Файл: billing/check_pay.php
Строк: 22
<?
require'../shaxty.php'; // waphp.ru - закрытый клуб вап мастеров!
if(isset($_POST['LMI_PAYMENT_NO'])){
$result = mysql_query ("Select * FROM `payment` WHERE `id` = '".intval($_POST['LMI_PAYMENT_NO'])."' and `yes` = '0'");
}else{exit("Нет данных!");}
$rows = mysql_num_rows($result);
if ($rows != 1) {
exit('Такого платежа нет');
} else {
$pay = mysql_fetch_array($result);
mysql_free_result($result);
$LMI_PAYEE_PURSE = $_POST['LMI_PAYEE_PURSE'];
$LMI_PAYMENT_AMOUNT = $_POST['LMI_PAYMENT_AMOUNT'];
$LMI_PAYMENT_NO = $_POST['LMI_PAYMENT_NO'];
$LMI_MODE = $_POST['LMI_MODE'];
$LMI_SYS_INVS_NO = $_POST['LMI_SYS_INVS_NO'];
$LMI_SYS_TRANS_NO = $_POST['LMI_SYS_TRANS_NO'];
$LMI_SYS_TRANS_DATE = $_POST['LMI_SYS_TRANS_DATE'];
$LMI_PAYER_PURSE = $_POST['LMI_PAYER_PURSE'];
$LMI_PAYER_WM = $_POST['LMI_PAYER_WM'];
$lmihash = $_POST['LMI_HASH'];
$LMI_SECRET_KEY = "50BA93F82296";
$chkstring = $LMI_PAYEE_PURSE.$LMI_PAYMENT_AMOUNT.$LMI_PAYMENT_NO.$LMI_MODE.$LMI_SYS_INVS_NO.$LMI_SYS_TRANS_NO.$LMI_SYS_TRANS_DATE.$LMI_SECRET_KEY.$LMI_PAYER_PURSE.$LMI_PAYER_WM;
$md5sum = strtoupper(md5($chkstring));
if($_POST['LMI_HASH'] == $md5sum){
mysql_query("UPDATE `payment` SET `LMI_PAYMENT_AMOUNT` = '".$LMI_PAYMENT_AMOUNT."', `LMI_SYS_INVS_NO` = '".$LMI_SYS_INVS_NO."', `LMI_SYS_TRANS_NO` = '".$LMI_SYS_TRANS_NO."', `LMI_SYS_TRANS_DATE` = '".$LMI_SYS_TRANS_DATE."', `LMI_PAYER_PURSE` = '".$LMI_PAYER_PURSE."', `LMI_PAYER_WM` = '".$LMI_PAYER_WM."', `time` = '".$time."', `yes` = '1' WHERE `id` = '".intval($_POST['LMI_PAYMENT_NO'])."'");
$w = mysql_fetch_assoc(mysql_query ("Select * FROM `payment` WHERE `id` = '".intval($_POST['LMI_PAYMENT_NO'])."'"));
mysql_query ("INSERT INTO `bill_hist` (`user_id`,`to_id`,`rur`,`mod`,`komm`,`time`,`yes`,`kod`) VALUES ('".$w['user_id']."','".$w['user_id']."','$LMI_PAYMENT_AMOUNT','in','Пополнение баланса на <b>".$LMI_PAYMENT_AMOUNT."</b> рублей (№ ".$LMI_PAYMENT_NO.")','$realtime','1','$LMI_PAYMENT_NO')");
$rur = user_inf($w['user_id'],'rur')+$w['LMI_PAYMENT_AMOUNT'];
mysql_query("UPDATE `users` SET `rur`='".$rur."' WHERE `id` = '".$w['user_id']."'");
$info = mysql_fetch_assoc(mysql_query("SELECT * FROM `wm` where `id_us` = '".$w['user_id']."' limit 1"));
if(!empty($info['wmid']) and !empty($info['wmr'])){
$info['wmr'] = 'R'.$info['wmr'];
if($info['wmid']==$LMI_PAYER_WM and $info['wmr']==$LMI_PAYER_PURSE)mysql_query("UPDATE `wm` SET `check` = '1' WHERE `id_us` = '".$w['user_id']."'");
}
}
}
?>