· 6 years ago · Nov 21, 2019, 05:14 AM
1<?php
2require("../mainconfig.php");
3header("Content-Type: application/json");
4
5if (isset($_POST['key']) AND isset($_POST['action'])) {
6 $post_key = $db->real_escape_string(trim(stripslashes(strip_tags(htmlspecialchars($_POST['key'],ENT_QUOTES)))));
7 $post_action = $db->real_escape_string(trim(stripslashes(strip_tags(htmlspecialchars($_POST['action'],ENT_QUOTES)))));
8 if (empty($post_key) || empty($post_action)) {
9 $array = array("error" => "Incorrect Request");
10 } else {
11 $check_user = mysqli_query($db, "SELECT * FROM users WHERE api_key = '$post_key'");
12 $data_user = mysqli_fetch_assoc($check_user);
13 if (mysqli_num_rows($check_user) == 1) {
14 $username = $data_user['username'];
15 if ($post_action == "order") {
16 if (isset($_POST['service']) AND isset($_POST['target']) AND isset($_POST['quantity'])) {
17 $post_service = $db->real_escape_string(trim(stripslashes(strip_tags(htmlspecialchars($_POST['service'],ENT_QUOTES)))));
18 if(isset($_POST['comments'])){
19 $post_quantity =count(explode("\n",$_POST['comments']));
20 $post_comments = htmlspecialchars($_POST['comments']);
21 } else {
22 $post_quantity = $db->real_escape_string(trim(stripslashes(strip_tags(htmlspecialchars($_POST['quantity'],ENT_QUOTES)))));
23 }
24 $post_like = $db->real_escape_string(trim(stripslashes(strip_tags(htmlspecialchars($_POST['like'],ENT_QUOTES)))));
25 $post_link = $db->real_escape_string(trim(stripslashes(strip_tags(htmlspecialchars($_POST['target'],ENT_QUOTES)))));
26 if (empty($post_service) || empty($post_link) || empty($post_quantity)) {
27 $array = array("error" => "Incorrect Request");
28 } else {
29 $check_service = mysqli_query($db, "SELECT * FROM services WHERE sid = '$post_service' AND status = 'Active'");
30 $data_service = mysqli_fetch_assoc($check_service);
31 if (mysqli_num_rows($check_service) == 0) {
32 $array = array("error" => "Service Not Found");
33 } else {
34 function generateOrderId($length = 8) {
35 $characters = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
36 $charactersLength = strlen($characters);
37 $randomString = '';
38 for ($i = 0; $i < $length; $i++) {
39 $randomString .= $characters[rand(0, $charactersLength - 1)];
40 }
41 return $randomString;
42 }
43 $oid = generateOrderId();
44 $rate = $data_service['price'] / 1000;
45 $price = $rate*$post_quantity;
46 $service = $data_service['service'];
47 $provider = $data_service['provider'];
48 $pid = $data_service['pid'];
49 if ($post_quantity < $data_service['min']) {
50 $array = array("error" => "Jumlah minimal tidak sesuai.");
51 } else if ($post_quantity > $data_service['max']) {
52 $array = array("error" => "Jumlah maksimal tidak sesuai.");
53 } else if ($data_user['balance'] < $price) {
54 $array = array("error" => "Saldo Anda tidak mencukupi untuk melakukan pesanan.");
55 } else {
56 $check_provider = mysqli_query($db, "SELECT * FROM provider WHERE code = '$provider'");
57 $data_provider = mysqli_fetch_assoc($check_provider);
58 $provider_key = $data_provider['api_key'];
59 $provider_link = $data_provider['link'];
60 $provider_apiid = $data_provider['api_id'];
61 if ($provider == "MANUAL") {
62 $api_postdata = "";
63 } else if ($provider == "WSTORE") {
64 if(isset($_POST['comments'])){
65 $api_postdata = "api_id=$provider_apiid&api_key=$provider_key&action=order&service=$pid&target=$post_link&quantity=$post_quantity&custom_comments=$post_comments";
66 } else {
67 $api_postdata = "api_id=$provider_apiid&api_key=$provider_key&action=order&service=$pid&target=$post_link&quantity=$post_quantity";
68 }
69 $ch = curl_init();
70 curl_setopt($ch, CURLOPT_URL, "$provider_link");
71 curl_setopt($ch, CURLOPT_POST, 1);
72 curl_setopt($ch, CURLOPT_POSTFIELDS, $api_postdata);
73 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
74 curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
75 $chresult = curl_exec($ch);
76 curl_close($ch);
77 $json_result = json_decode($chresult, true);
78 }
79 if ($provider == "WSTORE" AND $json_result['status'] === false) {
80 $array = array("error" => "Server Maintenance");
81 } else {
82 if ($provider == "WSTORE") {
83 $poid = $json_result['data']['id'];
84 } else if ($provider == "MANUAL") {
85 $poid = $oid;
86 }
87 $update_user = mysqli_query($db, "UPDATE users SET balance_used = balance_used+$price WHERE username = '$username'");
88 $update_user = mysqli_query($db, "UPDATE users SET balance = balance-$price WHERE username = '$username'");
89 if ($update_user == TRUE) {
90 $insert_balance = mysqli_query($db, "INSERT INTO balance_history (username, action, quantity, msg, date, time) VALUES ('$username', 'Pemotongan Saldo', '$price', 'Membuat Pesanan dengan ID: $oid (API).', '$date', '$time')");
91 if ($insert_balance == TRUE) {
92 $insert_order = mysqli_query($db, "INSERT INTO orders (oid, poid, user, service, link, quantity, price, status, date, dates, time, provider, place_from) VALUES ('$oid', '$poid', '$username', '$service', '$post_link', '$post_quantity', '$price', 'Pending', '$date', '$dates', '$time', '$provider', 'API')");
93 $insert_order = mysqli_query($db, "INSERT INTO hof (idcode, type, user, price, date) VALUES ('$oid', 'Order', '$username', '$price', '$date')");
94 if ($insert_order == TRUE) {
95 $array = array(
96 "data" => array(
97 "id" => "$oid"
98 ));
99 } else {
100 $array = array("error" => "System error (1)");
101 }
102 } else {
103 $array = array("error" => "System error(2)");
104 }
105 } else {
106 $array = array("error" => "System error(3)");
107 }
108 }
109 }
110 }
111 }
112 } else {
113 $array = array("error" => "Incorrect Request");
114 }
115 } else {
116 $array = array("error" => "Wrong Action");
117 }
118 } else {
119 $array = array("error" => "Invalid API Key");
120 }
121 }
122} else {
123 $array = array("error" => "Incorrect Request");
124}
125
126$print = json_encode($array);
127print_r($print);
128?>