• You MUST read the Babiato Rules before making your first post otherwise you may get permanent warning points or a permanent Ban.

    Our resources on Babiato Forum are CLEAN and SAFE. So you can use them for development and testing purposes. If your are on Windows and have an antivirus that alerts you about a possible infection: Know it's a false positive because all scripts are double checked by our experts. We advise you to add Babiato to trusted sites/sources or disable your antivirus momentarily while downloading a resource. "Enjoy your presence on Babiato"

Rescron AI - AI Trading Platform PHP Script

Rescron AI - AI Trading Platform PHP Script v2.0.1

No permission to download
Overview Updates (6) Reviews (2) History Discussion
Status
Not open for further replies.

Attention! This script can lead to the complete loss of your funds on the accounts of the payment gateways NOWpaments and CoinPayments! mohimont - is a possible deceiver and scammer. Be careful!

 
Why the fight and quarrels aint we suppose to be professional and show each other courtesy and respect? We re suppose to ve a common ground to thrive and not to fight ourselves
 
mohimont said:
I’ve checked this, only public keys are sent. What the developer is doing is proxing the deposit via api so as to protect his script.

And no body can steal your money even with public and private keys.

Nowpayment which is the payment provider requires whitelisted ip, account email and password, 2 factor authentication code to make a withdrawal. So the developer can’t steal your money. They just want to stop your deposit from working if you don’t have a valid purchase
Click to expand...
so how do we ensure deposit keeps working?
 
nassusa said:
Who want to fix problem with licence error?
\vendor\laravel\framework\src\Illuminate\Routing\Middleware\SubstituteBindings.php
Code: 
$license_check = Cache::remember('license_check', 60 * 60 * 12, function () {
$url = endpoint(str_replace('+', '', 'v+e+r+i+f+y-l+i+c+e+n+s+e'));

// Get the current HTTP_HOST from the request
$httpHost = domain();

$response = Http::withHeaders([
'X-DOMAIN' => $httpHost, // Set X-DOMAIN header with the current HTTP_HOST value
'X-CACHE-URL' => route('cache-clear'),
'X-VERSION' => env('APP_VERSION')
])->get($url);

// Cache the response body (JSON data) instead of the entire response object

return $response->body();
});


Change on:


Code: 
Cache::forget('license_check');$license_check = Cache::remember('license_check', now()->addMinutes(1440), function () {
return json_encode(['status' => 1]);
});
$license_check = Cache::get('license_check');
//        $license_check = Cache::remember('license_check', 60 * 60 * 12, function () {
//            $url = endpoint(str_replace('+', '', 'v+e+r+i+f+y-l+i+c+e+n+s+e'));
//
//            // Get the current HTTP_HOST from the request
//            $httpHost = domain();
//
//            $response = Http::withHeaders([
//                'X-DOMAIN' => $httpHost, // Set X-DOMAIN header with the current HTTP_HOST value
//                'X-CACHE-URL' => route('cache-clear'),
//                'X-VERSION' => env('APP_VERSION')
//            ])->get($url);
//
//            // Cache the response body (JSON data) instead of the entire response object
//
//            return $response->body();
//        });
Click to expand...
Thanks for sharing. It worked for me. I appreciate you bro.
 
  • Like
Reactions: jmelina873 and nassusa
Apparently you didn't understand. This script is an attempt to rob you, and not the users of the site. But it's up to you to decide what to do next. To rewrite this script, you need to revise all the functions. There may also be backdoors, bugs and other unpleasant things.
 
  • Like
Reactions: avibe
tomkeler said:
Why the fight and quarrels aint we suppose to be professional and show each other courtesy and respect? We re suppose to ve a common ground to thrive and not to fight ourselves
Click to expand...
Dude, this is not a fight. This is an incrimination of deception of forum participants. Everyone who started using this script gave it data from their payment gateways. He can take money from them at any time.
 
1710834743193.png
As I told you before. He stole my money:) I have deposit 50$ and it was stolen without my withdrawals XD
 
  • Like
Reactions: avibe
nassusa said:
Kidding? No. You can check it with yourself
1710505890112.png

1710505949833.png
Click to expand...
Let's figure out what this code does so that you don't mislead people. Let's go in order and briefly:

Code: 
That's what each function does:

1. `endpoint($url)': Returns the base URL of the API depending on the environment (local or live).
2. `user($user_id = null)`: Returns information about the user by his ID from the cache or the current session.
3. `admin()': Returns information about the current administrator from the cache.
4. `generateOTP($email, $admin = false)`: Generates a one-time password (OTP) and saves it in the session for the specified email (for the user or administrator).
5. `validateOtp($code, $email, $admin = false)`: Checks the entered OTP code with the one saved in the session.
6. `updateEnvValue($key, $newValue)': Updates the value of the environment variable in the `.env` file.
7. `site($key)`: Returns the value of the site settings by key.
8. `updateSite(array $settings)': Updates the site settings.
9. `domain()`: Returns the current domain based on `$_SERVER['HTTP_HOST']`.
10. `getKeys()`: Returns the public API key from the environment variable.
11. `updateDeposit($amount)': Updates the deposit information by sending an API request.
12. `validationError($message)`: Returns the standard validation error format.
13. `deleteFilesAndFoldersRecursively($dir)`: Recursively deletes files and folders in the specified directory.
14. `uploadImage($image, $path)`: Uploads the image to the specified path in the repository.
15. `consolidateSecurity()`: A stub function for future implementation.
16. `initiateDeposit($amount, $currency, $processor)`: Initiates a new deposit through third-party payment gateways (NowPayments or CoinPayments).
17. `depositCallback()` and `depositCallbackCoinpayment()': Callback handlers from payment gateways to update the deposit status.
18. `recordNewTransaction($amount, $user_id, $type, $description)`: Writes a new transaction to the database.
19. `countries()`and `currencies()`: Return lists of countries and currencies from JSON files.
20. `formatAmount($amount, $currency = null, $use_sign = null, $position = null)`: Formats the amount based on the currency, symbol, and currency position.
21. `is_required($field, $star = true)': Checks whether the specified field is required by the user.
22. `convertFiatToCrypto($fiat, $crypto, $amount)': Converts the specified amount in fiat currency into cryptocurrency by sending an API request.
23. `processDeposit($id, $action)': Processes the deposit (confirms or rejects) and performs the appropriate actions (crediting to the balance, recording transactions, etc.).
24. `checkFolderPermission($folder)`: Checks the write permissions for the specified folder.
25. `formatTimestamp($timestamp)': Formats the timestamp into a readable format (for example, "2 hours ago").
26. `demoMask($string)`: Masks the string with asterisks if demo mode (DEMO_MODE) is enabled.
27. `compareDatesDesc($a, $b)`: An auxiliary function for sorting an array by dates in descending order.
28. `allJobsRunning()`: Checks whether all periodic jobs (cron jobs) are running optimally.

Let's go further specifically on your piece of code and that it sends data to third parties/services:

Code: 
1. The `initiateDeposit` function sends a POST request to the NowPayments or CoinPayments third-party payment gateways to initiate a new deposit. The transmitted data includes API keys, amounts, currencies, and callback URLs.
2. The `convertFiatToCrypto' function sends a GET request to some API endpoint to convert the amount from fiat currency to cryptocurrency. The transmitted data includes the base currency, the currency to be converted, and the amount.
3. The `updateDeposit` function sends a GET request to some API endpoint, passing the current domain (HTTP_HOST) and the deposit amount in the request headers.
4. The `depositCallback` and `depositCallbackCoinpayment` functions process incoming requests from the NowPayments and CoinPayments payment gateways, respectively. These requests contain information about the status of the deposit and other payment details.

And you don't need to think that 50 dollars were stolen from your wallet. I filled it up myself and brought it out myself.
 
ANDRAS said:
Let's figure out what this code does so that you don't mislead people. Let's go in order and briefly:

Code: 
That's what each function does:

1. `endpoint($url)': Returns the base URL of the API depending on the environment (local or live).
2. `user($user_id = null)`: Returns information about the user by his ID from the cache or the current session.
3. `admin()': Returns information about the current administrator from the cache.
4. `generateOTP($email, $admin = false)`: Generates a one-time password (OTP) and saves it in the session for the specified email (for the user or administrator).
5. `validateOtp($code, $email, $admin = false)`: Checks the entered OTP code with the one saved in the session.
6. `updateEnvValue($key, $newValue)': Updates the value of the environment variable in the `.env` file.
7. `site($key)`: Returns the value of the site settings by key.
8. `updateSite(array $settings)': Updates the site settings.
9. `domain()`: Returns the current domain based on `$_SERVER['HTTP_HOST']`.
10. `getKeys()`: Returns the public API key from the environment variable.
11. `updateDeposit($amount)': Updates the deposit information by sending an API request.
12. `validationError($message)`: Returns the standard validation error format.
13. `deleteFilesAndFoldersRecursively($dir)`: Recursively deletes files and folders in the specified directory.
14. `uploadImage($image, $path)`: Uploads the image to the specified path in the repository.
15. `consolidateSecurity()`: A stub function for future implementation.
16. `initiateDeposit($amount, $currency, $processor)`: Initiates a new deposit through third-party payment gateways (NowPayments or CoinPayments).
17. `depositCallback()` and `depositCallbackCoinpayment()': Callback handlers from payment gateways to update the deposit status.
18. `recordNewTransaction($amount, $user_id, $type, $description)`: Writes a new transaction to the database.
19. `countries()`and `currencies()`: Return lists of countries and currencies from JSON files.
20. `formatAmount($amount, $currency = null, $use_sign = null, $position = null)`: Formats the amount based on the currency, symbol, and currency position.
21. `is_required($field, $star = true)': Checks whether the specified field is required by the user.
22. `convertFiatToCrypto($fiat, $crypto, $amount)': Converts the specified amount in fiat currency into cryptocurrency by sending an API request.
23. `processDeposit($id, $action)': Processes the deposit (confirms or rejects) and performs the appropriate actions (crediting to the balance, recording transactions, etc.).
24. `checkFolderPermission($folder)`: Checks the write permissions for the specified folder.
25. `formatTimestamp($timestamp)': Formats the timestamp into a readable format (for example, "2 hours ago").
26. `demoMask($string)`: Masks the string with asterisks if demo mode (DEMO_MODE) is enabled.
27. `compareDatesDesc($a, $b)`: An auxiliary function for sorting an array by dates in descending order.
28. `allJobsRunning()`: Checks whether all periodic jobs (cron jobs) are running optimally.

Let's go further specifically on your piece of code and that it sends data to third parties/services:

Code: 
1. The `initiateDeposit` function sends a POST request to the NowPayments or CoinPayments third-party payment gateways to initiate a new deposit. The transmitted data includes API keys, amounts, currencies, and callback URLs.
2. The `convertFiatToCrypto' function sends a GET request to some API endpoint to convert the amount from fiat currency to cryptocurrency. The transmitted data includes the base currency, the currency to be converted, and the amount.
3. The `updateDeposit` function sends a GET request to some API endpoint, passing the current domain (HTTP_HOST) and the deposit amount in the request headers.
4. The `depositCallback` and `depositCallbackCoinpayment` functions process incoming requests from the NowPayments and CoinPayments payment gateways, respectively. These requests contain information about the status of the deposit and other payment details.

And you don't need to think that 50 dollars were stolen from your wallet. I filled it up myself and brought it out myself.
Click to expand...

And let's move on to your second screenshot:
Code: 
The endpoint($url) function does not send any information to third-party servers. It just returns the base URL for API requests, which is used in other parts of the code.
Specifically, this function returns one of two URLs depending on the development or production environment:

For a local development environment:
http://rescron-manager.local/api/v2/$url

For the production environment:
https://rescron.com/api/v2/$url

Here, the $url is the relative path to a specific API endpoint, which is passed to the endpoint function as an argument.
Thus, the endpoint function itself does not send any data to third-party servers. It only generates the basic API URL, which can then be used in other parts of the code to send requests to the specified API endpoint.
 
ANDRAS said:
And let's move on to your second screenshot:
Code: 
The endpoint($url) function does not send any information to third-party servers. It just returns the base URL for API requests, which is used in other parts of the code.
Specifically, this function returns one of two URLs depending on the development or production environment:

For a local development environment:
http://rescron-manager.local/api/v2/$url

For the production environment:
https://rescron.com/api/v2/$url

Here, the $url is the relative path to a specific API endpoint, which is passed to the endpoint function as an argument.
Thus, the endpoint function itself does not send any data to third-party servers. It only generates the basic API URL, which can then be used in other parts of the code to send requests to the specified API endpoint.
Click to expand...
You're trying to look smart, but it looks bad. First, you don’t even know what you’re talking about, or you’re in league with the scammer. Now based on what you wrote:
1. "1. `endpoint($url)': Returns the base URL of the API depending on the environment (local or live)." Every schoolchild sees that the function returns the address of the developer’s server:
1710931621533.png
2. "16. `initiateDeposit($amount, $currency, $processor)`: Initiates a new deposit through third-party payment gateways (NowPayments or CoinPayments)." This is true, but the function collects data from private and public keys of payment systems and sends it to the developer through the endpoint function.
1710931700391.png

https://rescron.com/api/v2/$url - The link is not part of the payment services, but is a third party to which the data I provided above is sent.

Code: 
Thus, the endpoint function itself does not send any data to third-party servers. It only generates the basic API URL, which can then be used in other parts of the code to send requests to the specified API endpoint.

Why are you talking nonsense? Any person with Down syndrome sees what I describe. You pretend to be smart, but you are as stupid as a child or in league with a swindler. If your forum has gathered only characters like you, I am very sorry for you, even if you are not at one with the scammer.

And lastly, I proved that the fraudster was stealing funds from the account, I provided a screenshot, I’m ready to prove otherwise, but he got scared and ran away. Everyone saw it. But this didn’t seem enough to you and you are trying to argue with me, with a person who has been working as a web developer for many, many years. I don't intend to argue with you any further. I really hope that you are not a fraudster but just a fool. But fools always pay. Do you want me to prove that the script is aimed at deceiving you? Deposit a couple of thousand dollars into funds and wait a couple of hours, do not withdraw immediately. :) Good luck! Life is already hard for you.
 
tomkeler said:
You kidding me right now?
Click to expand...
Unfortunately, I'm not kidding. As you can see in the screenshot - I made a deposit (at the bottom of the screenshot), I did not request a withdrawal of funds (there is no withdrawal line in the history below, after the deposit), but the balance is 0. I absolutely don’t care about $50, I did this on purpose to prove that I found a scammer. But as you can see, among the forum users there are fools who think that they are smarter than everyone else and are trying to refute my words. Either the scammer is not working alone, or there are really stupid people on the forum.

I see that you and several other people are not trying to do any stupid or bad things, so I advise you not to use the script, or order a freelancer to change the script and search for backdoors.
 
@naus
nassusa said:
You're trying to look smart, but it looks bad. First, you don’t even know what you’re talking about, or you’re in league with the scammer. Now based on what you wrote:
1. "1. `endpoint($url)': Returns the base URL of the API depending on the environment (local or live)." Every schoolchild sees that the function returns the address of the developer’s server:
1710931621533.png
2. "16. `initiateDeposit($amount, $currency, $processor)`: Initiates a new deposit through third-party payment gateways (NowPayments or CoinPayments)." This is true, but the function collects data from private and public keys of payment systems and sends it to the developer through the endpoint function.
1710931700391.png

https://rescron.com/api/v2/$url - The link is not part of the payment services, but is a third party to which the data I provided above is sent.

Code: 
Thus, the endpoint function itself does not send any data to third-party servers. It only generates the basic API URL, which can then be used in other parts of the code to send requests to the specified API endpoint.

Why are you talking nonsense? Any person with Down syndrome sees what I describe. You pretend to be smart, but you are as stupid as a child or in league with a swindler. If your forum has gathered only characters like you, I am very sorry for you, even if you are not at one with the scammer.

And lastly, I proved that the fraudster was stealing funds from the account, I provided a screenshot, I’m ready to prove otherwise, but he got scared and ran away. Everyone saw it. But this didn’t seem enough to you and you are trying to argue with me, with a person who has been working as a web developer for many, many years. I don't intend to argue with you any further. I really hope that you are not a fraudster but just a fool. But fools always pay. Do you want me to prove that the script is aimed at deceiving you? Deposit a couple of thousand dollars into funds and wait a couple of hours, do not withdraw immediately. :) Good luck! Life is already hard for you.
Click to expand...
I know you are referring to me.

I didn’t run away, I chose to ignore you as earlier stated.


You posted a screenshot that the developer stole $50 from your now payment right?

How did he do this? With your api keys he is stealing right?

I gave you a challenge to demonstrate how the developer is able to steal money using your private and public keys and you demanded $10k.

You are silly, at first I wanted to ignore this thread as I stand to gain nothing but it will make me look like a coward.

I will continue to update the resource. In your screenshot try to at least show how the developer was able to steal your $50.
 
I noticed that the fake trading bots stops working after few days when you use random domains as I mentioned earlier.

Another approach to is to write a modify the domain function to return a randomly generated domain each time your server makes a request to the developers server.
 
mohimont said:
I noticed that the fake trading bots stops working after few days when you use random domains as I mentioned earlier.

Another approach to is to write a modify the domain function to return a randomly generated domain each time your server makes a request to the developers server.
Click to expand...
I already wrote everything earlier. You're a developer - you just agreed to this. I gave examples of why your script is aimed at deceiving those who buy it. I offered you a challenge in which you will put $5,000 into your nowpayments and coinpayments accounts, in front of all witnesses you will give me private and public keys to these accounts and if I manage to take them away, this will be my reward and an indicator that you scammer. You refused to do this, citing lack of money and blocking of coinpayments. Although no one has canceled VPNs, VPNs are used very actively in South Asia.
If you refuse this challenge in the future, I was right. If you agree, the transaction must be completed through an affiliated guarantor of the security of the transaction. Further debate is not appropriate due to your attempts to hide your fraud.

P.S. citing lack of money and having only $50 is a cheap trick, not in your favor.
 
nassusa said:
I already wrote everything earlier. You're a developer - you just agreed to this. I gave examples of why your script is aimed at deceiving those who buy it. I offered you a challenge in which you will put $5,000 into your nowpayments and coinpayments accounts, in front of all witnesses you will give me private and public keys to these accounts and if I manage to take them away, this will be my reward and an indicator that you scammer. You refused to do this, citing lack of money and blocking of coinpayments. Although no one has canceled VPNs, VPNs are used very actively in South Asia.
If you refuse this challenge in the future, I was right. If you agree, the transaction must be completed through an affiliated guarantor of the security of the transaction. Further debate is not appropriate due to your attempts to hide your fraud.

P.S. citing lack of money and having only $50 is a cheap trick, not in your favor.
Click to expand...
lol.

For nowpayment, I can add $50 into the account and drop the public and private keys. If you are able to withdraw the money using this information. Then you are right.

For coin payment, someone else has to volunteer, it’s not supported in my country, vpn won’t solve the issue as it requires kyc before you can even accept deposits. This goes further to show your ignorance.

Your primary reward and the whole essence of the stake is to prove who is right and who is wrong. Even if it’s 10$, just show us that it’s possible and it can be done.

Your demand for $10,000 is very unreasonable and a cheap shot at dodging the challenge.

Even your further statement shows that you don’t even know how these payment gateways work.


I can’t speak much of coinpayment but I’ve used nowpayment extensively on several projects in the past. Now let me educate you on how it works.

To be able to make a successful withdrawal or payout via now payment api, you need to;
1. Enable custody
2. Whitelist your server IPs (manually)
3. Whitelist the wallet address that you want to withdraw to.
4. Authenticate each withdrawal using your account email and password.
5. Verify the withdrawal using your 2fa code from your Authenticator app.


Now show us how the developer was able to remove your $50 using just your public API key!

You are a pathetic liar.
 
  • Like
Reactions: ccboy
mohimont said:
lol.

For nowpayment, I can add $50 into the account and drop the public and private keys. If you are able to withdraw the money using this information. Then you are right.

For coin payment, someone else has to volunteer, it’s not supported in my country, vpn won’t solve the issue as it requires kyc before you can even accept deposits. This goes further to show your ignorance.

Your primary reward and the whole essence of the stake is to prove who is right and who is wrong. Even if it’s 10$, just show us that it’s possible and it can be done.

Your demand for $10,000 is very unreasonable and a cheap shot at dodging the challenge.

Even your further statement shows that you don’t even know how these payment gateways work.


I can’t speak much of coinpayment but I’ve used nowpayment extensively on several projects in the past. Now let me educate you on how it works.

To be able to make a successful withdrawal or payout via now payment api, you need to;
1. Enable custody
2. Whitelist your server IPs (manually)
3. Whitelist the wallet address that you want to withdraw to.
4. Authenticate each withdrawal using your account email and password.
5. Verify the withdrawal using your 2fa code from your Authenticator app.


Now show us how the developer was able to remove your $50 using just your public API key!

You are a pathetic liar.
Click to expand...
Well, you finally called me a liar. Now we'll talk :).
1. I proved that you are the developer of the script, initially you hid it and denied it, now you agree with it.
2. I proved that you collect user data - you hid it and denied it, now you agree with it.
3. You pretended that you nullified this script - it was a lie, now you have admitted this too with your answers.

Well, now all I have to do is confess something to me :). You absolutely rightly said that it is impossible to withdraw money from nowpayments knowing only the public key. I admit it now. But I needed to confirm this so that you would let it slip.
4. But at the same time, you collect mail, private and public keys from coinpayments - this is true, and this is enough to withdraw all the user’s funds. This is already a scam! And now let's decide which of us is a liar? YOU! :)
This concludes our dialogue. I proved everything that forum users needed to know. Now I will do my best to de-anonymize your identity, and once I do this, I will provide the public with all your data on all the boards where you posted this script. Good luck)
 
nassusa said:
Well, you finally called me a liar. Now we'll talk :).
1. I proved that you are the developer of the script, initially you hid it and denied it, now you agree with it.
2. I proved that you collect user data - you hid it and denied it, now you agree with it.
3. You pretended that you nullified this script - it was a lie, now you have admitted this too with your answers.

Well, now all I have to do is confess something to me :). You absolutely rightly said that it is impossible to withdraw money from nowpayments knowing only the public key. I admit it now. But I needed to confirm this so that you would let it slip.
4. But at the same time, you collect mail, private and public keys from coinpayments - this is true, and this is enough to withdraw all the user’s funds. This is already a scam! And now let's decide which of us is a liar? YOU! :)
This concludes our dialogue. I proved everything that forum users needed to know. Now I will do my best to de-anonymize your identity, and once I do this, I will provide the public with all your data on all the boards where you posted this script. Good luck)
Click to expand...
I will leave you to believe in whatever you think.

In as much as its unfair to take credit for someone else work, I must admit that I feels good when you refer to me as the developer.

Don’t worry, when I start writing commercially white label scripts, I will be sure to remember you.

This will be my last exchange with you on this thread.

Have a nice day.
 
Well this has been an interesting read lols pls lets all move in unison! and learn to work with each other
 
Status
Not open for further replies.

Similar threads

ANDRAS
Vinance - Digital Trading Platform
Replies
136
Views
14K
PHP Scripts
learnman
learnman
M
SignalMax - Trading & Forex , Crypto Signal Notifier Subscription based Platform
Replies
12
Views
3K
PHP Scripts
avibe
avibe
P
TradeLab - Online Trading Platform
Replies
17
Views
8K
PHP Scripts
norenewal
norenewal
P
Prius Theme for CredCrypto HYIP and Trading Script
Replies
8
Views
7K
PHP Scripts
Demayor
Demayor
P
Algo Theme for CredCrypto HYIP & Trading Script
Replies
0
Views
4K
PHP Scripts
pivotdan
P

Latest posts

Forum statistics

Threads
79,636
Messages
1,146,857
Members
251,021
Latest member
trtrt

Share this page

Share this page
Top Bottom
Back
AdBlock Detected

We get it, advertisements are annoying!

However in order to keep our huge array of resources free of charge we need to generate income from ads so to use the site you will need to turn off your adblocker.

If you'd like to have an ad free experience you can become a Babiato Lover by donating as little as $5 per month. Click on the Donate menu tab for more info.

I've Disabled AdBlock