This is a (very bad) piece of PHP code that uses JSON-RPC to create a bitcoin store for digital information (For example, a password to a certain file or log-in info for a certain site). It uses JSON-RPC PHP client script to connect with bitcoind.
// (c) MrBison [[email protected]], 2010
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful (and fun!),
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
require_once ('./includes/jsonRPCClient.php');
function randomseed()
{
list($tmp1, $tmp2) = explode(' ', microtime());
return (float) $tmp1 + ((float) $tmp2 * 100000);
}
mt_srand(randomseed());
if (!isset($_COOKIE["bitcoinsessionid"])) { $session = mt_rand() + (int)(microtime()*1000); } else { $session = (int) $_COOKIE["bitcoinsessionid"]; }
if (!is_numeric($session)) die ("This looks like an SQL injection attempt.");
setcookie("bitcoinsessionid", $session, time()+2592000); //the cookie is valid for 30 days.
$bitcoin = new jsonRPCClient("http://rpcuser:[email protected]:8332/") or die("Cannot connect");
$link = mysql_connect("mysqlserver", "mysqluser", "mysqlpass") or die("Could not connect: " . mysql_error());
mysql_select_db("bitcoin");
if ((isset($_GET["getaddress"])) && (is_numeric($_GET["getaddress"]))) {
// if we are asked for an address
$id = $_GET["getaddress"];
$query = "SELECT address FROM addresses WHERE id = ". $id . " AND sessionid = " . $session;
$result = mysql_query($query) or die("Query failed : " . mysql_error());
$row = mysql_fetch_array($result, MYSQL_ASSOC); if (isset($row["address"])) { $address = $row["address"]; } else {
$address = $bitcoin->getnewaddress("Temporary address") or die ("Sorry, cannot create an address");
$query = "INSERT INTO addresses (id, address, sessionid) VALUES (" . $id . ", \"" . $address . "\"," . $session . ")";
mysql_query($query) or die("Query failed : " . mysql_error()); }
//here we check if someone else didn't already purchase this item
$query = "SELECT address FROM addresses WHERE id = ". $id . " AND sessionid != " . $session;
$result = mysql_query($query) or die("Query failed : " . mysql_error());
$row = mysql_fetch_array($result, MYSQL_ASSOC); if (isset($row["address"])) die("Sorry, this item is already being partially or fully paid by someone else.");
$query = "SELECT price FROM goods WHERE id = " . $id;
$pricex = mysql_query($query);
$row = mysql_fetch_array($pricex, MYSQL_ASSOC);
$price = $row["price"];
$paid = (float)$bitcoin->getreceivedbyaddress($address, 1);
echo "Please send " . $price . " to BitCoin address " . $address . " .
";
echo "Already sent: " . $paid . "
";
echo ". $id . "'>Refresh";
if ($price <= $paid) {
echo "Paid fully.
";
$result = mysql_query("SELECT name, description, price FROM goods WHERE id = " . $id) or die("Query failed 0: " . mysql_error());
$row = mysql_fetch_array($result, MYSQL_ASSOC);
echo "Your password is: " . $row["password"] . "
. $id . "'>Confirm and delete
"; }
else {
echo "You have ". $price - $paid . " left to pay.
"; }
}
else
if ((isset($_GET["delete"])) && (is_numeric($_GET["delete"]))) {
$id = $_GET["delete"];
$query = "SELECT address FROM addresses WHERE id = ". $id . " AND sessionid = " . $session; //Only the ones who paid fully can delete items
$result = mysql_query($query) or die("Query failed : " . mysql_error()); $row = mysql_fetch_array($result, MYSQL_ASSOC);
if (isset($row["address"])) { $address = $row["address"]; } else echo "Sorry, this operation is permitted only to users that purchased the item.";
$query = "SELECT price FROM goods WHERE id = " . $id;
$pricex = mysql_query($query);
$row = mysql_fetch_array($pricex, MYSQL_ASSOC);
$price = $row["price"];
$paid = (float)$bitcoin->getreceivedbyaddress($address, 1);
if ($paid >= $price) {
//if this user really purchased it
$query = "DELETE FROM goods WHERE id = ". $id;
$result = mysql_query($query) or die("Cannot delete the item: " . mysql_error());
}
}
else if(!isset($_GET["show"]) || !is_numeric($_GET["show"])) {
$result = mysql_query("SELECT id, name, description, price FROM goods") or die("Query failed 1: " . mysql_error());
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
printf ("%s
%s
Price: %s", $row["id"], $row["name"], $row["description"], $row["price"]); }
} else {
$id = $_GET["show"];
$result = mysql_query("SELECT name, description, price FROM goods WHERE id = " . $id) or die("Query failed 2: " . mysql_error());
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
printf ("%s
%s
Price: %s
Buy with BitCoin", $row["name"], $row["description"], $row["price"], $id); }
}
mysql_free_result($result);
mysql_close($link);
?> The system is supposed to be anonymous (so it uses SessionIDs) and probably even secure (since all data sent by user are numeric (ID of an item or SessionID), they are filtered).
It uses two MySQL tables: "goods" and "addresses". The first one contains 5 fields, "id" (int), "name" (varchar), "description" (mediumtext), "price" (double) and "password" (mediumtext, this field contains the information user gets when he pays for an item fully). "addresses" contains of "id" (the ID of an item), "address" (bitcoin address used to receive money for that item) and "sessionid" (SessionID of a user who decides to buy an item).
I know, this code is bad, but 1) it works (it was tested
), 2) I just don't know where should I use it
Maybe this will serve as some kind of a tutorial to some bitcoiners wishing to use JSON-RPC and PHP, or anything else, I don't know.