This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1; |
||
3 | |||
4 | /** |
||
5 | * Bitcoin classes |
||
6 | * |
||
7 | * By Mike Gogulski - All rights reversed http://www.unlicense.org/ (public domain) |
||
8 | * |
||
9 | * If you find this library useful, your donation of Bitcoins to address |
||
10 | * 1E3d6EWLgwisXY2CWXDcdQQP2ivRN7e9r9 would be greatly appreciated. Thanks! |
||
11 | * |
||
12 | * PHPDoc is available at http://code.gogulski.com/ |
||
13 | * |
||
14 | * @author Mike Gogulski - http://www.nostate.com/ http://www.gogulski.com/ |
||
15 | * @author theymos - theymos @ http://bitcoin.org/smf |
||
16 | */ |
||
17 | |||
18 | define("BITCOIN_ADDRESS_VERSION", "00");// this is a hex byte |
||
19 | /** |
||
20 | * Bitcoin utility functions class |
||
21 | * |
||
22 | * @author theymos (functionality) |
||
23 | * @author Mike Gogulski |
||
24 | * http://www.gogulski.com/ http://www.nostate.com/ |
||
25 | * (encapsulation, string abstraction, PHPDoc) |
||
26 | */ |
||
27 | class Bitcoin { |
||
28 | |||
29 | /* |
||
30 | * Bitcoin utility functions by theymos |
||
31 | * Via http://www.bitcoin.org/smf/index.php?topic=1844.0 |
||
32 | * hex input must be in uppercase, with no leading 0x |
||
33 | */ |
||
34 | private static $hexchars = "0123456789ABCDEF"; |
||
35 | private static $base58chars = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"; |
||
36 | |||
37 | /** |
||
38 | * Convert a hex string into a (big) integer |
||
39 | * |
||
40 | * @param string $hex |
||
41 | * @return int |
||
42 | * @access private |
||
43 | */ |
||
44 | private function decodeHex($hex) { |
||
45 | $hex = strtoupper($hex); |
||
46 | $return = "0"; |
||
47 | View Code Duplication | for ($i = 0; $i < strlen($hex); $i++) { |
|
48 | $current = (string) strpos(self::$hexchars, $hex[$i]); |
||
49 | $return = (string) bcmul($return, "16", 0); |
||
50 | $return = (string) bcadd($return, $current, 0); |
||
51 | } |
||
52 | return $return; |
||
53 | } |
||
54 | |||
55 | /** |
||
56 | * Convert an integer into a hex string |
||
57 | * |
||
58 | * @param int $dec |
||
59 | * @return string |
||
60 | * @access private |
||
61 | */ |
||
62 | private function encodeHex($dec) { |
||
63 | $return = ""; |
||
64 | View Code Duplication | while (bccomp($dec, 0) == 1) { |
|
0 ignored issues
–
show
|
|||
65 | $dv = (string) bcdiv($dec, "16", 0); |
||
66 | $rem = (integer) bcmod($dec, "16"); |
||
67 | $dec = $dv; |
||
68 | $return = $return . self::$hexchars[$rem]; |
||
69 | } |
||
70 | return strrev($return); |
||
71 | } |
||
72 | |||
73 | /** |
||
74 | * Convert a Base58-encoded integer into the equivalent hex string representation |
||
75 | * |
||
76 | * @param string $base58 |
||
77 | * @return string |
||
78 | * @access private |
||
79 | */ |
||
80 | private function decodeBase58($base58) { |
||
81 | $origbase58 = $base58; |
||
82 | |||
83 | $return = "0"; |
||
84 | View Code Duplication | for ($i = 0; $i < strlen($base58); $i++) { |
|
85 | $current = (string) strpos(Bitcoin::$base58chars, $base58[$i]); |
||
86 | $return = (string) bcmul($return, "58", 0); |
||
87 | $return = (string) bcadd($return, $current, 0); |
||
88 | } |
||
89 | |||
90 | $return = self::encodeHex($return); |
||
91 | |||
92 | //leading zeros |
||
93 | View Code Duplication | for ($i = 0; $i < strlen($origbase58) && $origbase58[$i] == "1"; $i++) { |
|
94 | $return = "00" . $return; |
||
95 | } |
||
96 | |||
97 | if (strlen($return) % 2 != 0) { |
||
98 | $return = "0" . $return; |
||
99 | } |
||
100 | |||
101 | return $return; |
||
102 | } |
||
103 | |||
104 | /** |
||
105 | * Convert a hex string representation of an integer into the equivalent Base58 representation |
||
106 | * |
||
107 | * @param string $hex |
||
108 | * @return string |
||
109 | * @access private |
||
110 | */ |
||
111 | private function encodeBase58($hex) { |
||
112 | if (strlen($hex) % 2 != 0) { |
||
113 | die("encodeBase58: uneven number of hex characters"); |
||
114 | } |
||
115 | $orighex = $hex; |
||
116 | |||
117 | $hex = self::decodeHex($hex); |
||
118 | $return = ""; |
||
119 | View Code Duplication | while (bccomp($hex, 0) == 1) { |
|
0 ignored issues
–
show
This code seems to be duplicated across your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository.
Loading history...
|
|||
120 | $dv = (string) bcdiv($hex, "58", 0); |
||
121 | $rem = (integer) bcmod($hex, "58"); |
||
122 | $hex = $dv; |
||
123 | $return = $return . self::$base58chars[$rem]; |
||
124 | } |
||
125 | $return = strrev($return); |
||
126 | |||
127 | //leading zeros |
||
128 | View Code Duplication | for ($i = 0; $i < strlen($orighex) && substr($orighex, $i, 2) == "00"; $i += 2) { |
|
129 | $return = "1" . $return; |
||
130 | } |
||
131 | |||
132 | return $return; |
||
133 | } |
||
134 | |||
135 | /** |
||
136 | * Convert a 160-bit Bitcoin hash to a Bitcoin address |
||
137 | * |
||
138 | * @author theymos |
||
139 | * @param string $hash160 |
||
140 | * @param string $addressversion |
||
141 | * @return string Bitcoin address |
||
142 | * @access public |
||
143 | */ |
||
144 | public static function hash160ToAddress($hash160, $addressversion = BITCOIN_ADDRESS_VERSION) { |
||
145 | $hash160 = $addressversion . $hash160; |
||
146 | $check = pack("H*", $hash160); |
||
147 | $check = hash("sha256", hash("sha256", $check, true)); |
||
148 | $check = substr($check, 0, 8); |
||
149 | $hash160 = strtoupper($hash160 . $check); |
||
150 | return self::encodeBase58($hash160); |
||
151 | } |
||
152 | |||
153 | /** |
||
154 | * Convert a Bitcoin address to a 160-bit Bitcoin hash |
||
155 | * |
||
156 | * @author theymos |
||
157 | * @param string $addr |
||
158 | * @return string Bitcoin hash |
||
159 | * @access public |
||
160 | */ |
||
161 | public static function addressToHash160($addr) { |
||
162 | $addr = self::decodeBase58($addr); |
||
163 | $addr = substr($addr, 2, strlen($addr) - 10); |
||
164 | return $addr; |
||
165 | } |
||
166 | |||
167 | /** |
||
168 | * Determine if a string is a valid Bitcoin address |
||
169 | * |
||
170 | * @author theymos |
||
171 | * @param string $addr String to test |
||
172 | * @param string $addressversion |
||
173 | * @return boolean |
||
174 | * @access public |
||
175 | */ |
||
176 | public static function checkAddress($addr, $addressversion = BITCOIN_ADDRESS_VERSION) { |
||
177 | $addr = self::decodeBase58($addr); |
||
178 | if (strlen($addr) != 50) { |
||
179 | return false; |
||
180 | } |
||
181 | $version = substr($addr, 0, 2); |
||
182 | if (hexdec($version) > hexdec($addressversion)) { |
||
183 | return false; |
||
184 | } |
||
185 | $check = substr($addr, 0, strlen($addr) - 8); |
||
186 | $check = pack("H*", $check); |
||
187 | $check = strtoupper(hash("sha256", hash("sha256", $check, true))); |
||
188 | $check = substr($check, 0, 8); |
||
189 | return $check == substr($addr, strlen($addr) - 8); |
||
190 | } |
||
191 | |||
192 | /** |
||
193 | * Convert the input to its 160-bit Bitcoin hash |
||
194 | * |
||
195 | * @param string $data |
||
196 | * @return string |
||
197 | * @access private |
||
198 | */ |
||
199 | private function hash160($data) { |
||
200 | $data = pack("H*", $data); |
||
201 | return strtoupper(hash("ripemd160", hash("sha256", $data, true))); |
||
202 | } |
||
203 | |||
204 | /** |
||
205 | * Convert a Bitcoin public key to a 160-bit Bitcoin hash |
||
206 | * |
||
207 | * @param string $pubkey |
||
208 | * @return string |
||
209 | * @access public |
||
210 | */ |
||
211 | public static function pubKeyToAddress($pubkey) { |
||
212 | return self::hash160ToAddress(self::hash160($pubkey)); |
||
213 | } |
||
214 | |||
215 | /** |
||
216 | * Remove leading "0x" from a hex value if present. |
||
217 | * |
||
218 | * @param string $string |
||
219 | * @return string |
||
220 | * @access public |
||
221 | */ |
||
222 | public static function remove0x($string) { |
||
223 | if (substr($string, 0, 2) == "0x" || substr($string, 0, 2) == "0X") { |
||
224 | $string = substr($string, 2); |
||
225 | } |
||
226 | return $string; |
||
227 | } |
||
228 | } |
||
229 | |||
230 | require_once(INCLUDE_DIR . "/lib/jsonRPCClient.php"); |
||
231 | |||
232 | /** |
||
233 | * Bitcoin client class for access to a Bitcoin server via JSON-RPC-HTTP[S] |
||
234 | * |
||
235 | * Implements the methods documented at https://www.bitcoin.org/wiki/doku.php?id=api |
||
236 | * |
||
237 | * @version 0.3.19 |
||
238 | * @author Mike Gogulski |
||
239 | * http://www.gogulski.com/ http://www.nostate.com/ |
||
240 | */ |
||
241 | class BitcoinClient extends jsonRPCClient { |
||
242 | |||
243 | /** |
||
244 | * Create a jsonrpc_client object to talk to the bitcoin server and return it, |
||
245 | * or false on failure. |
||
246 | * |
||
247 | * @param string $scheme |
||
248 | * "http" or "https" |
||
249 | * @param string $username |
||
250 | * User name to use in connection the Bitcoin server's JSON-RPC interface |
||
251 | * @param string $password |
||
252 | * Server password |
||
253 | * @param string $address |
||
254 | * Server hostname or IP address |
||
255 | * @param mixed $port |
||
256 | * Server port (string or integer) |
||
257 | * @param string $certificate_path |
||
258 | * Path on the local filesystem to server's PEM certificate (ignored if $scheme != "https") |
||
259 | * @param integer $debug_level |
||
260 | * 0 (default) = no debugging; |
||
261 | * 1 = echo JSON-RPC messages received to stdout; |
||
262 | * 2 = log transmitted messages also |
||
263 | * @return jsonrpc_client |
||
264 | * @access public |
||
265 | * @throws BitcoinClientException |
||
266 | */ |
||
267 | public function __construct($scheme, $username, $password, $address = "localhost", $certificate_path = '', $debug = false) { |
||
268 | $scheme = strtolower($scheme); |
||
269 | if ($scheme != "http" && $scheme != "https") |
||
270 | throw new Exception("Scheme must be http or https"); |
||
271 | if (empty($username)) |
||
272 | throw new Exception("Username must be non-blank"); |
||
273 | if (empty($password)) |
||
274 | throw new Exception("Password must be non-blank"); |
||
275 | if (!empty($certificate_path) && !is_readable($certificate_path)) |
||
276 | throw new Exception("Certificate file " . $certificate_path . " is not readable"); |
||
277 | $uri = $scheme . "://" . $username . ":" . $password . "@" . $address . "/"; |
||
278 | parent::__construct($uri, $debug); |
||
279 | } |
||
280 | |||
281 | /** |
||
282 | * Test if the connection to the Bitcoin JSON-RPC server is working |
||
283 | * |
||
284 | * The check is done by calling the server's getinfo() method and checking |
||
285 | * for a fault. |
||
286 | * |
||
287 | * To turn code compatible with BTC >= 0.16, getmininginfo() method used instead of getinfo() |
||
288 | * |
||
289 | * @return mixed boolean TRUE if successful, or a fault string otherwise |
||
290 | * @access public |
||
291 | * @throws none |
||
292 | */ |
||
293 | public function can_connect() { |
||
294 | try { |
||
295 | $r = $this->getmininginfo(); |
||
0 ignored issues
–
show
$r is not used, you could remove the assignment.
This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value';
$higher = false;
if (rand(1, 6) > 3) {
$higher = true;
} else {
$higher = false;
}
Both the
Loading history...
|
|||
296 | } catch (Exception $e) { |
||
297 | return $e->getMessage(); |
||
298 | } |
||
299 | return true; |
||
300 | } |
||
301 | |||
302 | public function validateaddress($coin_address) { |
||
303 | try { |
||
304 | $aStatus = parent::validateaddress($coin_address); |
||
305 | if (!$aStatus['isvalid']) { |
||
306 | return false; |
||
307 | } |
||
308 | } catch (Exception $e) { |
||
309 | return false; |
||
310 | } |
||
311 | return true; |
||
312 | } |
||
313 | |||
314 | public function is_testnet() { |
||
315 | try { |
||
316 | $r = parent::getinfo(); |
||
0 ignored issues
–
show
It seems like you call parent on a different method (
getinfo() instead of is_testnet() ). Are you sure this is correct? If so, you might want to change this to $this->getinfo() .
This check looks for a call to a parent method whose name is different than the method from which it is called. Consider the following code: class Daddy
{
protected function getFirstName()
{
return "Eidur";
}
protected function getSurName()
{
return "Gudjohnsen";
}
}
class Son
{
public function getFirstName()
{
return parent::getSurname();
}
}
The
Loading history...
|
|||
317 | if ($r['testnet']) { |
||
318 | return true; |
||
319 | } |
||
320 | } catch (Exception $e) { |
||
321 | return false; |
||
322 | } |
||
323 | return false; |
||
324 | } |
||
325 | } |
||
326 |
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.