Bitcoin Forum
September 29, 2016, 01:34:36 PM *
News: Latest stable version of Bitcoin Core: 0.13.0 (New!) [Torrent]. Make sure you verify it.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: A PHP digital bitcoin store  (Read 10016 times)
MrBison
Member
**
Offline Offline

Activity: 60

Anyone who opposes FOSS shall be destroyed!


View Profile
September 14, 2010, 03:58:29 PM
 #1

This is a (very bad) piece of PHP code that uses JSON-RPC to create a bitcoin store for digital information (For example, a password to a certain file or log-in info for a certain site). It uses JSON-RPC PHP client script to connect with bitcoind.

Code:
<?php
// (c) MrBison [m.zubrov@gmail.com], 2010
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful (and fun!),
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

require_once ('./includes/jsonRPCClient.php');

function 
randomseed()
{
  list(
$tmp1$tmp2) = explode(' 'microtime());
  return (float) 
$tmp1 + ((float) $tmp2 100000);
}
mt_srand(randomseed());

if (!isset(
$_COOKIE["bitcoinsessionid"])) { $session mt_rand() + (int)(microtime()*1000); } else { $session = (int) $_COOKIE["bitcoinsessionid"]; }
if (!
is_numeric($session)) die ("This looks like an SQL injection attempt.");
setcookie("bitcoinsessionid"$sessiontime()+2592000); //the cookie is valid for 30 days.

$bitcoin = new jsonRPCClient("http://rpcuser:rpcpassword@127.0.0.1:8332/") or die("Cannot connect"); 
$link mysql_connect("mysqlserver""mysqluser""mysqlpass") or die("Could not connect: " mysql_error());
mysql_select_db("bitcoin");

if ((isset(
$_GET["getaddress"])) && (is_numeric($_GET["getaddress"]))) {
// if we are asked for an address
$id $_GET["getaddress"];

$query "SELECT address FROM addresses WHERE id = "$id " AND sessionid = " $session;

$result mysql_query($query) or die("Query failed : " mysql_error());

$row mysql_fetch_array($resultMYSQL_ASSOC); if (isset($row["address"])) { $address $row["address"]; } else {
$address $bitcoin->getnewaddress("Temporary address") or die ("Sorry, cannot create an address");
$query "INSERT INTO addresses (id, address, sessionid) VALUES (" $id ", \"" $address "\"," $session ")";
mysql_query($query) or die("Query failed : " mysql_error()); }

//here we check if someone else didn't already purchase this item
$query "SELECT address FROM addresses WHERE id = "$id " AND sessionid != " $session;
$result mysql_query($query) or die("Query failed : " mysql_error());
$row mysql_fetch_array($resultMYSQL_ASSOC); if (isset($row["address"])) die("Sorry, this item is already being partially or fully paid by someone else."); 

$query "SELECT price FROM goods WHERE id = " $id;
$pricex mysql_query($query);
$row mysql_fetch_array($pricexMYSQL_ASSOC);
$price $row["price"];

$paid = (float)$bitcoin->getreceivedbyaddress($address1);

echo 
"Please send " $price " to BitCoin address " $address " . <br />";
echo 
"Already sent: " $paid "<br />";
echo 
"<a href='?getaddress=" $id "'>Refresh</a>";
if (
$price <= $paid) {
echo 
"Paid fully.<br />";
$result mysql_query("SELECT name, description, price FROM goods WHERE id = " $id) or die("Query failed 0: " mysql_error());
$row mysql_fetch_array($resultMYSQL_ASSOC);
echo 
"Your password is: <b>" $row["password"] . "</b><br /><a href='?delete=" $id "'>Confirm and delete</a><br />"; }
else {
echo 
"You have "$price $paid " left to pay. <br />"; }

else

if ((isset(
$_GET["delete"])) && (is_numeric($_GET["delete"]))) {
$id $_GET["delete"];
$query "SELECT address FROM addresses WHERE id = "$id " AND sessionid = " $session//Only the ones who paid fully can delete items
$result mysql_query($query) or die("Query failed : " mysql_error()); $row mysql_fetch_array($resultMYSQL_ASSOC);
if (isset(
$row["address"])) { $address $row["address"]; } else echo "Sorry, this operation is permitted only to users that purchased the item.";
$query "SELECT price FROM goods WHERE id = " $id;
$pricex mysql_query($query);
$row mysql_fetch_array($pricexMYSQL_ASSOC);
$price $row["price"];
$paid = (float)$bitcoin->getreceivedbyaddress($address1);
if (
$paid >= $price) {
//if this user really purchased it
$query "DELETE FROM goods WHERE id = "$id;
$result mysql_query($query) or die("Cannot delete the item: " mysql_error());
}
}

else if(!isset(
$_GET["show"]) || !is_numeric($_GET["show"])) {
$result mysql_query("SELECT id, name, description, price FROM goods") or die("Query failed 1: " mysql_error()); 
while (
$row mysql_fetch_array($resultMYSQL_ASSOC)) {
printf ("<a href='bitcoin.php?show=%s'><b>%s</b></a><br />%s<br />Price: <b>%s</b>"$row["id"], $row["name"], $row["description"], $row["price"]); }
} else {
$id $_GET["show"];
$result mysql_query("SELECT name, description, price FROM goods WHERE id = " $id) or die("Query failed 2: " mysql_error());
while (
$row mysql_fetch_array($resultMYSQL_ASSOC)) {
printf ("<b>%s</b><br />%s<br />Price: <b>%s</b><br /><a href='bitcoin.php?getaddress=%s'>Buy with BitCoin</a>"$row["name"], $row["description"], $row["price"], $id); }

}

mysql_free_result($result);
mysql_close($link);
?>

The system is supposed to be anonymous (so it uses SessionIDs) and probably even secure (since all data sent by user are numeric (ID of an item or SessionID), they are filtered).

It uses two MySQL tables: "goods" and "addresses". The first one contains 5 fields, "id" (int), "name" (varchar), "description" (mediumtext), "price" (double) and "password" (mediumtext, this field contains the information user gets when he pays for an item fully). "addresses" contains of "id" (the ID of an item), "address" (bitcoin address used to receive money for that item) and "sessionid" (SessionID of a user who decides to buy an item).

I know, this code is bad, but 1) it works (it was tested Smiley ), 2) I just don't know where should I use it Smiley
Maybe this will serve as some kind of a tutorial to some bitcoiners wishing to use JSON-RPC and PHP, or anything else, I don't know.

Please donate BTC to 142VYfhaYBJXsmfMf1LnBiNxb6KYwdj4PM .
BTC0.17 already donated, thanks!
1475156076
Hero Member
*
Offline Offline

Posts: 1475156076

View Profile Personal Message (Offline)

Ignore
1475156076
Reply with quote  #2

1475156076
Report to moderator
"The nature of Bitcoin is such that once version 0.1 was released, the core design was set in stone for the rest of its lifetime." -- Satoshi
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1475156076
Hero Member
*
Offline Offline

Posts: 1475156076

View Profile Personal Message (Offline)

Ignore
1475156076
Reply with quote  #2

1475156076
Report to moderator
1475156076
Hero Member
*
Offline Offline

Posts: 1475156076

View Profile Personal Message (Offline)

Ignore
1475156076
Reply with quote  #2

1475156076
Report to moderator
1475156076
Hero Member
*
Offline Offline

Posts: 1475156076

View Profile Personal Message (Offline)

Ignore
1475156076
Reply with quote  #2

1475156076
Report to moderator
BioMike
Legendary
*
Offline Offline

Activity: 1218


View Profile
September 14, 2010, 04:47:51 PM
 #2

Damn, that's hard to read. With a quick view, it looks solid/usable.

Might be more useful/structured as an oo class.
MrBison
Member
**
Offline Offline

Activity: 60

Anyone who opposes FOSS shall be destroyed!


View Profile
September 16, 2010, 05:24:11 PM
 #3

Added some comments, made some fixes, remade it into an archive with JSON-RPC (authors specified in a JSON-RPC file). Both JSON-RPC PHP and this script are licensed under GPLv2 (or later).

Please donate BTC to 142VYfhaYBJXsmfMf1LnBiNxb6KYwdj4PM .
BTC0.17 already donated, thanks!
sergio
Sr. Member
****
Offline Offline

Activity: 298


View Profile WWW
May 15, 2012, 08:39:08 AM
 #4

The overall code is good, however it does have a few problems that are easy to fix.

Problem 1:
Let say buyer A chooses to purchase item 1, but  does not pay for it, well item 1 gets reserved for buyer A so that he/she can pay for it, now lets say we have another buyer B that tries to purchase the same item he will get a warning that the item is being purchased which is correct, but then the original buyer A gets the same message and no one can purchase the item now.

Problem 2:
Let say we have a buyer that gets a bitcoin address for each of the items in the cart by clicking on purchase, but never sends any bitcoins, now  none of the items are available anymore to anyone else.

When does it work:
It does work when a buyer makes the purchase and sends the bitcoin to the provided address and no one interferes with the purchase by trying to buyit.

How to fix:
add 2 extra fields to the goods database, one indicating that the item has been reserved for purchase by the buyer that generated the bitcoin address, and another field with a time field to expire the purchase if it does not get payed within a certain amount of time.
Also provide some anti spam mechanism to prevent a buyer from selecting everything, limit the amount of purchases until they get paid.

I will say the code is overall pretty good it just needs a little fixing, the design is nice and simple which is a good thing.


Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!