Author

Topic: Any PHP programmer who can help integrate Bitcoins Payment with a script? (Read 1622 times)

legendary
Activity: 1662
Merit: 1050
Thanks you Evil Knievel i view for buy SSL
Thanks all for help Smiley

Actually this will not bring you any effort in this case.
The connection to blockchain.info is SSL encrypted anyways - you are calling a https:// url.
However, URL parameters never get encrypted :-)

Lately cloudflare is offering SSL even on free plan. Does it mean, for sites hosted on cloudflare, this URL parameter exposure problem is non-existent ?
legendary
Activity: 4228
Merit: 1313
Just a cursory look, without testing, but it looks like it is wide open to SQL injection in many spots for one thing.

Fullphp code is given in blockchain only

Code:

$real_secret = 'ZzsMLGKe162CfA5EcG6j'
$invoice_id = $_GET['invoice_id']; //invoice_id is past back to the callback URL
$transaction_hash = $_GET['transaction_hash'];
$input_transaction_hash = $_GET['input_transaction_hash'];
$input_address = $_GET['input_address'];
$value_in_satoshi = $_GET['value'];
$value_in_btc = $value_in_satoshi / 100000000;

//Commented out to test, uncomment when live
if ($_GET['test'] == true) {
    return;
}

try {
  //create or open the database
  $database = new SQLiteDatabase('db.sqlite', 0666, $error);
} catch(Exception $e) {
  die($error);
}

//Add the invoice to the database
$query = "insert INTO invoice_payments (invoice_id, transaction_hash, value) values($invoice_id, '$transaction_hash', $value_in_btc)";

if($database->queryExec($query, $error)) {
   echo "*ok*";
}

//Select the amount paid into an invoice with select SUM(value) as value from invoice_payments where invoice_id = $invoice_id

Lol please tell me where this script is live ;-) Looks like you can steal all BTC from them ;-)

It is great if u please explain the catch. The $real_secret is not checked in this code. How do u overcome that verification ?

legendary
Activity: 1662
Merit: 1050
Fullphp code is given in blockchain only

Code:

$real_secret = 'ZzsMLGKe162CfA5EcG6j'
$invoice_id = $_GET['invoice_id']; //invoice_id is past back to the callback URL
$transaction_hash = $_GET['transaction_hash'];
$input_transaction_hash = $_GET['input_transaction_hash'];
$input_address = $_GET['input_address'];
$value_in_satoshi = $_GET['value'];
$value_in_btc = $value_in_satoshi / 100000000;

//Commented out to test, uncomment when live
if ($_GET['test'] == true) {
    return;
}

try {
  //create or open the database
  $database = new SQLiteDatabase('db.sqlite', 0666, $error);
} catch(Exception $e) {
  die($error);
}

//Add the invoice to the database
$query = "insert INTO invoice_payments (invoice_id, transaction_hash, value) values($invoice_id, '$transaction_hash', $value_in_btc)";

if($database->queryExec($query, $error)) {
   echo "*ok*";
}

//Select the amount paid into an invoice with select SUM(value) as value from invoice_payments where invoice_id = $invoice_id

Lol please tell me where this script is live ;-) Looks like you can steal all BTC from them ;-)

It is great if u please explain the catch. The $real_secret is not checked in this code. How do u overcome that verification ?
legendary
Activity: 2912
Merit: 1060
Thanks you Evil Knievel i view for buy SSL
Thanks all for help Smiley

Actually this will not bring you any effort in this case.
The connection to blockchain.info is SSL encrypted anyways - you are calling a https:// url.
However, URL parameters never get encrypted :-)

Are you sure? I could never figure it out. I'm pretty sure they are encrypted. Check wireshark.
legendary
Activity: 1260
Merit: 1168
This message was too old and has been purged
newbie
Activity: 7
Merit: 0
Thanks you Evil Knievel i view for buy SSL
Thanks all for help Smiley
legendary
Activity: 1260
Merit: 1168
This message was too old and has been purged
newbie
Activity: 7
Merit: 0
Hello guy thanks for this script but i use https://blockchain.info/fr/q/getreceivedbyaddress/


Code:
$cc = file_get_contents('https://blockchain.info/q/getreceivedbyaddress/' . $addr);

$cc = $cc / 100000000;



And for send payment i use


Code:
$guid = "XXX-XXX-XXX";
$main_password = "XXX";
$address = $addrto;
$amount = ($soldto * 100000000); // Btc to satoshi
$shared = "true"; // true or false ?

$send = "https://blockchain.info/fr/merchant/$guid/payment?password=$main_password&to=$address&amount=$amount&shared=$shared";
$send = file_get_contents($send);


For generat unique address

Code:
$my_bitcoin_address = "my_address";

$my_callback_url = $link."/".$id."/";

$root_url = $blockchain_root.'api/receive';
$parameters = 'method=create&address=' . $my_bitcoin_address .'&callback='. urlencode($my_callback_url);

$response = file_get_contents($root_url . '?' . $parameters);
$object = json_decode($response);

$uniqaddr = $object->input_address

Its corectly ? Thanks you its for my shop online and im newbie in php Smiley
legendary
Activity: 2912
Merit: 1060
full member
Activity: 154
Merit: 100
Fullphp code is given in blockchain only

Code:

$real_secret = 'ZzsMLGKe162CfA5EcG6j'
$invoice_id = $_GET['invoice_id']; //invoice_id is past back to the callback URL
$transaction_hash = $_GET['transaction_hash'];
$input_transaction_hash = $_GET['input_transaction_hash'];
$input_address = $_GET['input_address'];
$value_in_satoshi = $_GET['value'];
$value_in_btc = $value_in_satoshi / 100000000;

//Commented out to test, uncomment when live
if ($_GET['test'] == true) {
    return;
}

try {
  //create or open the database
  $database = new SQLiteDatabase('db.sqlite', 0666, $error);
} catch(Exception $e) {
  die($error);
}

//Add the invoice to the database
$query = "insert INTO invoice_payments (invoice_id, transaction_hash, value) values($invoice_id, '$transaction_hash', $value_in_btc)";

if($database->queryExec($query, $error)) {
   echo "*ok*";
}

//Select the amount paid into an invoice with select SUM(value) as value from invoice_payments where invoice_id = $invoice_id

Lol please tell me where this script is live ;-) Looks like you can steal all BTC from them ;-)


Its just an example code you should have brains to work on the security level of your website
legendary
Activity: 1260
Merit: 1168
This message was too old and has been purged
legendary
Activity: 3682
Merit: 1580
Fullphp code is given in blockchain only

Code:

$real_secret = 'ZzsMLGKe162CfA5EcG6j'
$invoice_id = $_GET['invoice_id']; //invoice_id is past back to the callback URL
$transaction_hash = $_GET['transaction_hash'];
$input_transaction_hash = $_GET['input_transaction_hash'];
$input_address = $_GET['input_address'];
$value_in_satoshi = $_GET['value'];
$value_in_btc = $value_in_satoshi / 100000000;

//Commented out to test, uncomment when live
if ($_GET['test'] == true) {
    return;
}

try {
  //create or open the database
  $database = new SQLiteDatabase('db.sqlite', 0666, $error);
} catch(Exception $e) {
  die($error);
}

//Add the invoice to the database
$query = "insert INTO invoice_payments (invoice_id, transaction_hash, value) values($invoice_id, '$transaction_hash', $value_in_btc)";

if($database->queryExec($query, $error)) {
   echo "*ok*";
}

//Select the amount paid into an invoice with select SUM(value) as value from invoice_payments where invoice_id = $invoice_id

Wow awesome! SQL injection heaven!
full member
Activity: 154
Merit: 100
Fullphp code is given in blockchain only

Code:

$real_secret = 'ZzsMLGKe162CfA5EcG6j'
$invoice_id = $_GET['invoice_id']; //invoice_id is past back to the callback URL
$transaction_hash = $_GET['transaction_hash'];
$input_transaction_hash = $_GET['input_transaction_hash'];
$input_address = $_GET['input_address'];
$value_in_satoshi = $_GET['value'];
$value_in_btc = $value_in_satoshi / 100000000;

//Commented out to test, uncomment when live
if ($_GET['test'] == true) {
    return;
}

try {
  //create or open the database
  $database = new SQLiteDatabase('db.sqlite', 0666, $error);
} catch(Exception $e) {
  die($error);
}

//Add the invoice to the database
$query = "insert INTO invoice_payments (invoice_id, transaction_hash, value) values($invoice_id, '$transaction_hash', $value_in_btc)";

if($database->queryExec($query, $error)) {
   echo "*ok*";
}

//Select the amount paid into an invoice with select SUM(value) as value from invoice_payments where invoice_id = $invoice_id
full member
Activity: 147
Merit: 100
Hello, I need help to integrate bitcoin payment into my site web in php
I have juste this now i use blockchain api https://blockchain.info/fr/api/api_receive


$secret = 'ZzsMLGKe162CfA5EcG6j';
$my_address = '1A8JiWcwvpY7tAopUkSnGuEYHmzGYfZPiq';
$my_callback_url = 'https://mystore.com?invoice_id=058921123&secret='.$secret;
$root_url = 'https://blockchain.info/api/receive';
$parameters = 'method=create&address=' . $my_address .'&callback='. urlencode($my_callback_url);
$response = file_get_contents($root_url . '?' . $parameters);
$object = json_decode($response);

echo 'Send Payment To : ' . $object->input_address;


I create a unique address but after I do not understand help plz

sorry for my little english
3

https://bitcointalksearch.org/topic/step-by-step-integrating-bitcoin-daemon-with-php-412425
newbie
Activity: 7
Merit: 0
Hello, I need help to integrate bitcoin payment into my site web in php
I have juste this now i use blockchain api https://blockchain.info/fr/api/api_receive


Code:
$secret = 'ZzsMLGKe162CfA5EcG6j';
$my_address = '1A8JiWcwvpY7tAopUkSnGuEYHmzGYfZPiq';
$my_callback_url = 'https://mystore.com?invoice_id=058921123&secret='.$secret;
$root_url = 'https://blockchain.info/api/receive';
$parameters = 'method=create&address=' . $my_address .'&callback='. urlencode($my_callback_url);
$response = file_get_contents($root_url . '?' . $parameters);
$object = json_decode($response);

echo 'Send Payment To : ' . $object->input_address;


I create a unique address but after I do not understand help plz

sorry for my little english
Jump to: