Bitcoin Forum
November 12, 2024, 09:13:53 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Any PHP programmer who can help integrate Bitcoins Payment with a script?  (Read 1622 times)
QuentinBrubru (OP)
Newbie
*
Offline Offline

Activity: 7
Merit: 0


View Profile
January 12, 2014, 07:00:06 PM
Last edit: January 14, 2014, 01:57:38 PM by QuentinBrubru
 #1

Hello, I need help to integrate bitcoin payment into my site web in php
I have juste this now i use blockchain api https://blockchain.info/fr/api/api_receive


Code:
$secret = 'ZzsMLGKe162CfA5EcG6j';
$my_address = '1A8JiWcwvpY7tAopUkSnGuEYHmzGYfZPiq';
$my_callback_url = 'https://mystore.com?invoice_id=058921123&secret='.$secret;
$root_url = 'https://blockchain.info/api/receive';
$parameters = 'method=create&address=' . $my_address .'&callback='. urlencode($my_callback_url);
$response = file_get_contents($root_url . '?' . $parameters);
$object = json_decode($response);

echo 'Send Payment To : ' . $object->input_address;


I create a unique address but after I do not understand help plz

sorry for my little english
Apocalipsis
Full Member
***
Offline Offline

Activity: 147
Merit: 100


View Profile
January 12, 2014, 07:11:49 PM
 #2

Hello, I need help to integrate bitcoin payment into my site web in php
I have juste this now i use blockchain api https://blockchain.info/fr/api/api_receive


$secret = 'ZzsMLGKe162CfA5EcG6j';
$my_address = '1A8JiWcwvpY7tAopUkSnGuEYHmzGYfZPiq';
$my_callback_url = 'https://mystore.com?invoice_id=058921123&secret='.$secret;
$root_url = 'https://blockchain.info/api/receive';
$parameters = 'method=create&address=' . $my_address .'&callback='. urlencode($my_callback_url);
$response = file_get_contents($root_url . '?' . $parameters);
$object = json_decode($response);

echo 'Send Payment To : ' . $object->input_address;


I create a unique address but after I do not understand help plz

sorry for my little english
3

https://bitcointalk.org/index.php?topic=412425.0
Shahrukh
Full Member
***
Offline Offline

Activity: 154
Merit: 100


View Profile WWW
January 12, 2014, 07:13:58 PM
 #3

Fullphp code is given in blockchain only

Code:
 
$real_secret = 'ZzsMLGKe162CfA5EcG6j'
$invoice_id = $_GET['invoice_id']; //invoice_id is past back to the callback URL
$transaction_hash = $_GET['transaction_hash'];
$input_transaction_hash = $_GET['input_transaction_hash'];
$input_address = $_GET['input_address'];
$value_in_satoshi = $_GET['value'];
$value_in_btc = $value_in_satoshi / 100000000;

//Commented out to test, uncomment when live
if ($_GET['test'] == true) {
    return;
}

try {
  //create or open the database
  $database = new SQLiteDatabase('db.sqlite', 0666, $error);
} catch(Exception $e) {
  die($error);
}

//Add the invoice to the database
$query = "insert INTO invoice_payments (invoice_id, transaction_hash, value) values($invoice_id, '$transaction_hash', $value_in_btc)";

if($database->queryExec($query, $error)) {
   echo "*ok*";
}

//Select the amount paid into an invoice with select SUM(value) as value from invoice_payments where invoice_id = $invoice_id

I turned everyone down Sad Sorry for that
Abdussamad
Legendary
*
Offline Offline

Activity: 3682
Merit: 1580



View Profile
January 13, 2014, 12:26:07 PM
 #4

Fullphp code is given in blockchain only

Code:
 
$real_secret = 'ZzsMLGKe162CfA5EcG6j'
$invoice_id = $_GET['invoice_id']; //invoice_id is past back to the callback URL
$transaction_hash = $_GET['transaction_hash'];
$input_transaction_hash = $_GET['input_transaction_hash'];
$input_address = $_GET['input_address'];
$value_in_satoshi = $_GET['value'];
$value_in_btc = $value_in_satoshi / 100000000;

//Commented out to test, uncomment when live
if ($_GET['test'] == true) {
    return;
}

try {
  //create or open the database
  $database = new SQLiteDatabase('db.sqlite', 0666, $error);
} catch(Exception $e) {
  die($error);
}

//Add the invoice to the database
$query = "insert INTO invoice_payments (invoice_id, transaction_hash, value) values($invoice_id, '$transaction_hash', $value_in_btc)";

if($database->queryExec($query, $error)) {
   echo "*ok*";
}

//Select the amount paid into an invoice with select SUM(value) as value from invoice_payments where invoice_id = $invoice_id

Wow awesome! SQL injection heaven!
Evil-Knievel
Legendary
*
Offline Offline

Activity: 1260
Merit: 1168



View Profile
January 13, 2014, 01:03:52 PM
Last edit: April 17, 2016, 09:25:17 PM by Evil-Knievel
 #5

This message was too old and has been purged
Shahrukh
Full Member
***
Offline Offline

Activity: 154
Merit: 100


View Profile WWW
January 13, 2014, 02:54:06 PM
 #6

Fullphp code is given in blockchain only

Code:
 
$real_secret = 'ZzsMLGKe162CfA5EcG6j'
$invoice_id = $_GET['invoice_id']; //invoice_id is past back to the callback URL
$transaction_hash = $_GET['transaction_hash'];
$input_transaction_hash = $_GET['input_transaction_hash'];
$input_address = $_GET['input_address'];
$value_in_satoshi = $_GET['value'];
$value_in_btc = $value_in_satoshi / 100000000;

//Commented out to test, uncomment when live
if ($_GET['test'] == true) {
    return;
}

try {
  //create or open the database
  $database = new SQLiteDatabase('db.sqlite', 0666, $error);
} catch(Exception $e) {
  die($error);
}

//Add the invoice to the database
$query = "insert INTO invoice_payments (invoice_id, transaction_hash, value) values($invoice_id, '$transaction_hash', $value_in_btc)";

if($database->queryExec($query, $error)) {
   echo "*ok*";
}

//Select the amount paid into an invoice with select SUM(value) as value from invoice_payments where invoice_id = $invoice_id

Lol please tell me where this script is live ;-) Looks like you can steal all BTC from them ;-)


Its just an example code you should have brains to work on the security level of your website

I turned everyone down Sad Sorry for that
bitpop
Legendary
*
Offline Offline

Activity: 2912
Merit: 1060



View Profile WWW
January 13, 2014, 03:05:50 PM
 #7

I'm available

QuentinBrubru (OP)
Newbie
*
Offline Offline

Activity: 7
Merit: 0


View Profile
January 14, 2014, 01:44:10 PM
 #8

Hello guy thanks for this script but i use https://blockchain.info/fr/q/getreceivedbyaddress/


Code:
$cc = file_get_contents('https://blockchain.info/q/getreceivedbyaddress/' . $addr);

$cc = $cc / 100000000;



And for send payment i use


Code:
	$guid = "XXX-XXX-XXX";
$main_password = "XXX";
$address = $addrto;
$amount = ($soldto * 100000000); // Btc to satoshi
$shared = "true"; // true or false ?

$send = "https://blockchain.info/fr/merchant/$guid/payment?password=$main_password&to=$address&amount=$amount&shared=$shared";
$send = file_get_contents($send);


For generat unique address

Code:
$my_bitcoin_address = "my_address";

$my_callback_url = $link."/".$id."/";

$root_url = $blockchain_root.'api/receive';
$parameters = 'method=create&address=' . $my_bitcoin_address .'&callback='. urlencode($my_callback_url);

$response = file_get_contents($root_url . '?' . $parameters);
$object = json_decode($response);

$uniqaddr = $object->input_address

Its corectly ? Thanks you its for my shop online and im newbie in php Smiley
Evil-Knievel
Legendary
*
Offline Offline

Activity: 1260
Merit: 1168



View Profile
January 14, 2014, 02:40:32 PM
Last edit: April 17, 2016, 09:24:46 PM by Evil-Knievel
 #9

This message was too old and has been purged
QuentinBrubru (OP)
Newbie
*
Offline Offline

Activity: 7
Merit: 0


View Profile
January 14, 2014, 02:48:31 PM
 #10

Thanks you Evil Knievel i view for buy SSL
Thanks all for help Smiley
Evil-Knievel
Legendary
*
Offline Offline

Activity: 1260
Merit: 1168



View Profile
January 14, 2014, 02:52:57 PM
Last edit: April 17, 2016, 09:24:39 PM by Evil-Knievel
 #11

This message was too old and has been purged
bitpop
Legendary
*
Offline Offline

Activity: 2912
Merit: 1060



View Profile WWW
January 15, 2014, 07:56:16 AM
 #12

Thanks you Evil Knievel i view for buy SSL
Thanks all for help Smiley

Actually this will not bring you any effort in this case.
The connection to blockchain.info is SSL encrypted anyways - you are calling a https:// url.
However, URL parameters never get encrypted :-)

Are you sure? I could never figure it out. I'm pretty sure they are encrypted. Check wireshark.

RocketSingh
Legendary
*
Offline Offline

Activity: 1662
Merit: 1050


View Profile
October 27, 2014, 06:37:19 PM
 #13

Fullphp code is given in blockchain only

Code:
 
$real_secret = 'ZzsMLGKe162CfA5EcG6j'
$invoice_id = $_GET['invoice_id']; //invoice_id is past back to the callback URL
$transaction_hash = $_GET['transaction_hash'];
$input_transaction_hash = $_GET['input_transaction_hash'];
$input_address = $_GET['input_address'];
$value_in_satoshi = $_GET['value'];
$value_in_btc = $value_in_satoshi / 100000000;

//Commented out to test, uncomment when live
if ($_GET['test'] == true) {
    return;
}

try {
  //create or open the database
  $database = new SQLiteDatabase('db.sqlite', 0666, $error);
} catch(Exception $e) {
  die($error);
}

//Add the invoice to the database
$query = "insert INTO invoice_payments (invoice_id, transaction_hash, value) values($invoice_id, '$transaction_hash', $value_in_btc)";

if($database->queryExec($query, $error)) {
   echo "*ok*";
}

//Select the amount paid into an invoice with select SUM(value) as value from invoice_payments where invoice_id = $invoice_id

Lol please tell me where this script is live ;-) Looks like you can steal all BTC from them ;-)

It is great if u please explain the catch. The $real_secret is not checked in this code. How do u overcome that verification ?

cr1776
Legendary
*
Offline Offline

Activity: 4214
Merit: 1313


View Profile
October 27, 2014, 08:05:43 PM
 #14

Just a cursory look, without testing, but it looks like it is wide open to SQL injection in many spots for one thing.

Fullphp code is given in blockchain only

Code:
 
$real_secret = 'ZzsMLGKe162CfA5EcG6j'
$invoice_id = $_GET['invoice_id']; //invoice_id is past back to the callback URL
$transaction_hash = $_GET['transaction_hash'];
$input_transaction_hash = $_GET['input_transaction_hash'];
$input_address = $_GET['input_address'];
$value_in_satoshi = $_GET['value'];
$value_in_btc = $value_in_satoshi / 100000000;

//Commented out to test, uncomment when live
if ($_GET['test'] == true) {
    return;
}

try {
  //create or open the database
  $database = new SQLiteDatabase('db.sqlite', 0666, $error);
} catch(Exception $e) {
  die($error);
}

//Add the invoice to the database
$query = "insert INTO invoice_payments (invoice_id, transaction_hash, value) values($invoice_id, '$transaction_hash', $value_in_btc)";

if($database->queryExec($query, $error)) {
   echo "*ok*";
}

//Select the amount paid into an invoice with select SUM(value) as value from invoice_payments where invoice_id = $invoice_id

Lol please tell me where this script is live ;-) Looks like you can steal all BTC from them ;-)

It is great if u please explain the catch. The $real_secret is not checked in this code. How do u overcome that verification ?

RocketSingh
Legendary
*
Offline Offline

Activity: 1662
Merit: 1050


View Profile
October 28, 2014, 09:25:06 AM
 #15

Thanks you Evil Knievel i view for buy SSL
Thanks all for help Smiley

Actually this will not bring you any effort in this case.
The connection to blockchain.info is SSL encrypted anyways - you are calling a https:// url.
However, URL parameters never get encrypted :-)

Lately cloudflare is offering SSL even on free plan. Does it mean, for sites hosted on cloudflare, this URL parameter exposure problem is non-existent ?

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!