I did read it. You fail to mention the need for valid hash to confirm any of those actions. Why? Because it would be less sensational, I guess.
That's the point ! There is no need of valid hash to confirme those actions ! Check yourself !
Here is a capture of the complete request !
Since source code is client side i suggest you read up on how a "buy transaction" is done.
$("#buyForm").submit(function (event) {
event.preventDefault();
if ($("#dimmer").is(":visible"))
return $("#alertDivOK").click();
if (document.getElementById('buyAmount').value < 0.0001) {
$("#result").empty().append("Amount must be greater than 0.0001.");
showAlert();
return;
}
if (document.getElementById('buyRate').value < 0.00000001) {
$("#result").empty().append("Price must be greater than zero.");
showAlert();
return;
}
showProgressBar();
var $form = $(this),
url = '/private.php';
params = { currencyPair: currencyPair,
rate: $('#buyRate').val(),
amount: $('#buyAmount').val(),
command: (margin ? 'marginBuy' : 'buy')};
if (margin)
params['maxRate'] = $("#buyMaxRate").val() === undefined ? 0.005 : $("#buyMaxRate").val();
if (webSocketCall(params))
return true;
var posting = $.get(url, params);
posting.done(function (data) {
var content = $(data);
$("#result").empty().append(content);
showAlert();
updatePrivateInfo();
});
});
function webSocketCall(params,id){
return false;
if ('conn' in window && window.conn.readyState == 1 && 1000 in window.conn.subscriptions){
if (typeof id == "undefined")
id = ++wNonce + usid;
window.conn.send(JSON.stringify({command: "private",channel: 2000,id: id,params: params}));
return true;
} else {
return false;
}
}