fsdsf

20.04.2016 11:46 $v) { $fields[$k] = trim($v); } if(!empty($f_dhash)) { $f_dseed = $f_dhash; } $f_dhash = pack('H*', $fields[1]); if(!empty($f_dseed)) { if(empty($checks['hashchain integrity'])) { $checks['hashchain integrity'] = 'pass'; } if($f_dhash != hash('sha256', $f_dseed, true)) { $checks['hashchain integrity'] = 'fail'; } } if($fields[2]<$betid && empty($my_dhash)) { $my_dhash = $f_dhash; if(!empty($f_dseed)) { $my_dseed = $f_dseed; } } } if(empty($checks['hashchain integrity'])) { $checks['hashchain integrity'] = 'no data provided'; } $checks['this dhash = published dhash'] = $dhash==$my_dhash ? 'pass' : 'fail'; if($dseed==null) { $checks['sseed = hmac_sha256(username:betctr, dseed)'] = 'no data provided'; $checks['dhash = sha256(dseed)'] = 'no data provided'; } else { if($dhash==hash('sha256', $dseed, true)) { $checks['dhash = sha256(dseed)'] = 'pass'; } else { $checks['dhash = sha256(dseed)'] = 'fail'; } $checks['sseed = hmac_sha256(user:betctr, dseed)'] = $sseed==hash_hmac('sha256', "{$user}:{$betctr}", $dseed, true) ? 'pass' : 'fail'; } $checks['shash = sha256(sseed)'] = $shash==hash('sha256', $sseed, true) ? 'pass' : 'fail'; $checks['fseed = hmac_sha256(cseed, sseed)'] = $fseed==hash_hmac('sha256', $cseed, $sseed, true) ? 'pass' : 'fail'; // here we have all of the crypto stuff checked, now let's calculate the outcome bcscale(12); switch(strtolower($b['game'])) { case 'spin': $results = array( '1.25', '0.25', '1.25', '0', '2', '0.35', '2', '0.4', '1.25', '0.25', '1.25', '0', '3', '0', '1.5', '0.25' ); $seg = unpack('C', $fseed); $seg = ($seg[1] >> 4) & 0x0F; $checks['correct result'] = bccomp($result, $results[$seg])==0 ? 'pass' : 'fail'; break; case 'drop': $results = $betid > 3393416 ? array('1', '0.3', '1.5', '0', '3', '0', '1.5', '0.3', '1') : array('1', '0.4', '1.5', '0', '3', '0', '1.5', '0.4', '1'); $slot = explode("=", $param); $s = hash_hmac('sha256', $slot[1], $fseed, true); foreach(unpack('C*', $s) as $seg2) { $seg = ($seg2 >> 4) & 0x0F; if($seg < 9) break; $seg = $seg2 & 0x0F; if($seg < 9) break; $seg=4; } $checks['correct result'] = bccomp($result, $results[$seg])==0 ? 'pass' : 'fail'; break; case 'dice': $edge = "0.01"; $hi = substr($param, 0, 1) == '>' ? true : false; $target = (int)bcmul(substr($param, 1), 10000); $res = $hi ? 1000000 : 0; foreach(str_split(bin2hex($fseed), 5) as $s) { if(strlen($s)==5) { $d = hexdec($s); if($d<1000000) { $res = $d; break; } } } if($betId>192992 && $betId<4544134) { $edge = "0.015"; } if(($hi && $res>$target) || (!$hi && $res<$target)) { $t_target = $hi ? 1000000-$target : $target; $win = round8(bcmul(bcdiv("1000000", $t_target), bcsub("1", $edge))); } else { $win = "0"; } $checks['correct result'] = bccomp($win, $result) == 0 ? 'pass' : 'fail'; break; default: $checks['correct result'] = 'unknown game'; break; } // verification is done //============================================================================== switch(php_sapi_name()) { case 'cli': $maxl = 0; foreach($checks as $k=>$v) { $maxl = max($maxl, strlen($k)); } foreach($checks as $k=>$v) { echo str_pad($k, $maxl)."\t=>\t{$v}\n"; } break; default: header('Content-Type: application/json', true); // it is fine if someone wants to put up a frontend so users can verify fairness elsewhere // also, our ajax request should not invoke OPTIONS preflighting, so you do not have to handle it separately // header('Access-Control-Allow-Origin: *', true); echo json_encode($checks); break;