index.php

   1 <?php
   2
   3 require 'core.php';
   4
   5 session_start();
   6
   7 \Slim\Slim::registerAutoloader();
   8
   9 $app = new \Slim\Slim();
  10
  11 $checkaddress = function ($app, $need = true) {
  12     return function () use ($app, $need) {
  13         if ($need) {
  14             if (empty($_SESSION['address'])) {
  15                 $app->redirect($app->urlFor('root'));
  16             }
  17         } else {
  18             if (!empty($_SESSION['address'])) {
  19                 $app->redirect($app->urlFor('faucet'));
  20             }
  21         }
  22     };
  23 };
  24
  25 $checkclaim = function ($app) {
  26     return function () use ($app) {
  27         global $dispenseTime, $recaptchaPub;
  28         $address = $_SESSION['address'];
  29         $ip = getIP();
  30         $sql = "SELECT dispensed FROM dispenses WHERE email='$address' OR ip='$ip' ";
  31         $sql .= "ORDER BY id DESC LIMIT 1";
  32         $lastclaim_query = sql_query($sql);
  33         $canclaim = true;
  34
  35         if ($lastclaim_query->num_rows) {
  36             $lastclaim = fetch_one($lastclaim_query);
  37             $lastclaim = strtotime($lastclaim);
  38             if ($lastclaim + $dispenseTime > time()) {
  39                 $canclaim = false;
  40                 $app->view()->setData('nextclaim', relative_time($lastclaim + $dispenseTime));
  41             }
  42         }
  43
  44         $app->view()->setData('canclaim', $canclaim);
  45         if ($canclaim) {
  46             $app->view()->setData('recaptcha', recaptcha_get_html($recaptchaPub));
  47         }
  48     };
  49 };
  50
  51 $app->hook('slim.before.dispatch', function () use ($app) {
  52     global $siteName, $squareAds, $textAds, $bannerAds, $rewards, $links;
  53     global $cashout;
  54     $address = null;
  55     if (isset($_SESSION['address'])) {
  56         $address = $_SESSION['address'];
  57     }
  58
  59     $flash = $app->view()->getData('flash');
  60
  61     $error = '';
  62     if (isset($flash['error'])) {
  63         $error = $flash['error'];
  64     }
  65
  66     $app->view()->setData('error', $error);
  67     $app->view()->setData('address', $address);
  68     $app->view()->setData('siteName', $siteName);
  69     $app->view()->setData('squareAds', $squareAds);
  70     $app->view()->setData('textAds', $textAds);
  71     $app->view()->setData('bannerAds', $bannerAds);
  72     $app->view()->setData('rewards', $rewards);
  73     $app->view()->setData('links', $links);
  74     $app->view()->setData('cashout', $cashout);
  75     $app->view()->setData('isAdmin', false);
  76 });
  77
  78 $app->get("/", $checkaddress($app, false), function () use ($app) {
  79     global $minReward, $maxReward, $dispenseTimeText, $apiKey, $guid;
  80     global $allowEmail, $allowBTC;
  81     $id = $app->request()->get('id');
  82     if (!is_null($id) && is_numeric($id)) {
  83         $_SESSION['referer'] = $id;
  84     }
  85
  86     if (!empty($apiKey)) {
  87         $app->view()->setData('wallet', "<a href='https://coinbase.com'>Powered by Coinbase</a>");
  88     } elseif (!empty($guid)) {
  89         $app->view()->setData('wallet', "<a href='https://blockchain.info'>Powered by Blokkchain.info</a>");
  90     }
  91
  92     $addr = array();
  93     if ($allowBTC) {
  94         $addr[] = "bitcoin";
  95     }
  96     if ($allowEmail) {
  97         $addr[] = "email";
  98     }
  99     $app->view()->setData('addressType', implode("/", $addr));
 100     $app->view()->setData('minReward', $minReward);
 101     $app->view()->setData('maxReward', $maxReward);
 102     $app->view()->setData('dispenseTimeText', $dispenseTimeText);
 103     $app->render('main.php', array('title' => 'Home'));
 104 })->name('root');
 105
 106 $app->get("/about", function () use ($app) {
 107     $app->render('about.php', array('title' => 'About'));
 108 })->name('about');
 109
 110 $checkadmin = function ($app) {
 111     return function () use ($app) {
 112         $app->view()->setData('isAdmin', isset($_SESSION['isadmin']) ? $_SESSION['isadmin'] : false);
 113     };
 114 };
 115
 116 $app->get("/admin(/:cmd)", $checkadmin($app), function ($cmd = null) use ($app) {
 117     global $recaptchaPub, $fee;
 118
 119 /*
 120     if (($cmdget = $app->request()->get('cmd')) != null) {
 121         $cmd = $cmdget;
 122     }
 123 */
 124     $flash = $app->view()->getData('flash');
 125     $isadmin = $app->view()->getData('isAdmin');
 126     switch ($cmd) {
 127         default:
 128 defaultlabel:
 129             if (!isset($_SESSION['isadmin'])) {
 130                 $app->view()->setData('recaptcha', recaptcha_get_html($recaptchaPub));
 131             }
 132             $app->view()->setData('serverbalance', number_format(getserverbalance()));
 133             $app->render('admin.php', array('title' => 'Admin'));
 134     }
 135 })->name('admin');
 136
 137 $app->post("/admin", $checkadmin($app), function () use ($app) {
 138     global $adminSeccode, $recaptchaPrv;
 139     $isadmin = $app->view()->getData('isAdmin');
 140     $cmd = $app->request()->post('cmd');
 141     switch ($cmd) {
 142         case "logout":
 143             unset($_SESSION['isadmin']);
 144             break;
 145         case "login":
 146             $seccode = $app->request()->post('seccode');
 147             if (!empty($adminSeccode) && $seccode === $adminSeccode) {
 148                 $resp = recaptcha_check_answer($recaptchaPrv, getIP(),
 149                     $app->request()->post('recaptcha_challenge_field'), $app->request()->post('recaptcha_response_field'));
 150                 if ($resp->is_valid) {
 151                     $_SESSION['isadmin'] = true;
 152                 } else {
 153                     $app->flash('error', "CAPTCHA incorrect. Please try again.");
 154                 }
 155             } else {
 156                 $app->flash('error', "Invalid security code.");
 157             }
 158             break;
 159         default:
 160 defaultlabel:
 161             break;
 162     }
 163     $app->redirect($app->urlFor('admin'));
 164 })->name('post_admin');
 165
 166 $app->get("/faucet", $checkaddress($app, true), $checkclaim($app), function () use ($app) {
 167     global $referPercent, $forcewait;
 168     $flash = $app->view()->getData('flash');
 169     $address = $app->view()->getData('address');
 170
 171     $amount = null;
 172     if (isset($flash['amount'])) {
 173         $amount = $flash['amount'];
 174     }
 175     $sentamount = null;
 176     if (isset($flash['sentamount'])) {
 177         $sentamount = $flash['sentamount'];
 178     }
 179
 180     $query_balance = sql_query("SELECT * FROM balances WHERE email='$address'");
 181     if ($query_balance->num_rows) {
 182         $balance = $query_balance->fetch_assoc();
 183     } else {
 184         $balance = array('balance' => 0, 'totalbalance' => 0, 'id' => 0);
 185     }
 186
 187     $app->view()->setData('balance_current', $balance["balance"]);
 188     $app->view()->setData('balance_alltime', $balance["totalbalance"]);
 189     $reflink = "http://" . $_SERVER['SERVER_NAME'] . $app->urlFor('root') . "?id=" . $balance["id"];
 190     $app->view()->setData('reflink', $reflink);
 191     $app->view()->setData('serverbalance', number_format(getserverbalance()));
 192     $app->view()->setData('forcewait', $forcewait);
 193     $app->view()->setData('referPercent', $referPercent);
 194
 195     $app->view()->setData('amount', $amount);
 196     $app->view()->setData('sentamount', $sentamount);
 197     $app->render('faucet.php', array('title' => 'Faucet'));
 198 })->name('faucet');
 199
 200 $app->post("/claim", $checkaddress($app, true), $checkclaim($app), function () use ($app) {
 201     global $mysqli, $rewards, $recaptchaPrv, $referPercent;
 202
 203     $address = $app->view()->getData('address');
 204     $resp = recaptcha_check_answer($recaptchaPrv, getIP(),
 205         $app->request()->post('recaptcha_challenge_field'), $app->request()->post('recaptcha_response_field'));
 206     if ($resp->is_valid) {
 207         $canclaim = $app->view()->getData('canclaim');
 208         if (!$canclaim) {
 209             $app->redirect($app->urlFor('faucet'));
 210         }
 211         $referral = isset($_SESSION['referer']) ? $_SESSION['referer'] : 0;
 212         $amount = $rewards[rand(0, count($rewards)-1)];
 213         $sql = "INSERT INTO balances(balance, totalbalance, email, referredby) ";
 214         $sql .= "VALUES($amount, $amount, '$address', $referral) ON DUPLICATE KEY ";
 215         $sql .= "UPDATE balance = balance + $amount, totalbalance = totalbalance + $amount;";
 216         sql_query($sql);
 217         if ($mysqli->affected_rows == 2) {
 218             // existing user, check referral
 219             $referral_query = sql_query("SELECT referredby FROM balances WHERE email='$address'");
 220             $referral = fetch_one($referral_query);
 221         }
 222
 223         $ua = $mysqli->real_escape_string($_SERVER['HTTP_USER_AGENT']);
 224         $ip = getIP();
 225         $date = date("Y-m-d H:i:s");
 226         $sql = "INSERT INTO dispenses(amount, dispensed, email, ip, useragent) ";
 227         $sql .= "VALUES('$amount', '$date', '$address', '$ip', '$ua')";
 228         sql_query($sql);
 229
 230         if ($referral != 0) {
 231             $referredamount = $amount * ($referPercent / 100);
 232             $sql = "UPDATE balances SET balance = balance + $referredamount, totalbalance = totalbalance + $referredamount ";
 233             $sql .= "WHERE id='$referral'";
 234             sql_query($sql);
 235         }
 236
 237         $app->view()->setData('canClaim', true);
 238         $app->view()->setData('nextClaim', relative_time(time()+1));
 239         $app->flash('amount', $amount);
 240     } else {
 241         $app->flash('error', "CAPTCHA incorrect. Please try again.");
 242     }
 243     $app->redirect($app->urlFor('faucet'));
 244 })->name('claim');
 245
 246 $app->post("/cashout", $checkaddress($app, true), function () use ($app) {
 247     global $cashout;
 248
 249     $address = $app->view()->getData('address');
 250     $balance_query = sql_query("SELECT balance FROM balances WHERE email='$address'");
 251     if ($balance_query->num_rows) {
 252         $balance = fetch_one($balance_query);
 253         if ($balance >= $cashout) {
 254             sql_query("UPDATE balances SET balance = balance - $balance WHERE email='$address'");
 255             // race attacks check
 256             $balance_query = sql_query("SELECT balance FROM balances WHERE email='$address'");
 257             $balancecheck = fetch_one($balance_query);
 258             if ($balancecheck >= 0) {
 259                 try {
 260                     sendMoney($address, $balance);
 261                     $app->flash('sentamount', true);
 262                 } catch (NoCashException $e) {
 263                     $app->flash('error', "The site does not have enough coins to pay out! No balance deducted.");
 264                     sql_query("UPDATE balances SET balance = balance + $balance WHERE email='$address'");
 265                 } catch (Exception $e) {
 266                     $response = $e->getMessage();
 267                     $app->flash('error', "An error has occured - $response");
 268                     sql_query("UPDATE balances SET balance = balance + $balance WHERE email='$address'");
 269                 }
 270             }
 271         } else {
 272             $app->flash('error', "Amount is too small");
 273         }
 274     } else {
 275         $app->flash('error', "You don't have enough coins to cash out");
 276     }
 277     $app->redirect($app->urlFor('faucet'));
 278 })->name('cashout');
 279
 280 $app->post("/faucet", function () use ($app) {
 281     global $mysqli, $allowEmail, $allowBTC;
 282     $address = $app->request()->post('address');
 283
 284     if (!checkaddress($address)) {
 285         $err = array();
 286         if ($allowBTC) {
 287             $err[] = "bitcoin";
 288         }
 289         if ($allowEmail) {
 290             $err[] = "email";
 291         }
 292         $app->flash('error', "Not a valid ".implode("/", $err)." address!");
 293         $app->redirect($app->urlFor('root'));
 294     }
 295
 296     $_SESSION['address'] = $mysqli->real_escape_string($address);
 297     $app->redirect($app->urlFor('faucet'));
 298 })->name("post_faucet");
 299
 300 $app->get('/(:segments+)', function ($segments) use ($app) {
 301     $app->redirect($app->urlFor('root'));
 302 })->name('catchall');
 303
 304 $app->run();