PHP WebShell

• .. (вверх)
• [DIR] ..
• [FILE] add_cwallet.php
• [FILE] bitgo_config.php
• [DIR] chat
• [FILE] db_config.php
• [FILE] save_cwallet.php
• [FILE] send_crypto.php
• [FILE] send_crypto_processor.php
• [FILE] send_tsol.php
• [FILE] test.php

Просмотр файла: send_crypto_processor.php

<?php
// === Database Configuration ===
define('DB_HOST', 'localhost');
define('DB_USER', 'bitcardo_wallet');
define('DB_PASS', 'Allowme@2050?');
define('DB_NAME', 'bitcardo_wallet');

// === BitGo API Configuration ===
define('BITGO_ACCESS_TOKEN', 'v2x198765d1835237bc0185b86b4833a8660d4bd02ab75b396f341276a184cf1e9d');
define('BITGO_ENTERPRISE_ID', '6816dcc10aa7119c1ad94c489d0bd9fe');
define('BITGO_API_BASE_URL', 'http://127.0.0.1:3080/api/v2');

// === Load encryption key ===
$key_base64 = getenv("CENTRAL_WALLET_KEY");
$key = base64_decode($key_base64, true);
if (!$key || strlen($key) !== 32) {
    die("? Missing or invalid encryption key.");
}

// === Input ===
$coin = strtolower(trim($_POST['coin']));
$amount = $_POST['amount'];
$recipient = $_POST['recipient'];

function getBaseUnits($coin) {
    return [
        'tbtc' => 100000000,
        'teth' => 1000000000000000000,
        'tsol' => 1000000000,
        'usdc' => 1000000
    ][$coin] ?? 1;
}

$baseUnit = getBaseUnits($coin);
$amountInBase = (int) round(floatval($amount) * $baseUnit);

// === Connect to DB ===
$conn = mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if (!$conn) {
    die('Database connection failed: ' . mysqli_connect_error());
}

// === Get central wallet ===
$stmt = $conn->prepare("SELECT * FROM cwallet WHERE coin = ? LIMIT 1");
$stmt->bind_param("s", $coin);
$stmt->execute();
$result = $stmt->get_result();

if ($row = $result->fetch_assoc()) {
    $encrypted_phrase = base64_decode($row['encrypted_phrase']);
    $iv = base64_decode($row['dynamic_iv']);

    if (strlen($iv) !== 16) {
        die("? Invalid IV length.");
    }

    $passphrase = openssl_decrypt($encrypted_phrase, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv);
    if (!$passphrase) {
        die("? Failed to decrypt passphrase.");
    }

    $wallet_id = $row['wallet_add_id'];
    $sender_address = $row['wallet_address'];

    // === Send payload ===
    $payload = [
        'address' => $recipient,
        'amount' => $amountInBase,
        'walletPassphrase' => $passphrase
    ];
    if ($coin === 'tsol') {
        $payload['type'] = 'transfer';
    }

    $url = BITGO_API_BASE_URL . "/$coin/wallet/$wallet_id/sendcoins";
    $ch = curl_init($url);
    curl_setopt_array($ch, [
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_POST => true,
        CURLOPT_HTTPHEADER => [
            "Content-Type: application/json",
            "Authorization: Bearer " . BITGO_ACCESS_TOKEN
        ],
        CURLOPT_POSTFIELDS => json_encode($payload)
    ]);

    $response = curl_exec($ch);
    $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    curl_close($ch);

    if (curl_errno($ch)) {
        echo "? cURL error: " . curl_error($ch);
    } elseif ($httpCode !== 200) {
        echo "? BitGo error ($httpCode):<br><pre>$response</pre>";
    } else {
        $data = json_decode($response, true);
        $txid = $data['txid'] ?? null;

        // === Record transaction ===
        $insert = $conn->prepare("
            INSERT INTO transactions 
            (coin, sender_address, receiver_address, amount, type, txid, confirmation, status, applied, created_at) 
            VALUES (?, ?, ?, ?, 'send', ?, 0, 'pending', 0, NOW())
        ");
        $insert->bind_param("sssds", $coin, $sender_address, $recipient, $amount, $txid);
        $insert->execute();

        echo "? Transaction sent and recorded!<br><pre>$response</pre>";
    }

} else {
    echo "? No central wallet found for coin: $coin";
}
?>

Выполнить команду