mickmon · August 27, 2019 21:00
diff --git a/config.php b/config.php
 <?php


 // must match the main HTML file
 $dest = "xrb_1ytjfqxmz5zabt39qxcz3nphabstegddqqbhjgau13stfxz6fq7rkmceih7i";


 $files = [
 	"item-1" => [
 		"name" => "Random File text",
 		"file-name" => "Jupiter", //the file name the user will see
 		"file-path" => "random-file.mp3", //hidden file, keep the name difficult to guess! Won't be shown to the user. (Recommended to have a subdirectory)
 		"price" => 0.01, // price in USD (must match what the user is paying in the main HTML file),
 		"description" => "Buy an MP3"
 	],

 	"image-1" => [
 		"name" => "Random Image",
 		"file-name" => "my-donald-image.jpg",
 		"file-path" => "donald.jpg",
 		"price" => 0.01
 	]
 ];

 ?>
diff --git a/pay-api.php b/pay-api.php
 <?php
 include("config.php");

 session_start();

 $token = isset($_POST["token"]) ? $_POST["token"] : $_GET["token"];
 $id = isset($_POST['id']) ? $_POST['id'] : $_GET['id'];

 if($token == null){
 	exit("Token is null");
 }

 if($id == null){
 	exit("Id is null");
 }

 echo $_SESSION["state"];

 $url = "https://api.brainblocks.io/api/session/$token/verify";

 $status = file_get_contents($url);
 $json = json_decode($status);

 if(isset($_POST["action"]) && $_POST["action"] == "token"){
 	if($json->fulfilled == false){
 		$_SESSION["state"] = "WAITING";
 		exit("OK");
 	}
 }

 $file = $files[ $id ];

 if($file == null){
 	exit("Invalid file id");
 }

 if(	$json->fulfilled == true &&
 	$json->destination == $dest &&
 	$json->currency == "usd" &&
 	((float)$json->amount) >= (float)$file["price"] ){

 	if($_SESSION["state"] == "WAITING"){

 		if(isset($_GET["download"]) && $_GET["download"] == "true"){

 			header("Content-Disposition: attachment; filename=\"" . basename($file['file-name']) . "\"");
 			header("Content-Type: text/html");
 			header("Content-Length: " . filesize($file['file-path']));
 			header("Connection: close");

 			exit(readfile( $file['file-path'] ));

 		}

 	}else{
 		exit( "Invalid payment hash" );
 	}

 }else{
 	exit( "Invalid payment" );
 }


 $download_url = "?token=$token&id=$id&download=true";

 ?>


 <h2>Thank you for buying <?php echo $file['name']; ?>!</h2>

 <?php
 // optional
 if(isset($file['description'])){
 	echo $file['description'];
 }
 ?>
 <br>
 <a href="<?php echo $download_url; ?>">Click to download</a>
	<?php


	// must match the main HTML file
	$dest = "xrb_1ytjfqxmz5zabt39qxcz3nphabstegddqqbhjgau13stfxz6fq7rkmceih7i";


	$files = [
	"item-1" => [
	"name" => "Random File text",
	"file-name" => "Jupiter", //the file name the user will see
	"file-path" => "random-file.mp3", //hidden file, keep the name difficult to guess! Won't be shown to the user. (Recommended to have a subdirectory)
	"price" => 0.01, // price in USD (must match what the user is paying in the main HTML file),
	"description" => "Buy an MP3"
	],

	"image-1" => [
	"name" => "Random Image",
	"file-name" => "my-donald-image.jpg",
	"file-path" => "donald.jpg",
	"price" => 0.01
	]
	];

	?>
	<?php
	include("config.php");

	session_start();

	$token = isset($_POST["token"]) ? $_POST["token"] : $_GET["token"];
	$id = isset($_POST['id']) ? $_POST['id'] : $_GET['id'];

	if($token == null){
	exit("Token is null");
	}

	if($id == null){
	exit("Id is null");
	}

	echo $_SESSION["state"];

	$url = "https://api.brainblocks.io/api/session/$token/verify";

	$status = file_get_contents($url);
	$json = json_decode($status);

	if(isset($_POST["action"]) && $_POST["action"] == "token"){
	if($json->fulfilled == false){
	$_SESSION["state"] = "WAITING";
	exit("OK");
	}
	}

	$file = $files[ $id ];

	if($file == null){
	exit("Invalid file id");
	}

	if( $json->fulfilled == true &&
	$json->destination == $dest &&
	$json->currency == "usd" &&
	((float)$json->amount) >= (float)$file["price"] ){

	if($_SESSION["state"] == "WAITING"){

	if(isset($_GET["download"]) && $_GET["download"] == "true"){

	header("Content-Disposition: attachment; filename=\"" . basename($file['file-name']) . "\"");
	header("Content-Type: text/html");
	header("Content-Length: " . filesize($file['file-path']));
	header("Connection: close");

	exit(readfile( $file['file-path'] ));

	}

	}else{
	exit( "Invalid payment hash" );
	}

	}else{
	exit( "Invalid payment" );
	}


	$download_url = "?token=$token&id=$id&download=true";

	?>


	<h2>Thank you for buying <?php echo $file['name']; ?>!</h2>

	<?php
	// optional
	if(isset($file['description'])){
	echo $file['description'];
	}
	?>
	<br>
	<a href="<?php echo $download_url; ?>">Click to download</a>