$sql = "SELECT balance FROM movements WHERE account_id = {$act['id']} ORDER BY id DESC LIMIT 0,1"; $q = mysqli_query($GLOBALS["___mysqli_ston"], $sql); if (mysqli_num_rows($q)) { $pbal = mysqli_fetch_assoc($q); $prevBal = $pbal['balance']; } $newBal = $prevBal + $a; //Get the current block $cBlock = $b[$x]->getblockcount(); mysqli_query($GLOBALS["___mysqli_ston"], "INSERT INTO movements(`account_id`,`dtime`,`description`,`amount`,`credit`,`balance`,`txblock`) VALUES({$act['id']},'" . date("Y-m-d H:i:s") . "','{$coin_list[$x]} deposit',{$a},1,{$newBal},{$cBlock})"); mysqli_query($GLOBALS["___mysqli_ston"], "UPDATE accounts SET balance = balance + {$a} WHERE id = {$act['id']}"); //Check if account is forwarded if ($act['forward'] == 1) { $isValid = $b[$x]->validateaddress($act['forward_to']); if ($isValid['isvalid'] != 1) { $invBTC = makeSQLSafe($act['forward_to']); mysqli_query($GLOBALS["___mysqli_ston"], "INSERT INTO messages(`uid`,`dtime`,`message`) VALUES({$acc[1]},'" . date("Y-m-d H:i:s") . "','ERROR Invalid address to forward your deposits to :: {$invBTC}. Amount remains in your account!')"); } elseif ($isValid['ismine'] == 1) { //It's forward to a local address, so we just move the balance $recAct = explode("_", $isValid['account']); if (!is_array($recAct) || sizeof($recAct) != 3) { mysqli_query($GLOBALS["___mysqli_ston"], "INSERT INTO messages(`uid`,`dtime`,`message`) VALUES({$acc[1]},'" . date("Y-m-d H:i:s") . "','ERROR Invalid account to forward your deposits to - local account is not an user account :: {$invBTC}. Amount remains in your account!')"); } else { $sql = "SELECT * FROM accounts WHERE uid = {$recAct[1]} AND account_id = {$recAct[2]}"; $q = mysqli_query($GLOBALS["___mysqli_ston"], $sql); if (!mysqli_num_rows($q)) { mysqli_query($GLOBALS["___mysqli_ston"], "INSERT INTO messages(`uid`,`dtime`,`message`) VALUES({$acc[1]},'" . date("Y-m-d H:i:s") . "','ERROR Invalid account to forward your deposits to - local account not found :: {$invBTC}. Amount remains in your account!')"); } else { $receiver = mysqli_fetch_assoc($q); $nextBal = $newBal - $a; mysqli_query($GLOBALS["___mysqli_ston"], "INSERT INTO movements(`account_id`,`dtime`,`description`,`amount`,`credit`,`balance`,`txblock`) VALUES({$act['id']},'" . date("Y-m-d H:i:s") . "','Forward to {$act['forward_to']}',{$a},0,{$nextBal},{$cBlock})");
<?php defined("_V") || die("Direct access not allowed!"); $e = array(); isset($_POST['account_id']) && is_numeric($_POST['account_id']) ? $aid = $_POST['account_id'] : ($e[] = "Account ID missing!"); isset($_POST['fwd']) && is_numeric($_POST['fwd']) && $_POST['fwd'] >= 0 && $_POST['fwd'] <= 1 ? $fwd = $_POST['fwd'] : ($e[] = "Account forwarding not set!"); isset($_POST['fwdto']) && trim($_POST['fwdto']) ? $fwdto = makeSQLSafe(trim($_POST['fwdto'])) : ($fwdto = ""); isset($_POST['name']) && trim($_POST['name']) ? $name = makeSQLSafe(trim($_POST['name'])) : ($e[] = "Account name missing!"); isset($_POST['pass']) && trim($_POST['pass']) ? $pass = trim($_POST['pass']) : ($e[] = "Password missing!"); $account_num = trim($_POST['account_type']); if ($fwd == 1 && !$fwdto) { $e[] = "You must enter a bitcoin address to forward to!"; } if (empty($e)) { $sql = "SELECT a.pass, b.salt FROM users AS a, salt AS b WHERE a.id = {$_SESSION['id']} AND b.uid = a.id"; $q = mysqli_query($GLOBALS["___mysqli_ston"], $sql); $mu = mysqli_fetch_assoc($q); $testPass = hash("ripemd160", $pass . $mu['salt']); if ($testPass != $mu['pass']) { $e[] = "Wrong current password!"; } } if (empty($e)) { $sql = "SELECT * FROM accounts WHERE id = {$aid} AND uid = {$_SESSION['id']}"; $q = mysqli_query($GLOBALS["___mysqli_ston"], $sql); if (!mysqli_num_rows($q)) { $e[] = "Account not found!"; } } if (empty($e)) { $sql = "SELECT * FROM accounts WHERE account_name LIKE '{$name}' AND uid = {$_SESSION['id']} AND id != {$aid}";
<?php defined("_V") || die("Direct access not allowed!"); $e = array(); isset($_POST['user']) && trim($_POST['user']) ? $user = makeSQLSafe(trim($_POST['user'])) : ($e[] = "Username missing!"); isset($_POST['pass']) && trim($_POST['pass']) ? $pass = trim($_POST['pass']) : ($e[] = "Password missing!"); if (empty($e)) { $sql = "SELECT a.*, b.salt FROM users AS a, salt AS b WHERE a.user LIKE '{$user}' AND b.uid = a.id"; $q = mysqli_query($GLOBALS["___mysqli_ston"], $sql); if (!mysqli_num_rows($q)) { $e[] = "Username not found or wrong password!"; } } if (empty($e)) { $u = mysqli_fetch_assoc($q); $tpass = hash("ripemd160", $pass . $u['salt']); if ($tpass != $u['pass']) { $e[] = "Username not found or wrong password!"; } } if (empty($e)) { $_SESSION['id'] = $u['id']; $_SESSION['user'] = $u['user']; $_SESSION['name'] = $u['name']; $_SESSION['email'] = $u['email']; $_SESSION['is_admin'] = $u['is_admin']; } else { $error = implode("<br/>", $e); }
<?php defined("_V") || die("Direct access not allowed!"); $e = array(); $account_type = makeSQLSafe(trim($_POST['account_type'])); $sql = "SELECT COUNT(*) AS myAccounts FROM accounts WHERE uid = {$_SESSION['id']} and account_type = '{$account_type}'"; $q = mysqli_query($GLOBALS["___mysqli_ston"], $sql); $r = mysqli_fetch_array($q); $nrAccounts = $r['myAccounts']; if ($nrAccounts > $config['user_l_accounts']['value']) { $e[] = "You already have the maximum allowed accounts per user in this system!"; } if (empty($e)) { isset($_POST['name']) && trim($_POST['name']) ? $name = makeSQLSafe(trim($_POST['name'])) : ($e[] = "Account name missing!"); isset($_POST['fwd']) && is_numeric($_POST['fwd']) && $_POST['fwd'] >= 0 && $_POST['fwd'] <= 1 ? $fwd = $_POST['fwd'] : ($e[] = "Account forwarding not set!"); isset($_POST['fwdto']) && trim($_POST['fwdto']) ? $fwdto = makeSQLSafe(trim($_POST['fwdto'])) : ($fwdto = ""); } if ($fwd == 1 && !$fwdto) { $e[] = "You must enter a {$account_type} address to forward to!"; } if (empty($e)) { $sql = "SELECT * FROM accounts WHERE account_name LIKE '{$name}' AND uid = {$_SESSION['id']}"; ## AND id != $aid"; $q = mysqli_query($GLOBALS["___mysqli_ston"], $sql); if (mysqli_num_rows($q)) { $e[] = "You already have another account with that same name!"; } } if (empty($e) && $fwd == 1) { $valid = $b[$x]->validateaddress($fwdto); if ($valid['isvalid'] != 1) {
<?php defined("_V") || die("Direct access not allowed!"); $e = array(); isset($_POST['addrto']) && trim($_POST['addrto']) ? $addrto = makeSQLSafe(trim($_POST['addrto'])) : ($e[] = "Destination address missing!"); isset($_POST['amount']) && is_numeric($_POST['amount']) ? $amount = round($_POST['amount'], 8) : ($e[] = "Amount missing!"); isset($_POST['pass']) && trim($_POST['pass']) ? $pass = trim($_POST['pass']) : ($e[] = "Password missing!"); $account_num = trim($_POST['account_type']); if (empty($e)) { $sql = "SELECT a.pass, b.salt FROM users AS a, salt AS b WHERE a.id = {$_SESSION['id']} AND b.uid = a.id"; $q = mysqli_query($GLOBALS["___mysqli_ston"], $sql); $mu = mysqli_fetch_assoc($q); $testPass = hash("ripemd160", $pass . $mu['salt']); if ($testPass != $mu['pass']) { $e[] = "Wrong current password!"; } } if (empty($e)) { $isValid = $b[$account_num]->validateaddress($addrto); if ($isValid['isvalid'] != 1) { $e[] = "Invalid destination address!"; } } if (empty($e)) { $act = explode("_", $_SESSION['btaccount']); if (!is_array($act) || sizeof($act) != 3) { $e[] = "SESSION ERROR! Please logout and login again!"; } } if (empty($e)) { $sql = "SELECT id,balance FROM accounts WHERE uid = {$_SESSION['id']} AND account_id = {$act[2]}";
<?php defined("_V") || die("Direct access not allowed!"); $e = array(); isset($_POST['user']) && trim($_POST['user']) ? $user = makeSQLSafe(trim($_POST['user'])) : ($e[] = "Username missing!"); isset($_POST['pass']) && trim($_POST['pass']) ? $pass = trim($_POST['pass']) : ($e[] = "Password missing!"); isset($_POST['pass2']) && trim($_POST['pass2']) ? $pass2 = trim($_POST['pass2']) : ($e[] = "Password confirmation missing!"); isset($_POST['name']) && trim($_POST['name']) ? $name = makeSQLSafe(trim($_POST['name'])) : ($e[] = "Name missing!"); isset($_POST['email']) && trim($_POST['email']) ? $email = makeSQLSafe(trim($_POST['email'])) : ($email = ""); if (!$email && $config['require_email']['value'] == "true") { $e[] = "Email missing!"; } if (strlen($user) > 32) { $e[] = "Username too long. Max. 32 chars!"; } if (strlen($pass) < 5) { $e[] = "Password too short! Min. 5 chars!"; } if (empty($e) && $email && !isValidEmail($email)) { $e[] = "Invalid email!"; } if (empty($e) && $pass != $pass2) { $e[] = "Password and confirmation doesn't match!"; } if (empty($e)) { $sql = "SELECT * FROM users WHERE user LIKE '{$user}'"; $q = mysqli_query($GLOBALS["___mysqli_ston"], $sql); if (mysqli_num_rows($q)) { $e[] = "Username in use!"; } }