├── .gitignore ├── 404.php ├── DATABASE ├── INSTALL ├── LICENSE ├── README ├── add_cash.php ├── api.php ├── backups └── .gitignore ├── bank.php ├── bank ├── README.txt ├── bank_config.php ├── privatekey.pem ├── publickey.cer └── xero.php ├── bin ├── every-hour └── every-minute ├── cert └── facacbc6.0 ├── commission.php ├── cron ├── bankd │ ├── check_bank_changed_format.py │ ├── finalize_withdrawals.php │ ├── fix_badref.php │ ├── import_csv.php │ ├── import_csv_hsbc.py │ ├── mark_withdrawals.php │ ├── match_withdrawals.php │ ├── parse_deposits.py │ ├── reject_withdrawal.php │ ├── show_payees.py │ ├── show_withdraws.py │ └── withdraw_helper.py ├── process_orders.php ├── sync_to_bitcoin.php ├── verify_deposits.php └── verify_withdrawals_bitcoin.php ├── crontab.txt ├── db.php ├── demo.php ├── deposit.php ├── doc └── process_order ├── docs.php ├── docs └── .gitignore ├── download.php ├── drawing.svg ├── duo_config.php ├── duo_web.php ├── errors.php ├── footer.php ├── freeze.php ├── graph.php ├── header.php ├── help.php ├── htdocs ├── .htaccess ├── api │ ├── addOrder.php │ ├── cancelOrder.php │ ├── getDepositAddress.php │ ├── getDepth.php │ ├── getOrders.php │ ├── getTrades.php │ ├── index.php │ ├── info.php │ ├── redeemVoucher.php │ ├── ticker.php │ ├── withdrawBitcoin.php │ ├── withdrawFiat.php │ └── withdrawVoucher.php ├── code │ ├── demo.php │ ├── index.php │ └── wbx_api.php ├── config.php ├── favicon.png ├── images │ ├── arrow_down.png │ ├── aud_flag.png │ ├── bg_body.gif │ ├── btc_flag.png │ ├── eur_flag.png │ ├── flower.png │ ├── gbp_flag.png │ ├── header.png │ ├── index.html │ ├── list_marker.png │ ├── logo200.jpg │ ├── logo400.jpg │ ├── panel_border.png │ ├── panel_tile.png │ ├── panel_tile_header.png │ ├── pp_flag.png │ ├── skyline.png │ ├── test │ │ ├── all_time.png │ │ ├── all_time_thumb.png │ │ ├── b2cslogo.png │ │ ├── b2cslogo_thumb.png │ │ ├── glider_gun.gif │ │ ├── glider_gun_thumb.gif │ │ ├── lifenext.gif │ │ └── lifenext_thumb.gif │ ├── tumblbeasts │ │ └── tb_sign1.png │ └── usd_flag.png ├── index.php ├── js │ ├── Duo-Web-v1.bundled.min.js │ ├── exchanger.js │ ├── fancybox │ │ ├── blank.gif │ │ ├── fancy_close.png │ │ ├── fancy_loading.png │ │ ├── fancy_nav_left.png │ │ ├── fancy_nav_right.png │ │ ├── fancy_shadow_e.png │ │ ├── fancy_shadow_n.png │ │ ├── fancy_shadow_ne.png │ │ ├── fancy_shadow_nw.png │ │ ├── fancy_shadow_s.png │ │ ├── fancy_shadow_se.png │ │ ├── fancy_shadow_sw.png │ │ ├── fancy_shadow_w.png │ │ ├── fancy_title_left.png │ │ ├── fancy_title_main.png │ │ ├── fancy_title_over.png │ │ ├── fancy_title_right.png │ │ ├── fancybox-x.png │ │ ├── fancybox-y.png │ │ ├── fancybox.png │ │ ├── jquery.easing-1.3.pack.js │ │ ├── jquery.fancybox-1.3.4.css │ │ ├── jquery.fancybox-1.3.4.js │ │ ├── jquery.fancybox-1.3.4.pack.js │ │ └── jquery.mousewheel-3.0.4.pack.js │ ├── jquery-1.4.3.min.js │ ├── jquery-1.4.4.min.js │ └── util.js ├── robots.txt ├── statement └── style.css ├── identity.php ├── interpreter.php ├── jsonRPCClient.php ├── localization.php ├── locks └── .gitignore ├── login.php ├── logs └── .gitignore ├── mtgox_api.php ├── mtgox_config.php ├── news.php ├── openid.php ├── order_utils.php ├── orderbook.php ├── place_order.php ├── profile.php ├── scr ├── check.py ├── sanity.sql ├── summa.php ├── sync_to_bitcoin.php └── unit.sh ├── setup-intersango.sh ├── statement.php ├── switcher.php ├── test.php ├── trade.php ├── turn_on_duo.php ├── users.php ├── util.php ├── view_order.php ├── view_request.php ├── view_trades.php ├── view_util.php ├── voucher.php ├── wbx_api.php ├── withdraw.php └── withdraw_utils.php /.gitignore: -------------------------------------------------------------------------------- 1 | Backup 2 | /ezcomponents 3 | /log-bad-page.txt 4 | /log-error.txt 5 | /log-problem.txt 6 | /log.txt 7 | /todo.txt 8 | -------------------------------------------------------------------------------- /404.php: -------------------------------------------------------------------------------- 1 |
2 |

3 |

4 | ', $page), 9 | ""); ?> 10 |

11 |

12 |


13 | ', 15 | ""); ?>
16 |

17 |
18 | -------------------------------------------------------------------------------- /INSTALL: -------------------------------------------------------------------------------- 1 | 1. create the database as instructed in the file DATABASE: 2 | CREATE DATABASE intersango; 3 | USE intersango; 4 | ... 5 | 6 | 2. create /var/db.intersango.inc with the lines: 7 | -------------------------- 8 | 21 | --------------------------- 22 | 23 | 3. 24 | cd /var 25 | sudo rm -fr www 26 | ln -s /path/to/this/dir/htdocs www 27 | 28 | 4. open /var/www/config.php and edit ABSPATH to point to this dir (/path/to/this/dir) 29 | 30 | 5. enable MySQL logging in /etc/mysql/my.cnf: 31 | log = /var/log/mysql/mysql.log 32 | 33 | 6. import DATABASE into mysql 34 | 35 | 7. edit crontab -e, mark /var/tmp/error-reports.log as rw for users 36 | 37 | translations: 38 | ------------ 39 | 40 | 1. install poedit: 41 | 42 | $ sudo apt-get install poedit 43 | 44 | 2. make folder for translation: 45 | 46 | $ mkdir locale/de_DE/LC_MESSAGES/ 47 | 48 | 3. generate locale: 49 | 50 | $ sudo locale-gen de_DE 51 | 52 | 4. restart apache: 53 | 54 | $ sudo /etc/init.d/apache2 restart 55 | 56 | 5. default locale can be set in htdocs/config.php: 57 | 58 | // what locale to use for translations 59 | define('LOCALE', 'en_CA'); 60 | 61 | or tested on a specific page by appending &locale=... to the URL: 62 | 63 | http://whatever.com?page=statement&user=all&locale=de_DE 64 | -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- 1 | This is the exchange software used on intersango.com and britcoin.co.uk 2 | 3 | Copyright is held by Bitcoin Consultancy (bitcoinconsultancy.com) 4 | 5 | You are free to use all artwork and code in this repository in accordance of the 6 | terms of the AGPL. 7 | 8 | -------------------------------------------------------------------------------- /add_cash.php: -------------------------------------------------------------------------------- 1 | 13 | 14 | 1 22 | UNION 23 | SELECT deposref, uid FROM old_deposrefs 24 | ORDER BY deposref 25 | "); 26 | 27 | while ($row = mysql_fetch_assoc($result)) { 28 | $deposref = strtolower($row['deposref']); 29 | $scores[$deposref] = round((9 + similar_text($reference, $deposref) - levenshtein($reference, $deposref))*100/18); 30 | $uid[$deposref] = $row['uid']; 31 | } 32 | 33 | arsort($scores); 34 | 35 | $first = true; 36 | foreach ($scores as $deposref => $score) { 37 | if ($score >= 50) { 38 | if ($first) { 39 | $first = false; 40 | echo "

" . _("Did you mean one of these? Higher percentage = closer match.") . "

\n"; 41 | echo "

" . _("Click an entry to copy it to the form below, then click 'Deposit' again.") . "

\n"; 42 | echo "\n"; 43 | echo "\n"; 44 | } 45 | 46 | $formatted = format_deposref($deposref); 47 | 48 | echo ""; 53 | echo "\n"; 54 | } 55 | } 56 | 57 | if (!$first) echo "
ReferenceMatchUID
$formatted$score%{$uid[$deposref]}
\n"; 58 | } 59 | 60 | if (isset($_POST['make_deposit'])) { 61 | if (isset($_POST['csrf_token'])) { 62 | if ($_SESSION['csrf_token'] != $_POST['csrf_token']) 63 | throw new Error("csrf", "csrf token mismatch!"); 64 | } else 65 | throw new Error("csrf", "csrf token missing!"); 66 | } 67 | 68 | echo "
\n"; 69 | echo "

" . _("Deposit cash") . "

\n"; 70 | 71 | if (!$is_admin) throw new Error("GTFO", "How did you get here?"); 72 | 73 | if (isset($_POST['deposit_cash'])) { 74 | 75 | $reference = post('reference'); 76 | $user = post('user'); 77 | $amount = post('amount'); 78 | $amount_internal = numstr_to_internal($amount); 79 | 80 | if ($reference && $user) 81 | throw new Error("Error", "Only specify one of 'Reference' and 'User ID'"); 82 | 83 | if ($reference) { 84 | $ref_without_spaces = str_replace(' ', '', $reference); 85 | $query = " 86 | SELECT uid FROM users WHERE deposref='$ref_without_spaces' 87 | UNION 88 | SELECT uid FROM old_deposrefs WHERE deposref='$ref_without_spaces' 89 | "; 90 | $result = do_query($query); 91 | if (has_results($result)) { 92 | $row = get_row($result); 93 | $user = $row['uid']; 94 | 95 | if (is_numeric($amount) && $amount != 0) { 96 | $query = " 97 | INSERT INTO requests (req_type, curr_type, uid, amount ) 98 | VALUES ('DEPOS', '" . CURRENCY . "', $user, $amount_internal) 99 | "; 100 | do_query($query); 101 | printf("

" . _("added request to deposit %s to user %s's purse (reference %s)") . "

\n", 102 | ($amount . " " . CURRENCY), $user, $reference); 103 | echo "

" . _("deposit should show up in their account") . " " . _("in a minute or two") . "

\n"; 104 | echo "

" . _("make another deposit?") . "

\n"; 105 | } else { 106 | echo "

$reference is the code for user $user

\n"; 107 | if (get_verified_for_user($user)) 108 | echo "

user $user is verified

\n"; 109 | else 110 | echo "

user $user is not verified

\n"; 111 | } 112 | $amount = $reference = $user = ''; 113 | } else { 114 | printf("

" . _("'%s' isn't a valid reference code") . "

\n", 115 | $reference); 116 | show_similar_codes($reference); 117 | echo "

" . _("try again?") . "

\n"; 118 | } 119 | } else { 120 | $query = "SELECT deposref FROM users WHERE uid='$user'"; 121 | $result = do_query($query); 122 | if (has_results($result)) { 123 | $row = get_row($result); 124 | $reference = $row['deposref']; 125 | 126 | if (is_numeric($amount) && $amount != 0) { 127 | $query = " 128 | INSERT INTO requests (req_type, curr_type, uid, amount ) 129 | VALUES ('DEPOS', '" . CURRENCY . "', $user, $amount_internal) 130 | "; 131 | do_query($query); 132 | printf("

" . _("added request to deposit %s to user %s's purse (reference %s)") . "

\n", 133 | ($amount . " " . CURRENCY), $user, $reference); 134 | echo "

" . _("deposit should show up in their account") . " " . _("in a minute or two") . "

\n"; 135 | echo "

" . _("make another deposit?") . "

\n"; 136 | } else { 137 | echo "

$reference is the code for user $user

\n"; 138 | if (get_verified_for_user($user)) 139 | echo "

user $user is verified

\n"; 140 | else 141 | echo "

user $user is not verified

\n"; 142 | } 143 | $amount = $reference = $user = ''; 144 | } else { 145 | printf("

" . _("'%s' isn't a valid userid") . "

\n", 146 | $user); 147 | echo "

" . _("try again?") . "

\n"; 148 | } 149 | } 150 | } else 151 | $amount = $reference = $user = ''; 152 | echo "

" . _("Specify either 'Reference' or 'User ID', but not both.") . "

\n"; 153 | ?> 154 |
155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 |
169 |
170 | -------------------------------------------------------------------------------- /api.php: -------------------------------------------------------------------------------- 1 | \n"; 21 | echo "

" . _("API Keys") . "

\n"; 22 | 23 | $result = do_query(" 24 | SELECT 25 | name, api_key, secret, 26 | can_read, 27 | can_trade, 28 | can_withdraw, 29 | can_deposit 30 | FROM 31 | api_keys 32 | WHERE 33 | uid = $is_logged_in 34 | ORDER BY 35 | name 36 | "); 37 | 38 | $first = true; 39 | $count = 0; 40 | while ($row = mysql_fetch_array($result)) { 41 | if ($first) $first = false; 42 | $count++; 43 | 44 | $name = $row['name']; 45 | $key = $row['api_key']; 46 | $secret = $row['secret']; 47 | $can_read = $row['can_read']; 48 | $can_trade = $row['can_trade']; 49 | $can_withdraw = $row['can_withdraw']; 50 | $can_deposit = $row['can_deposit']; 51 | 52 | echo "
\n"; 53 | echo "\n"; 54 | 55 | echo "\n"; 56 | echo "\n"; 57 | echo "\n"; 58 | echo " 72 | 82 |
" . _("Name") . "$name
" . _("Key") . "$key
" . _("Secret") . "$secret
" . _("Permissions") . ""; 59 | ?> 60 | 61 | 62 | 63 | /> 64 | 65 | /> 66 | 67 | /> 68 | 69 | /> 70 | 71 |
73 | 74 | 75 |
76 | 77 | 78 | 79 | 80 |
81 |
83 | You currently have no API keys.

\n"; 88 | 89 | ?> 90 | 91 |
92 |

Create New API Key

93 |

94 |

95 | 96 | 97 | 98 | 99 | 100 | 101 |

102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 |

112 |
113 |

114 | \n"; 116 | } 117 | 118 | $read = isset($_POST['read']) ? 1 : 0; 119 | $trade = isset($_POST['trade']) ? 1 : 0; 120 | $withdraw = isset($_POST['withdraw']) ? 1 : 0; 121 | $deposit = isset($_POST['deposit']) ? 1 : 0; 122 | 123 | if (isset($_POST['add_key'])) { 124 | $name = post('name'); 125 | $api_key = random_string(8,5); 126 | $secret = random_string(8,8); 127 | 128 | // don't generate keys too quickly 129 | usleep(rand(1e6, 2e6)); 130 | 131 | $result = mysql_query("INSERT INTO api_keys (uid, name, api_key, secret, can_read, can_trade, can_withdraw, can_deposit) 132 | VALUES ('$is_logged_in', '$name', '$api_key', '$secret', '$read', '$trade', '$withdraw', '$deposit')"); 133 | if (!$result) 134 | throw new Error("Error creating key", "Do you already have an API key with that name?"); 135 | } else if (isset($_POST['update_permissions'])) { 136 | $name = post('name'); 137 | $query = " 138 | UPDATE 139 | api_keys 140 | SET 141 | can_read = $read, can_trade = $trade, can_withdraw = $withdraw, can_deposit = $deposit 142 | WHERE 143 | uid = '$is_logged_in' 144 | AND 145 | name = '$name' 146 | "; 147 | do_query($query); 148 | } else if (isset($_POST['delete_key'])) { 149 | $name = post('name'); 150 | $query = "DELETE FROM api_keys WHERE uid = '$is_logged_in' AND name = '$name'"; 151 | do_query($query); 152 | } 153 | 154 | show_api_keys(); 155 | 156 | ?> 157 | -------------------------------------------------------------------------------- /backups/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /bank.php: -------------------------------------------------------------------------------- 1 | \n"; 13 | echo "

Accounts

\n"; 14 | $result = $xero->Accounts(); 15 | if ($result['Status'] == 'OK') { 16 | echo "

list of accounts:

\n"; 21 | } 22 | echo "
\n"; 23 | } 24 | 25 | function show_statement($xero, $account, $from = '', $to = '') 26 | { 27 | $result = $xero->BankStatement("?bankaccountid=$account$from$to"); 28 | if ($result['Status'] == 'OK') { 29 | echo "
\n"; 30 | echo "

" . _("Statement") . "

\n"; 31 | 32 | $report = $result['Reports']['Report']; 33 | echo "

Titles: ", implode($report['ReportTitles']['ReportTitle'], ' - '), "

\n"; 34 | echo "

ReportDate: ", $report['ReportDate'], "

\n"; 35 | $data = $report['Rows']['Row']; 36 | 37 | echo "\n"; 38 | // echo $data[0]['RowType'], "\n"; 39 | echo ""; 40 | foreach ($data[0]['Cells']['Cell'] as $cell) 41 | echo ""; 42 | echo ""; 43 | // echo $data[1]['RowType'], "\n"; 44 | foreach ($data[1]['Rows']['Row'] as $row) { 45 | echo ""; 46 | foreach ($row['Cells']['Cell'] as $cell) { 47 | if (isset($cell['Value'])) { 48 | $value = $cell['Value']; 49 | $value = str_replace('T00:00:00', '', $value); 50 | } else 51 | $value = ''; 52 | echo ""; 53 | } 54 | echo ""; 55 | echo "\n"; 56 | } 57 | echo "
", $cell['Value'], "
$value
\n"; 58 | } 59 | } 60 | 61 | function show_withdrawals() 62 | { 63 | echo "
\n"; 64 | echo "

" . _("Withdraw requests") . "

\n"; 65 | $result = do_query(" 66 | SELECT requests.reqid as reqid, uid, amount, " . sql_format_date("timest") . " as timest, name, bank, acc_num, sort_code 67 | FROM requests 68 | JOIN uk_requests 69 | ON uk_requests.reqid = requests.reqid 70 | WHERE req_type = 'WITHDR' 71 | AND curr_type = '" . CURRENCY . "' 72 | AND status = 'VERIFY'"); 73 | $first = true; 74 | while ($row = mysql_fetch_assoc($result)) { 75 | if ($first) { 76 | $first = false; 77 | 78 | echo "\n"; 79 | echo ""; 80 | // echo ""; 81 | echo ""; 82 | echo ""; 83 | echo ""; 84 | echo ""; 85 | echo ""; 86 | echo ""; 87 | echo "\n"; 88 | } 89 | $reqid = $row['reqid']; 90 | // $uid = $row['uid']; 91 | $amount = internal_to_numstr($row['amount']); 92 | $timest = $row['timest']; 93 | $name = $row['name']; 94 | $bank = $row['bank']; 95 | $acc_num = $row['acc_num']; 96 | $sort_code = $row['sort_code']; 97 | echo ""; 98 | echo active_table_row("me", "?page=view_request&reqid=$reqid&show_finish"); 99 | // echo ""; 100 | echo ""; 101 | echo ""; 102 | echo ""; 103 | echo ""; 104 | echo ""; 105 | echo ""; 106 | echo "\n"; 107 | } 108 | 109 | if ($first) 110 | echo "

No pending withdrawals.

\n"; 111 | else 112 | echo "
User" . CURRENCY . "TimeNameBankAccount#BSB
$uid$amount$timest$name$bank$acc_num$sort_code
\n"; 113 | 114 | echo "
\n"; 115 | } 116 | 117 | $from = "&fromDate=1 Jan 2011"; 118 | // $to = "&toDate=31 Dec 2011"; 119 | 120 | // $xero = new Xero(XERO_KEY, XERO_SECRET, ABSPATH . "/bank/publickey.cer", ABSPATH . "/bank/privatekey.pem", 'json'); 121 | // show_statement($xero, ACCOUNT, $from); 122 | // list_accounts($xero); 123 | show_withdrawals(); 124 | 125 | ?> 126 | -------------------------------------------------------------------------------- /bank/README.txt: -------------------------------------------------------------------------------- 1 | The basic command line steps to generate a private and public key using OpenSSL are as follows: 2 | 3 | # Step 1 – generates your private key 4 | openssl genrsa -out privatekey.pem 1024 5 | 6 | # Step 2 – generates your public key which you use when registering your private application 7 | openssl req -newkey rsa:1024 -x509 -key privatekey.pem -out publickey.cer -days 365 8 | 9 | # Step 3 – exports your public and private key to a pfx file which can be used to sign your OAuth messages. 10 | openssl pkcs12 -export -out public_privatekey.pfx -inkey privatekey.pem -in publickey.cer 11 | 12 | is step 3 needed? 13 | -------------------------------------------------------------------------------- /bank/bank_config.php: -------------------------------------------------------------------------------- 1 | 10 | -------------------------------------------------------------------------------- /bank/privatekey.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 3 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 4 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 5 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 6 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 7 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 8 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 9 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 10 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 11 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 12 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 13 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 14 | XXXXXXXXXXXXXXXXXXXX+XXX+XXXXXXXXXXXXXXXXXX= 15 | -----END RSA PRIVATE KEY----- 16 | -------------------------------------------------------------------------------- /bank/publickey.cer: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 3 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 4 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 5 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 6 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 7 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 8 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 9 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 10 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 11 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 12 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 13 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 14 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 15 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 16 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 17 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 18 | XXXXXXXXXXXXXXX= 19 | -----END CERTIFICATE----- 20 | -------------------------------------------------------------------------------- /bin/every-hour: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | backup_wallet() { 4 | cd ~/.bitcoin 5 | ~/bin/bitcoind backupwallet ~/.bitcoin/wallet.dat.backupwallet 6 | rm -f wallet.dat.gpg 7 | gpg -c --no-tty --no-use-agent --passphrase-file pp wallet.dat.backupwallet 8 | rm -f wallet.dat.backupwallet 9 | mv wallet.dat.backupwallet.gpg wallet.dat.gpg 10 | } 11 | 12 | check_bitcoind() { 13 | date="$(date)" 14 | echo -n "$date : " >> ~/logs/bitcoind-ps.txt 15 | ps -fuworldbit | grep coin | grep daemon | grep -v grep >> ~/logs/bitcoind-ps.txt 16 | } 17 | 18 | check_bitcoind 19 | backup_wallet 20 | -------------------------------------------------------------------------------- /bin/every-minute: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # bluehost has this going on to make sure user logins use fakefs mounts: 4 | # 5 | # $ ls -l /bin/bash* /bin/sh 6 | # lrwxrwxrwx 1 root root 14 Sep 14 02:13 /bin/bash -> /bin/fakeshell 7 | # -rwxr-xr-x 5 root root 801528 Jul 21 19:20 /bin/bash.orig 8 | # lrwxrwxrwx 2 root root 9 Sep 14 02:13 /bin/sh -> bash.orig 9 | # 10 | # changing the #! line to use /bin/bash.orig (hopefully!) allows bitcoind to survive the nightly fakefs rebuild 11 | 12 | # alternatively, we could use /bin/sh and turn POSIX mode back off, to get proper bash compatibility: 13 | # 14 | # #!/bin/sh 15 | # set +o posix 16 | 17 | . ~/db.intersango.sh 18 | ROOT=~ 19 | 20 | BIN=$ROOT/bin 21 | INTERSANGO=$ROOT/intersango 22 | CRON=$INTERSANGO/cron 23 | LOGDIR=$INTERSANGO/logs 24 | LOGFILE=$LOGDIR/every-minute.txt 25 | BACKUPDIR=$INTERSANGO/backups 26 | BACKUP=$BACKUPDIR/db.txt 27 | LOCKDIR=$INTERSANGO/locks 28 | LOCKFILE=$LOCKDIR/every-minute.txt 29 | MAX_LOCK_AGE=10 # maximum amount of time a lock is allowed to survive, in minutes 30 | 31 | mkdir -p $LOCKDIR 32 | 33 | check_bitcoind() { 34 | printf "$(date) : $$ checking bitcoind\n" 35 | if ! pgrep -U "$USER" bitcoind > /dev/null 36 | then 37 | printf "$(date) : starting bitcoind\n" >> $LOGDIR/bitcoind.txt 38 | # md5sum ~/.bitcoin/blk* > /dev/null # get block data into disk cache for quicker start 39 | $BIN/bitcoind -daemon -keypool=1234 40 | mount > ~/cron/mount-after-starting-bitcoind.txt 41 | # $BIN/bitcoind -daemon -testnet 42 | fi 43 | } 44 | 45 | sync_to_bitcoin() { 46 | printf "$(date) : $$ syncing with bitcoin\n" 47 | ( 48 | cd $CRON; 49 | php ./sync_to_bitcoin.php > /dev/null 50 | ) 51 | } 52 | 53 | verify_deposits() { 54 | printf "$(date) : $$ verifying deposits\n" 55 | ( 56 | cd $CRON; 57 | php ./verify_deposits.php > /dev/null 58 | ) 59 | } 60 | 61 | verify_withdrawals_bitcoin() { 62 | printf "$(date) : $$ verifying bitcoin withdrawals\n" 63 | ( 64 | cd $CRON; 65 | php ./verify_withdrawals_bitcoin.php > /dev/null 66 | ) 67 | } 68 | 69 | process_orders() { 70 | printf "$(date) : $$ processing orders\n" 71 | mkdir -p $LOGDIR/process_orders 72 | ( 73 | cd $CRON 74 | php ./process_orders.php > $LOGDIR/process_orders/$(date +%y.%m.%d-%H.%M.%S) 2>&1 75 | ) 76 | 77 | # delete small logfiles 78 | find $LOGDIR/process_orders '(' -size 484c -o -size 118c ')' -delete 79 | } 80 | 81 | log_process_sizes() { 82 | echo; date; echo 83 | ps -o '%p %z %c' -u"$USER" | LC_COLLATE=C sort -k 3 | awk '{tot += $2; printf("%5s %6s %8s %s\n", $1, $2, tot ? tot/1024 : "SUM", $3); }' 84 | } 85 | 86 | backup_database() { 87 | printf "$(date) : $$ backing up database '$1'\n" 88 | mysqldump --extended-insert=false -u"$MYSQL_INTERSANGO_USER" "$MYSQL_INTERSANGO_DBNAME" -p"$MYSQL_INTERSANGO_PW" | sed -e 's/AUTO_INCREMENT=[0-9]* //' -e 's/\(INSERT INTO `api_keys`.*,\)[0-9]*\();\)/\10\2/' | grep -v '^-- Dump completed on' > $BACKUP.tmp 89 | mv $BACKUP.tmp $BACKUP 90 | cd $BACKUPDIR 91 | if [[ $(git diff $BACKUP | wc -l) != 0 ]] 92 | then 93 | git commit --quiet --message="$1" $BACKUP 94 | fi 95 | } 96 | 97 | get_lock() { 98 | if [[ -f $LOCKFILE ]] 99 | then 100 | # if the lock is old, probably a previous incarnation of this script crashed so delete the lock 101 | find $LOCKFILE -mmin +$MAX_LOCK_AGE -delete 102 | 103 | if [[ -f $LOCKFILE ]] 104 | then 105 | printf "$(date) : $$ locked : $(ls -l $LOCKFILE)\n\n" 106 | exit 107 | fi 108 | 109 | printf "$(date) : $$ force unlocked\n" 110 | fi 111 | 112 | touch $LOCKFILE 113 | printf "$(date) : $$ got lock\n" 114 | } 115 | 116 | release_lock() { 117 | rm -f $LOCKFILE 118 | printf "$(date) : $$ released lock\n" 119 | } 120 | 121 | run_jobs() { 122 | printf "$(date) : $$ start\n" 123 | get_lock 124 | 125 | check_bitcoind # check whether bitcoind is running, and if not, run it 126 | backup_database "before cron" 127 | sync_to_bitcoin; backup_database "synced bitcoin" # check for and process new btc deposits 128 | verify_deposits; backup_database "verified deposits" # check for and process new deposits 129 | verify_withdrawals_bitcoin; backup_database "verified bitcoin withdrawals" # check for and process new bitcoin withdrawals 130 | process_orders; backup_database "processed orders" # check for and process new orders 131 | log_process_sizes >> $LOGDIR/ps.txt 132 | 133 | release_lock 134 | printf "$(date) : $$ end\n\n" 135 | } 136 | 137 | main() { 138 | run_jobs >> $LOGFILE 139 | } 140 | 141 | main 142 | -------------------------------------------------------------------------------- /cert/facacbc6.0: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB 3 | yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL 4 | ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp 5 | U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW 6 | ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 7 | aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL 8 | MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW 9 | ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln 10 | biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp 11 | U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y 12 | aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1 13 | nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex 14 | t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz 15 | SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG 16 | BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+ 17 | rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/ 18 | NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E 19 | BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH 20 | BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy 21 | aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv 22 | MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE 23 | p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y 24 | 5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK 25 | WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ 26 | 4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N 27 | hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq 28 | -----END CERTIFICATE----- 29 | -------------------------------------------------------------------------------- /commission.php: -------------------------------------------------------------------------------- 1 | ", internal_to_numstr($amount, $precision), ""; 7 | } 8 | 9 | ?> 10 |
11 |

12 | \n"; 15 | 16 | echo "
\n"; 17 | echo "

" . _("Commission") . "

\n"; 18 | 19 | $query = " 20 | SELECT txid, 21 | a_orderid, a_amount, a_commission, 22 | b_orderid, b_amount, b_commission, " . 23 | sql_format_date("t.timest") . " as timest, 24 | a.uid as a_uid, b.uid as b_uid 25 | FROM transactions AS t 26 | JOIN 27 | orderbook AS a 28 | ON 29 | a.orderid = a_orderid 30 | JOIN 31 | orderbook AS b 32 | ON 33 | b.orderid = b_orderid 34 | WHERE a_commission != 0 35 | OR b_commission != 0 36 | ORDER BY txid; 37 | "; 38 | $result = do_query($query); 39 | $first = true; 40 | $commission_fiat_total = $commission_btc_total = '0'; 41 | $amount_fiat_total = $amount_btc_total = '0'; 42 | $cells = array(); 43 | while ($row = mysql_fetch_assoc($result)) { 44 | if ($first) { 45 | $first = false; 46 | echo "\n"; 47 | echo ""; 48 | echo ""; 49 | echo ""; 50 | echo ""; 51 | echo ""; 52 | echo ""; 53 | echo ""; 54 | echo ""; 55 | echo ""; 56 | echo ""; 57 | echo ""; 58 | echo ""; 59 | echo ""; 60 | } 61 | 62 | $txid = $row['txid']; 63 | $a_orderid = $row['a_orderid']; 64 | $a_amount = $row['a_amount']; 65 | $a_commission = $row['a_commission']; 66 | $b_orderid = $row['b_orderid']; 67 | $b_amount = $row['b_amount']; 68 | $b_commission = $row['b_commission']; 69 | $timest = $row['timest']; 70 | $a_uid = $row['a_uid']; 71 | $b_uid = $row['b_uid']; 72 | 73 | $amount_fiat_total = gmp_add($amount_fiat_total, $a_amount); 74 | $amount_btc_total = gmp_add($amount_btc_total, $b_amount); 75 | 76 | $commission_fiat_total = gmp_add($commission_fiat_total, $a_commission); 77 | $commission_btc_total = gmp_add($commission_btc_total, $b_commission); 78 | 79 | if (isset($cells[$a_orderid])) 80 | array_push($cells[$a_orderid], "'".$txid."'"); 81 | else 82 | $cells[$a_orderid] = array("'".$txid."'"); 83 | 84 | if (isset($cells[$b_orderid])) 85 | array_push($cells[$b_orderid], "'".$txid."'"); 86 | else 87 | $cells[$b_orderid] = array("'".$txid."'"); 88 | 89 | echo ""; 90 | echo ""; 91 | active_table_cell_link_for_commission($a_uid, $txid, $b_orderid, 'amount', $a_amount , FIAT_PRECISION); 92 | active_table_cell_link_for_commission($a_uid, $txid, $b_orderid, 'comm', $a_commission, FIAT_PRECISION); 93 | active_table_cell_link_for_commission($b_uid, $txid, $a_orderid, 'amount', $b_amount , BTC_PRECISION); 94 | active_table_cell_link_for_commission($b_uid, $txid, $a_orderid, 'comm', $b_commission, BTC_PRECISION); 95 | echo ""; 96 | echo "\n"; 97 | } 98 | 99 | if (!$first) { 100 | echo " \n"; 101 | echo " \n"; 102 | echo " \n"; 103 | echo " \n"; 104 | echo " "; 105 | echo " "; 106 | echo " "; 107 | echo " "; 108 | echo " "; 109 | echo " \n"; 110 | echo "
" . CURRENCY . "BTC
" . _("TID") . "" . _("Got") . "" . _("Fee") . "" . _("Got") . "" . _("Fee") . "" . _("Date") . "
$txid$timest
--------------------------------
", internal_to_numstr($amount_fiat_total, FIAT_PRECISION), "", internal_to_numstr($commission_fiat_total, FIAT_PRECISION), "", internal_to_numstr($amount_btc_total, BTC_PRECISION), "", internal_to_numstr($commission_btc_total, BTC_PRECISION), "
\n"; 111 | } 112 | 113 | $commissions = fetch_balances('1'); 114 | printf("

" . _("In the commission purse, there is %s %s and %s %s.") . "\n", 115 | internal_to_numstr($commissions[CURRENCY], FIAT_PRECISION), 116 | CURRENCY, 117 | internal_to_numstr($commissions['BTC'], BTC_PRECISION), 118 | "BTC"); 119 | echo _("Hopefully that matches with the totals shown above.") . "

\n"; 120 | ?> 121 | 151 |
152 | -------------------------------------------------------------------------------- /cron/bankd/check_bank_changed_format.py: -------------------------------------------------------------------------------- 1 | import MySQLdb 2 | 3 | db = MySQLdb.connect("localhost", "root", "", "intersango") 4 | c = db.cursor() 5 | c.execute(""" 6 | SELECT * 7 | FROM bank_statement 8 | WHERE bank_name='LloydsTSB' 9 | """) 10 | count = 0 11 | fin_bids = [] 12 | for b1 in c.fetchall(): 13 | entry1 = b1[2].split(',') 14 | bid = b1[0] 15 | fin_bids.append(bid) 16 | balance = entry1[-1] 17 | c.execute(""" 18 | SELECT * 19 | FROM bank_statement 20 | WHERE 21 | entry LIKE '%%%s' 22 | AND bank_name='LloydsTSB' 23 | AND bid!='%i' 24 | AND status!='PAYOUT' 25 | """%(balance, bid)) 26 | for b2 in c.fetchall(): 27 | if b2[0] in fin_bids or b2[3] is None or b1[3] is None: 28 | continue 29 | count += 1 30 | print 'Found -------------------' 31 | print b1 32 | print '####' 33 | print b2 34 | reqid1 = b1[3] 35 | reqid2 = b2[3] 36 | c.execute(""" 37 | SELECT * 38 | FROM requests 39 | WHERE reqid IN (%i, %i) 40 | """%(reqid1, reqid2)) 41 | reqs = c.fetchall() 42 | print 43 | uid = None 44 | for r in reqs: 45 | if uid is None: 46 | uid = r[2] 47 | elif uid != r[2]: 48 | print 'IGNOREEEEE******************************' 49 | print r 50 | c.execute(""" 51 | SELECT * 52 | FROM purses 53 | WHERE 54 | uid=%i 55 | AND type='AUD' 56 | """%uid) 57 | print c.fetchall() 58 | print '-------------------------' 59 | 60 | print 'Total:', count 61 | -------------------------------------------------------------------------------- /cron/bankd/finalize_withdrawals.php: -------------------------------------------------------------------------------- 1 | $line) { 19 | $line = mysql_real_escape_string($line); 20 | $query = " 21 | INSERT IGNORE INTO 22 | bank_statement (bank_name, entry) 23 | VALUES ( 24 | '$bank_name', 25 | '$line' 26 | ) 27 | "; 28 | do_query($query); 29 | } 30 | 31 | -------------------------------------------------------------------------------- /cron/bankd/import_csv_hsbc.py: -------------------------------------------------------------------------------- 1 | import MySQLdb 2 | import hashlib 3 | import sys 4 | 5 | def database_handle(): 6 | return MySQLdb.connect('localhost', 'root', '', 'intersango') 7 | 8 | def show_help(): 9 | print 'python import_csv_hsbc.py [FILENAME]' 10 | 11 | def import_lines(lines): 12 | handle = database_handle() 13 | cursor = handle.cursor() 14 | print 15 | for line in lines: 16 | print 'Importing:', line 17 | cursor.execute(""" 18 | INSERT INTO 19 | bank_statement (bank_name, entry) 20 | VALUES ( 21 | 'HSBC', 22 | '%s' 23 | ) 24 | """%line) 25 | 26 | def read_file(filename): 27 | handle = open(filename) 28 | text = handle.read() 29 | lines = text.split('\n') 30 | # HSBC orders files backwards from newest to oldest by default 31 | # re-order correctly the file 32 | lines.reverse() 33 | # remove empty element 34 | if lines[0] == '': 35 | lines = lines[1:] 36 | return lines 37 | 38 | def read_database(num_lines): 39 | handle = database_handle() 40 | cursor = handle.cursor() 41 | # select last num_lines entries from bank_statement 42 | # we do that using a sub-query that orders desc, selects first X lines 43 | # then re-orders it asc 44 | cursor.execute(""" 45 | SELECT entry 46 | FROM ( 47 | SELECT 48 | bid, entry 49 | FROM 50 | bank_statement 51 | WHERE 52 | bank_name='HSBC' 53 | ORDER BY 54 | bid DESC 55 | LIMIT 56 | %i 57 | ) AS b 58 | ORDER BY bid ASC 59 | """%num_lines) 60 | return [c for c, in cursor.fetchall()] 61 | 62 | def run_parser(): 63 | if len(sys.argv) != 2: 64 | show_help() 65 | return -1 66 | csv_lines = read_file(sys.argv[1]) 67 | db_lines = read_database(len(csv_lines)) 68 | print db_lines 69 | print 70 | print csv_lines 71 | 72 | hash_pair = lambda line: (hashlib.sha512(line).digest(), line) 73 | make_hash_pairs = lambda lines: [hash_pair(l) for l in lines] 74 | csv_pairs = make_hash_pairs(csv_lines) 75 | db_pairs = make_hash_pairs(db_lines) 76 | 77 | while len(db_pairs) > 0 and csv_pairs[0][0] != db_pairs[0][0]: 78 | print 'Dropping:', db_pairs.pop(0)[1] 79 | 80 | if len(db_pairs) == 0: 81 | # No matching lines 82 | import_lines(csv_lines) 83 | return 0 84 | 85 | while len(db_pairs) > 0: 86 | # Make sure that at least first hashe from both sets of lines match 87 | assert(csv_pairs[0][0] == db_pairs[0][0]) 88 | print 'Deleting:', csv_pairs.pop(0)[1] 89 | db_pairs.pop(0) 90 | 91 | remaining_lines = [line[1] for line in csv_pairs] 92 | print 'Remaining lines:', remaining_lines 93 | import_lines(remaining_lines) 94 | 95 | if __name__ == '__main__': 96 | sys.exit(run_parser()) 97 | 98 | -------------------------------------------------------------------------------- /cron/bankd/mark_withdrawals.php: -------------------------------------------------------------------------------- 1 | = 1: 21 | good_reference = False 22 | for match in matches: 23 | deposit_reference = match.strip('., \t\r\n"') 24 | amount = int(decimal.Decimal(line[6]) * ( 10 ** 8)) 25 | c.execute('SELECT uid FROM users WHERE deposref=%s',(deposit_reference,)) 26 | result = c.fetchone() 27 | if result: 28 | uid = result[0] 29 | 30 | c.execute(""" 31 | UPDATE 32 | bank_statement 33 | SET 34 | status='PROC' 35 | WHERE 36 | bid=%s""",(bid,)) 37 | 38 | c.execute(""" 39 | INSERT INTO requests ( 40 | req_type, 41 | curr_type, 42 | uid, 43 | amount 44 | ) 45 | VALUES 46 | ( 47 | 'DEPOS', 48 | 'AUD', 49 | %s, 50 | %s 51 | )""",(uid,amount)) 52 | 53 | reqid = c.lastrowid 54 | 55 | c.execute(""" 56 | UPDATE 57 | bank_statement 58 | SET 59 | reqid=%s, 60 | status='FINAL' 61 | WHERE 62 | bid=%s""",(reqid,bid)) 63 | 64 | print("DEPOS",bid,uid,amount,reqid,entry) 65 | 66 | good_reference = True 67 | break 68 | 69 | if not good_reference: 70 | print("BADREF",entry) 71 | c.execute("UPDATE bank_statement SET status='BADREF' WHERE bid=%s",(bid,)) 72 | except StopIteration: 73 | pass 74 | 75 | -------------------------------------------------------------------------------- /cron/bankd/reject_withdrawal.php: -------------------------------------------------------------------------------- 1 | $balance) { 8 | if ($balance) { 9 | try { 10 | get_openid_for_user($account); // check they have an account 11 | } catch (Exception $e) { continue; } 12 | 13 | get_user_lock($account); 14 | addlog(LOG_CRONJOB, sprintf("add %s BTC for user %s", internal_to_numstr($balance), $account)); 15 | sync_to_bitcoin((string)$account); 16 | release_lock($account); 17 | } 18 | } 19 | 20 | ?> 21 | -------------------------------------------------------------------------------- /cron/verify_deposits.php: -------------------------------------------------------------------------------- 1 | getTitle()}\"\n {$e->getMessage()}\n"; 68 | } 69 | catch (Problem $e) { 70 | echo "\nProblem: \"{$e->getTitle()}\"\n {$e->getMessage()}\n"; 71 | } 72 | catch (Exception $e) { 73 | echo "\nException: \"{$e->getTitle()}\"\n {$e->getMessage()}\n"; 74 | } 75 | ?> 76 | -------------------------------------------------------------------------------- /cron/verify_withdrawals_bitcoin.php: -------------------------------------------------------------------------------- 1 | getTitle() == 'Lock Error') 56 | echo "can't get lock for $uid\n"; 57 | else 58 | throw $e; 59 | } 60 | } 61 | 62 | $query = " 63 | SELECT 64 | requests.reqid AS reqid, 65 | users.uid AS uid, 66 | amount, 67 | addy 68 | FROM requests 69 | JOIN bitcoin_requests 70 | ON requests.reqid=bitcoin_requests.reqid 71 | JOIN users 72 | ON users.uid=requests.uid 73 | WHERE 74 | req_type='WITHDR' 75 | AND amount > 1000000 76 | AND status='VERIFY' 77 | AND curr_type='BTC' 78 | "; 79 | 80 | if (REQUIRE_IDENTIFICATION) 81 | $query .= "AND (users.uid < " . LOWEST_UNTRUSTED_USERID . " OR verified)"; 82 | 83 | $result = do_query($query); 84 | while ($row = mysql_fetch_assoc($result)) { 85 | $reqid = $row['reqid']; 86 | $uid = $row['uid']; 87 | $amount = $row['amount']; 88 | $addy = $row['addy']; 89 | $we_have = bitcoin_get_balance("*", CONFIRMATIONS_FOR_DEPOSIT); 90 | 91 | // add on anything we've recently sent from offline storage but which isn't fully confirmed yet 92 | $main_unconfirmed = gmp_sub(bitcoin_get_balance("", 1), bitcoin_get_balance("", CONFIRMATIONS_FOR_DEPOSIT)); 93 | $we_have = gmp_add($we_have, $main_unconfirmed); 94 | 95 | addlog(LOG_CRONJOB, "Attempting to withdraw " . internal_to_numstr($amount) . 96 | " of " . internal_to_numstr($we_have) . " BTC for user $uid (reqid $reqid)"); 97 | 98 | if (gmp_cmp($we_have, $amount) >= 0) { 99 | update_req($reqid, "PROCES"); 100 | 101 | // use 'sendtoaddress' rather than 'sendfrom' because it can 'go overdrawn' 102 | // so long as there are funds in other accounts (pending deposits) to cover it 103 | bitcoin_send_to_address($addy, $amount); 104 | update_req($reqid, "FINAL"); 105 | 106 | $we_have = bitcoin_get_balance("*", 0); 107 | addlog(LOG_CRONJOB, "We have " . internal_to_numstr($we_have) . " BTC in total"); 108 | if (gmp_cmp($we_have, numstr_to_internal(WARN_LOW_WALLET_THRESHOLD)) < 0) 109 | email_tech(_("Exchange Wallet Balance is Low"), 110 | sprintf(_("The exchange wallet only has %s BTC available."), 111 | internal_to_numstr($we_have, BTC_PRECISION))); 112 | } else { 113 | $message = sprintf(_("We only have %s BTC so can't withdraw %s BTC"), 114 | internal_to_numstr($we_have, BTC_PRECISION), 115 | internal_to_numstr($amount, BTC_PRECISION)); 116 | addlog(LOG_CRONJOB, $message); 117 | // email_tech(_("Exchange Wallet Balance is Too Low"), $message); 118 | } 119 | } 120 | } 121 | catch (Error $e) { 122 | report_exception($e, SEVERITY::ERROR); 123 | // Same as below, but flag + log this for review, 124 | echo "\nError: \"{$e->getTitle()}\"\n {$e->getMessage()}\n"; 125 | } 126 | catch (Problem $e) { 127 | echo "\nProblem: \"{$e->getTitle()}\"\n {$e->getMessage()}\n"; 128 | } 129 | catch (Exception $e) { 130 | echo "\nException: \"{$e->getTitle()}\"\n {$e->getMessage()}\n"; 131 | } 132 | ?> 133 | -------------------------------------------------------------------------------- /crontab.txt: -------------------------------------------------------------------------------- 1 | * * * * * intersango/bin/every-minute 2 | 0 * * * * intersango/bin/every-hour 3 | -------------------------------------------------------------------------------- /db.php: -------------------------------------------------------------------------------- 1 | \n"; 13 | $result = mysql_query($query); 14 | if (!$result) 15 | throw new Error(_("MySQL Error"), mysql_error()); 16 | return $result; 17 | } 18 | function has_results($result) 19 | { 20 | if (mysql_num_rows($result) > 0) 21 | return true; 22 | else 23 | return false; 24 | } 25 | function get_row($result) 26 | { 27 | $row = mysql_fetch_array($result, MYSQL_ASSOC); 28 | if (!$row) 29 | throw new Error('Ooops!', "Seems there's a missing value here."); 30 | return $row; 31 | } 32 | 33 | function numstr_to_internal($numstr) 34 | { 35 | return bcmul($numstr, pow(10, 8), 0); 36 | } 37 | 38 | function internal_to_numstr($num, $precision=-1, $round = true) 39 | { 40 | if ($precision == -1) { 41 | $precision = 8; 42 | $tidy = true; 43 | } else 44 | $tidy = false; 45 | 46 | if (!is_string($num) && !is_resource($num)) 47 | throw new Error('Coding error!', "internal_to_numstr argument has type '" . gettype($num) . "'"); 48 | $repr = gmp_strval($num); 49 | if ($round) 50 | if ($repr > 0) 51 | $repr = bcadd($repr, pow(10, (8 - $precision)) / 2); 52 | else 53 | $repr = bcsub($repr, pow(10, (8 - $precision)) / 2); 54 | $repr = bcdiv($repr, pow(10, 8), $precision); 55 | 56 | // now tidy output... 57 | if ($tidy) 58 | return clean_sql_numstr($repr); 59 | return sprintf("%.{$precision}f", $repr); 60 | } 61 | 62 | function clean_sql_numstr($numstr) 63 | { 64 | if (strpos($numstr, '.') !== false) { 65 | $numstr = rtrim($numstr, '0'); 66 | $numstr = rtrim($numstr, '.'); 67 | } 68 | return $numstr; 69 | } 70 | 71 | do_query("set time_zone = '".TIMEZONE."'"); 72 | 73 | ?> 74 | -------------------------------------------------------------------------------- /demo.php: -------------------------------------------------------------------------------- 1 | info()); 12 | var_dump($wbx->get_deposit_address()); 13 | var_dump($wbx->cancel_order(12345)); 14 | 15 | ?> 16 | -------------------------------------------------------------------------------- /deposit.php: -------------------------------------------------------------------------------- 1 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 |
47 | 52 |

53 |

54 | 55 | 56 | 57 | 58 |
59 |

60 | \n"; 65 | echo "

" . _("Deposit Voucher") . "

\n"; 66 | $code = post('code', '-'); 67 | try { 68 | get_lock("redeem_voucher", 2); 69 | list ($curr_type, $amount) = redeem_voucher($code); 70 | echo ("

" . 71 | sprintf(_("%s has been credited to your account."), 72 | internal_to_numstr($amount) . " $curr_type") . 73 | "

\n"); 74 | echo "

" . _("got any more?") . "

\n"; 75 | show_deposit_voucher_form($code); 76 | } catch (Exception $e) { 77 | $message = $e->getMessage(); 78 | echo "

" . _("error") . ": $message

\n"; 79 | echo "

" . _("try again?") . "

\n"; 80 | show_deposit_voucher_form($code); 81 | } 82 | release_lock("redeem_voucher"); 83 | echo "
\n"; 84 | } else { 85 | try { 86 | $addy = bitcoin_get_account_address((string)$is_logged_in); 87 | } catch (Exception $e) { 88 | if ($e->getMessage() != 'Unable to connect.') 89 | throw $e; 90 | $addy = ''; 91 | } 92 | 93 | $query = " 94 | SELECT deposref 95 | FROM users 96 | WHERE uid='$is_logged_in'; 97 | "; 98 | $result = do_query($query); 99 | $row = get_row($result); 100 | $deposref = $row['deposref']; 101 | $formatted_deposref = format_deposref($deposref); 102 | 103 | if (ENABLE_LOCAL_VOUCHERS) { ?> 104 |
105 |

106 |

110 |

111 |

114 |

115 |

", CURRENCY, "", CURRENCY); ?> 118 |

122 |

123 | 124 |
125 | 126 | 127 |
128 |

129 |

How should the user deposit PP?

 130 |

Is there an API? Or should we just have the user fill in a form with:

140 | 141 |
142 |

BTC

143 | " . sprintf(_("You can deposit to %s"), "$addy") . "

\n"; 146 | echo "

" . _("The above address is specific to your account. Each time you deposit, a new address will be generated for you.") . "

\n"; 147 | echo "

" . sprintf(_("It takes %s confirmations before funds are added to your account."), CONFIRMATIONS_FOR_DEPOSIT) . "

\n"; 148 | if (!$is_verified) 149 | echo "

Note that you will be able to deposit BTC and trade them back and forth for AUD, but until you identify yourself, you will be unable to make any withdrawls.

\n"; 150 | } else 151 | echo "

" . _("We are currently experiencing trouble connecting to the Bitcoin network. Please try again in a few minutes.") . "

\n"; 152 | echo "
\n"; 153 | } 154 | -------------------------------------------------------------------------------- /doc/process_order: -------------------------------------------------------------------------------- 1 | ============================== 2 | How does order matching work? 3 | ============================== 4 | 5 | When you place an order, it goes into the orderbook. Every new order is umarked 6 | at first. It just gets filed to be processed. 7 | 8 | Every minute, cron kicks in and starts processing the orders. Each matched order 9 | is marked with a flag indicating that it's been processed. 10 | 11 | For each order that is processed, we look to find other equivalent orders which 12 | are open, want the currency we own, have the currency we want and have a rate 13 | equivalent to or better than us. Looping through the matching orders with no 14 | ordering (we plan to fix that) we try to fulfill our order with the opposing 15 | order. Each loop creates a new transaction that indicates a trade occured 16 | between two users. 17 | 18 | We keep doing this until the entire order is fullfilled (order is closed) or we 19 | run out of matching orders; the remaining amount stays in the orderbook (order 20 | is open). 21 | 22 | The fulfilling part checks to see if our order has a smaller depth than the 23 | other one. If so, our order is completed at their exchange rate and closed. The 24 | matching finishes up. 25 | 26 | The other case is where we have a larger depth, and want to fulfill ourself 27 | partly using their order. 28 | 29 | ... 30 | Order 14: We are offering 10 AUD for 1 BC 31 | ... 32 | Order 18: They are offering 2.5 BC for 5 AUD 33 | ... 34 | 35 | We need to calculate how much of our order will be chipped off, while 36 | preserving their exchange rate. 37 | 38 | ... 39 | Order 14-1: We are offering 5 AUD for 0.5 BC 40 | Order 14-2: We are offering 5 AUD for 0.5 BC 41 | ... 42 | 43 | We fulfill our order and close their order. 44 | 45 | ... 46 | Order 14-2: We are offering 5 AUD for 0.5 BC 47 | ... 48 | 49 | A new transaction is created for record keeping purposes and the users funds are 50 | updated accordingly. 51 | 52 | A better algorithm would firstly order the matching equivalent orders by best 53 | price first so we move up the orderbook, rather than select random matches. 54 | Secondly an improvement perform linear programming to find the optimised rate 55 | for two given orders given the constraints- although that isn't too important. 56 | 57 | One minor addition would be to never accept orders where the want / offer 58 | doesn't produce a perfectly divisible amount so we don't get these random 59 | remainders that are credited to a random account once the order matching is 60 | completed. 61 | 62 | * See process_orders.php. pacman does the order fulfillment once the new amounts 63 | are computed. 64 | 65 | -------------------------------------------------------------------------------- /docs.php: -------------------------------------------------------------------------------- 1 | \n"; 19 | echo "

$uid

\n"; 20 | 21 | $readme = ABSPATH . "/docs/$uid/00-README.txt"; 22 | if (!file_exists($readme)) { 23 | echo "

" . sprintf(_("User %s hasn't uploaded anything."), $uid) . "

\n"; 24 | echo "\n"; 25 | return; 26 | } 27 | 28 | echo "
\n";
 29 |     $fp = fopen($readme, 'r');
 30 |     while ($line = fgets($fp)) {
 31 |         $line = rtrim($line);
 32 |         // echo "    $line\n";
 33 |         // $line = substr($line, 0, 25) . substr($line, 35);
 34 |         echo "  $line\n";
 35 |     }
 36 |     echo "
\n"; 37 | 38 | echo "

\n"; 39 | $dp = opendir($dir); 40 | $candidates = array(); 41 | while ($file = readdir($dp)) { 42 | if ($file == '00-README.txt' || $file == '.' || $file == '..') continue; 43 | echo "

\n"; 44 | echo "\n"; 45 | echo "\n"; 46 | echo "\n"; 47 | echo "\n"; 48 | echo "
\n"; 49 | } 50 | 51 | echo "
\n"; 52 | echo "\n"; 53 | echo "\n"; 54 | printf("\n", ($verified ? 'unverify' : 'verify')); 55 | printf("\n", ($verified ? 'UNVERIFY' : 'VERIFY'), $uid); 56 | echo "
\n"; 57 | 58 | echo "

\n"; 59 | echo "\n"; 60 | } 61 | 62 | function show_user_documents() 63 | { 64 | $verified = isset($_GET['verified']) ? 1 : 0; 65 | $all = isset($_GET['all']) ? 1 : 0; 66 | 67 | $users = array(); 68 | if ($all) 69 | $result = do_query("SELECT uid FROM users"); 70 | else 71 | $result = do_query("SELECT uid FROM users WHERE verified = $verified"); 72 | 73 | while ($row = mysql_fetch_array($result)) 74 | array_push($users, $row['uid']); 75 | 76 | $dir = ABSPATH . "/docs"; 77 | $dp = opendir($dir); 78 | $candidates = array(); 79 | $first = true; 80 | while ($uid = readdir($dp)) { 81 | if (!in_array($uid, $users)) continue; 82 | $path = "$dir/$uid"; 83 | if (!is_dir($path)) continue; 84 | $first = false; 85 | $candidates[$uid] = filemtime($path); 86 | } 87 | 88 | if ($first) { 89 | echo "
\n"; 90 | if ($all) 91 | echo "

" . _("There are no documents for any users.") . "

\n"; 92 | else if ($verified) 93 | echo "

" . _("There are no documents for verified users.") . "

\n"; 94 | else 95 | echo "

" . _("There are no documents pending review.") . "

\n"; 96 | echo "
\n"; 97 | } else { 98 | // newest first for pending docs, else in order of UID 99 | if ($verified || $all) 100 | ksort($candidates); 101 | else 102 | arsort($candidates); 103 | 104 | foreach ($candidates as $uid => $mtime) 105 | if ($all) 106 | show_user_documents_for_user($uid); 107 | else 108 | show_user_documents_for_user($uid, $verified); 109 | } 110 | } 111 | 112 | function show_docs_form() 113 | { 114 | echo "
\n"; 115 | 116 | echo "

Options

\n"; 117 | echo "

" . _("View docs for") . " " . _("unverified users") . " (newest uploads first)

\n"; 118 | echo "

" . _("View docs for") . " " . _("verified users") . "

\n"; 119 | echo "

" . _("View docs for") . " " . _("all users") . "

\n"; 120 | echo "

" . _("View users who are verified with") . " " . _("NO documents") . "

\n"; 121 | echo "
\n"; 122 | echo " \n"; 123 | // echo " \n"; 124 | echo "

View docs for UserID: "; 125 | echo "

\n"; 126 | echo "
\n"; 127 | 128 | echo "
\n"; 129 | } 130 | 131 | function show_user_verified_with_no_documents() 132 | { 133 | echo "
\n"; 134 | echo "

" . _("Users Verified Without Documents") . "

\n"; 135 | 136 | $result = do_query("SELECT uid FROM users WHERE verified = 1 ORDER BY uid"); 137 | 138 | $first=true; 139 | while ($row = mysql_fetch_array($result)) { 140 | $uid = $row['uid']; 141 | 142 | $readme = ABSPATH . "/docs/$uid/00-README.txt"; 143 | if (!file_exists($readme)) { 144 | if ($first) { 145 | $first=false; 146 | echo "

\n"; 147 | } 148 | echo "$uid\n"; 149 | } 150 | } 151 | 152 | if ($first) 153 | echo "

" . _("No users are verified without documents.") . "

\n"; 154 | else 155 | echo "

\n"; 156 | 157 | echo "
\n"; 158 | } 159 | 160 | function docs() 161 | { 162 | if (isset($_POST['action'])) { 163 | $action = post('action'); 164 | 165 | if ($action == 'verify') 166 | verify_user(post('uid')); 167 | else if ($action == 'unverify') 168 | unverify_user(post('uid')); 169 | else 170 | throw new Error("unknown action","unknown action: $action"); 171 | } 172 | 173 | show_docs_form(); 174 | 175 | if (isset($_GET['uid'])) 176 | show_user_documents_for_user(get('uid')); 177 | else if (isset($_GET['verified_with_no_docs'])) 178 | show_user_verified_with_no_documents(); 179 | else 180 | show_user_documents(); 181 | 182 | echo "
\n"; 183 | echo "

Upload Docs for Users

\n"; 184 | echo "

Upload more docs

\n"; 185 | echo "
\n"; 186 | } 187 | 188 | docs(); 189 | 190 | ?> 191 | -------------------------------------------------------------------------------- /docs/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /download.php: -------------------------------------------------------------------------------- 1 | 27 | -------------------------------------------------------------------------------- /duo_config.php: -------------------------------------------------------------------------------- 1 | 20 | -------------------------------------------------------------------------------- /duo_web.php: -------------------------------------------------------------------------------- 1 | = intval($exp)) { 47 | return null; 48 | } 49 | 50 | return $user; 51 | } 52 | 53 | public static function signRequest($ikey, $skey, $akey, $username) { 54 | if (!isset($username) || strlen($username) == 0){ 55 | return self::ERR_USER; 56 | } 57 | if (!isset($ikey) || strlen($ikey) != self::IKEY_LEN) { 58 | return self::ERR_IKEY; 59 | } 60 | if (!isset($skey) || strlen($skey) != self::SKEY_LEN) { 61 | return self::ERR_SKEY; 62 | } 63 | if (!isset($akey) || strlen($akey) < self::AKEY_LEN) { 64 | return self::ERR_AKEY; 65 | } 66 | 67 | $vals = $username . '|' . $ikey; 68 | 69 | $duo_sig = self::sign_vals($skey, $vals, self::DUO_PREFIX, self::DUO_EXPIRE); 70 | $app_sig = self::sign_vals($akey, $vals, self::APP_PREFIX, self::APP_EXPIRE); 71 | 72 | return $duo_sig . ':' . $app_sig; 73 | } 74 | 75 | public static function verifyResponse($ikey, $skey, $akey, $sig_response) { 76 | list($auth_sig, $app_sig) = explode(':', $sig_response); 77 | 78 | $auth_user = self::parse_vals($skey, $auth_sig, self::AUTH_PREFIX); 79 | $app_user = self::parse_vals($akey, $app_sig, self::APP_PREFIX); 80 | 81 | if ($auth_user != $app_user) { 82 | return null; 83 | } 84 | 85 | return $auth_user; 86 | } 87 | } 88 | 89 | ?> 90 | -------------------------------------------------------------------------------- /errors.php: -------------------------------------------------------------------------------- 1 | title = $title; 23 | } 24 | 25 | public function getTitle() 26 | { 27 | return $this->title; 28 | } 29 | } 30 | class Error extends Problem 31 | { 32 | } 33 | 34 | function beginlog() 35 | { 36 | openlog("intersango", LOG_PID, LOG_LOCAL0); 37 | } 38 | function endlog() 39 | { 40 | closelog(); 41 | } 42 | 43 | class SEVERITY 44 | { 45 | const PROBLEM = 0; 46 | const ERROR = 1; 47 | const BAD_PAGE = 2; 48 | } 49 | 50 | function report($message, $severity) 51 | { 52 | global $is_logged_in; 53 | 54 | $uid = ''; 55 | if ($is_logged_in) 56 | $uid = $is_logged_in; 57 | $time = date('r'); 58 | $message = "$uid $time: $message"; 59 | 60 | switch ($severity) { 61 | case SEVERITY::PROBLEM: 62 | $filename = PROBLEM_LOGFILE; 63 | break; 64 | 65 | case SEVERITY::ERROR: 66 | $filename = ERROR_LOGFILE; 67 | break; 68 | 69 | case SEVERITY::BAD_PAGE: 70 | $filename = BAD_PAGE_LOGFILE; 71 | break; 72 | 73 | default: 74 | report("Invalid report for $message of $severity!", SEVERITY::ERROR); 75 | break; 76 | } 77 | 78 | error_log("$message\n", 3, $filename); 79 | beginlog(); 80 | syslog(LOG_CRIT, $message); 81 | endlog(); 82 | // do this last because it's the most risky operation, and we at least want some logs first. 83 | if ($severity == SEVERITY::ERROR) { 84 | // echo exec("echo 'A fatal error has occured. Time is now $time.' | mutt -s INTERSANGO_ERROR genjix@gmail.com -a $filename"); 85 | } 86 | } 87 | function log_badpage($page) 88 | { 89 | report($page, SEVERITY::BAD_PAGE); 90 | header('Location: .'); 91 | exit(); 92 | } 93 | function report_exception($e, $severity) 94 | { 95 | $title = $e->getTitle(); 96 | $message = $e->getMessage(); 97 | $file = $e->getFile(); 98 | $line = $e->getLine(); 99 | report(_("Exception") . ": $file $line\n==== $title ====\n$message\n================", $severity); 100 | } 101 | 102 | function reporting_error_handler($errno, $errstr, $errfile, $errline) 103 | { 104 | if (!(error_reporting() & $errno)) { 105 | // This error code is not included in error_reporting 106 | return; 107 | } 108 | switch ($errno) { 109 | case E_USER_ERROR: 110 | report("[$errno] $errstr $errline in $errfile", SEVERITY::ERROR); 111 | exit(1); 112 | break; 113 | 114 | case E_USER_WARNING: 115 | report("WARNING: [$errno] $errstr", SEVERITY::ERROR); 116 | break; 117 | 118 | case E_USER_NOTICE: 119 | report("NOTICE: [$errno] $errstr", SEVERITY::ERROR); 120 | break; 121 | 122 | default: 123 | report("UNKNOWN: [$errno] $errstr", SEVERITY::ERROR); 124 | break; 125 | } 126 | // Don't execute PHP internal error handler 127 | return false; 128 | } 129 | function reporting_shutdown() { 130 | $error = error_get_last(); 131 | if ($error != NULL) { 132 | $info = "[SHUTDOWN] file:".$error['file']." | ln:".$error['line']." | msg:".$error['message'] .PHP_EOL; 133 | report($info, SEVERITY::ERROR); 134 | } 135 | } 136 | 137 | set_error_handler("reporting_error_handler"); 138 | register_shutdown_function("reporting_shutdown"); 139 | -------------------------------------------------------------------------------- /footer.php: -------------------------------------------------------------------------------- 1 | $title$text\n"; 10 | } 11 | 12 | function show_links($is_logged_in, $is_admin, $is_verified) 13 | { 14 | $show_duo = 0; 15 | if ($is_logged_in) { 16 | require_once 'db.php'; 17 | $result = do_query("SELECT use_duo FROM users WHERE uid=$is_logged_in"); 18 | $row = get_row($result); 19 | $show_duo = !$row['use_duo']; 20 | } 21 | 22 | if (!$is_logged_in) show_link('login', _('Login'), _('Begin here') ); 23 | show_link ('news', _('News'), _("What's new?") ); 24 | show_link ('trade', _('Trade'), _('Buy and sell') ); 25 | if ($is_logged_in) show_link('profile', _('Profile'), _('Dox on you') ); 26 | if ($is_logged_in) show_link('statement', _('Statement'), _('Chronological ledger') ); 27 | if ($is_logged_in) show_link('deposit', _('Deposit'), _('Top up your account') ); 28 | if ($is_logged_in) show_link('withdraw', _('Withdraw'), _('Take out money') ); 29 | show_link ('orderbook', _('Orderbook'), _('Show orders') ); 30 | if ($show_duo) show_link('turn_on_duo', _('Security'), _('Use two-factor authentification') ); 31 | 32 | if ($is_logged_in && !$is_verified) 33 | show_link('identity', _('Identify'), _('Upload ID to get your account verified') ); 34 | 35 | if (CHARTS_PAGE) printf("
  • %s%s\n", 36 | CHARTS_PAGE, _('Charts'), _('From bitcoincharts.com') ); 37 | show_link ('help', _('Help'), _('Seek support') ); 38 | if ($is_admin) show_link('docs', _('Docs'), _('Show docs from unverified users'), 1); 39 | if ($is_admin) show_link('users', _('Users'), _('Show registered users'), 1); 40 | if ($is_admin) show_link('add_cash', _('Add cash'), _('Deposit using bank statement'), 1); 41 | if ($is_admin) show_link('commission', _('Commission'), _('Show commission statement'), 1); 42 | if ($is_admin) show_link('bank', _('Bank'), _('Show bank statement & pending withdrawals'), 1); 43 | if ($is_admin) show_link('freeze', _('Freeze'), _('Stop activity on the exchange'), 1); 44 | if ($is_admin) show_link('graph', _('Charts'), _('Various admin graphs'), 1); 45 | if ($is_logged_in) show_link('logout', _('Logout'), _('End this session') ); 46 | 47 | printf("
    \n", SITE_URL); 48 | } 49 | 50 | function show_footer($is_logged_in, $is_admin, $is_verified) 51 | { 52 | if (isset($_GET['fancy'])) { 53 | echo "\n"; 54 | return; 55 | } 56 | ?> 57 | 58 | 59 | 60 | 61 | 66 | 69 | 70 | 71 | 72 | -------------------------------------------------------------------------------- /freeze.php: -------------------------------------------------------------------------------- 1 | \n"; 14 | echo "

    " . _("Freeze!") . "

    \n"; 15 | 16 | if (isset($_POST['set_freeze'])) { 17 | $state = post('set_freeze'); 18 | 19 | if ($state == 'freeze') { 20 | set_frozen(true); 21 | echo "

    " . _("Exchange has been frozen.") . ' ' . _("continue") . "

    \n"; 22 | } else if ($state == 'unfreeze') { 23 | set_frozen(false); 24 | echo "

    " . _("Exchange has been unfrozen.") . ' ' . _("continue") . "

    \n"; 25 | } else 26 | throw Error("Unknown state", "State $state should be 'freeze' or 'unfreeze'."); 27 | } else { 28 | $is_frozen = is_frozen(); 29 | if ($is_frozen) { 30 | echo "

    " . _("The exchange is currently frozen.") . "

    \n"; 31 | echo "

    " . _("Click 'unfreeze' below to resume order matching and withdrawal processing.") . "

    \n"; 32 | } else { 33 | echo "

    " . _("The exchange isn't currently frozen.") . "

    \n"; 34 | echo "

    " . _("Click 'freeze' below to freeze order matching and withdrawal processing.") . "

    \n"; 35 | echo "

    " . _("Users will still be able to place and cancel orders, they just won't be matched until after you unfreeze the exchange.") . "

    \n"; 36 | } 37 | ?> 38 |
    39 | 40 | 41 | 42 |
    43 | \n"; 47 | ?> 48 | -------------------------------------------------------------------------------- /graph.php: -------------------------------------------------------------------------------- 1 | \n" . 108 | "

    Funds on the Exchange

    \n" . 109 | "

    \n" . 110 | "\n" . 112 | "

    \n" . 113 | "\n"); 114 | return; 115 | } 116 | 117 | $graph = new ezcGraphLineChart(); 118 | $graph->palette = new customPalette(); 119 | $graph->options->fillLines = 180; 120 | $graph->options->font->maxFontSize = 12; 121 | $graph->legend->position = ezcGraph::BOTTOM; 122 | 123 | $graph->xAxis = new ezcGraphChartElementDateAxis(); 124 | $graph->xAxis->dateFormat = 'j M y'; 125 | $graph->xAxis->interval = 60*60*24*7*4; 126 | 127 | if ($log_axis) { 128 | $graph->yAxis = new ezcGraphChartElementLogarithmicalAxis(); 129 | $graph->yAxis->base = pow(10, 1/2);; 130 | $graph->yAxis->logarithmicalFormatString = '%1$f^%2$f'; 131 | $graph->yAxis->labelCallback = "format_exponential_axis_label"; 132 | } 133 | 134 | list ($btc, $fiat) = get_funds_graph_data(); 135 | 136 | $graph->data[CURRENCY_FULL_PLURAL] = new ezcGraphArrayDataSet($fiat); 137 | $graph->data['Bitcoins'] = new ezcGraphArrayDataSet($btc); 138 | 139 | $graph->renderToOutput($x, $y); 140 | exit(); // we don't want the footer 141 | } 142 | 143 | function show_users_graph($x = 0, $y = 0) 144 | { 145 | global $is_logged_in, $is_admin; 146 | 147 | if (!$is_admin) { 148 | show_header('graph', $is_logged_in); 149 | throw new Error("Bad Argument", "You can't view that graph type"); 150 | } 151 | 152 | if (!$x) $x = isset($_GET['x']) ? get('x') : 720; 153 | if (!$y) $y = isset($_GET['y']) ? get('y') : 500; 154 | 155 | if (!isset($_GET['svg'])) { 156 | show_header('graph', $is_logged_in); 157 | 158 | echo ("
    \n" . 159 | "

    Users on the Exchange

    \n" . 160 | "

    \n" . 161 | "\n" . 163 | "

    \n" . 164 | "
    \n"); 165 | return; 166 | } 167 | 168 | $graph = new ezcGraphLineChart(); 169 | $graph->palette = new customPalette(); 170 | $graph->options->fillLines = 180; 171 | $graph->options->font->maxFontSize = 12; 172 | $graph->legend->position = ezcGraph::BOTTOM; 173 | 174 | $graph->xAxis = new ezcGraphChartElementDateAxis(); 175 | $graph->xAxis->dateFormat = 'j M y'; 176 | $graph->xAxis->interval = 60*60*24*7*4; 177 | 178 | $users = get_users_graph_data(); 179 | 180 | $graph->data['Users'] = new ezcGraphArrayDataSet($users); 181 | 182 | $graph->renderToOutput($x, $y); 183 | exit(); // we don't want the footer 184 | } 185 | 186 | function graph_main() 187 | { 188 | global $is_logged_in, $is_admin; 189 | 190 | if (isset($_GET['type'])) 191 | switch(get('type')) { 192 | case 'funds': 193 | show_funds_graph(); 194 | break; 195 | case 'users': 196 | show_users_graph(); 197 | break; 198 | default: 199 | show_header('graph', $is_logged_in); 200 | throw new Error("Bad Argument", "Unknown graph type"); 201 | } 202 | else { 203 | show_header('graph', $is_logged_in); 204 | 205 | echo "
    \n"; 206 | echo "

    Graphs

    \n"; 207 | echo "

    Pick a graph type:

    \n"; 208 | echo "
    \n"; 213 | } 214 | } 215 | 216 | graph_main(); 217 | 218 | ?> 219 | -------------------------------------------------------------------------------- /htdocs/.htaccess: -------------------------------------------------------------------------------- 1 | 2 | RewriteEngine on 3 | RewriteCond %{HTTP_HOST} ^progressivesecurity\.com\.au$ [OR] 4 | RewriteCond %{HTTP_HOST} ^www\.progressivesecurity\.com\.au$ 5 | RewriteRule ^/?$ "http\:\/\/www\.wix\.com\/an6102\/progressivesecurity" [R=301,L] 6 | 7 | # Use PHP5 Single php.ini as default 8 | AddHandler application/x-httpd-php5s .php 9 | 10 | # 301 Moved Permanently 11 | RewriteCond %{HTTP_HOST} ^(www.)?bitaussie.com$ [OR] 12 | RewriteCond %{HTTP_HOST} ^(www.)?intersango.com.au$ [OR] 13 | RewriteCond %{HTTP_HOST} ^(www.)?australianbitcoinexchange.com$ [OR] 14 | RewriteCond %{HTTP_HOST} ^(www.)?australianbitcoinexchange.com.au$ 15 | RewriteRule ^(.*)$ "https://www.worldbitcoinexchange.com/$1" [R=301,L] 16 | 17 | # make sure worldbitcoinexchange.com is using https 18 | RewriteCond %{HTTPS} off 19 | RewriteCond %{HTTP_HOST} ^www.worldbitcoinexchange.com$ 20 | RewriteRule ^(.*)$ "https://www.worldbitcoinexchange.com/$1" [R=301,L] 21 | 22 | # get rid of the www. part 23 | RewriteCond %{HTTP_HOST} ^worldbitcoinexchange.com$ 24 | RewriteRule ^(.*)$ "https://www.worldbitcoinexchange.com/$1" [R=301,L] 25 | 26 | ErrorDocument 404 /?page=404 27 | -------------------------------------------------------------------------------- /htdocs/api/addOrder.php: -------------------------------------------------------------------------------- 1 | "OK", 11 | "orderid" => $reqid); 12 | } 13 | 14 | process_api_request("addOrder", "trade"); 15 | 16 | ?> 17 | -------------------------------------------------------------------------------- /htdocs/api/cancelOrder.php: -------------------------------------------------------------------------------- 1 | "OK"); 12 | } 13 | 14 | process_api_request("cancelOrder", "trade"); 15 | 16 | ?> 17 | -------------------------------------------------------------------------------- /htdocs/api/getDepositAddress.php: -------------------------------------------------------------------------------- 1 | getaccountaddress($is_logged_in); 10 | 11 | return array("status" => "OK", 12 | "address" => $address); 13 | } 14 | 15 | process_api_request("getDepositAddress", "read"); 16 | 17 | ?> 18 | -------------------------------------------------------------------------------- /htdocs/api/getDepth.php: -------------------------------------------------------------------------------- 1 | = $minimum_btc_amount AND want_amount >= $minimum_fiat_amount"; 16 | else 17 | $big_enough = "amount >= $minimum_fiat_amount AND want_amount >= $minimum_btc_amount "; 18 | 19 | $query = " 20 | SELECT 21 | $rate_query AS rate, 22 | $field as amount 23 | FROM 24 | orderbook 25 | WHERE 26 | type='$have' 27 | AND want_type='$want' 28 | AND status='OPEN' 29 | AND $big_enough 30 | ORDER BY 31 | rate DESC 32 | "; 33 | $result = do_query($query); 34 | while ($row = mysql_fetch_assoc($result)) { 35 | $amount = internal_to_numstr($row['amount']); 36 | $rate = $row['rate']; 37 | 38 | //bitcoincharts uses NUMERIC(18,8) 39 | if ($rate < 1000000000) 40 | array_push($ret, "[$rate, $amount]"); 41 | } 42 | 43 | return implode($ret, ", "); 44 | } 45 | 46 | printf('{"asks": [%s], "bids": [%s]}', 47 | fetch_depth("initial_want_amount / initial_amount", "amount", "BTC", CURRENCY), 48 | fetch_depth("initial_amount / initial_want_amount", "want_amount", CURRENCY, "BTC")); 49 | ?> 50 | -------------------------------------------------------------------------------- /htdocs/api/getOrders.php: -------------------------------------------------------------------------------- 1 | "OK", 12 | "orders" => $orders); 13 | } 14 | 15 | process_api_request("getOrders", "read"); 16 | 17 | ?> 18 | -------------------------------------------------------------------------------- /htdocs/api/getTrades.php: -------------------------------------------------------------------------------- 1 | 0 30 | AND a_amount > 0 31 | AND transactions.timest BETWEEN NOW() - INTERVAL 1 DAY AND NOW() 32 | "; 33 | $result = do_query($query); 34 | $first = true; 35 | while ($row = mysql_fetch_assoc($result)) { 36 | if ($first) 37 | $first = false; 38 | else 39 | echo ', '; 40 | echo '{"date": '; 41 | echo $row['timest']; 42 | echo ', "price": '; 43 | echo $row['rate']; 44 | echo ', "amount": '; 45 | echo internal_to_numstr($row['amount']); 46 | echo ', "tid": '; 47 | echo $row['txid']; 48 | echo '}'; 49 | } 50 | echo ']'; 51 | ?> 52 | 53 | -------------------------------------------------------------------------------- /htdocs/api/index.php: -------------------------------------------------------------------------------- 1 | 14 |
    15 |

    API pages

    16 | 21 |
    22 | 23 | -------------------------------------------------------------------------------- /htdocs/api/info.php: -------------------------------------------------------------------------------- 1 | "OK", 12 | "uid" => $is_logged_in, 13 | "BTC" => internal_to_numstr($balances['BTC']), 14 | CURRENCY => internal_to_numstr($balances[CURRENCY])); 15 | } 16 | 17 | process_api_request("info", "read"); 18 | 19 | ?> 20 | -------------------------------------------------------------------------------- /htdocs/api/redeemVoucher.php: -------------------------------------------------------------------------------- 1 | getMessage()); 15 | } 16 | 17 | return array("status" => "OK", 18 | "currency" => $currency, 19 | "amount" => internal_to_numstr($amount)); 20 | } 21 | 22 | process_api_request("redeemVoucher", "deposit"); 23 | 24 | ?> 25 | -------------------------------------------------------------------------------- /htdocs/api/ticker.php: -------------------------------------------------------------------------------- 1 | 19 | -------------------------------------------------------------------------------- /htdocs/api/withdrawBitcoin.php: -------------------------------------------------------------------------------- 1 | "OK", 15 | "reqid" => $reqid); 16 | } 17 | 18 | process_api_request("withdrawBitcoin", "withdraw"); 19 | 20 | ?> 21 | -------------------------------------------------------------------------------- /htdocs/api/withdrawFiat.php: -------------------------------------------------------------------------------- 1 | "OK", 15 | "reqid" => $reqid); 16 | } 17 | 18 | process_api_request("withdrawFiat", "withdraw"); 19 | 20 | ?> 21 | -------------------------------------------------------------------------------- /htdocs/api/withdrawVoucher.php: -------------------------------------------------------------------------------- 1 | "OK", 15 | "voucher" => $voucher_code, 16 | "reqid" => $reqid); 17 | } 18 | 19 | process_api_request("withdrawVoucher", "withdraw"); 20 | 21 | ?> 22 | -------------------------------------------------------------------------------- /htdocs/code/demo.php: -------------------------------------------------------------------------------- 1 | 9 | -------------------------------------------------------------------------------- /htdocs/code/index.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | World Bitcoin Exchange API Code 5 | 6 | 7 |

    World Bitcoin Exchange API Code

    8 | 12 | 13 | -------------------------------------------------------------------------------- /htdocs/code/wbx_api.php: -------------------------------------------------------------------------------- 1 | 9 | -------------------------------------------------------------------------------- /htdocs/favicon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/favicon.png -------------------------------------------------------------------------------- /htdocs/images/arrow_down.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/images/arrow_down.png -------------------------------------------------------------------------------- /htdocs/images/aud_flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/images/aud_flag.png -------------------------------------------------------------------------------- /htdocs/images/bg_body.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/images/bg_body.gif -------------------------------------------------------------------------------- /htdocs/images/btc_flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/images/btc_flag.png -------------------------------------------------------------------------------- /htdocs/images/eur_flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/images/eur_flag.png -------------------------------------------------------------------------------- /htdocs/images/flower.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/images/flower.png -------------------------------------------------------------------------------- /htdocs/images/gbp_flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/images/gbp_flag.png -------------------------------------------------------------------------------- /htdocs/images/header.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/images/header.png -------------------------------------------------------------------------------- /htdocs/images/index.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/images/index.html -------------------------------------------------------------------------------- /htdocs/images/list_marker.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/images/list_marker.png -------------------------------------------------------------------------------- /htdocs/images/logo200.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/images/logo200.jpg -------------------------------------------------------------------------------- /htdocs/images/logo400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/images/logo400.jpg -------------------------------------------------------------------------------- /htdocs/images/panel_border.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/images/panel_border.png -------------------------------------------------------------------------------- /htdocs/images/panel_tile.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/images/panel_tile.png -------------------------------------------------------------------------------- /htdocs/images/panel_tile_header.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/images/panel_tile_header.png -------------------------------------------------------------------------------- /htdocs/images/pp_flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/images/pp_flag.png -------------------------------------------------------------------------------- /htdocs/images/skyline.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/images/skyline.png -------------------------------------------------------------------------------- /htdocs/images/test/all_time.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/images/test/all_time.png -------------------------------------------------------------------------------- /htdocs/images/test/all_time_thumb.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/images/test/all_time_thumb.png -------------------------------------------------------------------------------- /htdocs/images/test/b2cslogo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/images/test/b2cslogo.png -------------------------------------------------------------------------------- /htdocs/images/test/b2cslogo_thumb.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/images/test/b2cslogo_thumb.png -------------------------------------------------------------------------------- /htdocs/images/test/glider_gun.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/images/test/glider_gun.gif -------------------------------------------------------------------------------- /htdocs/images/test/glider_gun_thumb.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/images/test/glider_gun_thumb.gif -------------------------------------------------------------------------------- /htdocs/images/test/lifenext.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/images/test/lifenext.gif -------------------------------------------------------------------------------- /htdocs/images/test/lifenext_thumb.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/images/test/lifenext_thumb.gif -------------------------------------------------------------------------------- /htdocs/images/tumblbeasts/tb_sign1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/images/tumblbeasts/tb_sign1.png -------------------------------------------------------------------------------- /htdocs/images/usd_flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/images/usd_flag.png -------------------------------------------------------------------------------- /htdocs/index.php: -------------------------------------------------------------------------------- 1 | MAX_SESSION_ID_LIFETIME * 60) { 36 | session_regenerate_id(true); 37 | $_SESSION['creation_time'] = time(); 38 | } 39 | 40 | if (isset($_GET['page'])) 41 | $page = htmlspecialchars($_GET['page']); 42 | else 43 | $page = 'trade'; 44 | 45 | // if the user has been logged in but is idle, log them out unless this is just an ajax request, in which case just act as if they're not logged in 46 | if (isset($_SESSION['uid']) && 47 | isset($_SESSION['last_activity']) && 48 | time() - $_SESSION['last_activity'] > MAX_IDLE_MINUTES_BEFORE_LOGOUT * 60 && 49 | !isset($_GET['fancy'])) 50 | if (isset($_COOKIE['openid']) && isset($_COOKIE['autologin']) && count($_POST) == 0) 51 | relogin(); 52 | else 53 | logout(); // this exit()s 54 | else if (!isset($_SESSION['uid']) && isset($_COOKIE['openid']) && isset($_COOKIE['autologin']) && count($_POST) == 0) 55 | relogin(); 56 | else { 57 | $_SESSION['last_activity'] = time(); 58 | get_login_status(); 59 | } 60 | 61 | if(!isset($_SESSION['csrf_token'])) 62 | { 63 | $_SESSION['csrf_token'] = ''; 64 | for($i=0;$i<32;$i++) 65 | { 66 | $_SESSION['csrf_token'] .= bin2hex(chr(mt_rand(0,255))); 67 | } 68 | } 69 | 70 | switcher($page, $is_logged_in, $is_admin); 71 | 72 | // send the contents of the output buffer 73 | ob_end_flush(); 74 | ?> 75 | -------------------------------------------------------------------------------- /htdocs/js/exchanger.js: -------------------------------------------------------------------------------- 1 | function set_curr_block(elem, currency, textname) 2 | { 3 | elem.children('.currflag').attr('src', 'images/'.concat(currency).concat('_flag.png')); 4 | elem.children('.currname').text(textname); 5 | elem.children('.currbox_right').children('.currcode').text(currency); 6 | } 7 | function set_currency(elem, currency) 8 | { 9 | switch(currency) 10 | { 11 | case fiat_currency: 12 | set_curr_block(elem, fiat_currency, fiat_currency_full); 13 | break; 14 | 15 | case 'btc': 16 | set_curr_block(elem, 'btc', 'Bitcoin'); 17 | break; 18 | } 19 | } 20 | function twin_currency(currency) 21 | { 22 | switch(currency) 23 | { 24 | case 'btc': 25 | return fiat_currency; 26 | case fiat_currency: 27 | default: 28 | return 'btc'; 29 | } 30 | } 31 | 32 | function set_currency_in(currency) 33 | { 34 | ic = $('#incurrency'); 35 | set_currency(ic, currency); 36 | 37 | if (!typed_price && currency in exchange_rates) 38 | $('#price').attr('value', exchange_rates[currency]); 39 | } 40 | function set_currency_out(currency) 41 | { 42 | ic = $('#outcurrency'); 43 | set_currency(ic, currency); 44 | } 45 | 46 | function rolldown(cs, ic) 47 | { 48 | if (cs.css('visibility') == 'hidden') { 49 | cs.position({ 50 | my: "left top", 51 | at: "left bottom", 52 | of: ic 53 | }); 54 | cs.css('visibility', 'visible'); 55 | } 56 | else 57 | cs.css('visibility', 'hidden'); 58 | } 59 | function hide_rolldown(cs) 60 | { 61 | cs.css('visibility', 'hidden'); 62 | } 63 | function rolldown_in() 64 | { 65 | rolldown($('#currsel_in'), '#incurrency'); 66 | hide_rolldown($('#currsel_out')); 67 | } 68 | function rolldown_out() 69 | { 70 | rolldown($('#currsel_out'), '#outcurrency'); 71 | hide_rolldown($('#currsel_in')); 72 | } 73 | 74 | function select_currency_in(caller) 75 | { 76 | $('#currsel_in').css('visibility', 'hidden'); 77 | curr = jQuery('.currcode', caller).text(); 78 | curr = curr.toLowerCase(); 79 | set_currency_in(curr); 80 | set_currency_out(twin_currency(curr), false); 81 | $('#inamount').attr('value', ''); 82 | $('#outamount').attr('value', ''); 83 | } 84 | function select_currency_out(caller) 85 | { 86 | $('#currsel_out').css('visibility', 'hidden'); 87 | curr = jQuery('.currcode', caller).text(); 88 | curr = curr.toLowerCase(); 89 | set_currency_out(curr); 90 | set_currency_in(twin_currency(curr)); 91 | $('#outamount').attr('value', ''); 92 | $('#inamount').attr('value', ''); 93 | } 94 | 95 | function typed_amount(this_name, change_name) 96 | { 97 | this_obj = $('#' + this_name + 'amount'); 98 | change_obj = $('#' + change_name + 'amount'); 99 | price_obj = $('#price'); 100 | 101 | price_text = price_obj.attr('value'); 102 | this_text = this_obj.attr('value'); 103 | 104 | if (!price_text || !this_text) 105 | return; 106 | 107 | price = parseFloat(price_text); 108 | this_amount = parseFloat(this_text); 109 | 110 | if ( price <= 0 || !isFinite( price) || isNaN( price) || 111 | this_amount <= 0 || !isFinite(this_amount) || isNaN(this_amount)) { 112 | change_obj.attr('value', ''); 113 | return; 114 | } 115 | 116 | a_curr = jQuery('.currcode', '#incurrency').text(); 117 | if ((this_name == 'out' && a_curr == 'btc') || 118 | (this_name == 'in' && a_curr != 'btc')) 119 | price = 1.0/price; 120 | 121 | val = this_amount * price; 122 | 123 | // toFixed(2) rounds 0.235001 up to 0.24, meaning the order doesn't quite match 124 | // add on / take off 0.0049999 to make sure of a match 125 | if (this_name == 'out') 126 | val += 0.000049999; 127 | else 128 | val -= 0.000049999; 129 | 130 | val = val.toFixed(4) 131 | val = val.replace(/([.].*?)0+$/, '$1'); // remove trailing zeroes after the decimal point 132 | val = val.replace(/[.]$/, ''); // remove trailing decimal point 133 | change_obj.attr('value', val); 134 | } 135 | 136 | function is_typing(e) 137 | { 138 | code = e.keyCode ? e.keyCode : e.charCode; 139 | return (code == 8 || code > 31); 140 | } 141 | 142 | function typed_amount_in(e) 143 | { 144 | if (!is_typing(e)) return; 145 | typed_amount('in', 'out'); 146 | } 147 | 148 | function typed_amount_out(e) 149 | { 150 | if (!is_typing(e)) return; 151 | typed_amount('out', 'in'); 152 | } 153 | 154 | function typed_amount_price(e) 155 | { 156 | if (!is_typing(e)) return; 157 | typed_price = true; 158 | typed_amount('in', 'out'); 159 | } 160 | 161 | function buy_clicked() 162 | { 163 | curr_type = jQuery('.currcode', '#incurrency').text(); 164 | want_curr_type = jQuery('.currcode', '#outcurrency').text(); 165 | amount = $('#inamount').attr('value'); 166 | want_amount = $('#outamount').attr('value'); 167 | $("input[name='type']").val(curr_type); 168 | $("input[name='amount']").val(amount); 169 | if (amount == '' || want_amount == '' || isNaN(amount) || isNaN(want_amount)) { 170 | alert("Invalid amount specified."); 171 | return false; 172 | } 173 | $("input[name='want_type']").val(want_curr_type); 174 | $("input[name='want_amount']").val(want_amount); 175 | return true; 176 | } 177 | 178 | -------------------------------------------------------------------------------- /htdocs/js/fancybox/blank.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/js/fancybox/blank.gif -------------------------------------------------------------------------------- /htdocs/js/fancybox/fancy_close.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/js/fancybox/fancy_close.png -------------------------------------------------------------------------------- /htdocs/js/fancybox/fancy_loading.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/js/fancybox/fancy_loading.png -------------------------------------------------------------------------------- /htdocs/js/fancybox/fancy_nav_left.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/js/fancybox/fancy_nav_left.png -------------------------------------------------------------------------------- /htdocs/js/fancybox/fancy_nav_right.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/js/fancybox/fancy_nav_right.png -------------------------------------------------------------------------------- /htdocs/js/fancybox/fancy_shadow_e.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/js/fancybox/fancy_shadow_e.png -------------------------------------------------------------------------------- /htdocs/js/fancybox/fancy_shadow_n.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/js/fancybox/fancy_shadow_n.png -------------------------------------------------------------------------------- /htdocs/js/fancybox/fancy_shadow_ne.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/js/fancybox/fancy_shadow_ne.png -------------------------------------------------------------------------------- /htdocs/js/fancybox/fancy_shadow_nw.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/js/fancybox/fancy_shadow_nw.png -------------------------------------------------------------------------------- /htdocs/js/fancybox/fancy_shadow_s.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/js/fancybox/fancy_shadow_s.png -------------------------------------------------------------------------------- /htdocs/js/fancybox/fancy_shadow_se.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/js/fancybox/fancy_shadow_se.png -------------------------------------------------------------------------------- /htdocs/js/fancybox/fancy_shadow_sw.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/js/fancybox/fancy_shadow_sw.png -------------------------------------------------------------------------------- /htdocs/js/fancybox/fancy_shadow_w.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/js/fancybox/fancy_shadow_w.png -------------------------------------------------------------------------------- /htdocs/js/fancybox/fancy_title_left.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/js/fancybox/fancy_title_left.png -------------------------------------------------------------------------------- /htdocs/js/fancybox/fancy_title_main.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/js/fancybox/fancy_title_main.png -------------------------------------------------------------------------------- /htdocs/js/fancybox/fancy_title_over.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/js/fancybox/fancy_title_over.png -------------------------------------------------------------------------------- /htdocs/js/fancybox/fancy_title_right.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/js/fancybox/fancy_title_right.png -------------------------------------------------------------------------------- /htdocs/js/fancybox/fancybox-x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/js/fancybox/fancybox-x.png -------------------------------------------------------------------------------- /htdocs/js/fancybox/fancybox-y.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/js/fancybox/fancybox-y.png -------------------------------------------------------------------------------- /htdocs/js/fancybox/fancybox.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dooglus/intersango/a6e2b8a56333cbf8a2231cebf7ffcef0d567b4dd/htdocs/js/fancybox/fancybox.png -------------------------------------------------------------------------------- /htdocs/js/fancybox/jquery.easing-1.3.pack.js: -------------------------------------------------------------------------------- 1 | /* 2 | * jQuery Easing v1.3 - http://gsgd.co.uk/sandbox/jquery/easing/ 3 | * 4 | * Uses the built in easing capabilities added In jQuery 1.1 5 | * to offer multiple easing options 6 | * 7 | * TERMS OF USE - jQuery Easing 8 | * 9 | * Open source under the BSD License. 10 | * 11 | * Copyright © 2008 George McGinley Smith 12 | * All rights reserved. 13 | * 14 | * Redistribution and use in source and binary forms, with or without modification, 15 | * are permitted provided that the following conditions are met: 16 | * 17 | * Redistributions of source code must retain the above copyright notice, this list of 18 | * conditions and the following disclaimer. 19 | * Redistributions in binary form must reproduce the above copyright notice, this list 20 | * of conditions and the following disclaimer in the documentation and/or other materials 21 | * provided with the distribution. 22 | * 23 | * Neither the name of the author nor the names of contributors may be used to endorse 24 | * or promote products derived from this software without specific prior written permission. 25 | * 26 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 27 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 28 | * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 29 | * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 30 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 31 | * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 32 | * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 33 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 34 | * OF THE POSSIBILITY OF SUCH DAMAGE. 35 | * 36 | */ 37 | 38 | // t: current time, b: begInnIng value, c: change In value, d: duration 39 | eval(function(p,a,c,k,e,r){e=function(c){return(c35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('h.i[\'1a\']=h.i[\'z\'];h.O(h.i,{y:\'D\',z:9(x,t,b,c,d){6 h.i[h.i.y](x,t,b,c,d)},17:9(x,t,b,c,d){6 c*(t/=d)*t+b},D:9(x,t,b,c,d){6-c*(t/=d)*(t-2)+b},13:9(x,t,b,c,d){e((t/=d/2)<1)6 c/2*t*t+b;6-c/2*((--t)*(t-2)-1)+b},X:9(x,t,b,c,d){6 c*(t/=d)*t*t+b},U:9(x,t,b,c,d){6 c*((t=t/d-1)*t*t+1)+b},R:9(x,t,b,c,d){e((t/=d/2)<1)6 c/2*t*t*t+b;6 c/2*((t-=2)*t*t+2)+b},N:9(x,t,b,c,d){6 c*(t/=d)*t*t*t+b},M:9(x,t,b,c,d){6-c*((t=t/d-1)*t*t*t-1)+b},L:9(x,t,b,c,d){e((t/=d/2)<1)6 c/2*t*t*t*t+b;6-c/2*((t-=2)*t*t*t-2)+b},K:9(x,t,b,c,d){6 c*(t/=d)*t*t*t*t+b},J:9(x,t,b,c,d){6 c*((t=t/d-1)*t*t*t*t+1)+b},I:9(x,t,b,c,d){e((t/=d/2)<1)6 c/2*t*t*t*t*t+b;6 c/2*((t-=2)*t*t*t*t+2)+b},G:9(x,t,b,c,d){6-c*8.C(t/d*(8.g/2))+c+b},15:9(x,t,b,c,d){6 c*8.n(t/d*(8.g/2))+b},12:9(x,t,b,c,d){6-c/2*(8.C(8.g*t/d)-1)+b},Z:9(x,t,b,c,d){6(t==0)?b:c*8.j(2,10*(t/d-1))+b},Y:9(x,t,b,c,d){6(t==d)?b+c:c*(-8.j(2,-10*t/d)+1)+b},W:9(x,t,b,c,d){e(t==0)6 b;e(t==d)6 b+c;e((t/=d/2)<1)6 c/2*8.j(2,10*(t-1))+b;6 c/2*(-8.j(2,-10*--t)+2)+b},V:9(x,t,b,c,d){6-c*(8.o(1-(t/=d)*t)-1)+b},S:9(x,t,b,c,d){6 c*8.o(1-(t=t/d-1)*t)+b},Q:9(x,t,b,c,d){e((t/=d/2)<1)6-c/2*(8.o(1-t*t)-1)+b;6 c/2*(8.o(1-(t-=2)*t)+1)+b},P:9(x,t,b,c,d){f s=1.l;f p=0;f a=c;e(t==0)6 b;e((t/=d)==1)6 b+c;e(!p)p=d*.3;e(a<8.w(c)){a=c;f s=p/4}m f s=p/(2*8.g)*8.r(c/a);6-(a*8.j(2,10*(t-=1))*8.n((t*d-s)*(2*8.g)/p))+b},H:9(x,t,b,c,d){f s=1.l;f p=0;f a=c;e(t==0)6 b;e((t/=d)==1)6 b+c;e(!p)p=d*.3;e(a<8.w(c)){a=c;f s=p/4}m f s=p/(2*8.g)*8.r(c/a);6 a*8.j(2,-10*t)*8.n((t*d-s)*(2*8.g)/p)+c+b},T:9(x,t,b,c,d){f s=1.l;f p=0;f a=c;e(t==0)6 b;e((t/=d/2)==2)6 b+c;e(!p)p=d*(.3*1.5);e(a<8.w(c)){a=c;f s=p/4}m f s=p/(2*8.g)*8.r(c/a);e(t<1)6-.5*(a*8.j(2,10*(t-=1))*8.n((t*d-s)*(2*8.g)/p))+b;6 a*8.j(2,-10*(t-=1))*8.n((t*d-s)*(2*8.g)/p)*.5+c+b},F:9(x,t,b,c,d,s){e(s==u)s=1.l;6 c*(t/=d)*t*((s+1)*t-s)+b},E:9(x,t,b,c,d,s){e(s==u)s=1.l;6 c*((t=t/d-1)*t*((s+1)*t+s)+1)+b},16:9(x,t,b,c,d,s){e(s==u)s=1.l;e((t/=d/2)<1)6 c/2*(t*t*(((s*=(1.B))+1)*t-s))+b;6 c/2*((t-=2)*t*(((s*=(1.B))+1)*t+s)+2)+b},A:9(x,t,b,c,d){6 c-h.i.v(x,d-t,0,c,d)+b},v:9(x,t,b,c,d){e((t/=d)<(1/2.k)){6 c*(7.q*t*t)+b}m e(t<(2/2.k)){6 c*(7.q*(t-=(1.5/2.k))*t+.k)+b}m e(t<(2.5/2.k)){6 c*(7.q*(t-=(2.14/2.k))*t+.11)+b}m{6 c*(7.q*(t-=(2.18/2.k))*t+.19)+b}},1b:9(x,t,b,c,d){e(t\n"; 8 | echo "

    Upload Results

    \n"; 9 | echo "

    " . sprintf(_("The upload failed because it was too big. The maximum combined size is %s. Please upload large files separately, or try to reduce the file sizes."), 10 | post_max_size()) . "

    \n"; 11 | echo "

    " . _("Documents uploaded") . ": 0

    \n"; 12 | echo "\n"; 13 | } 14 | 15 | if (isset($_POST['upload_doc'])) 16 | if (isset($_POST['csrf_token'])) { 17 | if ($_SESSION['csrf_token'] != $_POST['csrf_token']) 18 | throw new Error("csrf","csrf token mismatch!"); 19 | } 20 | else 21 | throw new Error("csrf","csrf token missing!"); 22 | 23 | function upload_identity_doc($num, $uid) 24 | { 25 | $file = "file$num"; 26 | 27 | if (!isset($_FILES[$file])) 28 | return 0; 29 | 30 | $info = $_FILES[$file]; 31 | $error = $info['error']; 32 | if ($error) { 33 | if ($error == UPLOAD_ERR_INI_SIZE) 34 | echo "

    " . sprintf(_("File '%s' is bigger than the per-file limit of %s."), 35 | $info['name'], 36 | ini_get('upload_max_filesize')) . "

    \n"; 37 | else if ($error == UPLOAD_ERR_PARTIAL) 38 | echo "

    " . sprintf(_("File '%s' is was only partially uploaded."), 39 | $info['name']) . "

    \n"; 40 | else if ($error != UPLOAD_ERR_NO_FILE) 41 | echo "

    " . sprintf(_("An error (code %s) occurred uploading file '%s'."), 42 | $error, $info['name']) . "

    \n"; 43 | return 0; 44 | } 45 | 46 | $description = post("description$num"); 47 | $filename = cleanup_string(basename($info['name'])); 48 | $type = $info['type']; 49 | $source = $info['tmp_name']; 50 | $size = $info['size']; 51 | 52 | $dir = DOCDIR . "/$uid"; 53 | @mkdir($dir, 0755); 54 | $base = "$filename"; 55 | $index = $dir . "/00-README.txt"; 56 | 57 | $dest = $base; 58 | $count = 1; 59 | while (file_exists($dir . "/$dest") || file_exists($dir . "/$dest.gpg")) { 60 | $count++; 61 | $dest = sprintf("upload-%d-of-%s", $count, $base); 62 | } 63 | 64 | if (!($fp = fopen("$index", 'a'))) 65 | throw new Error("file permission error", "can't upload user identification documents"); 66 | 67 | fprintf($fp, "%s\n %s\n %s\n\n", date('r'), "$dest.gpg", $description); 68 | fclose($fp); 69 | 70 | $dest = $dir . "/$dest"; 71 | 72 | rename($source, $dest); 73 | encrypt_file($dest, array('dooglus@gmail.com', 'aml@worldbitcoinexchange.com')); 74 | @unlink($dest); 75 | 76 | echo "

    File '$filename' was uploaded and encrypted successfully.

    \n"; 77 | 78 | return 1; 79 | } 80 | 81 | function handle_uploaded_identity_docs() 82 | { 83 | global $is_logged_in, $is_admin; 84 | ?> 85 |
    86 |

    Upload Results

    87 | " . _("Documents uploaded") . ": $uploaded

    \n"; 102 | echo "
    \n"; 103 | 104 | if ($uploaded && !$is_admin) 105 | email_tech(_("User Uploaded New Identity Documents"), 106 | sprintf("%s\n\n%s", 107 | sprintf(_("User %s uploaded %s new file(s)."), 108 | $is_logged_in, $uploaded), 109 | sprintf("%s?page=docs&uid=%s", SITE_URL, $is_logged_in))); 110 | } 111 | 112 | function show_upload_documentation_form() 113 | { 114 | global $is_admin, $is_logged_in, $is_verified; 115 | 116 | if ($is_verified && !$is_admin) { 117 | ?> 118 |
    119 |

    Already Verified

    120 |

    121 | Your account is already verified. There is no need for you to upload any more documentation. Thank you for putting up with this inconvenience. 122 |

    123 |
    124 | 127 |
    128 |

    Upload Personal Documentation

    129 | You have already uploaded the following:


    \n";
133 |         $fp = fopen($readme, 'r');
134 |         while ($line = fgets($fp)) {
135 |             $line = rtrim($line);
136 |             // $line = substr($line, 35);
137 |             echo "    $line\n";
138 |         }
139 |         echo "
    \n"; 140 | echo "

    The upload form is available below if you need to upload more.

    \n"; 141 | } 142 | ?> 143 |

    144 | Please upload both of the following: 145 |

    • a copy of an international ID document (a current driving license is sufficient) AND
      • 146 |
    • a copy of a recent utility bill (private) or corporate information (company)
      • 147 |
    148 |

    149 |

    150 | All received documentation is immediately encrytped and held 151 | on a secure data store. 152 |

    153 |

    154 | We will not share your documents with any third party under any circumstance, 155 | except where legally obliged to do so. 156 |

    157 |

    158 | If you need to upload more than of documents, please upload the documents separately. There is a maximum of upload per page. 159 |

    160 | 161 |
    162 | 163 | 164 | UserID:\n"; 167 | echo " \n"; 168 | } 169 | 170 | for ($i = 0; $i < ID_FILE_UPLOAD_SLOTS; $i++) { 171 | echo " \n"; 172 | echo " \n"; 173 | echo "
    \n"; 174 | } 175 | ?> 176 | 177 |
    178 |
    179 | 190 | -------------------------------------------------------------------------------- /interpreter.php: -------------------------------------------------------------------------------- 1 | dbprefix,$statement); 15 | if (!empty($statement)) { 16 | try { 17 | $result = do_query($statement); 18 | } catch (Exception $e) { 19 | $errors[] = $e->getMessage(); 20 | } 21 | } 22 | } 23 | if (!empty($errors)) { 24 | $errortxt = ""; 25 | foreach($errors as $error) 26 | $errortxt .= " {$error};"; 27 | throw new Exception('error running script: ' . $scriptlocation . ":" . $errortxt); 28 | } 29 | } else { 30 | throw new Exception('ScriptNotFound:'.$scriptlocation); 31 | } 32 | } 33 | ?> 34 | -------------------------------------------------------------------------------- /jsonRPCClient.php: -------------------------------------------------------------------------------- 1 | 6 | 7 | This file is part of JSON-RPC PHP. 8 | 9 | JSON-RPC PHP is free software; you can redistribute it and/or modify 10 | it under the terms of the GNU General Public License as published by 11 | the Free Software Foundation; either version 2 of the License, or 12 | (at your option) any later version. 13 | 14 | JSON-RPC PHP is distributed in the hope that it will be useful, 15 | but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | GNU General Public License for more details. 18 | 19 | You should have received a copy of the GNU General Public License 20 | along with JSON-RPC PHP; if not, write to the Free Software 21 | Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 22 | */ 23 | 24 | /** 25 | * The object of this class are generic jsonRPC 1.0 clients 26 | * http://json-rpc.org/wiki/specification 27 | * 28 | * @author sergio 29 | */ 30 | class jsonRPCClient { 31 | 32 | /** 33 | * Debug state 34 | * 35 | * @var boolean 36 | */ 37 | private $debug; 38 | 39 | /** 40 | * The server URL 41 | * 42 | * @var string 43 | */ 44 | private $url; 45 | /** 46 | * The request id 47 | * 48 | * @var integer 49 | */ 50 | private $id; 51 | /** 52 | * If true, notifications are performed instead of requests 53 | * 54 | * @var boolean 55 | */ 56 | private $notification = false; 57 | 58 | /** 59 | * Takes the connection parameters 60 | * 61 | * @param string $url 62 | * @param boolean $debug 63 | */ 64 | public function __construct($url,$debug = false) { 65 | // server URL 66 | $this->url = $url; 67 | // proxy 68 | empty($proxy) ? $this->proxy = '' : $this->proxy = $proxy; 69 | // debug state 70 | empty($debug) ? $this->debug = false : $this->debug = true; 71 | // message id 72 | $this->id = 1; 73 | } 74 | 75 | /** 76 | * Sets the notification state of the object. In this state, notifications are performed, instead of requests. 77 | * 78 | * @param boolean $notification 79 | */ 80 | public function setRPCNotification($notification) { 81 | empty($notification) ? 82 | $this->notification = false 83 | : 84 | $this->notification = true; 85 | } 86 | 87 | /** 88 | * Performs a jsonRCP request and gets the results as an array 89 | * 90 | * @param string $method 91 | * @param array $params 92 | * @return array 93 | */ 94 | public function __call($method,$params) { 95 | 96 | // check 97 | if (!is_scalar($method)) { 98 | throw new Exception('Method name has no scalar value'); 99 | } 100 | 101 | // check 102 | if (is_array($params)) { 103 | // no keys 104 | $params = array_values($params); 105 | } else { 106 | throw new Exception('Params must be given as array'); 107 | } 108 | 109 | // sets notification or request task 110 | if ($this->notification) { 111 | $currentId = NULL; 112 | } else { 113 | $currentId = $this->id; 114 | } 115 | 116 | // prepares the request 117 | $request = array( 118 | 'method' => $method, 119 | 'params' => $params, 120 | 'id' => $currentId 121 | ); 122 | $request = json_encode($request); 123 | 124 | if (!INTEGER_BITCOIND) { 125 | // remove double quotes around strings representing numbers with 8 decimal places, so bitcoind can read them 126 | $request = preg_replace('/"(-?\d+[.]\d{8})"/', '$1', $request); 127 | } 128 | 129 | $this->debug && $this->debug.='***** Request *****'."\n".$request."\n".'***** End Of request *****'."\n\n"; 130 | 131 | // performs the HTTP POST 132 | $opts = array ('http' => array ( 133 | 'method' => 'POST', 134 | 'header' => 'Content-type: application/json', 135 | 'ignore_errors' => 'true', 136 | 'content' => $request 137 | )); 138 | $context = stream_context_create($opts); 139 | if ($fp = @fopen($this->url, 'r', false, $context)) { 140 | $response = ''; 141 | while($row = fgets($fp)) { 142 | $response.= trim($row)."\n"; 143 | } 144 | $this->debug && $this->debug.='***** Server response *****'."\n".$response.'***** End of server response *****'."\n"; 145 | 146 | if (!INTEGER_BITCOIND) { 147 | // put double quotes around numbers with 8 decimal places, so they won't be converted to a float 148 | $response = preg_replace('/:(-?\d+[.]\d{8})/', ':"$1"', $response); 149 | } 150 | 151 | $response = json_decode($response,true); 152 | } else { 153 | throw new Exception('Unable to connect.'); 154 | } 155 | 156 | // debug output 157 | if ($this->debug) { 158 | echo nl2br($this->debug); 159 | } 160 | 161 | // final checks and return 162 | if (!$this->notification) { 163 | // check 164 | if ($response['id'] != $currentId) { 165 | throw new Exception('Incorrect response id (request id: '.$currentId.', response id: '.$response['id'].')'); 166 | } 167 | if (!is_null($response['error'])) { 168 | throw new Exception('Request error: '.json_encode($response['error'])); 169 | } 170 | 171 | if (!INTEGER_BITCOIND) 172 | return bitcoin_to_internal($response['result']); 173 | 174 | return $response['result']; 175 | } else { 176 | return true; 177 | } 178 | } 179 | } 180 | ?> 181 | -------------------------------------------------------------------------------- /localization.php: -------------------------------------------------------------------------------- 1 | \n"; 12 | // echo _("Hello World!") . "\n"; 13 | 14 | ?> 15 | -------------------------------------------------------------------------------- /locks/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /logs/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /mtgox_config.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /news.php: -------------------------------------------------------------------------------- 1 | 11 | 12 |
    13 |

    Hello!

    14 |

    9:10am 10-Mar-12

    15 |

    16 | No news is good news? 17 |

    18 |
    19 | -------------------------------------------------------------------------------- /order_utils.php: -------------------------------------------------------------------------------- 1 | 1) 76 | throw new Error('Serious...', 'More rows updated than should be. Contact the sysadmin ASAP.'); 77 | else if (mysql_affected_rows() == 0) 78 | throw new Problem(_('Cannot...'), _('Your order got bought up before you were able to cancel.')); 79 | else 80 | throw new Error('Serious...', 'Internal error. Contact sysadmin ASAP.'); 81 | } 82 | 83 | // Refetch order in case something has happened. 84 | $info = fetch_order_info($orderid); 85 | 86 | if ($uid != $info->uid) 87 | throw new Error('Permission...', '... Denied! Now GTFO.'); 88 | 89 | add_funds($info->uid, $info->amount, $info->type); 90 | // these records indicate returned funds. 91 | create_record($orderid, $info->amount, 0, 92 | 0, -1, 0); 93 | addlog(LOG_RESULT, " cancelled order $orderid"); 94 | } 95 | 96 | function get_orders() 97 | { 98 | global $is_logged_in; 99 | 100 | $result = do_query(" 101 | SELECT 102 | orderid, initial_amount, amount, type, initial_want_amount, want_amount, want_type 103 | FROM 104 | orderbook 105 | WHERE 106 | status = 'OPEN' 107 | AND 108 | uid = $is_logged_in 109 | "); 110 | 111 | $orders = array(); 112 | while ($row = mysql_fetch_array($result)) { 113 | $orderid = $row['orderid']; 114 | $have_amount = $row['amount']; 115 | $have_currency = $row['type']; 116 | $want_amount = $row['want_amount']; 117 | $want_currency = $row['want_type']; 118 | 119 | if ($have_currency == 'BTC') 120 | $text = sprintf("%s %s %s %s %s %s", 121 | _("Sell"), 122 | internal_to_numstr($have_amount, BTC_PRECISION), 123 | $have_currency, 124 | _("for"), 125 | internal_to_numstr($want_amount, FIAT_PRECISION), 126 | $want_currency); 127 | else 128 | $text = sprintf("%s %s %s %s %s %s", 129 | _("Buy"), 130 | internal_to_numstr($want_amount, BTC_PRECISION), 131 | $want_currency, 132 | _("for"), 133 | internal_to_numstr($have_amount, FIAT_PRECISION), 134 | $have_currency); 135 | 136 | array_push($orders, array('orderid' => $orderid, 137 | 'text' => $text, 138 | 'have_amount' => internal_to_numstr($have_amount), 139 | 'have_currency' => $row['type'], 140 | 'want_amount' => internal_to_numstr($want_amount), 141 | 'want_currency' => $want_currency)); 142 | } 143 | 144 | return $orders; 145 | } 146 | 147 | ?> 148 | -------------------------------------------------------------------------------- /orderbook.php: -------------------------------------------------------------------------------- 1 | \n"; 12 | if ($curr_a == 'BTC') 13 | echo "

    " . sprintf(_("People selling %s for %s"), $curr_a, $curr_b) . "

    \n"; 14 | else 15 | echo "

    " . sprintf(_("People buying %s for %s"), $curr_b, $curr_a) . "

    \n"; 16 | 17 | $exchange_fields = calc_exchange_rate($curr_a, $curr_b, $base_curr); 18 | if (!$exchange_fields) { 19 | if ($curr_a == 'BTC') 20 | echo "

    " . sprintf(_("Nobody is selling %s for %s."), $curr_a, $curr_b) . "

    "; 21 | else 22 | echo "

    " . sprintf(_("Nobody is buying %s for %s."), $curr_b, $curr_a) . "

    "; 23 | echo ""; 24 | return; 25 | } 26 | list($total_amount, $total_want_amount, $rate) = $exchange_fields; 27 | echo "

    " . _("Best exchange rate is") . " "; 28 | if ($base_curr == BASE_CURRENCY::A) 29 | echo "$rate $curr_b/$curr_a"; 30 | else 31 | echo "$rate $curr_a/$curr_b"; 32 | echo ".

    "; 33 | 34 | if (!$show_all) 35 | echo "

    " . sprintf(_("Showing top %d entries"), DEFAULT_ORDERBOOK_DEPTH) . ":

    "; 36 | 37 | ?> 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | $rate\n"; 101 | echo " \n"; 102 | echo " \n"; 103 | if ($is_admin) 104 | echo " \n"; 105 | if (SHOW_CUMULATIVE_DEPTH) { 106 | echo " \n"; 107 | echo " \n"; 108 | } 109 | echo " \n"; 110 | } 111 | 112 | echo " \n"; 113 | echo " \n"; 114 | // strstr's 3rd argument only works in PHP 5.3.0 and newer 115 | // http://php.net/manual/en/function.strstr.php 116 | // use explode instead 117 | $total_amount = explode('.', $total_amount, 2); 118 | $total_amount = $total_amount[0]; 119 | echo " \n"; 120 | echo " \n"; 121 | echo " \n"; 122 | echo "
    $amount $curr_a$want_amount $curr_b$uid" . internal_to_numstr($cumulative_curr_a, $precision_a) . " $curr_a" . internal_to_numstr($cumulative_curr_b, $precision_b) . " $curr_b
    " . _("Total") . ":$total_amount $curr_a
    \n"; 123 | if ($show_all) 124 | echo "

    >> " . _("hide") . "

    \n"; 125 | else 126 | echo "

    >> " . _("show all") . "

    \n"; 127 | echo "\n"; 128 | } 129 | 130 | global $is_logged_in, $is_admin; 131 | 132 | display_double_entry('BTC', CURRENCY, BASE_CURRENCY::A, $is_logged_in, $is_admin); 133 | display_double_entry(CURRENCY, 'BTC', BASE_CURRENCY::B, $is_logged_in, $is_admin); 134 | ?> 135 | -------------------------------------------------------------------------------- /place_order.php: -------------------------------------------------------------------------------- 1 | 26 | 27 |
    28 |

    29 | 30 |

    33 | 34 |

    ', 36 | '', 37 | '', 38 | ''); ?>

    39 |
    40 | -------------------------------------------------------------------------------- /profile.php: -------------------------------------------------------------------------------- 1 | \n"; 12 | echo "

    " . _("Private user info") . "

    \n"; 13 | // main info 14 | echo "

    " . _("You are logged in.") . "

    \n"; 15 | $uid = $is_logged_in; 16 | echo "

    " . _("User ID") . ": $uid

    \n"; 17 | echo "

    " . _("OpenID") . ": $oidlogin

    \n"; 18 | show_balances($uid); 19 | show_committed_balances($uid); 20 | check_fiat_balance_limit($uid, "0"); 21 | echo "\n"; 22 | 23 | $query = " 24 | SELECT 25 | orderid, 26 | amount, 27 | initial_amount, 28 | type, 29 | initial_want_amount, 30 | want_type, 31 | " . sql_format_date("timest") . " AS timest, 32 | status 33 | FROM orderbook 34 | WHERE uid='$uid' 35 | ORDER BY orderbook.timest DESC; 36 | "; 37 | $result = do_query($query); 38 | $row = mysql_fetch_assoc($result); 39 | if ($row) { ?> 40 |
    41 |

    42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | ", $timest); 60 | $status_code = $row['status']; 61 | $status = translate_order_code($status_code); 62 | $price = $type == 'BTC' 63 | ? fiat_and_btc_to_price($initial_want_amount, $initial_amount) 64 | : fiat_and_btc_to_price($initial_amount, $initial_want_amount); 65 | $percent_complete = sprintf("%.0f", bcdiv(gmp_strval(gmp_mul(gmp_sub($initial_amount, $amount), 100)), $initial_amount, 1)); 66 | $trade_count = count_transactions($orderid); 67 | $give_precision = $type == 'BTC' ? BTC_PRECISION : FIAT_PRECISION; 68 | $want_precision = $type == 'BTC' ? FIAT_PRECISION : BTC_PRECISION; 69 | echo " ", active_table_row("active", "?page=view_order&orderid=$orderid"), "\n"; 70 | echo " \n"; 71 | echo " \n"; 72 | echo " \n"; 73 | echo " \n"; 74 | echo " \n"; 75 | echo " \n"; 76 | echo " \n"; 77 | } while ($row = mysql_fetch_assoc($result)); 78 | echo "

    ()
    " . internal_to_numstr($initial_amount, $give_precision) . " $type" . internal_to_numstr($initial_want_amount, $want_precision) . " $want_type$price$timest$status ($percent_complete%)$trade_count
    "; 79 | } 80 | 81 | // also used when you view an order 82 | display_transactions($uid, 0); 83 | 84 | $query = " 85 | SELECT 86 | reqid, 87 | req_type, 88 | amount, 89 | curr_type, 90 | " . sql_format_date("timest") . " AS timest, 91 | status 92 | FROM requests 93 | WHERE 94 | uid='$uid' 95 | AND (req_type='WITHDR' OR req_type='DEPOS') 96 | AND status!='IGNORE' 97 | ORDER BY requests.timest DESC; 98 | "; 99 | $result = do_query($query); 100 | $row = mysql_fetch_assoc($result); 101 | if ($row) { ?> 102 |
    103 |

    104 | 105 | 106 | 107 | 108 | 109 | 110 | \n"; 121 | echo " \n"; 122 | echo " \n"; 123 | echo " \n"; 124 | echo " \n"; 125 | echo " \n"; 126 | } while ($row = mysql_fetch_assoc($result)); 127 | echo "
    $req_type $amount $curr_type$timest$status" . _("View request") . "
    "; 128 | } 129 | 130 | try { 131 | $needed_conf = CONFIRMATIONS_FOR_DEPOSIT; 132 | $balance = bitcoin_get_balance($uid, $needed_conf); 133 | 134 | if ($balance != bitcoin_get_balance($uid, 0)) { ?> 135 |
    136 |

    137 | 138 | 139 | 140 | 141 | 142 | 143 | = 0; $conf--) { 145 | $new_balance = bitcoin_get_balance($uid, $conf); 146 | if ($balance != $new_balance) { 147 | $diff = gmp_sub($new_balance, $balance); 148 | echo "\n"; 149 | $balance = $new_balance; 150 | } 151 | } 152 | echo "
    ", internal_to_numstr($diff), "$conf", $needed_conf - $conf, "
    "; 153 | } 154 | } catch (Exception $e) { 155 | if ($e->getMessage() != 'Unable to connect.') 156 | throw $e; 157 | echo "
    \n"; 158 | echo "

    " . _("Pending bitcoin deposits") . "

    \n"; 159 | echo "

    " . _("Normally this area would display any Bitcoin deposits you have made that are awaiting confirmations, but we are having trouble connecting to the Bitcoin network at the moment, so it doesn't.") . "

    \n"; 160 | echo "

    " . _("Please try again in a few minutes.") . "

    \n"; 161 | echo "
    "; 162 | } 163 | ?> 164 | -------------------------------------------------------------------------------- /scr/check.py: -------------------------------------------------------------------------------- 1 | import MySQLdb 2 | import getpass 3 | 4 | db = MySQLdb.connect("localhost","root",getpass.getpass(),"intersango") 5 | 6 | expected_site_balance = {} 7 | expected_site_balance['AUD'] = 0 8 | expected_site_balance['BTC'] = 0 9 | 10 | site_balance = {} 11 | site_balance['AUD'] = 0 12 | site_balance['BTC'] = 0 13 | 14 | def balance_user(user_id): 15 | c = db.cursor() 16 | c.execute("SELECT amount,type FROM purses WHERE uid=%s",(user_id,)) 17 | balances = c.fetchall() 18 | 19 | c.execute("SELECT amount,curr_type FROM requests WHERE req_type='DEPOS' AND status='FINAL' AND uid=%s",(user_id,)) 20 | deposits = c.fetchall() 21 | 22 | c.execute("SELECT amount,curr_type FROM requests WHERE req_type='WITHDR' AND status='FINAL' AND uid=%s",(user_id,)) 23 | withdrawals = c.fetchall() 24 | 25 | c.execute("SELECT amount,curr_type FROM requests WHERE req_type='WITHDR' AND (status='VERIFY' OR status='PROCES') AND uid=%s",(user_id,)) 26 | pending_withdrawals = c.fetchall() 27 | 28 | c.execute("SELECT orderbook.orderid,orderbook.type,orderbook.want_type,transactions.a_amount AS amount ,transactions.b_amount AS want_amount FROM transactions JOIN orderbook ON orderbook.orderid=transactions.a_orderid WHERE transactions.b_amount=-1 AND orderbook.uid=%s",(user_id,)) 29 | cancelled_transactions = c.fetchall() 30 | 31 | #select orders twice to get orders in reverse direction 32 | c.execute("SELECT orderbook.type,orderbook.want_type,transactions.a_amount AS amount ,transactions.b_amount AS want_amount FROM transactions JOIN orderbook ON orderbook.orderid=transactions.a_orderid WHERE transactions.b_amount!=-1 AND orderbook.uid=%s",(user_id,)) 33 | transactions = c.fetchall() 34 | c.execute("SELECT orderbook.type,orderbook.want_type,transactions.b_amount AS amount ,transactions.a_amount AS want_amount FROM transactions JOIN orderbook ON orderbook.orderid=transactions.b_orderid WHERE transactions.b_amount!=-1 AND orderbook.uid=%s",(user_id,)) 35 | transactions += c.fetchall() 36 | 37 | c.execute("SELECT amount,type FROM orderbook WHERE status='OPEN' AND uid=%s",(user_id,)) 38 | orders = c.fetchall() 39 | c.close() 40 | 41 | expected_balance = {} 42 | expected_balance['AUD'] = 0 43 | expected_balance['BTC'] = 0 44 | 45 | for amount,type in deposits: 46 | expected_balance[type] += amount 47 | 48 | for type,want_type,amount,want_amount in transactions: 49 | expected_balance[type] -= amount 50 | expected_balance[want_type] += want_amount 51 | 52 | for amount,type in orders: 53 | expected_balance[type] -= amount 54 | 55 | for amount,type in withdrawals: 56 | expected_balance[type] -= amount 57 | 58 | for amount,type in pending_withdrawals: 59 | expected_balance[type] -= amount 60 | 61 | out_of_balance = [] 62 | for amount,type in balances: 63 | site_balance[type] += amount 64 | expected_site_balance[type] += expected_balance[type] 65 | if expected_balance[type] != amount: 66 | out_of_balance.append((user_id,type,expected_balance[type],amount)) 67 | return out_of_balance 68 | 69 | c = db.cursor() 70 | c.execute("SELECT uid FROM users") 71 | 72 | out_of_balance = [] 73 | 74 | for user in c: 75 | out_of_balance += balance_user(user[0]) 76 | 77 | c.close() 78 | 79 | if len(out_of_balance) > 0: 80 | for user_id,type,expected,amount in out_of_balance: 81 | print(user_id,type,expected,amount) 82 | 83 | for type in expected_site_balance.keys(): 84 | print("site_balance",type,expected_site_balance[type],site_balance[type],expected_site_balance[type]-site_balance[type]) 85 | -------------------------------------------------------------------------------- /scr/sanity.sql: -------------------------------------------------------------------------------- 1 | SELECT 2 | txid, 3 | b_r AS b_rate, 4 | a_r AS a_rate, 5 | r AS rate, 6 | b_r > a_r, 7 | r > a_r, 8 | r < b_r 9 | FROM ( 10 | SELECT 11 | txid, 12 | b_want/b_amount AS b_r, 13 | a_amount/a_want AS a_r, 14 | a_exc/b_exc AS r 15 | FROM ( 16 | SELECT 17 | txid, 18 | a_amount, 19 | a_want, 20 | initial_amount AS b_amount, 21 | initial_want_amount AS b_want, 22 | a_exc, 23 | b_exc 24 | FROM ( 25 | SELECT 26 | t.txid, 27 | o.initial_amount AS a_amount, 28 | o.initial_want_amount AS a_want, 29 | t.b_orderid, 30 | t.a_amount AS a_exc, 31 | t.b_amount AS b_exc 32 | FROM 33 | transactions AS t 34 | JOIN 35 | orderbook AS o 36 | ON 37 | t.a_orderid=o.orderid 38 | WHERE 39 | b_amount >= 0 40 | ) AS a 41 | JOIN 42 | orderbook 43 | ON 44 | b_orderid=orderbook.orderid 45 | ) AS j 46 | ) AS t 47 | WHERE 48 | b_r > a_r 49 | OR r > a_r 50 | OR r < b_r 51 | OR TRUE 52 | ; 53 | 54 | SELECT 55 | SUM( 56 | IF( 57 | req_type='DEPOS', 58 | amount, 59 | IF( 60 | req_type='WITHDR', 61 | -amount, 62 | 0 63 | ))) AS total_AUD_deposits 64 | FROM 65 | requests 66 | WHERE 67 | curr_type='AUD' 68 | AND status='FINAL' 69 | ; 70 | -------------------------------------------------------------------------------- /scr/summa.php: -------------------------------------------------------------------------------- 1 | 76 | 77 | -------------------------------------------------------------------------------- /scr/sync_to_bitcoin.php: -------------------------------------------------------------------------------- 1 | 18 | -------------------------------------------------------------------------------- /scr/unit.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | mysql -tu root intersango < sanity.sql 3 | echo -en 'Bitcoin balance: ' && bitcoind getbalance "" 4 | php summa.php 5 | -------------------------------------------------------------------------------- /switcher.php: -------------------------------------------------------------------------------- 1 | \n"; 100 | echo "

    Debug

    \n"; 101 | echo "

    \n"; 102 | echo "session id: ", session_id(), "
    \n"; 103 | echo "session age: ", time() - $_SESSION['creation_time'], " seconds
    \n"; 104 | if (isset($inactivity)) echo "you were inactive for $inactivity seconds
    \n"; 105 | echo "MAX_IDLE_MINUTES_BEFORE_LOGOUT = ", MAX_IDLE_MINUTES_BEFORE_LOGOUT, " minutes = ", MAX_IDLE_MINUTES_BEFORE_LOGOUT * 60, " seconds
    \n"; 106 | echo "MAX_SESSION_ID_LIFETIME = ", MAX_SESSION_ID_LIFETIME, " minutes = ", MAX_SESSION_ID_LIFETIME * 60, " seconds
    \n"; 107 | echo "

    \n"; 108 | } 109 | } 110 | catch (Error $e) { 111 | global $shown_header; 112 | 113 | report_exception($e, SEVERITY::ERROR); 114 | // Same as below, but flag + log this for review, 115 | 116 | if (!$shown_header) show_header($page, $is_logged_in); 117 | 118 | echo "

    {$e->getTitle()}

    "; 119 | echo "

    {$e->getMessage()}

    "; 120 | } 121 | catch (Problem $e) { 122 | global $shown_header; 123 | if (!$shown_header) show_header($page, $is_logged_in); 124 | 125 | echo "

    {$e->getTitle()}

    "; 126 | echo "

    {$e->getMessage()}

    "; 127 | } 128 | catch (Exception $e) { 129 | global $shown_header; 130 | if (!$shown_header) show_header($page, $is_logged_in); 131 | 132 | echo "

    Technical difficulties

    "; 133 | echo "

    {$e->getMessage()}

    "; 134 | } 135 | 136 | show_footer($is_logged_in, $is_admin, $is_verified); 137 | 138 | if ($lock) release_lock($lock); 139 | } 140 | ?> 141 | -------------------------------------------------------------------------------- /turn_on_duo.php: -------------------------------------------------------------------------------- 1 | 18 |
    19 |

    20 |

    21 |

    22 |

    ', 24 | ''); ?>

    25 |
    26 | 27 |
    28 |

    29 | 30 |

    ', 33 | ''); ?>

    34 | 35 |
    36 | 37 | 38 | 39 |
    40 |
    41 | 42 | -------------------------------------------------------------------------------- /view_order.php: -------------------------------------------------------------------------------- 1 | uid; 27 | else if ($info->uid != $uid) 28 | throw new Problem('Not for your eyes', "This isn't your order."); 29 | 30 | if (isset($_POST['cancel_order'])) { 31 | cancel_order($orderid, $uid); 32 | 33 | ?>
    34 |

    Cancelled!

    35 |

    Order is no more.

    36 |

    Back to the orderbook.

    37 |
    initial_amount); 41 | $amount = internal_to_numstr($info->amount); 42 | $type = $info->type; 43 | $initial_want_amount = internal_to_numstr($info->initial_want_amount); 44 | $want_amount = internal_to_numstr($info->want_amount); 45 | $want_type = $info->want_type; 46 | $timest = $info->timest; 47 | $status = $info->status; 48 | ?>
    49 |

    Order info

    50 |

    51 | 52 |

    53 |

    54 | 57 |

    58 | $amount $type for $want_amount $want_type remaining.

    "; 60 | } ?> 61 |

    62 | 63 |

    64 |

    65 | 66 |

    67 | 68 |

    69 |

    70 | 71 | 72 | 73 |
    74 |

    75 | 76 |
    80 | -------------------------------------------------------------------------------- /view_trades.php: -------------------------------------------------------------------------------- 1 | \n"; 7 | echo "

    Recent Trades

    \n"; 8 | 9 | $query = " 10 | SELECT txid, 11 | a_amount, 12 | a_orderid, 13 | b_amount, 14 | b_orderid, 15 | " . sql_format_date("t.timest") . " AS timest, 16 | a.uid AS a_uid, 17 | b.uid AS b_uid 18 | FROM transactions AS t 19 | JOIN orderbook AS a 20 | ON a.orderid = a_orderid 21 | JOIN orderbook AS b 22 | ON b.orderid = b_orderid 23 | WHERE b_amount > 0 24 | AND t.timest > NOW() - INTERVAL 1 DAY 25 | ORDER BY txid DESC; 26 | "; 27 | $result = do_query($query); 28 | $first = true; 29 | $amount_fiat_total = $amount_btc_total = '0'; 30 | $mine = 0; 31 | while ($row = mysql_fetch_assoc($result)) { 32 | $txid = $row['txid']; 33 | $a_amount = $row['a_amount']; 34 | $a_orderid = $row['a_orderid']; 35 | $b_amount = $row['b_amount']; 36 | $b_orderid = $row['b_orderid']; 37 | $timest = $row['timest']; 38 | $a_uid = $row['a_uid']; 39 | $b_uid = $row['b_uid']; 40 | $price = fiat_and_btc_to_price($a_amount, $b_amount); 41 | 42 | $amount_fiat_total = gmp_add($amount_fiat_total, $a_amount); 43 | $amount_btc_total = gmp_add($amount_btc_total, $b_amount); 44 | 45 | $a_amount_str = internal_to_numstr($a_amount, FIAT_PRECISION); 46 | $b_amount_str = internal_to_numstr($b_amount, BTC_PRECISION); 47 | 48 | if (string_is_zero($a_amount_str) || string_is_zero($b_amount_str)) 49 | continue; 50 | 51 | if ($first) { 52 | $first = false; 53 | echo "\n"; 54 | echo ""; 55 | echo ""; 56 | if ($is_admin) echo ""; 57 | echo ""; 58 | if ($is_admin) echo ""; 59 | echo ""; 60 | echo ""; 61 | echo ""; 62 | echo ""; 63 | } 64 | 65 | $a_is_me = ($a_uid == $is_logged_in); 66 | $b_is_me = ($b_uid == $is_logged_in); 67 | 68 | if ($a_is_me) 69 | echo active_table_row("active", "?page=view_order&orderid=$a_orderid"); 70 | else if ($b_is_me) 71 | echo active_table_row("active", "?page=view_order&orderid=$b_orderid"); 72 | else 73 | echo ""; 74 | 75 | echo ""; 76 | if ($is_admin) 77 | if ($a_is_me || $b_is_me) 78 | echo ""; 79 | else 80 | active_table_cell_link_to_user_statement($a_uid); 81 | if ($a_is_me) { 82 | $mine++; 83 | echo ""; 84 | } else 85 | echo ""; 86 | if ($is_admin) 87 | if ($a_is_me || $b_is_me) 88 | echo ""; 89 | else 90 | active_table_cell_link_to_user_statement($b_uid); 91 | if ($b_is_me) { 92 | $mine++; 93 | echo ""; 94 | } else 95 | echo ""; 96 | echo ""; 97 | echo ""; 98 | echo "\n"; 99 | } 100 | 101 | if ($first) 102 | echo "

    There are no recent trades.

    \n"; 103 | else { 104 | $price = clean_sql_numstr(bcdiv(gmp_strval($amount_fiat_total), gmp_strval($amount_btc_total), 4)); 105 | echo " \n"; 106 | if ($is_admin) 107 | echo " \n"; 108 | else 109 | echo " \n"; 110 | echo " \n"; 111 | echo " \n"; 112 | echo " "; 113 | if ($is_admin) echo " "; 114 | echo " "; 115 | if ($is_admin) echo " "; 116 | echo " "; 117 | echo " "; 118 | echo " \n"; 119 | echo "
    " . _("TID") . "User" . CURRENCY . "" . _("User") . "" . _("BTC") . "" . _("Price") . "" . _("Date") . "
    $txid$a_uid$a_amount_str$a_amount_str$b_uid$b_amount_str$b_amount_str$price$timest
    ------------------------------------------------
    ", internal_to_numstr($amount_fiat_total, FIAT_PRECISION), "", internal_to_numstr($amount_btc_total, BTC_PRECISION), "$price
    \n"; 120 | 121 | if ($mine) 122 | echo "

    " . sprintf(_("The %s amount(s) you %sgave%s are shown in %sbold%s."), 123 | $mine, 124 | "", 125 | "", 126 | "", 127 | "") . "

    \n"; 128 | } 129 | 130 | ?> 131 | 132 | -------------------------------------------------------------------------------- /view_util.php: -------------------------------------------------------------------------------- 1 |
    72 |

    73 |

    79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | \n"; 118 | echo " "; 119 | if (!$orderid) 120 | echo ""; 121 | echo ""; 122 | echo ""; 123 | echo ""; 124 | echo ""; 125 | echo "\n"; 126 | echo " \n"; 127 | } 128 | 129 | // if we showed any table at all 130 | if (!$first) { 131 | // if we need to show a summary line 132 | if ($orderid && $count > 1) { 133 | $commission_percent = bcdiv(bcmul(gmp_strval($commission_total), 100), gmp_strval($b_total), 3); 134 | 135 | $b_total = gmp_sub($b_total, $commission_total); 136 | 137 | $price = 0; 138 | if ($type == 'BTC') { 139 | if ($a_total) $price = fiat_and_btc_to_price($b_total, $a_total); 140 | } else 141 | if ($b_total) $price = fiat_and_btc_to_price($a_total, $b_total); 142 | 143 | $a_total = internal_to_numstr($a_total, $give_precision); 144 | $b_total = internal_to_numstr($b_total, $want_precision); 145 | $commission_total = internal_to_numstr($commission_total, $want_precision); 146 | 147 | echo " \n"; 148 | echo " \n"; 149 | echo " \n"; 150 | echo " \n"; 151 | echo " \n"; 152 | echo " \n"; 154 | echo " \n"; 155 | echo " \n"; 156 | } 157 | 158 | echo "
    $this_orderid" . internal_to_numstr($a_amount, $give_precision) . " $type" . internal_to_numstr($b_amount, $want_precision) . " $want_type" . internal_to_numstr($b_commission, $want_precision) . " $want_type (", sprintf("%.2f", $commission_percent), "%)$price$timest
    --------------------------------
    $a_total $type$b_total $want_type$commission_total $want_type (", 153 | sprintf("%.2f", $commission_percent), "%)$price
    \n"; 159 | echo "

    " . _("The 'you got' column is the amount you received after commission was taken off.") . "

    "; 160 | echo "

    " . _("The 'price' column shows the effective price of the trade, after commission.") . "

    "; 161 | echo "
    \n"; 162 | } 163 | } 164 | 165 | ?> 166 | -------------------------------------------------------------------------------- /withdraw_utils.php: -------------------------------------------------------------------------------- 1 | getMessage() != 'Unable to connect.') 78 | throw $e; 79 | throw new Problem(_("Sorry..."), 80 | _("We are currently experiencing trouble connecting to the Bitcoin network and so cannot verify that you entered a valid Bitcoin address.") . 81 | "

    " . 82 | _("Your withdrawal request has been cancelled.") . 83 | "

    " . 84 | _("Please try again in a few minutes.")); 85 | } 86 | 87 | if (!$validaddy['isvalid']) 88 | throw new Problem(_('Bitcoin says no'), _('That address you supplied was invalid.')); 89 | syslog(LOG_NOTICE, "address=$addy"); 90 | 91 | $we_have = bitcoin_get_balance("*", 0); 92 | if (gmp_cmp($we_have, $amount) <= 0) { 93 | $message = sprintf(_("User %s is asking to withdraw %s BTC. We only have %s BTC."), 94 | $uid, 95 | internal_to_numstr($amount, BTC_PRECISION), 96 | internal_to_numstr($we_have, BTC_PRECISION)); 97 | email_tech(_("Exchange Wallet Balance is Too Low"), $message); 98 | } 99 | 100 | $query = " 101 | INSERT INTO requests (req_type, uid, amount, curr_type) 102 | VALUES ('WITHDR', '$uid', '$amount', '$curr_type'); 103 | "; 104 | } 105 | 106 | endlog(); 107 | 108 | do_query($query); 109 | $reqid = mysql_insert_id(); 110 | 111 | if ($voucher) 112 | $voucher_code = store_new_bitcoin_voucher_code($reqid); 113 | else { 114 | $query = " 115 | INSERT INTO bitcoin_requests (reqid, addy) 116 | VALUES ('$reqid', '$addy'); 117 | "; 118 | do_query($query); 119 | } 120 | } 121 | 122 | function save_details($uid, $amount, $curr_type, &$voucher, &$reqid) 123 | { 124 | beginlog(); 125 | syslog(LOG_NOTICE, "Withdrawing $amount $curr_type:"); 126 | if ($curr_type == CURRENCY) { 127 | $is_international = post('is_international') == 'true'; 128 | if (!$is_international) { 129 | uk_withdraw($uid, $amount, $curr_type, $voucher, $reqid); 130 | return true; 131 | } 132 | else { 133 | international_withdraw($uid, $amount, $curr_type, $reqid); 134 | return true; 135 | } 136 | } 137 | else if ($curr_type == 'BTC') { 138 | bitcoin_withdraw($uid, $amount, $curr_type, $voucher, $reqid); 139 | return true; 140 | } 141 | else { 142 | throw Error('Invalid currency', 'You cannot withdraw a currency that does not exist.'); 143 | } 144 | // should never happen! 145 | return false; 146 | } 147 | 148 | function truncate_num($num, $decimal_places) 149 | { 150 | $trailing_zeroes = 8 - $decimal_places; 151 | if ($trailing_zeroes == 0) return $num; 152 | return substr($num, 0, -$trailing_zeroes) . str_repeat('0', $trailing_zeroes); 153 | } 154 | 155 | function do_withdraw($amount_disp, $curr_type, &$voucher_code, &$reqid) 156 | { 157 | global $is_logged_in; 158 | 159 | if (!ENABLE_LOCAL_VOUCHERS && isset($_POST['voucher'])) 160 | throw Error('Vouchers are not enabled on this site', 'Withdrawing to a voucher code is disabled.'); 161 | 162 | $amount = numstr_to_internal($amount_disp); 163 | 164 | // dollar amounts should be truncated to cents, but Bitcoins are more divisible 165 | if ($curr_type == 'BTC') 166 | $amount = truncate_num($amount, BTC_WITHDRAW_DECIMAL_PLACES); 167 | else 168 | $amount = truncate_num($amount, 2); 169 | 170 | curr_supported_check($curr_type); 171 | order_worthwhile_check($amount, $amount_disp, $curr_type, MINIMUM_WITHDRAW); 172 | enough_money_check($amount, $curr_type); 173 | check_withdraw_limit($is_logged_in, $amount, $curr_type); 174 | 175 | if (!save_details($is_logged_in, $amount, $curr_type, $voucher_code, $reqid)) 176 | throw Error('We had to admit it sometime...', 'Stop trading on thie site. Contact the admin FAST.'); 177 | 178 | // actually take the money now 179 | deduct_funds($amount, $curr_type); 180 | 181 | // request is submitted to the queue for the cron job to actually execute (unless it's a voucher) 182 | } 183 | 184 | ?> 185 | --------------------------------------------------------------------------------