fsdsf
20.04.2016 11:46
$v) {
$fields[$k] = trim($v);
}
if(!empty($f_dhash)) {
$f_dseed = $f_dhash;
}
$f_dhash = pack('H*', $fields[1]);
if(!empty($f_dseed)) {
if(empty($checks['hashchain integrity'])) {
$checks['hashchain integrity'] = 'pass';
}
if($f_dhash != hash('sha256', $f_dseed, true)) {
$checks['hashchain integrity'] = 'fail';
}
}
if($fields[2]<$betid && empty($my_dhash)) {
$my_dhash = $f_dhash;
if(!empty($f_dseed)) {
$my_dseed = $f_dseed;
}
}
}
if(empty($checks['hashchain integrity'])) {
$checks['hashchain integrity'] = 'no data provided';
}
$checks['this dhash = published dhash'] = $dhash==$my_dhash ? 'pass' : 'fail';
if($dseed==null) {
$checks['sseed = hmac_sha256(username:betctr, dseed)'] = 'no data provided';
$checks['dhash = sha256(dseed)'] = 'no data provided';
} else {
if($dhash==hash('sha256', $dseed, true)) {
$checks['dhash = sha256(dseed)'] = 'pass';
} else {
$checks['dhash = sha256(dseed)'] = 'fail';
}
$checks['sseed = hmac_sha256(user:betctr, dseed)'] = $sseed==hash_hmac('sha256', "{$user}:{$betctr}", $dseed, true) ? 'pass' : 'fail';
}
$checks['shash = sha256(sseed)'] = $shash==hash('sha256', $sseed, true) ? 'pass' : 'fail';
$checks['fseed = hmac_sha256(cseed, sseed)'] = $fseed==hash_hmac('sha256', $cseed, $sseed, true) ? 'pass' : 'fail';
// here we have all of the crypto stuff checked, now let's calculate the outcome
bcscale(12);
switch(strtolower($b['game'])) {
case 'spin':
$results = array(
'1.25', '0.25', '1.25', '0',
'2', '0.35', '2', '0.4',
'1.25', '0.25', '1.25', '0',
'3', '0', '1.5', '0.25'
);
$seg = unpack('C', $fseed);
$seg = ($seg[1] >> 4) & 0x0F;
$checks['correct result'] = bccomp($result, $results[$seg])==0 ? 'pass' : 'fail';
break;
case 'drop':
$results =
$betid > 3393416
? array('1', '0.3', '1.5', '0', '3', '0', '1.5', '0.3', '1')
: array('1', '0.4', '1.5', '0', '3', '0', '1.5', '0.4', '1');
$slot = explode("=", $param);
$s = hash_hmac('sha256', $slot[1], $fseed, true);
foreach(unpack('C*', $s) as $seg2) {
$seg = ($seg2 >> 4) & 0x0F;
if($seg < 9) break;
$seg = $seg2 & 0x0F;
if($seg < 9) break;
$seg=4;
}
$checks['correct result'] = bccomp($result, $results[$seg])==0 ? 'pass' : 'fail';
break;
case 'dice':
$edge = "0.01";
$hi = substr($param, 0, 1) == '>' ? true : false;
$target = (int)bcmul(substr($param, 1), 10000);
$res = $hi ? 1000000 : 0;
foreach(str_split(bin2hex($fseed), 5) as $s) {
if(strlen($s)==5) {
$d = hexdec($s);
if($d<1000000) {
$res = $d;
break;
}
}
}
if($betId>192992 && $betId<4544134) { $edge = "0.015"; }
if(($hi && $res>$target)
|| (!$hi && $res<$target)) {
$t_target = $hi ? 1000000-$target : $target;
$win = round8(bcmul(bcdiv("1000000", $t_target), bcsub("1", $edge)));
} else {
$win = "0";
}
$checks['correct result'] = bccomp($win, $result) == 0 ? 'pass' : 'fail';
break;
default:
$checks['correct result'] = 'unknown game';
break;
}
// verification is done
//==============================================================================
switch(php_sapi_name()) {
case 'cli':
$maxl = 0;
foreach($checks as $k=>$v) {
$maxl = max($maxl, strlen($k));
}
foreach($checks as $k=>$v) {
echo str_pad($k, $maxl)."\t=>\t{$v}\n";
}
break;
default:
header('Content-Type: application/json', true);
// it is fine if someone wants to put up a frontend so users can verify fairness elsewhere
// also, our ajax request should not invoke OPTIONS preflighting, so you do not have to handle it separately
// header('Access-Control-Allow-Origin: *', true);
echo json_encode($checks);
break;