Any PHP programmer who can help integrate Bitcoins Payment with a script?

[QuentinBrubru]

Hello, I need help to integrate bitcoin payment into my site web in php
I have juste this now i use blockchain api https://blockchain.info/fr/api/api_receive

Code:

$secret = 'ZzsMLGKe162CfA5EcG6j';
$my_address = '1A8JiWcwvpY7tAopUkSnGuEYHmzGYfZPiq';
$my_callback_url = 'https://mystore.com?invoice_id=058921123&secret='.$secret;
$root_url = 'https://blockchain.info/api/receive';
$parameters = 'method=create&address=' . $my_address .'&callback='. urlencode($my_callback_url);
$response = file_get_contents($root_url . '?' . $parameters);
$object = json_decode($response);

echo 'Send Payment To : ' . $object->input_address;

I create a unique address but after I do not understand help plz

sorry for my little english

[Apocalipsis]

Hello, I need help to integrate bitcoin payment into my site web in php
I have juste this now i use blockchain api https://blockchain.info/fr/api/api_receive


$secret = 'ZzsMLGKe162CfA5EcG6j';
$my_address = '1A8JiWcwvpY7tAopUkSnGuEYHmzGYfZPiq';
$my_callback_url = 'https://mystore.com?invoice_id=058921123&secret='.$secret;
$root_url = 'https://blockchain.info/api/receive';
$parameters = 'method=create&address=' . $my_address .'&callback='. urlencode($my_callback_url);
$response = file_get_contents($root_url . '?' . $parameters);
$object = json_decode($response);

echo 'Send Payment To : ' . $object->input_address;


I create a unique address but after I do not understand help plz

sorry for my little english

3

https://bitcointalk.org/index.php?topic=412425.0

[Shahrukh]

Fullphp code is given in blockchain only

Code:

 
$real_secret = 'ZzsMLGKe162CfA5EcG6j'
$invoice_id = $_GET['invoice_id']; //invoice_id is past back to the callback URL
$transaction_hash = $_GET['transaction_hash'];
$input_transaction_hash = $_GET['input_transaction_hash'];
$input_address = $_GET['input_address'];
$value_in_satoshi = $_GET['value'];
$value_in_btc = $value_in_satoshi / 100000000;

//Commented out to test, uncomment when live
if ($_GET['test'] == true) {
    return;
}

try {
  //create or open the database
  $database = new SQLiteDatabase('db.sqlite', 0666, $error);
} catch(Exception $e) {
  die($error);
}

//Add the invoice to the database
$query = "insert INTO invoice_payments (invoice_id, transaction_hash, value) values($invoice_id, '$transaction_hash', $value_in_btc)";

if($database->queryExec($query, $error)) {
   echo "*ok*";
}

//Select the amount paid into an invoice with select SUM(value) as value from invoice_payments where invoice_id = $invoice_id

[Abdussamad]

Fullphp code is given in blockchain only

Code:

 
$real_secret = 'ZzsMLGKe162CfA5EcG6j'
$invoice_id = $_GET['invoice_id']; //invoice_id is past back to the callback URL
$transaction_hash = $_GET['transaction_hash'];
$input_transaction_hash = $_GET['input_transaction_hash'];
$input_address = $_GET['input_address'];
$value_in_satoshi = $_GET['value'];
$value_in_btc = $value_in_satoshi / 100000000;

//Commented out to test, uncomment when live
if ($_GET['test'] == true) {
    return;
}

try {
  //create or open the database
  $database = new SQLiteDatabase('db.sqlite', 0666, $error);
} catch(Exception $e) {
  die($error);
}

//Add the invoice to the database
$query = "insert INTO invoice_payments (invoice_id, transaction_hash, value) values($invoice_id, '$transaction_hash', $value_in_btc)";

if($database->queryExec($query, $error)) {
   echo "*ok*";
}

//Select the amount paid into an invoice with select SUM(value) as value from invoice_payments where invoice_id = $invoice_id

Wow awesome! SQL injection heaven!

[Evil-Knievel]

This message was too old and has been purged

[Shahrukh]

Fullphp code is given in blockchain only

Code:

 
$real_secret = 'ZzsMLGKe162CfA5EcG6j'
$invoice_id = $_GET['invoice_id']; //invoice_id is past back to the callback URL
$transaction_hash = $_GET['transaction_hash'];
$input_transaction_hash = $_GET['input_transaction_hash'];
$input_address = $_GET['input_address'];
$value_in_satoshi = $_GET['value'];
$value_in_btc = $value_in_satoshi / 100000000;

//Commented out to test, uncomment when live
if ($_GET['test'] == true) {
    return;
}

try {
  //create or open the database
  $database = new SQLiteDatabase('db.sqlite', 0666, $error);
} catch(Exception $e) {
  die($error);
}

//Add the invoice to the database
$query = "insert INTO invoice_payments (invoice_id, transaction_hash, value) values($invoice_id, '$transaction_hash', $value_in_btc)";

if($database->queryExec($query, $error)) {
   echo "*ok*";
}

//Select the amount paid into an invoice with select SUM(value) as value from invoice_payments where invoice_id = $invoice_id

Lol please tell me where this script is live ;-) Looks like you can steal all BTC from them ;-)

Its just an example code you should have brains to work on the security level of your website

[bitpop]

I'm available

[QuentinBrubru]

Hello guy thanks for this script but i use https://blockchain.info/fr/q/getreceivedbyaddress/

Code:

$cc = file_get_contents('https://blockchain.info/q/getreceivedbyaddress/' . $addr);

$cc = $cc / 100000000;

And for send payment i use

Code:

	$guid = "XXX-XXX-XXX";
	$main_password = "XXX";
	$address = $addrto;
	$amount = ($soldto * 100000000); // Btc to satoshi
	$shared = "true"; // true or false ?

$send = "https://blockchain.info/fr/merchant/$guid/payment?password=$main_password&to=$address&amount=$amount&shared=$shared";
$send = file_get_contents($send);

For generat unique address

Code:

$my_bitcoin_address = "my_address";

$my_callback_url = $link."/".$id."/";

$root_url = $blockchain_root.'api/receive';
$parameters = 'method=create&address=' . $my_bitcoin_address .'&callback='. urlencode($my_callback_url);

$response = file_get_contents($root_url . '?' . $parameters);
$object = json_decode($response);

$uniqaddr = $object->input_address

Its corectly ? Thanks you its for my shop online and im newbie in php

[Evil-Knievel]

This message was too old and has been purged

[QuentinBrubru]

Thanks you Evil Knievel i view for buy SSL
Thanks all for help

[Evil-Knievel]

This message was too old and has been purged

[bitpop]

Thanks you Evil Knievel i view for buy SSL
Thanks all for help

Actually this will not bring you any effort in this case.
The connection to blockchain.info is SSL encrypted anyways - you are calling a https:// url.
However, URL parameters never get encrypted :-)

Are you sure? I could never figure it out. I'm pretty sure they are encrypted. Check wireshark.

[RocketSingh]

Fullphp code is given in blockchain only

Code:

 
$real_secret = 'ZzsMLGKe162CfA5EcG6j'
$invoice_id = $_GET['invoice_id']; //invoice_id is past back to the callback URL
$transaction_hash = $_GET['transaction_hash'];
$input_transaction_hash = $_GET['input_transaction_hash'];
$input_address = $_GET['input_address'];
$value_in_satoshi = $_GET['value'];
$value_in_btc = $value_in_satoshi / 100000000;

//Commented out to test, uncomment when live
if ($_GET['test'] == true) {
    return;
}

try {
  //create or open the database
  $database = new SQLiteDatabase('db.sqlite', 0666, $error);
} catch(Exception $e) {
  die($error);
}

//Add the invoice to the database
$query = "insert INTO invoice_payments (invoice_id, transaction_hash, value) values($invoice_id, '$transaction_hash', $value_in_btc)";

if($database->queryExec($query, $error)) {
   echo "*ok*";
}

//Select the amount paid into an invoice with select SUM(value) as value from invoice_payments where invoice_id = $invoice_id

Lol please tell me where this script is live ;-) Looks like you can steal all BTC from them ;-)

It is great if u please explain the catch. The $real_secret is not checked in this code. How do u overcome that verification ?

[cr1776]

Just a cursory look, without testing, but it looks like it is wide open to SQL injection in many spots for one thing.

Fullphp code is given in blockchain only

Code:

 
$real_secret = 'ZzsMLGKe162CfA5EcG6j'
$invoice_id = $_GET['invoice_id']; //invoice_id is past back to the callback URL
$transaction_hash = $_GET['transaction_hash'];
$input_transaction_hash = $_GET['input_transaction_hash'];
$input_address = $_GET['input_address'];
$value_in_satoshi = $_GET['value'];
$value_in_btc = $value_in_satoshi / 100000000;

//Commented out to test, uncomment when live
if ($_GET['test'] == true) {
    return;
}

try {
  //create or open the database
  $database = new SQLiteDatabase('db.sqlite', 0666, $error);
} catch(Exception $e) {
  die($error);
}

//Add the invoice to the database
$query = "insert INTO invoice_payments (invoice_id, transaction_hash, value) values($invoice_id, '$transaction_hash', $value_in_btc)";

if($database->queryExec($query, $error)) {
   echo "*ok*";
}

//Select the amount paid into an invoice with select SUM(value) as value from invoice_payments where invoice_id = $invoice_id

Lol please tell me where this script is live ;-) Looks like you can steal all BTC from them ;-)

It is great if u please explain the catch. The $real_secret is not checked in this code. How do u overcome that verification ?

[RocketSingh]

Thanks you Evil Knievel i view for buy SSL
Thanks all for help

Actually this will not bring you any effort in this case.
The connection to blockchain.info is SSL encrypted anyways - you are calling a https:// url.
However, URL parameters never get encrypted :-)

Lately cloudflare is offering SSL even on free plan. Does it mean, for sites hosted on cloudflare, this URL parameter exposure problem is non-existent ?