Файл: online_yandex.php
Строк: 215
<?
$full_home_path = dirname(__FILE__);
require_once($full_home_path."/_rootload.php");
define('YANDEX_PATH', $full_home_path.'/_rootinc/yandex');
require_once($full_home_path.'/_rootinc/yandex/YandexMoney.php');
mconnect();
EnableLanguages();
if ($do == "getToken" and $payid) {
$payid = intval($payid);
$payy = GetPaymentSystemById($payid);
if ($payy->id) {
$domain = getenv('HTTP_HOST');
$domain = preg_replace("/^www./ui","",$domain);
setcookie("yandexPaySystemId", $payid, 0, "/", ".".$domain);
$yandex_client_id = $payy->text2;
$yandex_redirect_uri = $payy->text3;
$yandex_client_secret = $payy->text4;
$authUri = YandexMoneyNew::authorizeUri($yandex_client_id, $yandex_redirect_uri, "operation-details");
mclose();
Header('Location: ' . $authUri);
exit;
} else {
print "Error: no pay_system ID # $payid found";
mclose();
exit;
}
}
else if ($code) {
$payid = intval($_COOKIE["yandexPaySystemId"]);
$payy = GetPaymentSystemById($payid);
if ($payy->id) {
$yandex_client_id = $payy->text2;
$yandex_redirect_uri = $payy->text3;
$yandex_client_secret = $payy->text4;
$ym = new YandexMoneyNew($yandex_client_id);
$receiveTokenResp = $ym->receiveOAuthToken($code, $yandex_redirect_uri, $yandex_client_secret);
if ($receiveTokenResp->isSuccess()) {
$token = $receiveTokenResp->getAccessToken();
@mysql_query("update pay_systems set text5='$token' where id='$payid'") or die("File: ".__FILE__."<BR>Line: ".__LINE__."<BR>MySQL Error: ".mysql_error());
mclose();
Header("Location: ".$full_www_path.$admin_script."?do=money&sub=edit&id=".$payid);
exit;
} else {
print "Error: " . $receiveTokenResp->getError();
mclose();
exit;
}
} else {
print "Error: no pay_system ID # $payid found";
mclose();
exit;
}
}
$input = '';
foreach ($_POST as $field=>$value) {
$input .= $field." ".$value."n";
}
$input = "Входящие параметры:nn$input";
if (getenv("REQUEST_METHOD") != "POST") {
mconnect();
$manager_email=GetSetting('manager_email');
$msg = "С IP-адреса $ip произошло обращение к скрипту online_yandex.php по GET-протоколу.nnБудьте внимательны, т.к. возможно кто-то пытается взломать систему.nn$inputnn--nRootPanel";
$subject = "Возможная попытка взлома билинга [Yandex]";
$admEmails=GetAdminEmailsWhereTrueParam("senderror");
if (count($admEmails) > 0) {
WriteMailLog($subject,$msg);
}
while (list($i,$em) = @each($admEmails)) {
sendmail($em,'',$manager_email,$subject,$msg);
}
mclose();
exit;
}
if ($operation_id) {
$payy = @mysql_query("select * from pay_systems where type='yandex' and NOT(text5='') and NOT(text2='') and active='1'") or die("File: ".__FILE__."<BR>Line: ".__LINE__."<BR>MySQL Error: ".mysql_error());
$payy = @mysql_fetch_object($payy);
if (!$payy->id) { $error_msg = "Не удалось найти активную платежную систему yandex с не пустым значением для AccessToken."; }
else if (!$operation_id) { $error_msg = "Отсутствует значение operation_id."; }
else {
$yandex_client_id = $payy->text2;
$yandex_redirect_uri = $payy->text3;
$yandex_client_secret = $payy->text4;
$yandex_access_token = $payy->text5;
$yandex_notify_secret = $payy->text6;
$hash = sha1($_POST["notification_type"]."&".$_POST["operation_id"]."&".$_POST["amount"]."&".$_POST["currency"]."&".$_POST["datetime"]."&".$_POST["sender"]."&".$_POST["codepro"]."&".$yandex_notify_secret."&".$_POST["label"]);
$ym = new YandexMoneyNew($yandex_client_id);
try {
$resp = $ym->operationDetail($yandex_access_token, $operation_id);
} catch (Exception $e) {
$error_msg = $e;
}
if (!$error_msg) {
if (!$resp->isSuccess()) { $error_msg = $resp->getError(); }
else {
$res[message] = $resp->getMessage();
$res[details] = $resp->getDetails();
if (preg_match("/(d{4,})s*$/ui",$res[message],$arr)) { $billid = $arr[1]; }
else if (preg_match("/(d{4,})s*$/ui",$res[details],$arr)) { $billid = $arr[1]; }
$bill = GetBillById($billid);
##################
$merchantCurrency = "RUB";
$bill->merchantmoney = ($bill->money_host+$bill->money_domain+$bill->money_addons+$bill->money_shop+$bill->money) * GetCurrencyKoeficientByCode($merchantCurrency);
$bill->merchantmoney = $bill->merchantmoney + ($bill->merchantmoney/100)*$payy->small1; $bill->merchantmoney = round($bill->merchantmoney,2);
##################
$amount = $amount + $amount*0.05; $amount = ceil($amount);
if (!$billid) { $error_msg = "Не удалось найти номер счета в примечании к платежу."; }
else if (!$bill->id) { $error_msg = "Счет # $billid не найден."; }
else if ($amount < $bill->merchantmoney) { $error_msg = "Неправильная сумма оплаты. Сумма счета в биллинге $bill->merchantmoney."; }
else if ($test_notification) { $error_msg = "Тестовый режим работы"; }
else if ($sha1_hash != $hash) { $error_msg = "Неправильная контрольная подпись."; }
else {
MakeBillPayed($bill->id,1,"Yandex Merchant ($sender)");
mclose();
exit;
}
}
}
}
ob_start();
var_export($payy);
$payyDump = ob_get_clean();
ob_start();
var_export($resp);
$respDump = ob_get_clean();
$manager_email=GetSetting('manager_email');
$msg = "Автоматическая оплата через Yandex Merchant отклонена биллинг-системой по причине:nn$error_msgnn$inputnnSHA1 Hash by RootPanel:n$hashnnpayyDump:n$payyDumpnnrespDump:n$respDumpnnIP: $ipnn--nRootPanel";
$subject = "Ошибка автоматической оплаты [Yandex]";
$admEmails=GetAdminEmailsWhereTrueParam("senderror");
if (count($admEmails) > 0) {
WriteMailLog($subject,$msg);
}
while (list($i,$em) = @each($admEmails)) {
sendmail($em,'',$manager_email,$subject,$msg);
}
mclose();
}
?>