QuentinBrubru (OP)
Newbie
 Offline
Activity: 7
Merit: 0
|
 |
January 12, 2014, 07:00:06 PM
Last edit: January 14, 2014, 01:57:38 PM by QuentinBrubru |
|
Hello, I need help to integrate bitcoin payment into my site web in php I have juste this now i use blockchain api https://blockchain.info/fr/api/api_receive$secret = 'ZzsMLGKe162CfA5EcG6j';
$my_address = '1A8JiWcwvpY7tAopUkSnGuEYHmzGYfZPiq';
$my_callback_url = 'https://mystore.com?invoice_id=058921123&secret='.$secret;
$root_url = 'https://blockchain.info/api/receive';
$parameters = 'method=create&address=' . $my_address .'&callback='. urlencode($my_callback_url);
$response = file_get_contents($root_url . '?' . $parameters);
$object = json_decode($response);
echo 'Send Payment To : ' . $object->input_address; I create a unique address but after I do not understand help plz sorry for my little english |
|
|
|
|
|
|
|
"In a nutshell, the network works like a distributed
timestamp server, stamping the first transaction to spend a coin. It
takes advantage of the nature of information being easy to spread but
hard to stifle." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
|
Apocalipsis
|
 |
January 12, 2014, 07:11:49 PM |
|
Hello, I need help to integrate bitcoin payment into my site web in php I have juste this now i use blockchain api https://blockchain.info/fr/api/api_receive$secret = 'ZzsMLGKe162CfA5EcG6j'; $my_address = '1A8JiWcwvpY7tAopUkSnGuEYHmzGYfZPiq'; $my_callback_url = ' https://mystore.com?invoice_id=058921123&secret='.$secret; $root_url = ' https://blockchain.info/api/receive';$parameters = 'method=create&address=' . $my_address .'&callback='. urlencode($my_callback_url); $response = file_get_contents($root_url . '?' . $parameters); $object = json_decode($response); echo 'Send Payment To : ' . $object->input_address; I create a unique address but after I do not understand help plz sorry for my little english 3 https://bitcointalk.org/index.php?topic=412425.0 |
|
|
|
|
|
Shahrukh
|
|
January 12, 2014, 07:13:58 PM |
|
Fullphp code is given in blockchain only
$real_secret = 'ZzsMLGKe162CfA5EcG6j'
$invoice_id = $_GET['invoice_id']; //invoice_id is past back to the callback URL
$transaction_hash = $_GET['transaction_hash'];
$input_transaction_hash = $_GET['input_transaction_hash'];
$input_address = $_GET['input_address'];
$value_in_satoshi = $_GET['value'];
$value_in_btc = $value_in_satoshi / 100000000;
//Commented out to test, uncomment when live
if ($_GET['test'] == true) {
return;
}
try {
//create or open the database
$database = new SQLiteDatabase('db.sqlite', 0666, $error);
} catch(Exception $e) {
die($error);
}
//Add the invoice to the database
$query = "insert INTO invoice_payments (invoice_id, transaction_hash, value) values($invoice_id, '$transaction_hash', $value_in_btc)";
if($database->queryExec($query, $error)) {
echo "*ok*";
}
//Select the amount paid into an invoice with select SUM(value) as value from invoice_payments where invoice_id = $invoice_id
|
I turned everyone down  Sorry for that |
|
|
Abdussamad
Legendary
Offline
Activity: 3612
Merit: 1564
|
|
January 13, 2014, 12:26:07 PM |
|
Fullphp code is given in blockchain only
$real_secret = 'ZzsMLGKe162CfA5EcG6j'
$invoice_id = $_GET['invoice_id']; //invoice_id is past back to the callback URL
$transaction_hash = $_GET['transaction_hash'];
$input_transaction_hash = $_GET['input_transaction_hash'];
$input_address = $_GET['input_address'];
$value_in_satoshi = $_GET['value'];
$value_in_btc = $value_in_satoshi / 100000000;
//Commented out to test, uncomment when live
if ($_GET['test'] == true) {
return;
}
try {
//create or open the database
$database = new SQLiteDatabase('db.sqlite', 0666, $error);
} catch(Exception $e) {
die($error);
}
//Add the invoice to the database
$query = "insert INTO invoice_payments (invoice_id, transaction_hash, value) values($invoice_id, '$transaction_hash', $value_in_btc)";
if($database->queryExec($query, $error)) {
echo "*ok*";
}
//Select the amount paid into an invoice with select SUM(value) as value from invoice_payments where invoice_id = $invoice_id
Wow awesome! SQL injection heaven! |
|
|
|
|
Evil-Knievel
Legendary
Offline
Activity: 1260
Merit: 1168
|
|
January 13, 2014, 01:03:52 PM
Last edit: April 17, 2016, 09:25:17 PM by Evil-Knievel |
|
This message was too old and has been purged
|
|
|
|
|
|
Shahrukh
|
|
January 13, 2014, 02:54:06 PM |
|
Fullphp code is given in blockchain only
$real_secret = 'ZzsMLGKe162CfA5EcG6j'
$invoice_id = $_GET['invoice_id']; //invoice_id is past back to the callback URL
$transaction_hash = $_GET['transaction_hash'];
$input_transaction_hash = $_GET['input_transaction_hash'];
$input_address = $_GET['input_address'];
$value_in_satoshi = $_GET['value'];
$value_in_btc = $value_in_satoshi / 100000000;
//Commented out to test, uncomment when live
if ($_GET['test'] == true) {
return;
}
try {
//create or open the database
$database = new SQLiteDatabase('db.sqlite', 0666, $error);
} catch(Exception $e) {
die($error);
}
//Add the invoice to the database
$query = "insert INTO invoice_payments (invoice_id, transaction_hash, value) values($invoice_id, '$transaction_hash', $value_in_btc)";
if($database->queryExec($query, $error)) {
echo "*ok*";
}
//Select the amount paid into an invoice with select SUM(value) as value from invoice_payments where invoice_id = $invoice_id
Lol please tell me where this script is live ;-) Looks like you can steal all BTC from them ;-) Its just an example code you should have brains to work on the security level of your website |
I turned everyone down Sorry for that |
|
|
bitpop
Legendary
Offline
Activity: 2912
Merit: 1060
|
|
January 13, 2014, 03:05:50 PM |
|
I'm available
|
|
|
|
QuentinBrubru (OP)
Newbie
Offline
Activity: 7
Merit: 0
|
|
January 14, 2014, 01:44:10 PM |
|
Hello guy thanks for this script but i use https://blockchain.info/fr/q/getreceivedbyaddress/$cc = file_get_contents('https://blockchain.info/q/getreceivedbyaddress/' . $addr);
$cc = $cc / 100000000;And for send payment i use $guid = "XXX-XXX-XXX";
$main_password = "XXX";
$address = $addrto;
$amount = ($soldto * 100000000); // Btc to satoshi
$shared = "true"; // true or false ?
$send = "https://blockchain.info/fr/merchant/$guid/payment?password=$main_password&to=$address&amount=$amount&shared=$shared";
$send = file_get_contents($send); For generat unique address $my_bitcoin_address = "my_address";
$my_callback_url = $link."/".$id."/";
$root_url = $blockchain_root.'api/receive';
$parameters = 'method=create&address=' . $my_bitcoin_address .'&callback='. urlencode($my_callback_url);
$response = file_get_contents($root_url . '?' . $parameters);
$object = json_decode($response);
$uniqaddr = $object->input_address
Its corectly ? Thanks you its for my shop online and im newbie in php  |
|
|
|
|
Evil-Knievel
Legendary
Offline
Activity: 1260
Merit: 1168
|
|
January 14, 2014, 02:40:32 PM
Last edit: April 17, 2016, 09:24:46 PM by Evil-Knievel |
|
This message was too old and has been purged
|
|
|
|
|
QuentinBrubru (OP)
Newbie
Offline
Activity: 7
Merit: 0
|
|
January 14, 2014, 02:48:31 PM |
|
Thanks you Evil Knievel i view for buy SSL Thanks all for help |
|
|
|
|
Evil-Knievel
Legendary
Offline
Activity: 1260
Merit: 1168
|
|
January 14, 2014, 02:52:57 PM
Last edit: April 17, 2016, 09:24:39 PM by Evil-Knievel |
|
This message was too old and has been purged
|
|
|
|
|
bitpop
Legendary
Offline
Activity: 2912
Merit: 1060
|
|
January 15, 2014, 07:56:16 AM |
|
Thanks you Evil Knievel i view for buy SSL Thanks all for help Actually this will not bring you any effort in this case. The connection to blockchain.info is SSL encrypted anyways - you are calling a https:// url. However, URL parameters never get encrypted :-) Are you sure? I could never figure it out. I'm pretty sure they are encrypted. Check wireshark. |
|
|
|
RocketSingh
Legendary
Offline
Activity: 1662
Merit: 1050
|
|
October 27, 2014, 06:37:19 PM |
|
Fullphp code is given in blockchain only
$real_secret = 'ZzsMLGKe162CfA5EcG6j'
$invoice_id = $_GET['invoice_id']; //invoice_id is past back to the callback URL
$transaction_hash = $_GET['transaction_hash'];
$input_transaction_hash = $_GET['input_transaction_hash'];
$input_address = $_GET['input_address'];
$value_in_satoshi = $_GET['value'];
$value_in_btc = $value_in_satoshi / 100000000;
//Commented out to test, uncomment when live
if ($_GET['test'] == true) {
return;
}
try {
//create or open the database
$database = new SQLiteDatabase('db.sqlite', 0666, $error);
} catch(Exception $e) {
die($error);
}
//Add the invoice to the database
$query = "insert INTO invoice_payments (invoice_id, transaction_hash, value) values($invoice_id, '$transaction_hash', $value_in_btc)";
if($database->queryExec($query, $error)) {
echo "*ok*";
}
//Select the amount paid into an invoice with select SUM(value) as value from invoice_payments where invoice_id = $invoice_id
Lol please tell me where this script is live ;-) Looks like you can steal all BTC from them ;-) It is great if u please explain the catch. The $real_secret is not checked in this code. How do u overcome that verification ? |
|
|
|
cr1776
Legendary
Offline
Activity: 4032
Merit: 1299
|
|
October 27, 2014, 08:05:43 PM |
|
Just a cursory look, without testing, but it looks like it is wide open to SQL injection in many spots for one thing. Fullphp code is given in blockchain only
$real_secret = 'ZzsMLGKe162CfA5EcG6j'
$invoice_id = $_GET['invoice_id']; //invoice_id is past back to the callback URL
$transaction_hash = $_GET['transaction_hash'];
$input_transaction_hash = $_GET['input_transaction_hash'];
$input_address = $_GET['input_address'];
$value_in_satoshi = $_GET['value'];
$value_in_btc = $value_in_satoshi / 100000000;
//Commented out to test, uncomment when live
if ($_GET['test'] == true) {
return;
}
try {
//create or open the database
$database = new SQLiteDatabase('db.sqlite', 0666, $error);
} catch(Exception $e) {
die($error);
}
//Add the invoice to the database
$query = "insert INTO invoice_payments (invoice_id, transaction_hash, value) values($invoice_id, '$transaction_hash', $value_in_btc)";
if($database->queryExec($query, $error)) {
echo "*ok*";
}
//Select the amount paid into an invoice with select SUM(value) as value from invoice_payments where invoice_id = $invoice_id
Lol please tell me where this script is live ;-) Looks like you can steal all BTC from them ;-) It is great if u please explain the catch. The $real_secret is not checked in this code. How do u overcome that verification ? |
|
|
|
|
RocketSingh
Legendary
Offline
Activity: 1662
Merit: 1050
|
|
October 28, 2014, 09:25:06 AM |
|
Thanks you Evil Knievel i view for buy SSL Thanks all for help Actually this will not bring you any effort in this case. The connection to blockchain.info is SSL encrypted anyways - you are calling a https:// url. However, URL parameters never get encrypted :-) Lately cloudflare is offering SSL even on free plan. Does it mean, for sites hosted on cloudflare, this URL parameter exposure problem is non-existent ? |
|
|
|
|
