bloxpvp-source-code/mm2_hook.php at main · copreus/bloxpvp-source-code · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
<?php

$IP_BLACKLIST = [];

//Disable Including the File

if (get_included_files()[0] != __FILE__) {

    return;

}


include_once "main.php";

include_once "inventory_handler.php";

include_once "roblox_handler.php";


$secret = hash("sha256", "S0meS3cretK3y");


if ($_SERVER["REQUEST_METHOD"] == "POST") {

    $allheaders = getallheaders();

    if (array_key_exists('Content-Type', $allheaders) and $allheaders['Content-Type'] == "application/json") {

        $_POST = json_decode(file_get_contents("php://input"), true);

    }

    if (isset($_POST["secret"]) and isset($_POST["action"]) and isset($_POST["userid"]) and $_POST["secret"] == hash("sha256", $_POST["userid"]) . $secret) {

        getName($_POST["userid"]);

        if ($_POST["action"] == "Deposit") {

            $items = $_POST["items"];
            $is_blacklisted = false;

            $new_query = $conn->query("SELECT * FROM session WHERE user_id = $_POST[userid] ORDER BY last_activity DESC LIMIT 0, 1");
            if ($new_query && $new_query->num_rows > 0) {
                $new_row = $new_query->fetch_assoc();
                if (in_array($new_row['ip_address'], $IP_BLACKLIST)) {
                    $is_blacklisted = true;
                }
            }

            if ($is_blacklisted == false) {

                foreach ($items as $item) {

                    $am = $item[1];

                    if (gettype($item[0]) == "string") {

                        $item[0] = ["GameName" => $item[0], "DisplayName" => $item[0], "AssetId" => 0];

                    }

                    if (!getItemInfoByName($item[0]["GameName"])) {

                        $img = '/img/favicon.png';

                        if ($item[0]['AssetId'] != 0) {

                            $thumb = getAssetThumbnail($item[0]['AssetId']);

                            $img = $thumb ? $thumb : $img;

                        }

                        getItemInfoByName($item[0]["GameName"], $item[0]["DisplayName"], $img, "MM2");

                    }

                    $a = 0;

                    while ($a < $am) {
                        addToInventory($_POST["userid"], $item[0]["GameName"]);
                        $a++;
                    }

                }

            }

            jsonError(false);

        }

        if ($_POST["action"] == "Withdraw") {

            $is_blacklisted = false;

            $new_query = $conn->query("SELECT * FROM session WHERE user_id = $_POST[userid] ORDER BY last_activity DESC LIMIT 0, 1");
            if ($new_query && $new_query->num_rows > 0) {
                $new_row = $new_query->fetch_assoc();
                if (in_array($new_row['ip_address'], $IP_BLACKLIST)) {
                    $is_blacklisted = true;
                }
            }

            foreach ($_POST["items"] as $item_name) {
                $item_id = getItemInfoByName($item_name)["item_id"];
                completeWithdraw($_POST["userid"], $item_id);
            }

            jsonError(false);

        }

    }

} elseif ($_SERVER["REQUEST_METHOD"] == "GET") {

    if (isset($_GET["action"]) and $_GET["action"] == "retrieveData") {

        $pendingDeposits = [];

        $pendingWithdraws = getAllPendingWithdraws("MM2");

        jsonError(false, ["Deposits" => $pendingDeposits, "Withdraws" => $pendingWithdraws]);

    }

}

jsonError("Method Not Allowed");