Rename allowBTC config parameter
[elbandi:minifaucet.git] / index.php
1 <?php
2
3 require 'core.php';
4
5 session_start();
6
7 \Slim\Slim::registerAutoloader();
8
9 $app = new \Slim\Slim();
10
11 $checkaddress = function ($app, $need = true) {
12     return function () use ($app, $need) {
13         if ($need) {
14             if (empty($_SESSION['address'])) {
15                 $app->redirect($app->urlFor('root'));
16             }
17         } else {
18             if (!empty($_SESSION['address'])) {
19                 $app->redirect($app->urlFor('faucet'));
20             }
21         }
22     };
23 };
24
25 $checkclaim = function ($app) {
26     return function () use ($app) {
27         global $dispenseTime, $recaptchaPub;
28         $address = $_SESSION['address'];
29         $ip = getIP();
30         $sql = "SELECT dispensed FROM dispenses WHERE email='$address' OR ip='$ip' ";
31         $sql .= "ORDER BY id DESC LIMIT 1";
32         $lastclaim_query = sql_query($sql);
33         $canclaim = true;
34
35         if ($lastclaim_query->num_rows) {
36             $lastclaim = fetch_one($lastclaim_query);
37             $lastclaim = strtotime($lastclaim);
38             if ($lastclaim + $dispenseTime > time()) {
39                 $canclaim = false;
40                 $app->view()->setData('nextclaim', relative_time($lastclaim + $dispenseTime));
41             }
42         }
43
44         $app->view()->setData('canclaim', $canclaim);
45         if ($canclaim) {
46             $app->view()->setData('recaptcha', recaptcha_get_html($recaptchaPub));
47         }
48     };
49 };
50
51 $app->hook('slim.before.dispatch', function () use ($app) {
52     global $siteName, $squareAds, $textAds, $bannerAds, $rewards, $links;
53     global $cashout;
54     $address = null;
55     if (isset($_SESSION['address'])) {
56         $address = $_SESSION['address'];
57     }
58
59     $flash = $app->view()->getData('flash');
60
61     $error = '';
62     if (isset($flash['error'])) {
63         $error = $flash['error'];
64     }
65
66     $app->view()->setData('error', $error);
67     $app->view()->setData('address', $address);
68     $app->view()->setData('siteName', $siteName);
69     $app->view()->setData('squareAds', $squareAds);
70     $app->view()->setData('textAds', $textAds);
71     $app->view()->setData('bannerAds', $bannerAds);
72     $app->view()->setData('rewards', $rewards);
73     $app->view()->setData('links', $links);
74     $app->view()->setData('cashout', $cashout);
75     $app->view()->setData('isAdmin', false);
76 });
77
78 $app->get("/", $checkaddress($app, false), function () use ($app) {
79     global $minReward, $maxReward, $dispenseTimeText, $apiKey, $guid;
80     global $allowEmail, $allowCoin;
81     $id = $app->request()->get('id');
82     if (!is_null($id) && is_numeric($id)) {
83         $_SESSION['referer'] = $id;
84     }
85
86     if (!empty($apiKey)) {
87         $app->view()->setData('wallet', "<a href='https://coinbase.com'>Powered by Coinbase</a>");
88     } elseif (!empty($guid)) {
89         $app->view()->setData('wallet', "<a href='https://blockchain.info'>Powered by Blokkchain.info</a>");
90     }
91
92     $addr = array();
93     if ($allowCoin) {
94         $addr[] = "bitcoin";
95     }
96     if ($allowEmail) {
97         $addr[] = "email";
98     }
99     $app->view()->setData('addressType', implode("/", $addr));
100     $app->view()->setData('minReward', $minReward);
101     $app->view()->setData('maxReward', $maxReward);
102     $app->view()->setData('dispenseTimeText', $dispenseTimeText);
103     $app->render('main.php', array('title' => 'Home'));
104 })->name('root');
105
106 $app->get("/about", function () use ($app) {
107     $app->render('about.php', array('title' => 'About'));
108 })->name('about');
109
110 $checkadmin = function ($app) {
111     return function () use ($app) {
112         $app->view()->setData('isAdmin', isset($_SESSION['isadmin']) ? $_SESSION['isadmin'] : false);
113     };
114 };
115
116 $app->get("/admin(/:cmd)", $checkadmin($app), function ($cmd = null) use ($app) {
117     global $recaptchaPub, $fee;
118
119 /*
120     if (($cmdget = $app->request()->get('cmd')) != null) {
121         $cmd = $cmdget;
122     }
123 */
124     $flash = $app->view()->getData('flash');
125     $isadmin = $app->view()->getData('isAdmin');
126     switch ($cmd) {
127         default:
128 defaultlabel:
129             if (!isset($_SESSION['isadmin'])) {
130                 $app->view()->setData('recaptcha', recaptcha_get_html($recaptchaPub));
131             }
132             $app->view()->setData('serverbalance', number_format(getserverbalance()));
133             $app->render('admin.php', array('title' => 'Admin'));
134     }
135 })->name('admin');
136
137 $app->post("/admin", $checkadmin($app), function () use ($app) {
138     global $adminSeccode, $recaptchaPrv;
139     $isadmin = $app->view()->getData('isAdmin');
140     $cmd = $app->request()->post('cmd');
141     switch ($cmd) {
142         case "logout":
143             unset($_SESSION['isadmin']);
144             break;
145         case "login":
146             $seccode = $app->request()->post('seccode');
147             if (!empty($adminSeccode) && $seccode === $adminSeccode) {
148                 $resp = recaptcha_check_answer($recaptchaPrv, getIP(),
149                     $app->request()->post('recaptcha_challenge_field'), $app->request()->post('recaptcha_response_field'));
150                 if ($resp->is_valid) {
151                     $_SESSION['isadmin'] = true;
152                 } else {
153                     $app->flash('error', "CAPTCHA incorrect. Please try again.");
154                 }
155             } else {
156                 $app->flash('error', "Invalid security code.");
157             }
158             break;
159         default:
160 defaultlabel:
161             break;
162     }
163     $app->redirect($app->urlFor('admin'));
164 })->name('post_admin');
165
166 $app->get("/faucet", $checkaddress($app, true), $checkclaim($app), function () use ($app) {
167     global $referPercent, $forcewait;
168     $flash = $app->view()->getData('flash');
169     $address = $app->view()->getData('address');
170
171     $amount = null;
172     if (isset($flash['amount'])) {
173         $amount = $flash['amount'];
174     }
175     $sentamount = null;
176     if (isset($flash['sentamount'])) {
177         $sentamount = $flash['sentamount'];
178     }
179
180     $query_balance = sql_query("SELECT * FROM balances WHERE email='$address'");
181     if ($query_balance->num_rows) {
182         $balance = $query_balance->fetch_assoc();
183     } else {
184         $balance = array('balance' => 0, 'totalbalance' => 0, 'id' => 0);
185     }
186
187     $app->view()->setData('balance_current', $balance["balance"]);
188     $app->view()->setData('balance_alltime', $balance["totalbalance"]);
189     $reflink = "http://" . $_SERVER['SERVER_NAME'] . $app->urlFor('root') . "?id=" . $balance["id"];
190     $app->view()->setData('reflink', $reflink);
191     $app->view()->setData('serverbalance', number_format(getserverbalance()));
192     $app->view()->setData('forcewait', $forcewait);
193     $app->view()->setData('referPercent', $referPercent);
194
195     $app->view()->setData('amount', $amount);
196     $app->view()->setData('sentamount', $sentamount);
197     $app->render('faucet.php', array('title' => 'Faucet'));
198 })->name('faucet');
199
200 $app->post("/claim", $checkaddress($app, true), $checkclaim($app), function () use ($app) {
201     global $mysqli, $rewards, $recaptchaPrv, $referPercent;
202
203     $address = $app->view()->getData('address');
204     $resp = recaptcha_check_answer($recaptchaPrv, getIP(),
205         $app->request()->post('recaptcha_challenge_field'), $app->request()->post('recaptcha_response_field'));
206     if ($resp->is_valid) {
207         $canclaim = $app->view()->getData('canclaim');
208         if (!$canclaim) {
209             $app->redirect($app->urlFor('faucet'));
210         }
211         $referral = isset($_SESSION['referer']) ? $_SESSION['referer'] : 0;
212         $amount = $rewards[rand(0, count($rewards)-1)];
213         $sql = "INSERT INTO balances(balance, totalbalance, email, referredby) ";
214         $sql .= "VALUES($amount, $amount, '$address', $referral) ON DUPLICATE KEY ";
215         $sql .= "UPDATE balance = balance + $amount, totalbalance = totalbalance + $amount;";
216         sql_query($sql);
217         if ($mysqli->affected_rows == 2) {
218             // existing user, check referral
219             $referral_query = sql_query("SELECT referredby FROM balances WHERE email='$address'");
220             $referral = fetch_one($referral_query);
221         }
222
223         $ua = $mysqli->real_escape_string($_SERVER['HTTP_USER_AGENT']);
224         $ip = getIP();
225         $date = date("Y-m-d H:i:s");
226         $sql = "INSERT INTO dispenses(amount, dispensed, email, ip, useragent) ";
227         $sql .= "VALUES('$amount', '$date', '$address', '$ip', '$ua')";
228         sql_query($sql);
229
230         if ($referral != 0) {
231             $referredamount = $amount * ($referPercent / 100);
232             $sql = "UPDATE balances SET balance = balance + $referredamount, totalbalance = totalbalance + $referredamount ";
233             $sql .= "WHERE id='$referral'";
234             sql_query($sql);
235         }
236
237         $app->view()->setData('canClaim', true);
238         $app->view()->setData('nextClaim', relative_time(time()+1));
239         $app->flash('amount', $amount);
240     } else {
241         $app->flash('error', "CAPTCHA incorrect. Please try again.");
242     }
243     $app->redirect($app->urlFor('faucet'));
244 })->name('claim');
245
246 $app->post("/cashout", $checkaddress($app, true), function () use ($app) {
247     global $cashout;
248
249     $address = $app->view()->getData('address');
250     $balance_query = sql_query("SELECT balance FROM balances WHERE email='$address'");
251     if ($balance_query->num_rows) {
252         $balance = fetch_one($balance_query);
253         if ($balance >= $cashout) {
254             sql_query("UPDATE balances SET balance = balance - $balance WHERE email='$address'");
255             // race attacks check
256             $balance_query = sql_query("SELECT balance FROM balances WHERE email='$address'");
257             $balancecheck = fetch_one($balance_query);
258             if ($balancecheck >= 0) {
259                 try {
260                     sendMoney($address, $balance);
261                     $app->flash('sentamount', true);
262                 } catch (NoCashException $e) {
263                     $app->flash('error', "The site does not have enough coins to pay out! No balance deducted.");
264                     sql_query("UPDATE balances SET balance = balance + $balance WHERE email='$address'");
265                 } catch (Exception $e) {
266                     $response = $e->getMessage();
267                     $app->flash('error', "An error has occured - $response");
268                     sql_query("UPDATE balances SET balance = balance + $balance WHERE email='$address'");
269                 }
270             }
271         } else {
272             $app->flash('error', "Amount is too small");
273         }
274     } else {
275         $app->flash('error', "You don't have enough coins to cash out");
276     }
277     $app->redirect($app->urlFor('faucet'));
278 })->name('cashout');
279
280 $app->post("/faucet", function () use ($app) {
281     global $mysqli, $allowEmail, $allowCoin;
282     $address = $app->request()->post('address');
283
284     if (!checkaddress($address)) {
285         $err = array();
286         if ($allowCoin) {
287             $err[] = "bitcoin";
288         }
289         if ($allowEmail) {
290             $err[] = "email";
291         }
292         $app->flash('error', "Not a valid ".implode("/", $err)." address!");
293         $app->redirect($app->urlFor('root'));
294     }
295
296     $_SESSION['address'] = $mysqli->real_escape_string($address);
297     $app->redirect($app->urlFor('faucet'));
298 })->name("post_faucet");
299
300 $app->get('/(:segments+)', function ($segments) use ($app) {
301     $app->redirect($app->urlFor('root'));
302 })->name('catchall');
303
304 $app->run();