|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 67
Members: 0
Total: 67
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Please decode this code |
|
Posted: Wed Sep 12, 2012 2:42 pm |
|
|
tymtaszyn |
Regular user |
|
|
Joined: Jul 30, 2012 |
Posts: 5 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Wed Sep 12, 2012 3:44 pm |
|
|
demon |
Moderator |
|
|
Joined: Sep 22, 2010 |
Posts: 485 |
|
|
|
|
|
|
|
Code: | <?php
include( "public.inc.php" );
if ( !$CONFIG['SECTION_BUYSELL'] )
{
header( "location: ".get_link( "index.php" ) );
}
$Action = $_GET['Action'];
unset( $_POST['FINAL_AMOUNT'] );
if ( $Action == "currency_sell" )
{
$order_type = "sell";
}
else
{
$order_type = "buy";
}
$query = "Select * From {$_currencies}\r\n\t\t\tWHERE currency_sell_status='{$STATUS_ENUM_ENABLE}' AND cid<>'{$INTERNAL_CID}' {$currencies_clause} Order By cid Asc";
$arr_currencies = db_get_all( $query );
if ( session_active( ) && !$_POST['order_type'] )
{
$nvar = db_get_array( "select fullname, money_account, cid, email, Zip, Phone, State, City, StreetAddress, Country_short from {$_users_details} where uid='{$uid}'" );
$full_name = $nvar[0];
$currency_account = $nvar[1];
$cid = $nvar[2];
$currency_name = convert_emoney( $nvar[2] );
$email_address = $nvar[3];
$zip_code = $nvar[4];
$phone_number = $nvar[5];
$state = $nvar[6];
$city = $nvar[7];
$address = $nvar[8];
$country = $nvar[9];
$Post['full_name'] = $full_name;
$Post['currency_account'] = $currency_account;
$Post['cid'] = $cid;
$Post['email_address'] = $email_address;
$Post['zip_code'] = $zip_code;
$Post['phone_number'] = $phone_number;
$Post['state'] = $state;
$Post['address'] = $address;
$Post['country'] = $country;
}
$db_fields = array( "order_type", "cid", "order_amount", "currency_account", "email_address", "account_name", "bank_name", "full_name", "phone_number", "country", "zip_code" );
$form_action = get_link( $cur_page."?Action=".$Action );
if ( $_POST['order_type'] && !is_numeric( $_SESSION['return_PAYMENT_ID'] ) )
{
if ( !trim( $_REQUEST['currency_account'] ) || !is_numeric( $_REQUEST['method_id'] ) || !is_numeric( $_REQUEST['cid'] ) )
{
$Error[] = $LANG_msg['buy_022']." ".$LANG_msg['sell_015'];
}
else if ( !$_POST['order_amount'] && !is_numeric( $_POST['order_amount'] ) )
{
$Error[] = $LANG_msg['buy_028'];
}
else if ( isset( $_POST['email_address|req'] ) && !eregi( ".+@.+\\..+", $_POST['email_address|req'] ) )
{
$Error[] = $LANG_msg['signup_016'];
}
if ( !$Error )
{
foreach ( $_POST as $key => $value )
{
$require = explode( "|", $key )[1];
$fieldname = explode( "|", $key )[0];
$filed_parts = explode( "_", $fieldname );
foreach ( $filed_parts as $fvalue )
{
$field_fullname .= ucfirst( $fvalue )." ";
}
if ( $require && !trim( $value ) )
{
if ( $fieldname == "country|req" || $fieldname == "country" )
{
$Error[] = $LANG_msg['buy_023']." ".$field_fullname;
}
else
{
$Error[] = $LANG_msg['buy_022']." ".$field_fullname;
}
}
else
{
if ( $fieldname == "cid" )
{
$mail_title = $mail_message;
$query = "SELECT cid,currency_name, currency_metal_name, currency_worth_name, currency_".$order_type."_status AS currency_order_status, currency_".$order_type."_fee AS currency_order_fee, currency_order_min, currency_order_max, currency_order_max_fee From {$_currencies} WHERE cid='".sql_safe( $_REQUEST['cid'] )."';";
$cRow = db_fetch_array( db_query( $query ) );
$arr_CURRENCY_SRC = get_currency_data( $cRow['cid'] );
}
else if ( $fieldname == "method_id" )
{
$query = "SELECT * FROM {$_buysell_methods} WHERE method_id='".sql_safe( $_REQUEST['method_id'] )."'";
$mRow = db_fetch_array( db_query( $query ) );
}
else if ( $value && $fieldname != "order_type" && $fieldname != "order_amount" && $fieldname != "licence_agreement" )
{
if ( $fieldname == "country|req" || $fieldname == "country" )
{
$value = db_get_id( "select countries_name from {$_countries} WHERE countries_iso='".sql_safe( $value )."'" );
}
$mail_message .= "<b>".$field_fullname."</b>: ".$value."\r\n";
}
if ( in_array( $fieldname, $db_fields ) )
{
$insertSQL_FLD .= sql_safe( $fieldname ).", ";
$insertSQL .= "'".sql_safe( $value )."', ";
}
}
$$fieldname = trim( $value );
unset( $field_fullname );
}
if ( isset( $_REQUEST['licence_agreement|req'] ) && $_REQUEST['licence_agreement|req'] != true )
{
$Error[] = $LANG_msg['buy_024'];
}
if ( $CONFIG['TURNING_BUYSELL'] && !$order_step && strtolower( trim( $_POST['turning_buysell'] ) ) != $_SESSION['UniqCode'] )
{
$Error[] = $LANG_msg['support_005'];
}
unset( $_SESSION['UniqCode'] );
unset( $_POST['turning_buysell'] );
if ( !$Error && $cRow && $mRow )
{
$arrRates = real_dbrates_read( );
if ( !$cRow['currency_order_status'] )
{
$Error[] = "This currency is not available to ".$order_type;
}
if ( $cRow['currency_order_min'] && $_REQUEST['order_amount'] < $cRow['currency_order_min'] )
{
$Error[] = $LANG_msg['sell_022']." ".$cRow['currency_order_min']." ".ucfirst( $cRow['currency_name'] )." ".$cRow['currency_metal_name'];
}
if ( $cRow['currency_order_max'] && $cRow['currency_order_max'] < $_REQUEST['order_amount'] )
{
$Error[] = $LANG_msg['sell_023']." ".$cRow['currency_order_max']." ".ucfirst( $cRow['currency_name'] )." ".$cRow['currency_metal_name'];
}
else
{
if ( $order_type == "buy" )
{
$arrCalc['src_conv'] = real_rates_convert( $arrRates, strtoupper( $mRow['method_worth_value'] ), strtoupper( $cRow['currency_worth_name'] ), $_REQUEST['order_amount'] );
}
else
{
$arrCalc['src_conv'] = real_rates_convert( $arrRates, strtoupper( $cRow['currency_worth_name'] ), strtoupper( $mRow['method_worth_value'] ), $_REQUEST['order_amount'] );
}
if ( $arrCalc['src_conv'] && 0 < $cRow['currency_order_fee'] )
{
$arrCalc['our_fee'] = $arrCalc['src_conv'] * $cRow['currency_order_fee'] / 100;
}
else
{
$arrCalc['our_fee'] = 0;
}
if ( $mRow['currency_order_max_fee'] && 0 < $arrCalc['our_fee'] )
{
$arrCalc['our_max_fee'] = real_rates_convert( $arrRates, strtoupper( $cRow['currency_worth_name'] ), strtoupper( $mRow['method_worth_value'] ), $mRow['currency_order_max_fee'] );
if ( 0 < $arrCalc['our_max_fee'] && $arrCalc['our_max_fee'] < $arrCalc['our_fee'] )
{
$arrCalc['our_fee'] = $arrCalc['our_max_fee'];
}
}
if ( $order_type == "buy" )
{
$arrCalc['total_fee'] = $arrCalc['our_fee'];
}
else
{
$arrCalc['total_fee'] = $arrCalc['our_fee'] + $mRow['method_fee_amount'];
}
$arrCalc['dst_amount'] = str_replace( ",", "", FormatPrice( $arrCalc['src_conv'] - $arrCalc['total_fee'] ) );
}
$insertSQL_FLD .= "dst_amount, ";
$insertSQL .= "'".sql_safe( $arrCalc['dst_amount'] )."', ";
$insertSQL_FLD .= "method_id, ";
$insertSQL .= "'".sql_safe( $mRow['method_id'] )."', ";
$_REQUEST['order_amount'] = str_replace( ",", "", FormatPrice( $_REQUEST['order_amount'] ) );
if ( $order_type == "sell" )
{
$txt_spend = $_REQUEST['order_amount']." ".$currencies_FNAME[$cRow['cid']];
$txt_receive = $arrCalc['dst_amount']." ".ucfirst( $mRow['method_name'] )." ".$mRow['method_worth_value'];
}
else
{
$txt_spend = $_REQUEST['order_amount']." ".ucfirst( $mRow['method_name'] )." ".$mRow['method_worth_value'];
$txt_receive = $arrCalc['dst_amount']." ".$currencies_FNAME[$cRow['cid']];
}
$method_desc = $mRow['method_desc'];
}
if ( !$Error && !$order_step )
{
$order_step = "preview";
$order_review = $mail_message;
foreach ( $_POST as $key => $value )
{
$order_field .= "<input type='hidden' name='{$key}' id='{$key}' value='{$value}'/>";
}
}
else if ( !$Error && $_REQUEST['order_step'] == "confirm" && $arrCalc['dst_amount'] )
{
$insertSQL .= " '".$uid."', '0', '0', '".sql_safe( $mail_message )."', now()";
$SQL = "INSERT INTO ".$_orders." (".$insertSQL_FLD." uid, dst_status, src_status, order_detail, order_date)"." VALUES (".$insertSQL."); ";
$result = db_query( $SQL, " ;;" );
$order_id = mysql_insert_id( );
log_event( "order", ucfirst( $_POST['order_type'] )." Order placed", $order_id );
if ( !$order_id || $Error )
{
$Error[] = $LANG_msg['withdraw_006'];
}
else
{
$Success[] = $LANG_msg['sell_019'];
$_SESSION['return_PAYMENT_ID'] = $order_id;
SEND_ORDER_MAIL( $order_id, "open", true );
}
}
}
}
if ( !$_POST )
{
$_SESSION['return_PAYMENT_ID'] = "";
}
if ( is_numeric( $_SESSION['return_PAYMENT_ID'] ) )
{
$query = "SELECT * FROM {$_orders} WHERE oid='".sql_safe( $_SESSION['return_PAYMENT_ID'] )."'";
$oRow = db_fetch_array( db_query( $query ) );
if ( !$oRow )
{
$_SESSION['return_PAYMENT_ID'] = "";
unset( $_SESSION['return_PAYMENT_ID'] );
}
else
{
$order_step = "confirm";
$order_id = $oRow['oid'];
$query = "SELECT * FROM {$_buysell_methods} WHERE method_id='".sql_safe( $oRow['method_id'] )."'";
$mRow = db_fetch_array( db_query( $query ) );
$arr_CURRENCY_SRC = get_currency_data( $oRow['cid'] );
if ( $order_type == "sell" )
{
$txt_spend = $oRow['order_amount']." ".$currencies_FNAME[$oRow['cid']];
$txt_receive = $oRow['dst_amount']." ".ucfirst( $mRow['method_name'] )." ".$mRow['method_worth_value'];
}
else
{
$txt_spend = $oRow['order_amount']." ".ucfirst( $mRow['method_name'] )." ".$mRow['method_worth_value'];
$txt_receive = $oRow['dst_amount']." ".$currencies_FNAME[$oRow['cid']];
}
}
if ( $oRow && ( $order_type = "sell" ) )
{
$payment_id = $oRow['oid'];
$merchant_name = $arr_CURRENCY_SRC['currency_name'];
$merchant_account = $arr_CURRENCY_SRC['ACCOUNT'];
if ( $arr_CURRENCY_SRC['no_interface_message'] )
{
$NO_INTERFACE_MESSAGE = str_replace( "[payment_id]", $payment_id, $arr_CURRENCY_SRC['no_interface_message'] );
}
$MEMO = ucfirst( $oRow['order_type'] )." order, Reference: #".$payment_id;
$PAYEE_NAME = $CONFIG['SITE_NAME'];
$RESPONSE_OK = $CONFIG['SITE_URL_SECURE']."/Received.php";
$RESPONSE_NO = $CONFIG['SITE_URL_SECURE']."/Received_no.php?type=order";
$form_action = $arr_CURRENCY_SRC['currency_merchant_url'];
$cid = $oRow['cid'];
$amount = $oRow['order_amount'];
switch ( $merchant_name )
{
case "e-gold" :
$merchant_form = egold_form_inc_php( );
break;
case "e-bullion" :
$baggage_fields = "paymentid";
$merchant_form = bullion_form_inc_php( );
break;
case "pecunix" :
$merchant_form = pecunix_form_inc_php( );
break;
case "moneybookers" :
$merchant_form = moneybookers_form_inc_php( );
break;
case "libertyreserve" :
$merchant_form = liberty_form_inc_php( );
break;
case "alertpay" :
$merchant_form = alertpay_form_inc_php( );
break;
case "webmoney" :
$merchant_form = webmoney_form_inc_php( );
break;
case "v-money" :
$merchant_form = vmoney_form_inc_php( );
break;
case "perfectmoney" :
$merchant_form = perfectmoney_form_inc_php( );
break;
case "altergold" :
$merchant_form = altergold_form_inc_php( );
break;
case "c-gold" :
$merchant_form = cgold_form_inc_php( );
break;
case "paypal" :
$merchant_form = paypal_form_inc_php( );
break;
case "strictpay" :
$merchant_form = strictpay_form_inc_php( );
break;
case "solidtrustpay" :
$merchant_form = solidtrustpay_form_inc_php( );
break;
case "cashu" :
$merchant_form = cashu_form_inc_php( );
break;
case "globaldigitalpay" :
$merchant_form = globaldigitalpay_form_inc_php( );
break;
case "liqpay" :
$merchant_form = liqpay_form_inc_php( );
break;
case strpos( strtolower( $merchant_name ), "debit", 0 ) !== false || strpos( strtolower( $merchant_name ), "credit", 0 ) !== false :
if ( strpos( strtolower( $merchant_name ), "offline", 0 ) !== false )
{
$Success[] = $LANG_msg['withdraw_009'];
}
if ( $arr_CURRENCY_SRC['currency_metal_value'] == "worldpay" )
{
$merchant_form = worldpay_form_inc_php( );
}
break;
}
$Error[] = "Invalid currency type selected";
}
}
$query = "SELECT * FROM {$_buysell_methods} ORDER BY method_name ASC";
$arr_buysell_methods = db_get_all( $query );
$query = "select * from {$_buysell_worths}";
$arr_worths = db_get_all( $query );
if ( $NoTemp )
{
if ( $Action == "currency_sell" )
{
require_once( $CONFIG['SKIN_FOLDER']."currency_sell.php" );
}
else
{
require_once( $CONFIG['SKIN_FOLDER']."currency_buy.php" );
}
}
else
{
require( "include/engine_settings.php" );
if ( $Action == "currency_sell" )
{
$PAGE_TEMPLATE = "currency_sell.html";
}
else
{
$PAGE_TEMPLATE = "currency_buy.html";
}
foreach ( $arr_currencies as $key => $row )
{
$currencies_options[$row['cid']] = ucfirst( $row['currency_name'] )." ".strtoupper( $row['currency_metal_name'] );
}
$page->assign( "currencies_options", $currencies_options );
foreach ( $arr_buysell_methods as $key => $value )
{
$arr_methods_option[$value['method_id']] = ucfirst( $value['method_name'] )." ".strtoupper( $value['method_worth_value'] );
}
$page->assign( "arr_methods_option", $arr_methods_option );
$page->assign( "form_action", $form_action );
$page->assign( "order_step", $order_step );
if ( $order_review )
{
$page->assign( "order_review", nl2br( $order_review ) );
$page->assign( "order_field", $order_field );
}
if ( !$order_step )
{
if ( !$_POST['country|req'] )
{
$_POST['country|req'] = GetCountry_csv( $_SERVER['REMOTE_ADDR'], true );
}
$query = "select countries_iso, countries_name from {$_countries}";
$result = db_query( $query, " ;;" );
$arr_data_country = mysql_push_data( $result );
db_free_result( $result );
foreach ( $arr_data_country as $key => $value )
{
$arr_countries[$arr_data_country[$key]['countries_iso']] = $arr_data_country[$key]['countries_name'];
}
$page->assign( "arr_countries", $arr_countries );
$page->assign( "Post_country", $_POST['country|req'] );
}
else
{
$page->assign( "order_amount", $_POST['order_amount'] );
if ( $arr_CURRENCY_SRC )
{
$page->assign( "OUR_ACCOUNT", $arr_CURRENCY_SRC['ACCOUNT'] );
$page->assign( "OUR_ACCOUNT_NAME", $arr_CURRENCY_SRC['ACCOUNT_NAME'] );
$page->assign( "currency_NAME", $arr_CURRENCY_SRC['currency_name'] );
}
$page->assign( "order_id", $order_id );
$page->assign( "txt_spend", $txt_spend );
$page->assign( "txt_receive", $txt_receive );
$page->assign( "method_desc", $method_desc );
}
if ( $merchant_account )
{
$page->assign( "merchant_form", $merchant_form );
$page->assign( "merchant_account", $merchant_account );
$page->assign( "no_interface_message", $NO_INTERFACE_MESSAGE );
}
if ( !$order_step )
{
$arrRates = real_dbrates_read( );
$js_string = "\r\n".( "<script language=\"javascript\">" );
$js_string .= "var rate = new Array();";
foreach ( $arr_worths as $key => $rrow )
{
$js_string .= "rate['".strtoupper( $rrow['worth_value'] )."'] = '".$rrow['worth_rate']."'; ";
}
$js_string .= "var ratePercent = new Array();";
$js_string .= "var minAmt = new Array();";
$js_string .= "var maxAmt = new Array();";
$js_string .= "var ValName = new Array();";
$js_string .= "var ValWorth = new Array();";
$js_string .= "var MaxFee = new Array();";
foreach ( $arr_currencies as $key => $row )
{
$js_string .= "ratePercent[".$row['cid']."] = '".$row["currency_".$order_type."_fee"]."'; ";
$js_string .= "minAmt[".$row['cid']."] = ".$row['currency_order_min']."; ";
$js_string .= "maxAmt[".$row['cid']."] = ".$row['currency_order_max']."; ";
$js_string .= "ValName[".$row['cid']."] = '".ucfirst( $row['currency_name'] )."'; ";
$js_string .= "ValWorth[".$row['cid']."] = '".strtoupper( $row['currency_worth_name'] )."'; ";
$js_string .= "MaxFee[".$row['cid']."] = ".$row['currency_order_max_fee']."; ";
}
$js_string .= "var methodFee = new Array();";
$js_string .= "var methodWorth = new Array();";
$js_string .= "var methodName = new Array();";
foreach ( $arr_buysell_methods as $key => $mrow )
{
$js_string .= "methodFee[".$mrow['method_id']."] = '".$mrow['method_fee_amount']."'; ";
$js_string .= "methodWorth[".$mrow['method_id']."] = '".strtoupper( $mrow['method_worth_value'] )."'; ";
$js_string .= "methodName[".$mrow['method_id']."] = '".ucfirst( $mrow['method_name'] )."'; ";
}
$js_string .= "var langErr = new Array();";
$js_string .= "langErr[1] = \"".$LANG_msg['sell_021']."\";";
$js_string .= "langErr[2] = \"".$LANG_msg['sell_022']."\";";
$js_string .= "langErr[3] = \"".$LANG_msg['sell_023']."\";";
$js_string .= "</SCRIPT>".( "\r\n" );
$page->assign( "js_string", $js_string );
}
require( "include/engine_run.php" );
}
?>
|
|
|
_________________ Go BIG or go HOME ! |
|
|
|
|
www.waraxe.us Forum Index -> PHP script decode requests
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|