Файл: online_perfectmoney.php
Строк: 137
<?
$full_home_path = dirname(__FILE__);
require_once($full_home_path."/_rootload.php");
# PAYEE_ACCOUNT Same value sent by merchant system
# PAYMENT_ID Same value sent by merchant system, or “NULL” if not sent by merchant.
# PAYMENT_AMOUNT Same value sent by merchant system
# PAYMENT_UNITS Same value sent by merchant system
# PAYMENT_BATCH_NUM The PerfectMoney® payment transaction Batch Number (32 bit nonzero positive integer)
# PAYER_ACCOUNT The Buyer’s PerfectMoney® Account number
# TIMESTAMPGMT A time tag of when the transaction took place on the PerfectMoney system. It delivered as the number of seconds since January 1, 1970 GMT (Greenwich Mean Time).
# V2_HASH 128 bit MD5 message digest value (formatted as 32 uppercase hex digits)
$input = '';
foreach ($_POST as $field=>$value) {
$input .= $field." ".$value."n";
}
$input = "Входящие параметры:nn$input";
if (getenv("REQUEST_METHOD") != "POST") {
mconnect();
$manager_email=GetSetting('manager_email');
$msg = "С IP-адреса $ip произошло обращение к скрипту online_perfectmoney.php по GET-протоколу.nnБудьте внимательны, т.к. возможно кто-то пытается взломать систему.nn$inputnn--nRootPanel";
$subject = "Возможная попытка взлома билинга [PerfectMoney]";
$admEmails=GetAdminEmailsWhereTrueParam("senderror");
if (count($admEmails) > 0) {
WriteMailLog($subject,$msg);
}
while (list($i,$em) = @each($admEmails)) {
sendmail($em,'',$manager_email,$subject,$msg);
}
mclose();
exit;
}
if ($PAYEE_ACCOUNT) {
mconnect();
EnableLanguages();
$bill = GetBillById(intval($PAYMENT_ID));
$payy = GetPaymentSystemById($bill->paymentSystemId);
$perfect_pass = decodePwd($payy->pass1);
$string = $PAYMENT_ID.":".$PAYEE_ACCOUNT.":".$PAYMENT_AMOUNT.":".$PAYMENT_UNITS.":".$PAYMENT_BATCH_NUM.":".$PAYER_ACCOUNT.":".strtoupper(md5($perfect_pass)).":".$TIMESTAMPGMT;
###
$merchantCurrency = "USD";
$merchantNacenka = $payy->small1;
$bill->merchantmoney = ($bill->money_host+$bill->money_domain+$bill->money_addons+$bill->money_shop+$bill->money) * GetCurrencyKoeficientByCode($merchantCurrency);
$bill->merchantmoney = $bill->merchantmoney + ($bill->merchantmoney/100)*$merchantNacenka; $bill->merchantmoney = round($bill->merchantmoney,2);
###
if (!$PAYMENT_ID) { $error_msg = "Отсутствует номер счета биллинг-системы."; }
else if (!$bill->id) { $error_msg = "Счет # $PAYMENT_ID не найден."; }
else if (floatval($PAYMENT_AMOUNT) < $bill->merchantmoney) { $error_msg = "Неправильная сумма оплаты. Сумма счета в биллинге $bill->merchantmoney."; }
else if ($PAYEE_ACCOUNT != $payy->text1) { $error_msg = "Неправильный кошелек продавца."; }
else if (strtoupper($V2_HASH) != strtoupper(md5($string))) { $error_msg = "Неправильная контрольная подпись."; }
else {
MakeBillPayed($bill->id,1,"PerfecMoney Merchant ($PAYER_ACCOUNT)");
mclose();
exit;
}
$manager_email=GetSetting('manager_email');
$msg = "Автоматическая оплата через PerfectMoney Merchant отклонена биллинг-системой по причине:nn$error_msgnn$inputnnMD5 by RootPanel: ".strtoupper(md5($string))."nnIP: $ipnn--nRootPanel";
$subject = "Ошибка автоматической оплаты [PerfectMoney]";
$admEmails=GetAdminEmailsWhereTrueParam("senderror");
if (count($admEmails) > 0) {
WriteMailLog($subject,$msg);
}
while (list($i,$em) = @each($admEmails)) {
sendmail($em,'',$manager_email,$subject,$msg);
}
mclose();
}
?>