Файл: includes/up_money.php
Строк: 74
<?php
include '../controller/controller.php';
up('Пополнить баланс');
echo '<div class="header"><img src="'.HOME.'/templates/images/55.png" alt="*" /> Пополнить балланс</div>';
switch($_GET['act']) {
default:
echo '<div class="home"><form method="POST" name="form" action="?act=true">
Пополнить на сумму:<br /><select name="kol"><option value="10">10</option><option value="20">20</option><option value="30">30</option><option value="50">50</option>
<option value="60">60</option><option value="70">70</option><option value="90">90</option><option value="100">100</option><option value="110">110</option><option value="120">120</option></select><br />
<input type="submit" value="Продолжить" /></form></div>';
echo '<div class="home">Способ оплаты: Webmoney Merchant</div>';
break;
case 'true':
$money = xss($_POST['kol']);
$random = rand(99999,999999);
echo '<div class="home">
Сумма: '.$money.' wmr</br>
<form method="POST" action="https://merchant.webmoney.ru/lmi/payment.asp">
<input type="hidden" name="LMI_PAYMENT_NO" value="'.$random.'">
<input type="hidden" name="LMI_PAYMENT_AMOUNT" value="'.$money.'">
<input type="hidden" name="LMI_PAYMENT_DESC" value="Account replenishment in WebMoney lottery - LotteryIT.ru">
<input type="hidden" name="LMI_PAYEE_PURSE" value="R980106431593">
<input type="hidden" name="id" value="'.$user['id'].'">
<input type="submit" value="Перейти к оплате">
</form></div>';
break;
case 'order':
IF($_POST['LMI_PREREQUEST']==1) {
if($money != trim($_POST['LMI_PAYMENT_AMOUNT'])) {
echo "ERR: НЕВЕРНАЯ СУММА ".$_POST['LMI_PAYMENT_AMOUNT'];
exit;
}
if(trim($_POST['LMI_PAYEE_PURSE'])!="R980106431593") {
echo "ERR: НЕВЕРНЫЙ КОШЕЛЕК ПОЛУЧАТЕЛЯ ".$_POST['LMI_PAYEE_PURSE'];
exit;
}
echo "YES";
}
ELSE {
$secret_key="F89DC630-C460-4CD4-9F7E-42F9D34179C3";
$common_string = $_POST['LMI_PAYEE_PURSE'].$_POST['LMI_PAYMENT_AMOUNT'].$_POST['LMI_PAYMENT_NO'].
$_POST['LMI_MODE'].$_POST['LMI_SYS_INVS_NO'].$_POST['LMI_SYS_TRANS_NO'].
$_POST['LMI_SYS_TRANS_DATE'].$secret_key.$_POST['LMI_PAYER_PURSE'].$_POST['LMI_PAYER_WM'];
$hash = strtoupper(md5($common_string));
if($hash!=$_POST['LMI_HASH']) exit;
elseif($_POST['LMI_MODE']!='0')
{
exit();//тестовый режим запрещаем :)
}
mysql_query('update `user` set `money` = `money` + "'.$_POST['LMI_PAYMENT_AMOUNT'].'" where `id` = "'.$_POST['id'].'"');
$time=time();
mysql_query('insert into `BuyMoney` set `money` = "'.$_POST['LMI_PAYMENT_AMOUNT'].'", `user` = "'.$_POST['id'].'", `time` = "$time"');
}
break;
case 'yes':
echo "<div class='home'>Покупка успешно произведена</div>";
break;
case 'Error':
echo 'Error';
break;
}
down();
?>