Файл: online_liberty.php
Строк: 152
<?
$full_home_path = dirname(__FILE__);
require_once($full_home_path."/_rootload.php");
# lr_paidto Merchant's Liberty Reserve account number.
# lr_paidby Buyer's Liberty Reserve account number.
# lr_amnt Payment amount.
# lr_fee_amnt Commission that was deducted by Liberty Reserve system from the Merchant's account when payment was received.
# lr_currency Currency in which the payment was processed.
# lr_transfer Unique Liberty Reserve transaction number.
# lr_store Name of the Merchant's store.
# lr_timestamp Date of transaction (UTC).
# lr_merchant_ref Additional identifying factor that is set by the Merchant. This information is stored in the Liberty Reserve transaction database.
# lr_encrypted
# lr_encrypted2
$input = '';
foreach ($_POST as $field=>$value) {
$input .= $field." ".$value."n";
}
$input = "Входящие параметры:nn$input";
if (getenv("REQUEST_METHOD") != "POST") {
mconnect();
$manager_email=GetSetting('manager_email');
$msg = "С IP-адреса $ip произошло обращение к скрипту online_liberty.php по GET-протоколу.nnБудьте внимательны, т.к. возможно кто-то пытается взломать систему.nn$inputnn--nRootPanel";
$subject = "Возможная попытка взлома билинга [LibertyReserve]";
$admEmails=GetAdminEmailsWhereTrueParam("senderror");
if (count($admEmails) > 0) {
WriteMailLog($subject,$msg);
}
while (list($i,$em) = @each($admEmails)) {
sendmail($em,'',$manager_email,$subject,$msg);
}
mclose();
exit;
}
if ($lr_transfer) {
mconnect();
EnableLanguages();
$bill = GetBillById(intval($lr_merchant_ref));
$payy = GetPaymentSystemById($bill->paymentSystemId);
$liberty_id=$payy->text1;
$liberty_store=$payy->text2;
$liberty_secret=decodePwd($payy->pass1);
$liberty_currency=$payy->currency;
$hash = $lr_paidto.":".$lr_paidby.":".htmlDecode($lr_store).":".$lr_amnt.":".$lr_transfer.":".$lr_currency.":".$liberty_secret;
$hash = strtoupper(bin2hex(mhash(MHASH_SHA256, $hash)));
if ($liberty_currency == "EUR") { $currency = "LREUR"; } else { $currency = "LRUSD"; }
###
$merchantCurrency = $liberty_currency;
$bill->merchantmoney = ($bill->money_host+$bill->money_domain+$bill->money_addons+$bill->money_shop+$bill->money) * GetCurrencyKoeficientByCode($merchantCurrency);
$bill->merchantmoney = $bill->merchantmoney + ($bill->merchantmoney/100)*$payy->small1; $bill->merchantmoney = round($bill->merchantmoney,2);
###
if (!$lr_merchant_ref) { $error_msg = "Отсутствует номер счета биллинг-системы."; }
else if (!$bill->id) { $error_msg = "Счет # $lr_merchant_ref не найден."; }
else if (floatval($lr_amnt) < $bill->merchantmoney) { $error_msg = "Неправильная сумма оплаты. Сумма счета в биллинге $bill->merchantmoney."; }
else if ($currency != $lr_currency) { $error_msg = "Неправильная валюта платежа. Валюта платежа в биллинге $currency."; }
else if ($lr_paidto != $liberty_id) { $error_msg = "Неправильный ID магазина."; }
else if ($lr_store != $liberty_store) { $error_msg = "Неправильный Store магазина."; }
else if (strtolower($lr_encrypted) != strtolower($hash)) { $error_msg = "Неправильная контрольная подпись."; }
else {
MakeBillPayed($bill->id,1,"LibertyReserve Merchant (transfer $lr_transfer, paidby $lr_paidby)");
mclose();
exit;
}
$manager_email=GetSetting('manager_email');
$msg = "Автоматическая оплата через LibertyReserve Merchant отклонена биллинг-системой по причине:nn$error_msgnn$inputnnMD5 by RootPanel: $hashnnIP: $ipnn--nRootPanel";
$subject = "Ошибка автоматической оплаты [LibertyReserve]";
$admEmails=GetAdminEmailsWhereTrueParam("senderror");
if (count($admEmails) > 0) {
WriteMailLog($subject,$msg);
}
while (list($i,$em) = @each($admEmails)) {
sendmail($em,'',$manager_email,$subject,$msg);
}
mclose();
}
?>