redirect($app->urlFor('root')); } } else { if (!empty($_SESSION['address'])) { $app->redirect($app->urlFor('faucet')); } } }; }; $checkclaim = function ($app) { return function () use ($app) { global $dispenseTime, $recaptchaPub; $address = $_SESSION['address']; $ip = getIP(); $sql = "SELECT dispensed FROM dispenses WHERE email='$address' OR ip='$ip' "; $sql .= "ORDER BY id DESC LIMIT 1"; $lastclaim_query = sql_query($sql); $canclaim = true; if ($lastclaim_query->num_rows) { $lastclaim = fetch_one($lastclaim_query); $lastclaim = strtotime($lastclaim); if ($lastclaim + $dispenseTime > time()) { $canclaim = false; $app->view()->setData('nextclaim', relative_time($lastclaim + $dispenseTime)); } } $app->view()->setData('canclaim', $canclaim); if ($canclaim) { $app->view()->setData('recaptcha', recaptcha_get_html($recaptchaPub)); } }; }; $app->hook('slim.before.dispatch', function () use ($app) { global $siteName, $squareAds, $textAds, $bannerAds, $rewards, $links; global $cashout; $address = null; if (isset($_SESSION['address'])) { $address = $_SESSION['address']; } $flash = $app->view()->getData('flash'); $error = ''; if (isset($flash['error'])) { $error = $flash['error']; } $app->view()->setData('error', $error); $app->view()->setData('address', $address); $app->view()->setData('siteName', $siteName); $app->view()->setData('squareAds', $squareAds); $app->view()->setData('textAds', $textAds); $app->view()->setData('bannerAds', $bannerAds); $app->view()->setData('rewards', $rewards); $app->view()->setData('links', $links); $app->view()->setData('cashout', $cashout); $app->view()->setData('isAdmin', false); }); $app->get("/", $checkaddress($app, false), function () use ($app) { global $minReward, $maxReward, $dispenseTimeText, $apiKey, $guid; global $allowEmail, $allowBTC; $id = $app->request()->get('id'); if (!is_null($id) && is_numeric($id)) { $_SESSION['referer'] = $id; } if (!empty($apiKey)) { $app->view()->setData('wallet', "Powered by Coinbase"); } elseif (!empty($guid)) { $app->view()->setData('wallet', "Powered by Blokkchain.info"); } $addr = array(); if ($allowBTC) { $addr[] = "bitcoin"; } if ($allowEmail) { $addr[] = "email"; } $app->view()->setData('addressType', implode("/", $addr)); $app->view()->setData('minReward', $minReward); $app->view()->setData('maxReward', $maxReward); $app->view()->setData('dispenseTimeText', $dispenseTimeText); $app->render('main.php', array('title' => 'Home')); })->name('root'); $app->get("/about", function () use ($app) { $app->render('about.php', array('title' => 'About')); })->name('about'); $checkadmin = function ($app) { return function () use ($app) { $app->view()->setData('isAdmin', isset($_SESSION['isadmin']) ? $_SESSION['isadmin'] : false); }; }; $app->get("/admin(/:cmd)", $checkadmin($app), function ($cmd = null) use ($app) { global $recaptchaPub, $fee; /* if (($cmdget = $app->request()->get('cmd')) != null) { $cmd = $cmdget; } */ $flash = $app->view()->getData('flash'); $isadmin = $app->view()->getData('isAdmin'); switch ($cmd) { default: defaultlabel: if (!isset($_SESSION['isadmin'])) { $app->view()->setData('recaptcha', recaptcha_get_html($recaptchaPub)); } $app->view()->setData('serverbalance', number_format(getserverbalance())); $app->render('admin.php', array('title' => 'Admin')); } })->name('admin'); $app->post("/admin", $checkadmin($app), function () use ($app) { global $adminSeccode, $recaptchaPrv; $isadmin = $app->view()->getData('isAdmin'); $cmd = $app->request()->post('cmd'); switch ($cmd) { case "logout": unset($_SESSION['isadmin']); break; case "login": $seccode = $app->request()->post('seccode'); if (!empty($adminSeccode) && $seccode === $adminSeccode) { $resp = recaptcha_check_answer($recaptchaPrv, getIP(), $app->request()->post('recaptcha_challenge_field'), $app->request()->post('recaptcha_response_field')); if ($resp->is_valid) { $_SESSION['isadmin'] = true; } else { $app->flash('error', "CAPTCHA incorrect. Please try again."); } } else { $app->flash('error', "Invalid security code."); } break; default: defaultlabel: break; } $app->redirect($app->urlFor('admin')); })->name('post_admin'); $app->get("/faucet", $checkaddress($app, true), $checkclaim($app), function () use ($app) { global $referPercent, $forcewait; $flash = $app->view()->getData('flash'); $address = $app->view()->getData('address'); $amount = null; if (isset($flash['amount'])) { $amount = $flash['amount']; } $sentamount = null; if (isset($flash['sentamount'])) { $sentamount = $flash['sentamount']; } $query_balance = sql_query("SELECT * FROM balances WHERE email='$address'"); if ($query_balance->num_rows) { $balance = $query_balance->fetch_assoc(); } else { $balance = array('balance' => 0, 'totalbalance' => 0, 'id' => 0); } $app->view()->setData('balance_current', $balance["balance"]); $app->view()->setData('balance_alltime', $balance["totalbalance"]); $reflink = "http://" . $_SERVER['SERVER_NAME'] . $app->urlFor('root') . "?id=" . $balance["id"]; $app->view()->setData('reflink', $reflink); $app->view()->setData('serverbalance', number_format(getserverbalance())); $app->view()->setData('forcewait', $forcewait); $app->view()->setData('referPercent', $referPercent); $app->view()->setData('amount', $amount); $app->view()->setData('sentamount', $sentamount); $app->render('faucet.php', array('title' => 'Faucet')); })->name('faucet'); $app->post("/claim", $checkaddress($app, true), $checkclaim($app), function () use ($app) { global $mysqli, $rewards, $recaptchaPrv, $referPercent; $address = $app->view()->getData('address'); $resp = recaptcha_check_answer($recaptchaPrv, getIP(), $app->request()->post('recaptcha_challenge_field'), $app->request()->post('recaptcha_response_field')); if ($resp->is_valid) { $canclaim = $app->view()->getData('canclaim'); if (!$canclaim) { $app->redirect($app->urlFor('faucet')); } $referral = isset($_SESSION['referer']) ? $_SESSION['referer'] : 0; $amount = $rewards[rand(0, count($rewards)-1)]; $sql = "INSERT INTO balances(balance, totalbalance, email, referredby) "; $sql .= "VALUES($amount, $amount, '$address', $referral) ON DUPLICATE KEY "; $sql .= "UPDATE balance = balance + $amount, totalbalance = totalbalance + $amount;"; sql_query($sql); if ($mysqli->affected_rows == 2) { // existing user, check referral $referral_query = sql_query("SELECT referredby FROM balances WHERE email='$address'"); $referral = fetch_one($referral_query); } $ua = $mysqli->real_escape_string($_SERVER['HTTP_USER_AGENT']); $ip = getIP(); $date = date("Y-m-d H:i:s"); $sql = "INSERT INTO dispenses(amount, dispensed, email, ip, useragent) "; $sql .= "VALUES('$amount', '$date', '$address', '$ip', '$ua')"; sql_query($sql); if ($referral != 0) { $referredamount = $amount * ($referPercent / 100); $sql = "UPDATE balances SET balance = balance + $referredamount, totalbalance = totalbalance + $referredamount "; $sql .= "WHERE id='$referral'"; sql_query($sql); } $app->view()->setData('canClaim', true); $app->view()->setData('nextClaim', relative_time(time()+1)); $app->flash('amount', $amount); } else { $app->flash('error', "CAPTCHA incorrect. Please try again."); } $app->redirect($app->urlFor('faucet')); })->name('claim'); $app->post("/cashout", $checkaddress($app, true), function () use ($app) { global $cashout; $address = $app->view()->getData('address'); $balance_query = sql_query("SELECT balance FROM balances WHERE email='$address'"); if ($balance_query->num_rows) { $balance = fetch_one($balance_query); if ($balance >= $cashout) { sql_query("UPDATE balances SET balance = balance - $balance WHERE email='$address'"); // race attacks check $balance_query = sql_query("SELECT balance FROM balances WHERE email='$address'"); $balancecheck = fetch_one($balance_query); if ($balancecheck >= 0) { try { sendMoney($address, $balance); $app->flash('sentamount', true); } catch (NoCashException $e) { $app->flash('error', "The site does not have enough coins to pay out! No balance deducted."); sql_query("UPDATE balances SET balance = balance + $balance WHERE email='$address'"); } catch (Exception $e) { $response = $e->getMessage(); $app->flash('error', "An error has occured - $response"); sql_query("UPDATE balances SET balance = balance + $balance WHERE email='$address'"); } } } else { $app->flash('error', "Amount is too small"); } } else { $app->flash('error', "You don't have enough coins to cash out"); } $app->redirect($app->urlFor('faucet')); })->name('cashout'); $app->post("/faucet", function () use ($app) { global $mysqli, $allowEmail, $allowBTC; $address = $app->request()->post('address'); if (!checkaddress($address)) { $err = array(); if ($allowBTC) { $err[] = "bitcoin"; } if ($allowEmail) { $err[] = "email"; } $app->flash('error', "Not a valid ".implode("/", $err)." address!"); $app->redirect($app->urlFor('root')); } $_SESSION['address'] = $mysqli->real_escape_string($address); $app->redirect($app->urlFor('faucet')); })->name("post_faucet"); $app->get('/(:segments+)', function ($segments) use ($app) { $app->redirect($app->urlFor('root')); })->name('catchall'); $app->run();