf .= "define('DBUSER', '" . $_POST['dbuser'] . "');\n";
$conf .= "define('DBPASS', '" . $_POST['dbpass'] . "');\n";
$conf .= "define('DBHOST', '" . $_POST['dbhost'] . "');\n";
$conf .= "define('DBPORT', '" . $_POST['dbport'] . "');\n";
$conf .= "define('COOKIE_NAME', '" . generate_random_string(6) . "');\n";
$conf .= "define('ENCRYPT_PASS', '" . generate_random_string(32) . "');\n";
$conf .= "define('TESTNET', 0);\n";
$conf .= "?>\n";
// Save config file
file_put_contents(SITE_PATH . '/data/config.php', $conf);
// Parse template
echo $template->parse();
exit(0);
} elseif ($config['is_setup'] != '1' && isset($_POST['_setup_step']) && $_POST['_setup_step'] == '2') {
// Initialize
$template = new template('admin/setup/first_time3');
if (strlen($_POST['username']) < 4) {
$template->add_message('Administrator username must be at least 4 characters in length.', 'error');
}
// Create user
$user = new user();
$user->create(1);
// Update config vars
update_config_var('site_name', $_POST['site_name']);
update_config_var('company_name', $_POST['company_name']);
// Check for errors
if ($template->has_errors == 1) {
$template->route = 'admin/setup/first_time2';
} else {
// Login
$auth = new auth();
$auth->login('admin', false);
}
echo $template->parse();
exit(0);
} elseif ($config['is_setup'] != '1' && isset($_POST['_setup_step']) && $_POST['_setup_step'] == '3') {
// Initialize
$template = new template('admin/setup/first_time4');
// Update config vars
update_config_var('btc_rpc_host', $_POST['btc_rpc_host']);
update_config_var('btc_rpc_user', $_POST['btc_rpc_user']);
update_config_var('btc_rpc_pass', $_POST['btc_rpc_pass']);
update_config_var('btc_rpc_port', $_POST['btc_rpc_port']);
// Test connection
$client = new transaction();
if (!$client->get_info()) {
$template->route = 'admin/setup/first_time3';
$template->add_message('Unable to connect to RPC using the provided settings. Please check the connection information, restart bitcoind, and try again. If you have just started bitcoind for the first time, you will need to wait a while for all blocks to download before continuing.', 'error');
$template->parse();
exit(0);
}
// Parse template
echo $template->parse();
exit(0);
// Complete setup, if needed
} elseif ($config['is_setup'] != '1' && isset($_POST['_setup_step']) && $_POST['_setup_step'] == '4') {
// Initialize
$template = new template('admin/setup/first_time5');
// Update config vars
update_config_var('is_setup', '1');
// Get exchange date
$rate = get_coin_exchange_rate($config['currency']);
if ($rate != 0) {
update_config_var('exchange_rate', $rate);
}
// Add wallet
$bip32 = new bip32();
$bip32->add_wallet();
// Display template
if ($template->has_errors != 1) {
//$template->add_message("Successfully completed first time setup.");
}
echo $template->parse();
exit(0);
}
// Check if setup
if ($config['is_setup'] == 0) {
$template = new template('admin/setup/first_time');
echo $template->parse();
exit(0);
}
// Check login
$auth = new auth();
if ($userid = $auth->check_login($panel, $require_login)) {
define('LOGIN', true);
$GLOBALS['userid'] = $userid;
} else {
define('LOGIN', false);
$GLOBALS['userid'] = 0;
}
// Check admin permission, if needed
if ($panel == 'admin') {
$group_id = DB::queryFirstField("SELECT group_id FROM users WHERE id = %d", $GLOBALS['userid']);
if ($group_id != 1) {
trigger_error("You do not have permission to access this area.", E_USER_ERROR);
}
}
// Parse template
$template = new template();
echo $template->parse();
// Exit
exit(0);
}
array_push($no_keys, array('num' => $num, 'public_key' => $public_key));
$num++;
}
}
// Print response
if (count($no_keys) > 0) {
$template = new template('admin/setup/invalid_bip32_keys');
$template->assign('keys', $no_keys);
$template->parse();
exit(0);
} else {
$template->add_message('Successfully verified public keys, and all private keys match appropriately.');
}
}
// Initialize
$bip32 = new bip32();
// Get wallets
$first = true;
$bip32_key_fields = '';
$required_sigs = 0;
$wallet_id = 0;
$wallet_javascript = '';
$wallet_options = '';
$rows = DB::query("SELECT * FROM coin_wallets WHERE status = 'active' ORDER BY display_name");
foreach ($rows as $row) {
$wallet_id = $row['id'];
$balance = $bip32->get_balance($row['id']);
$wallet_options .= "<option value=\"{$row['id']}\">{$row['display_name']} ({$balance} BTC)";
$wallet_javascript .= "wallets['" . $row['id'] . "'] = " . $row['sigs_total'] . ";\n\t";
// Create BIP32 key fields, if needed
if ($first === true) {
<?php
// Initialize
global $template, $config;
$bip32 = new bip32();
// Transfer wallet
if (isset($_POST['submit']) && $_POST['submit'] == tr('Transfer Wallet')) {
// Initialize
$enc_client = new encrypt();
// Get wallet
if (!($wrow = DB::queryFirstRow("SELECT * FROM coin_wallets WHERE id = %d", $_POST['wallet_id']))) {
trigger_error("Wallet does not exist, ID# {$wallet_id}", E_USER_ERROR);
}
// Add new wallet to DB
DB::insert('coin_wallets', array('address_type' => $wrow['address_type'], 'sigs_required' => $wrow['sigs_required'], 'sigs_total' => $wrow['sigs_total'], 'display_name' => $wrow['display_name']));
$new_wallet_id = DB::insertId();
// Gather BIP32 keys
for ($x = 1; $x <= $wrow['sigs_total']; $x++) {
$public_key = $enc_client->encrypt($_POST['public_key' . $x]);
DB::insert('coin_wallets_keys', array('wallet_id' => $new_wallet_id, 'public_key' => $public_key));
}
// Gather private keys
$x = 1;
$privkeys = array();
while (1) {
$var = 'private_key' . $x;
if (!isset($_POST[$var])) {
break;
}
$privkeys[] = $_POST[$var];
$x++;
<?php
// Initialize
global $template, $config;
$bip32 = new bip32();
// Generate invoice
if (isset($_POST['submit']) && $_POST['submit'] == tr('Generate Invoice')) {
// Get userid
if (!($user_row = DB::queryFirstRow("SELECT * FROM users WHERE username = %s", $_POST['username']))) {
$template->add_message("Username does not exist, {$_POST['username']}", 'error');
}
// Perform checks
if ($_POST['amount'] == '') {
$template->add_message('You did not specify an amount', 'error');
} elseif (!is_numeric($_POST['amount'])) {
$template->add_message('Invalid amount specified, ' . $_POST['amount'], 'error');
} elseif (!$_POST['amount'] > 0) {
$template->add_message('Amount must be greater than 0.', 'error');
}
// Add invoice, if no errors
if ($template->has_errors != 1) {
// Get amounts
if ($_POST['currency'] == 'fiat') {
$amount = $_POST['amount'];
$amount_btc = $amount / $config['exchange_rate'];
} else {
$amount_btc = $_POST['amount'];
$amount = $amount_btc * $config['exchange_rate'];
}
// Generate payment address
$address = $bip32->generate_address($_POST['wallet_id'], $user_row['id']);
<?php
// Initialize
global $template;
// Generate address
if (isset($_POST['submit']) && $_POST['submit'] == tr('Generate Address')) {
// Get userid
if (!($user_row = DB::queryFirstRow("SELECT * FROM users WHERE username = %s", $_POST['gen_username']))) {
trigger_error("Username does not exist, {$_POST['gen_username']}", E_USER_ERROR);
}
// Get wallet ID
if (!isset($_POST['gen_wallet_id'])) {
$_POST['gen_wallet_id'] = DB::queryFirstField("SELECT id FROM coin_wallets WHERE status = 'active' ORDER BY id LIMIT 0,1");
}
// Generate address
$b32 = new bip32();
$address = $b32->generate_address($_POST['gen_wallet_id'], $user_row['id']);
// User message
$template->add_message("Successfully generated new address, <b>{$address}</b>");
}
// Wallet options
$has_multiple_wallets = false;
$wallet_options = '';
$first = true;
$rows = DB::query("SELECT * FROM coin_wallets WHERE status = 'active' ORDER BY display_name");
foreach ($rows as $row) {
$wallet_options .= "<option value=\"{$row['id']}\">{$row['display_name']}";
if ($first === false) {
$has_multiple_wallets = true;
}
$first = false;
public function _encode_signature(Signature $signature)
{
// Init
$client = new bip32();
// Pad r and s to 64 characters.
$rh = str_pad($client->hex_encode($signature->getR()), 64, '0', STR_PAD_LEFT);
$sh = str_pad($client->hex_encode($signature->getS()), 64, '0', STR_PAD_LEFT);
// Check if the first byte of each has its highest bit set,
$t1 = unpack("H*", pack('H*', substr($rh, 0, 2)) & pack('H*', '80'));
$t2 = unpack("H*", pack('H*', substr($sh, 0, 2)) & pack('H*', '80'));
// if so, the result != 00, and must be padded.
$r = $t1[1] !== '00' ? '00' . $rh : $rh;
$s = $t2[1] !== '00' ? '00' . $sh : $sh;
// Create the signature.
$der_sig = '30' . $this->dec_to_bytes(4 + (strlen($r) + strlen($s)) / 2, 1) . '02' . $this->dec_to_bytes(strlen($r) / 2, 1) . $r . '02' . $this->dec_to_bytes(strlen($s) / 2, 1) . $s . '01';
// Return
return $der_sig;
}
// Initialize
global $template, $config;
// Get send
if (!($send = DB::queryFirstRow("SELECT * FROM coin_sends WHERE id = %d", $_REQUEST['send_id']))) {
trigger_error("Send does not exist in database, ID# {$_REQUEST['send_id']}", E_USER_ERROR);
}
if ($send['status'] != 'pending') {
trigger_error("Send is not in pending status, hence can not be signed.", E_USER_ERROR);
}
// Get wallet
if (!($wallet = DB::queryFirstRow("SELECT * FROM coin_wallets WHERE id = %d", $send['wallet_id']))) {
trigger_error("Wallet does not exist, ID# {$send['wallet_id']}", E_USER_ERROR);
}
// Initialize
$bip32 = new bip32();
$enc = new encrypt();
// Get sigs required
$sigs_required = array();
for ($x = 1; $x <= $wallet['sigs_required']; $x++) {
array_push($sigs_required, array('num' => $x));
}
// Gather outputs
$outputs = array();
$send_amount = 0;
$rows = DB::query("SELECT * FROM coin_sends_addresses WHERE send_id = %d ORDER BY id", $send['id']);
foreach ($rows as $row) {
$outputs[$row['address']] = $row['amount'];
$send_amount += $row['amount'];
}
// Gather inputs