PageRenderTime 48ms CodeModel.GetById 16ms RepoModel.GetById 0ms app.codeStats 1ms

/v1.9/queueclerk.php

https://bitbucket.org/rev22/timekoin
PHP | 541 lines | 374 code | 82 blank | 85 comment | 107 complexity | 5799761b30393a713caafbdda9823a7e MD5 | raw file
    

  1. <?PHP
    2. 

  2. include 'configuration.php';
    3. 

  3. include 'function.php';
    4. 

  4. set_time_limit(90);
    5. 

  5. //***********************************************************************************
    6. 

  6. //***********************************************************************************
    7. 

  7. if(QUEUECLERK_DISABLED == TRUE || TIMEKOIN_DISABLED == TRUE)
    8. 

  8. {
    9. 

  9. 	// This has been disabled
    10. 

  10. 	exit;
    11. 

  11. }
    12. 

  12. //***********************************************************************************
    13. 

  13. //***********************************************************************************
    14. 

  14. // Open persistent connection to database
    15. 

  15. mysql_connect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD);
    16. 

  16. mysql_select_db(MYSQL_DATABASE);
    17. 

  17. 

  18. // Check for banned IP address
    19. 

  19. $ip = mysql_result(mysql_query("SELECT * FROM `ip_banlist` WHERE `ip` = '" . $_SERVER['REMOTE_ADDR'] . "' LIMIT 1"),0,0);
    20. 

  20. 

  21. if(empty($ip) == FALSE)
    22. 

  22. {
    23. 

  23. 	// Sorry, your IP address has been banned :(
    24. 

  24. 	exit;
    25. 

  25. }
    26. 

  26. //***********************************************************************************
    27. 

  27. // Answer transaction hash poll
    28. 

  28. if($_GET["action"] == "trans_hash")
    29. 

  29. {
    30. 

  30. 	$transaction_queue_hash = mysql_result(mysql_query("SELECT * FROM `options` WHERE `field_name` = 'transaction_queue_hash' LIMIT 1"),0,"field_data");
    31. 

  31. 

  32. 	echo $transaction_queue_hash;
    33. 

  33. 

  34. 	// Log inbound IP activity
    35. 

  35. 	mysql_query("INSERT INTO `ip_activity` (`timestamp` ,`ip`, `attribute`)VALUES ('" . time() . "', '" . $_SERVER['REMOTE_ADDR'] . "', 'QU')");
    36. 

  36. 	exit;
    37. 

  37. }
    38. 

  38. //***********************************************************************************
    39. 

  39. //***********************************************************************************
    40. 

  40. // Answer transaction queue poll
    41. 

  41. if($_GET["action"] == "queue")
    42. 

  42. {
    43. 

  43. 	$sql = "SELECT * FROM `transaction_queue` ORDER BY RAND() LIMIT 100";
    44. 

  44. 

  45. 	$sql_result = mysql_query($sql);
    46. 

  46. 	$sql_num_results = mysql_num_rows($sql_result);
    47. 

  47. 	$queue_number = 1;
    48. 

  48. 

  49. 	if($sql_num_results > 0)
    50. 

  50. 	{
    51. 

  51. 		for ($i = 0; $i < $sql_num_results; $i++)
    52. 

  52. 		{
    53. 

  53. 			$sql_row = mysql_fetch_array($sql_result);
    54. 

  54. 			echo "---queue$queue_number=" , $sql_row["hash"] , "---end$queue_number";
    55. 

  55. 			$queue_number++;
    56. 

  56. 		}
    57. 

  57. 	}
    58. 

  58. 

  59. 	// Log inbound IP activity
    60. 

  60. 	mysql_query("INSERT INTO `ip_activity` (`timestamp` ,`ip`, `attribute`)VALUES ('" . time() . "', '" . $_SERVER['REMOTE_ADDR'] . "', 'QU')");
    61. 

  61. 	exit;
    62. 

  62. }
    63. 

  63. //***********************************************************************************
    64. 

  64. //***********************************************************************************
    65. 

  65. // Answer public key balance request that match our hash code
    66. 

  66. if($_GET["action"] == "key_balance")
    67. 

  67. {
    68. 

  68. 	$hash_code = substr($_GET["hash"], 0, 256);
    69. 

  69. 	$server_hash_code = mysql_result(mysql_query("SELECT * FROM `options` WHERE `field_name` = 'server_hash_code' LIMIT 1"),0,"field_data");
    70. 

  70. 

  71. 	if($hash_code == $server_hash_code && $server_hash_code != "0")
    72. 

  72. 	{
    73. 

  73. 		// Grab balance for public key and return back
    74. 

  74. 		$public_key = substr($_POST["public_key"], 0, 500);
    75. 

  75. 		$public_key = filter_sql($public_key);
    76. 

  76. 		$public_key = base64_decode($public_key);
    77. 

  77. 

  78. 		echo check_crypt_balance($public_key);
    79. 

  79. 	}
    80. 

  80. 

  81. 	// Log inbound IP activity
    82. 

  82. 	mysql_query("INSERT INTO `ip_activity` (`timestamp` ,`ip`, `attribute`)VALUES ('" . time() . "', '" . $_SERVER['REMOTE_ADDR'] . "', 'QU')");
    83. 

  83. 	exit;
    84. 

  84. }
    85. 

  85. //***********************************************************************************
    86. 

  86. //***********************************************************************************
    87. 

  87. // Answer transaction details that match our hash number
    88. 

  88. if($_GET["action"] == "transaction" && empty($_GET["number"]) == FALSE)
    89. 

  89. {
    90. 

  90. 	$current_hash = filter_sql($_GET["number"]);
    91. 

  91. 

  92. 	$sql = "SELECT * FROM `transaction_queue` WHERE `hash` = '$current_hash' LIMIT 1";
    93. 

  93. 

  94. 	$sql_result = mysql_query($sql);
    95. 

  95. 	$sql_num_results = mysql_num_rows($sql_result);
    96. 

  96. 

  97. 	if($sql_num_results > 0)
    98. 

  98. 	{
    99. 

  99. 		$sql_row = mysql_fetch_array($sql_result);
    100. 

  100. 

  101. 		$qhash = $sql_row["timestamp"] . base64_encode($sql_row["public_key"]) . $sql_row["crypt_data1"] . $sql_row["crypt_data2"] . $sql_row["crypt_data3"] . $sql_row["hash"] . $sql_row["attribute"];
    102. 

  102. 		$qhash = hash('md5', $qhash);
    103. 

  103. 

  104. 		echo "-----timestamp=" , $sql_row["timestamp"] , "-----public_key=" , base64_encode($sql_row["public_key"]) , "-----crypt1=" , $sql_row["crypt_data1"];
    105. 

  105. 		echo "-----crypt2=" , $sql_row["crypt_data2"] , "-----crypt3=" , $sql_row["crypt_data3"] , "-----hash=" , $sql_row["hash"];
    106. 

  106. 		echo "-----attribute=" , $sql_row["attribute"] , "-----end---qhash=$qhash---endqhash";
    107. 

  107. 	}
    108. 

  108. 

  109. 	// Log inbound IP activity
    110. 

  110. 	mysql_query("INSERT INTO `ip_activity` (`timestamp` ,`ip`, `attribute`)VALUES ('" . time() . "', '" . $_SERVER['REMOTE_ADDR'] . "', 'QU')");
    111. 

  111. 	exit;
    112. 

  112. }
    113. 

  113. //***********************************************************************************
    114. 

  114. //***********************************************************************************
    115. 

  115. // Accept a transaction from a firewalled peer (behind a firewall with no inbound communication port open)
    116. 

  116. if($_GET["action"] == "input_transaction")
    117. 

  117. {
    118. 

  118. 	$next_generation_cycle = transaction_cycle(1);
    119. 

  119. 	$current_generation_cycle = transaction_cycle(0);
    120. 

  120. 

  121. 	// Can we work on the transactions in the database?
    122. 

  122. 	// Not allowed 120 seconds before and 30 seconds after generation cycle.
    123. 

  123. 	if(($next_generation_cycle - time()) > 120 && (time() - $current_generation_cycle) > 30)
    124. 

  124. 	{
    125. 

  125. 		$transaction_timestamp = intval($_POST["timestamp"]);
    126. 

  126. 		$transaction_public_key = filter_sql($_POST["public_key"]);
    127. 

  127. 		$transaction_crypt1 = filter_sql($_POST["crypt_data1"]);
    128. 

  128. 		$transaction_crypt2 = filter_sql($_POST["crypt_data2"]);
    129. 

  129. 		$transaction_crypt3 = filter_sql($_POST["crypt_data3"]);
    130. 

  130. 		$transaction_hash = filter_sql($_POST["hash"]);
    131. 

  131. 		$transaction_attribute = filter_sql($_POST["attribute"]);
    132. 

  132. 		$transaction_qhash = filter_sql($_POST["qhash"]);		
    133. 

  133. 

  134. 		// If a qhash is included, use this to verify the data
    135. 

  135. 		if(empty($transaction_qhash) == FALSE)
    136. 

  136. 		{
    137. 

  137. 			$qhash = $transaction_timestamp . $transaction_public_key . $transaction_crypt1 . $transaction_crypt2 . $transaction_crypt3 . $transaction_hash . $transaction_attribute;
    138. 

  138. 			$qhash = hash('md5', $qhash);
    139. 

  139. 

  140. 			// Compare hashes to make sure data is intact
    141. 

  141. 			if($transaction_qhash != $qhash)
    142. 

  142. 			{
    143. 

  143. 				write_log("Queue Hash Data MisMatch from IP: " . $_SERVER['REMOTE_ADDR'] . " for Public Key: " . base64_encode($transaction_public_key), "QC");
    144. 

  144. 				$hash_match = "mismatch";
    145. 

  145. 			}
    146. 

  146. 			else
    147. 

  147. 			{
    148. 

  148. 				$hash_match = mysql_result(mysql_query("SELECT * FROM `transaction_queue` WHERE `hash` = '$transaction_hash' LIMIT 1"),0,0);
    149. 

  149. 			}
    150. 

  150. 		}
    151. 

  151. 		else
    152. 

  152. 		{
    153. 

  153. 			// A qhash is required to verify the transaction now
    154. 

  154. 			write_log("Queue Hash Data MisMatch from IP: " . $_SERVER['REMOTE_ADDR'] . " for Public Key: " . base64_encode($transaction_public_key), "QC");
    155. 

  155. 			$hash_match = "mismatch";
    156. 

  156. 		}
    157. 

  157. 

  158. 		$transaction_public_key = base64_decode($transaction_public_key);
    159. 

  159. 

  160. 		if(empty($hash_match) == TRUE)
    161. 

  161. 		{
    162. 

  162. 			// No duplicate found, continue processing
    163. 

  163. 			if($transaction_attribute == "R")
    164. 

  164. 			{
    165. 

  165. 				// Check to make sure this public key isn't forged or made up to win the list
    166. 

  166. 				openssl_public_decrypt(base64_decode($transaction_crypt1), $inside_transaction_hash, $transaction_public_key);
    167. 

  167. 				$final_hash_compare = $transaction_crypt2;
    168. 

  168. 				$crypt_hash_check = $transaction_hash;
    169. 

  169. 			}
    170. 

  170. 			else
    171. 

  171. 			{
    172. 

  172. 				// Check to make sure attribute is valid
    173. 

  173. 				if($transaction_attribute == "G" || $transaction_attribute == "T")
    174. 

  174. 				{
    175. 

  175. 					// Decrypt transaction information for regular transaction data
    176. 

  176. 					// and check to make sure the public key that is being sent to
    177. 

  177. 					// has not been tampered with.
    178. 

  178. 					openssl_public_decrypt(base64_decode($transaction_crypt3), $transaction_info, $transaction_public_key);
    179. 

  179. 

  180. 					$inside_transaction_hash = find_string("HASH=", "", $transaction_info, TRUE);
    181. 

  181. 

  182. 					// Check if a message is encoded in this data as well
    183. 

  183. 					if(strlen($inside_transaction_hash) != 64)
    184. 

  184. 					{
    185. 

  185. 						// A message is also encoded
    186. 

  186. 						$inside_transaction_hash = find_string("HASH=", "---MSG", $transaction_info);
    187. 

  187. 					}
    188. 

  188. 

  189. 					// Check Hash against 3 crypt fields
    190. 

  190. 					$crypt_hash_check = hash('sha256', $transaction_crypt1 . $transaction_crypt2 . $transaction_crypt3);					
    191. 

  191. 				}
    192. 

  192. 

  193. 				$final_hash_compare = hash('sha256', $transaction_crypt1 . $transaction_crypt2);				
    194. 

  194. 			}
    195. 

  195. 

  196. 			// Check to make sure this transaction is even valid
    197. 

  197. 			if($transaction_hash == $crypt_hash_check 
    198. 

  198. 				&& $inside_transaction_hash == $final_hash_compare 
    199. 

  199. 				&& strlen($transaction_public_key) > 300 
    200. 

  200. 				&& $transaction_timestamp >= $current_generation_cycle 
    201. 

  201. 				&& $transaction_timestamp < $next_generation_cycle)
    202. 

  202. 			{
    203. 

  203. 				// Check for 100 public key limit in the transaction queue
    204. 

  204. 				$sql = "SELECT * FROM `transaction_queue` WHERE `public_key` = '$transaction_public_key'";
    205. 

  205. 				$sql_result = mysql_query($sql);
    206. 

  206. 				$sql_num_results = mysql_num_rows($sql_result);
    207. 

  207. 

  208. 				if($sql_num_results < 100)
    209. 

  209. 				{						
    210. 

  210. 					// Transaction hash and real hash match
    211. 

  211. 					$sql = "INSERT INTO `transaction_queue` (`timestamp`,`public_key`,`crypt_data1`,`crypt_data2`,`crypt_data3`, `hash`, `attribute`)
    212. 

  212. 					VALUES ('$transaction_timestamp', '$transaction_public_key', '$transaction_crypt1', '$transaction_crypt2' , '$transaction_crypt3', '$transaction_hash' , '$transaction_attribute')";
    213. 

  213. 					
    214. 

  214. 					if(mysql_query($sql) == TRUE)
    215. 

  215. 					{
    216. 

  216. 						// Give confirmation of transaction insert accept
    217. 

  217. 						echo "OK";
    218. 

  218. 						write_log("Accepted Inbound Transaction from IP: " . $_SERVER['REMOTE_ADDR'], "QC");
    219. 

  219. 					}
    220. 

  220. 				}
    221. 

  221. 				else
    222. 

  222. 				{
    223. 

  223. 					write_log("More Than 100 Transactions Trying to Queue from IP: " . $_SERVER['REMOTE_ADDR'] . " for Public Key: " . base64_encode($transaction_public_key), "QC");
    224. 

  224. 				}
    225. 

  225. 			}
    226. 

  226. 			else
    227. 

  227. 			{
    228. 

  228. 				write_log("Invalid Transactin Queue Data Discarded from IP: " . $_SERVER['REMOTE_ADDR'] . " for Public Key: " . base64_encode($transaction_public_key), "QC");
    229. 

  229. 			}
    230. 

  230. 

  231. 		} // End Duplicate & Timestamp check
    232. 

  232. 

  233. 	} // End time allowed check
    234. 

  234. 

  235. 	// Log inbound IP activity
    236. 

  236. 	mysql_query("INSERT INTO `ip_activity` (`timestamp` ,`ip`, `attribute`)VALUES ('" . time() . "', '" . $_SERVER['REMOTE_ADDR'] . "', 'QU')");
    237. 

  237. 	exit;
    238. 

  238. }
    239. 

  239. //***********************************************************************************
    240. 

  240. //***********************************************************************************
    241. 

  241. $loop_active = mysql_result(mysql_query("SELECT * FROM `main_loop_status` WHERE `field_name` = 'queueclerk_heartbeat_active' LIMIT 1"),0,"field_data");
    242. 

  242. 

  243. // Check if loop is already running
    244. 

  244. if($loop_active == 0)
    245. 

  245. {
    246. 

  246. 	// Set the working status of 1
    247. 

  247. 	$sql = "UPDATE `main_loop_status` SET `field_data` = '1' WHERE `main_loop_status`.`field_name` = 'queueclerk_heartbeat_active' LIMIT 1";
    248. 

  248. 	mysql_query($sql);
    249. 

  249. }
    250. 

  250. else if($loop_active == 1)
    251. 

  251. {
    252. 

  252. 	// Allow another instance to start
    253. 

  253. 	// Set the working status of 2
    254. 

  254. 	$sql = "UPDATE `main_loop_status` SET `field_data` = '2' WHERE `main_loop_status`.`field_name` = 'queueclerk_heartbeat_active' LIMIT 1";
    255. 

  255. 	mysql_query($sql);
    256. 

  256. }
    257. 

  257. else
    258. 

  258. {
    259. 

  259. 	// Loop called while still working
    260. 

  260. 	exit;
    261. 

  261. }
    262. 

  262. //***********************************************************************************
    263. 

  263. //***********************************************************************************
    264. 

  264. $next_generation_cycle = transaction_cycle(1);
    265. 

  265. $current_generation_cycle = transaction_cycle(0);
    266. 

  266. 

  267. // Can we work on the transactions in the database?
    268. 

  268. // Not allowed 30 seconds before and 30 seconds after generation cycle.
    269. 

  269. if(($next_generation_cycle - time()) > 30 && (time() - $current_generation_cycle) > 30)
    270. 

  270. {
    271. 

  271. 	// Create a hash of my own transaction queue
    272. 

  272. 	$sql = "SELECT * FROM `transaction_queue` ORDER BY `hash`";
    273. 

  273. 

  274. 	$sql_result = mysql_query($sql);
    275. 

  275. 	$sql_num_results = mysql_num_rows($sql_result);
    276. 

  276. 

  277. 	$transaction_queue_hash = 0;
    278. 

  278. 

  279. 	if($sql_num_results > 0)
    280. 

  280. 	{
    281. 

  281. 		for ($i = 0; $i < $sql_num_results; $i++)
    282. 

  282. 		{
    283. 

  283. 			$sql_row = mysql_fetch_array($sql_result);
    284. 

  284. 			$transaction_queue_hash .= $sql_row["public_key"] . $sql_row["crypt_data1"] . 
    285. 

  285. 				$sql_row["crypt_data2"] . $sql_row["crypt_data3"] . $sql_row["hash"] . $sql_row["attribute"];
    286. 

  286. 		}
    287. 

  287. 		$transaction_queue_hash = hash('md5', $transaction_queue_hash);
    288. 

  288. 	}
    289. 

  289. 

  290. 	// Store in database for quick reference from database
    291. 

  291. 	$sql = "UPDATE `options` SET `field_data` = '$transaction_queue_hash' WHERE `options`.`field_name` = 'transaction_queue_hash' LIMIT 1";
    292. 

  292. 	mysql_query($sql);
    293. 

  293. 

  294. 	// How does my transaction queue compare to others?
    295. 

  295. 	// Ask all of my active peers
    296. 

  296. 	ini_set('user_agent', 'Timekoin Server (Queueclerk) v' . TIMEKOIN_VERSION);
    297. 

  297. 	ini_set('default_socket_timeout', 3); // Timeout for request in seconds
    298. 

  298. 	$context = stream_context_create(array('http' => array('header'=>'Connection: close'))); // Force close socket after complete
    299. 

  299. 

  300. 	$sql = "SELECT * FROM `active_peer_list` ORDER BY RAND()";
    301. 

  301. 

  302. 	$sql_result = mysql_query($sql);
    303. 

  303. 	$sql_num_results = mysql_num_rows($sql_result);
    304. 

  304. 

  305. 	$transaction_queue_hash_match = 0;
    306. 

  306. 	$transaction_queue_hash_different = 0;
    307. 

  307. 	$site_address;
    308. 

  308. 

  309. 	if($sql_num_results > 0)
    310. 

  310. 	{
    311. 

  311. 		$hash_different = array();
    312. 

  312. 		
    313. 

  313. 		for ($i = 0; $i < $sql_num_results; $i++)
    314. 

  314. 		{
    315. 

  315. 			$sql_row = mysql_fetch_array($sql_result);
    316. 

  316. 

  317. 			$ip_address = $sql_row["IP_Address"];
    318. 

  318. 			$domain = $sql_row["domain"];
    319. 

  319. 			$subfolder = $sql_row["subfolder"];
    320. 

  320. 			$port_number = $sql_row["port_number"];
    321. 

  321. 

  322. 			if(empty($domain) == TRUE)
    323. 

  323. 			{
    324. 

  324. 				$site_address = $ip_address;
    325. 

  325. 			}
    326. 

  326. 			else
    327. 

  327. 			{
    328. 

  328. 				$site_address = $domain;
    329. 

  329. 			}
    330. 

  330. 

  331. 			if($port_number == 443)
    332. 

  332. 			{
    333. 

  333. 				$ssl = "s";
    334. 

  334. 			}
    335. 

  335. 			else
    336. 

  336. 			{
    337. 

  337. 				$ssl = NULL;
    338. 

  338. 			}
    339. 

  339. 

  340. 			$poll_peer = filter_sql(file_get_contents("http$ssl://$site_address:$port_number/$subfolder/queueclerk.php?action=trans_hash", FALSE, $context, NULL, 40));
    341. 

  341. 

  342. 			if($transaction_queue_hash === $poll_peer)
    343. 

  343. 			{
    344. 

  344. 				$transaction_queue_hash_match++;
    345. 

  345. 			}
    346. 

  346. 			else
    347. 

  347. 			{
    348. 

  348. 				if(empty($poll_peer) == FALSE)
    349. 

  349. 				{
    350. 

  350. 					$transaction_queue_hash_different++;
    351. 

  351. 

  352. 					$hash_different["ip_address$transaction_queue_hash_different"] = $ip_address;
    353. 

  353. 					$hash_different["domain$transaction_queue_hash_different"] = $domain;
    354. 

  354. 					$hash_different["subfolder$transaction_queue_hash_different"] = $subfolder;
    355. 

  355. 					$hash_different["port_number$transaction_queue_hash_different"] = $port_number;				
    356. 

  356. 				}
    357. 

  357. 			}
    358. 

  358. 

  359. 		} // End for Loop
    360. 

  360. 

  361. 	} // End number of results check
    362. 

  362. 

  363. 	// Compare tallies
    364. 

  364. 	if($transaction_queue_hash_different > 0)
    365. 

  365. 	{
    366. 

  366. 		// Transaction Queue still not in sync with all peers
    367. 

  367. 		$hash_array = array();
    368. 

  368. 

  369. 		for ($i = 1; $i < $transaction_queue_hash_different + 1; $i++)
    370. 

  370. 		{
    371. 

  371. 			$ip_address = $hash_different["ip_address$i"];
    372. 

  372. 			$domain = $hash_different["domain$i"];
    373. 

  373. 			$subfolder = $hash_different["subfolder$i"];
    374. 

  374. 			$port_number = $hash_different["port_number$i"];
    375. 

  375. 

  376. 			if(empty($domain) == TRUE)
    377. 

  377. 			{
    378. 

  378. 				$site_address = $ip_address;
    379. 

  379. 			}
    380. 

  380. 			else
    381. 

  381. 			{
    382. 

  382. 				$site_address = $domain;
    383. 

  383. 			}
    384. 

  384. 

  385. 			if($port_number == 443)
    386. 

  386. 			{
    387. 

  387. 				$ssl = "s";
    388. 

  388. 			}
    389. 

  389. 			else
    390. 

  390. 			{
    391. 

  391. 				$ssl = NULL;
    392. 

  392. 			}
    393. 

  393. 

  394. 			$poll_peer = filter_sql(file_get_contents("http$ssl://$site_address:$port_number/$subfolder/queueclerk.php?action=queue", FALSE, $context, NULL, 8200));
    395. 

  395. 

  396. 			// Bring up first match (if any) to compare agaist our database
    397. 

  397. 			$match_number = 1;
    398. 

  398. 			$current_hash = find_string("---queue$match_number=", "---end$match_number", $poll_peer);
    399. 

  399. 

  400. 			while(empty($current_hash) == FALSE)
    401. 

  401. 			{
    402. 

  402. 				//Check if this transaction is already in our queue
    403. 

  403. 				$hash_match = mysql_result(mysql_query("SELECT * FROM `transaction_queue` WHERE `hash` = '$current_hash' LIMIT 1"),0,0);
    404. 

  404. 

  405. 				if(empty($hash_match) == TRUE)
    406. 

  406. 				{
    407. 

  407. 					// This peer has a different transaction, ask for the full details of it
    408. 

  408. 					$poll_hash = filter_sql(file_get_contents("http$ssl://$site_address:$port_number/$subfolder/queueclerk.php?action=transaction&number=$current_hash", FALSE, $context, NULL, 1500));
    409. 

  409. 

  410. 					$transaction_timestamp = find_string("-----timestamp=", "-----public_key", $poll_hash);
    411. 

  411. 					$transaction_public_key = find_string("-----public_key=", "-----crypt1", $poll_hash);
    412. 

  412. 					$transaction_crypt1 = find_string("-----crypt1=", "-----crypt2", $poll_hash);
    413. 

  413. 					$transaction_crypt2 = find_string("-----crypt2=", "-----crypt3", $poll_hash);
    414. 

  414. 					$transaction_crypt3 = find_string("-----crypt3=", "-----hash", $poll_hash);
    415. 

  415. 					$transaction_hash = find_string("-----hash=", "-----attribute", $poll_hash);
    416. 

  416. 					$transaction_attribute = find_string("-----attribute=", "-----end", $poll_hash);
    417. 

  417. 					$transaction_qhash = find_string("---qhash=", "---endqhash", $poll_hash);					
    418. 

  418. 

  419. 					// If a qhash is included, use this to verify the data
    420. 

  420. 					if(empty($transaction_qhash) == FALSE)
    421. 

  421. 					{
    422. 

  422. 						$qhash = $transaction_timestamp . $transaction_public_key . $transaction_crypt1 . $transaction_crypt2 . $transaction_crypt3 . $transaction_hash . $transaction_attribute;
    423. 

  423. 						$qhash = hash('md5', $qhash);
    424. 

  424. 

  425. 						// Compare hashes to make sure data is intact
    426. 

  426. 						if($transaction_qhash != $qhash)
    427. 

  427. 						{
    428. 

  428. 							write_log("Queue Hash Data MisMatch for Public Key: " . $transaction_public_key, "QC");
    429. 

  429. 							$transaction_attribute = "mismatch";
    430. 

  430. 						}
    431. 

  431. 					}
    432. 

  432. 					else
    433. 

  433. 					{
    434. 

  434. 						// Qhash is required to match hash now
    435. 

  435. 						write_log("Queue Hash Data MisMatch for Public Key: " . $transaction_public_key, "QC");
    436. 

  436. 						$transaction_attribute = "mismatch";
    437. 

  437. 					}
    438. 

  438. 

  439. 					$transaction_public_key = base64_decode($transaction_public_key);
    440. 

  440. 

  441. 					if($transaction_attribute == "R")
    442. 

  442. 					{
    443. 

  443. 						// Check to make sure this public key isn't forged or made up to win the list
    444. 

  444. 						openssl_public_decrypt(base64_decode($transaction_crypt1), $inside_transaction_hash, $transaction_public_key);
    445. 

  445. 						$final_hash_compare = $transaction_crypt2;
    446. 

  446. 						$crypt_hash_check = $transaction_hash;
    447. 

  447. 					}
    448. 

  448. 					else
    449. 

  449. 					{
    450. 

  450. 						if($transaction_attribute == "T" || $transaction_attribute == "G")
    451. 

  451. 						{
    452. 

  452. 							// Decrypt transaction information for regular transaction data
    453. 

  453. 							// and check to make sure the public key that is being sent to
    454. 

  454. 							// has not been tampered with.
    455. 

  455. 							openssl_public_decrypt(base64_decode($transaction_crypt3), $transaction_info, $transaction_public_key);
    456. 

  456. 

  457. 							$inside_transaction_hash = find_string("HASH=", "", $transaction_info, TRUE);
    458. 

  458. 

  459. 							// Check if a message is encoded in this data as well
    460. 

  460. 							if(strlen($inside_transaction_hash) != 64)
    461. 

  461. 							{
    462. 

  462. 								// A message is also encoded
    463. 

  463. 								$inside_transaction_hash = find_string("HASH=", "---MSG", $transaction_info);
    464. 

  464. 							}
    465. 

  465. 

  466. 							// Check Hash against 3 crypt fields
    467. 

  467. 							$crypt_hash_check = hash('sha256', $transaction_crypt1 . $transaction_crypt2 . $transaction_crypt3);
    468. 

  468. 						}
    469. 

  469. 

  470. 						$final_hash_compare = hash('sha256', $transaction_crypt1 . $transaction_crypt2);
    471. 

  471. 					}
    472. 

  472. 

  473. 					// Check to make sure this transaction is even valid (hash check, length check, & timestamp)
    474. 

  474. 					if($transaction_hash == $crypt_hash_check 
    475. 

  475. 						&& $inside_transaction_hash == $final_hash_compare 
    476. 

  476. 						&& strlen($transaction_public_key) > 300 
    477. 

  477. 						&& $transaction_timestamp >= $current_generation_cycle 
    478. 

  478. 						&& $transaction_timestamp < $next_generation_cycle)
    479. 

  479. 					{
    480. 

  480. 						// Check for 100 public key limit in the transaction queue
    481. 

  481. 						$sql = "SELECT * FROM `transaction_queue` WHERE `public_key` = '$transaction_public_key'";
    482. 

  482. 						$sql_result = mysql_query($sql);
    483. 

  483. 						$sql_num_results = mysql_num_rows($sql_result);
    484. 

  484. 

  485. 						if($sql_num_results < 100)
    486. 

  486. 						{						
    487. 

  487. 							// Transaction hash and real hash match
    488. 

  488. 							$sql = "INSERT INTO `transaction_queue` (`timestamp`,`public_key`,`crypt_data1`,`crypt_data2`,`crypt_data3`, `hash`, `attribute`)
    489. 

  489. 							VALUES ('$transaction_timestamp', '$transaction_public_key', '$transaction_crypt1', '$transaction_crypt2' , '$transaction_crypt3', '$transaction_hash' , '$transaction_attribute')";
    490. 

  490. 							mysql_query($sql);
    491. 

  491. 						}
    492. 

  492. 						else
    493. 

  493. 						{
    494. 

  494. 							write_log("More Than 100 Transactions Trying to Queue for Key: " . base64_encode($transaction_public_key), "QC");
    495. 

  495. 						}
    496. 

  496. 					}
    497. 

  497. 				}
    498. 

  498. 

  499. 				$match_number++;				
    500. 

  500. 				$current_hash = find_string("---queue$match_number=", "---end$match_number", $poll_peer);
    501. 

  501. 

  502. 			} // End While Loop
    503. 

  503. 

  504. 		} // End For Loop
    505. 

  505. 

  506. 		// Build queue hash after completion
    507. 

  507. 		$sql = "SELECT * FROM `transaction_queue` ORDER BY `hash`";
    508. 

  508. 		$sql_result = mysql_query($sql);
    509. 

  509. 		$sql_num_results = mysql_num_rows($sql_result);
    510. 

  510. 

  511. 		$transaction_queue_hash = 0;
    512. 

  512. 

  513. 		if($sql_num_results > 0)
    514. 

  514. 		{
    515. 

  515. 			for ($i = 0; $i < $sql_num_results; $i++)
    516. 

  516. 			{
    517. 

  517. 				$sql_row = mysql_fetch_array($sql_result);
    518. 

  518. 				$transaction_queue_hash .= $sql_row["public_key"] . $sql_row["crypt_data1"] . 
    519. 

  519. 					$sql_row["crypt_data2"] . $sql_row["crypt_data3"] . $sql_row["hash"] . $sql_row["attribute"];
    520. 

  520. 			}
    521. 

  521. 			$transaction_queue_hash = hash('md5', $transaction_queue_hash);
    522. 

  522. 		}
    523. 

  523. 

  524. 		// Store in database for quick reference from database
    525. 

  525. 		mysql_query("UPDATE `options` SET `field_data` = '$transaction_queue_hash' WHERE `options`.`field_name` = 'transaction_queue_hash' LIMIT 1");
    526. 

  526. 

  527. 	} // End Compare Tallies
    528. 

  528. 

  529. } // If/then Check for valid times
    530. 

  530. 

  531. //***********************************************************************************
    532. 

  532. //***********************************************************************************
    533. 

  533. // Script finished, set status to 0
    534. 

  534. $sql = "UPDATE `main_loop_status` SET `field_data` = '0' WHERE `main_loop_status`.`field_name` = 'queueclerk_heartbeat_active' LIMIT 1";
    535. 

  535. mysql_query($sql);
    536. 

  536. 

  537. // Record when this script finished
    538. 

  538. $sql = "UPDATE `main_loop_status` SET `field_data` = '" . time() . "' WHERE `main_loop_status`.`field_name` = 'queueclerk_last_heartbeat' LIMIT 1";
    539. 

  539. mysql_query($sql);
    540. 

  540. 

  541. ?>
    542. 

  542.