forked from catataw/phpFXmt4
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy paths.php
More file actions
129 lines (108 loc) · 3.95 KB
/
s.php
File metadata and controls
129 lines (108 loc) · 3.95 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
<?php
ini_set('display_errors', 0);
error_reporting(0);
// localhost only
if($_SERVER['HTTP_HOST'] != "localhost"){echo ""; die();}
//========================================================================
// functions
//========================================================================
function redirectSSL()
{
if($_SERVER["HTTPS"] != "on") {
header("HTTP/1.1 301 Moved Permanently");
header("Location: https://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"]);
exit();
}
}
function Connect(){
$h = 'localhost';
$u = 'root';
$j = 'toor';
$db = 'db';
$link = mysql_connect($h,$u,$j) or die('DB_ERROR');
mysql_select_db($db, $link) or die('DB_ERROR');
}
function close(){
mysql_close();
}
function userExist($user = "", $pass = "")
{
if($user != "" && $pass != ""){
$pass = md5($pass);
$user = htmlentities($user, ENT_QUOTES, "UTF-8");
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);
$result = mysql_query("SELECT * FROM users where alias = '$user' AND pass = '$pass'");
$num_rows = mysql_num_rows($result);
return $num_rows;
}else{
return 0;
}
}
function logRequest(){
$request = " POST:" .serialize($_POST);
$request = $request . " GET:" . serialize($_GET);
$request = $request . " IP:" . serialize($_SERVER['REMOTE_ADDR']);
}
function PositionClosed($posid = "", $accountid = ""){
if($posid != "" && $posid != 0 && $account != "" && $account != 0){
$posid = htmlentities($posid, ENT_QUOTES, "UTF-8");
$posid = mysql_real_escape_string($posid);
$result = mysql_query("SELECT * FROM shortorders where positionid = '$posid' AND accountid = '$account' AND closeprice != '0' AND closetime != '0'");
$num_rows = mysql_num_rows($result);
return $num_rows;
}
}
function PositionAdd(){
// open
$account = $_POST["accountid"];
$posid = $_POST["positionid"];
$pos = $_POST["position"];
//history
$haccount = $_POST["haccountid"];
$hposid = $_POST["hpositionid"];
$hpos = $_POST["hposition"];
$hclosetime = $_POST["hclosetime"];
$hcloseprice = $_POST["hcloseprice"];
$hprofit = $_POST["hcloseprofit"];
$command = $_POST["command"];
$end = $_POST["end"];
$time = microtime();
if(!PositionClosed($posid,$account)){
if($end != "" && $account != "" && $posid != "" && $pos != "" && $command == "[ADD]"){
mysql_query("INSERT INTO shortorders VALUES('$posid','$pos',0,0,0,'$account','$time') ON DUPLICATE KEY UPDATE position = '$pos'");
if(mysql_error()){
echo "[ER]";
die();
};
//$login = $user . "#". $pass;
$res= $account .";". $posid .";". $pos .";". $end;
//file_put_contents('position.txt', $login. "#" .$res);
echo $res;
die();
}else if($end != "" && $haccount != "" && $hposid != "" && $hpos != "" && $hclosetime != "" && $hcloseprice != "" && $hprofit != "" && $command == "[CLOSE]"){
// dodac update closetime price profit etc
mysql_query("INSERT INTO shortorders VALUES('$hposid','$hpos','$hclosetime','$hcloseprice','$hprofit','$haccount','$time') ON DUPLICATE KEY UPDATE position = '$hpos', closetime = '$hclosetime',closeprice = '$hcloseprice', profit = '$hprofit'");
if(mysql_error()){
echo "[ER]";
die();
};
$res1= $haccount .";". $hposid .";". $hpos .";". $hclosetime. ";" . $hcloseprice . ";" . $hprofit . $end;
//file_put_contents('position.txt', $login. "#" .$res);
echo $res1;
}
}else{
echo "[OR_CLOSED]";
}
}
// Main
Connect();
$user = $_POST["user"];
$pass = $_POST["pass"];
if(userExist($user, $pass)){
PositionAdd();
close();
}else{
echo "[ER_LOGIN]";
}
?>