Файл: wmz/core.php
Строк: 170
<?php
require_once("config.php");
//Не меняйте это!
//Используется для отображения валюты заказа при оповещении через электронную почту
static $CURRENCY_NAMES = array(2=>"WMR", 3=>"WMZ", 6=>"WMU", 7=>"WME");
static $STATUS_ORDER_RECEIVED = 0;//заказ получен, но еще недоставлен
static $STATUS_ORDER_DELIVERED = 1;//заказ доставлен
$orderId = null;
$sellerProductId = null;
$productCount = null;
$orderHash = null;
$customer = null;
$amount = null;
$currency = null;
function openOrdersDBConnection()
{
global $SQL_SERVER_ORDERS;
openSQLConnection($SQL_SERVER_ORDERS);
}
function logOrder()
{
openOrdersDBConnection();
global $orderId, $sellerProductId, $amount, $currency, $productCount, $customer;
$orderIdSQL = mysql_real_escape_string($orderId);
$query = "select 1 from nextpay_orders where order_id = '$orderIdSQL'";
$res = mysql_query($query) or die(mysql_error());
if(mysql_num_rows($res) == 0)
{
$sellerProductIdSQL = 'NULL';
if($sellerProductId != null)
{
$sellerProductIdSQL = mysql_real_escape_string($sellerProductId);
$sellerProductIdSQL = "'$sellerProductIdSQL'";
}
$amountSQL = mysql_real_escape_string($amount);
$currencySQL = mysql_real_escape_string($currency);
$customerSQL = 'NULL';
if($customer != null)
{
$customerSQL = mysql_real_escape_string($customer);
$customerSQL = "'$customerSQL'";
}
$productCountSQL = mysql_real_escape_string($productCount);
global $STATUS_ORDER_RECEIVED;
$status = $STATUS_ORDER_RECEIVED;
$query = "insert into nextpay_orders
(order_id,
date_created,
last_modified,
product_id,
amount,
currency,
product_count,
customer,
status)";
$query .= " values(
'$orderIdSQL',
now(),
now(),
$sellerProductIdSQL,
'$amountSQL',
'$currencySQL',
'$productCountSQL',
$customerSQL,
$status)";
mysql_query($query) or die(mysql_error());
//////////////////////////////////////////////////
$query = "SELECT * FROM `table1` WHERE `ID`=$customerSQL" ;
$sql1 = mysql_query($query) or die(mysql_error()) ;
$row = mysql_fetch_assoc($sql1) ;
$d=$productCountSQL*250;
$da=date('n');
if($row['partner']>0){
mysql_query("INSERT INTO `partner_cent` (
`id` ,
`cent` ,
`mons`
)
VALUES (
'".$row['partner']."', '$d', '$da'
);");
}
$dop=$d*0.2+$row['dop_cent'];
$cent=$row['cent']+$d*1.2;
mysql_query("UPDATE `table1` set `cent`='$cent',`dop_cent`='$dop' where `ID`=$customerSQL limit 1");
}
mysql_close();
}
function isOrderDelivered($orderId)
{
openOrdersDBConnection();
global $STATUS_ORDER_DELIVERED;
$orderIdSQL = mysql_real_escape_string($orderId);
$query = "select 1 from nextpay_orders where order_id='$orderIdSQL' and status=$STATUS_ORDER_DELIVERED";
$res = mysql_query($query) or die(mysql_error());
$ret = mysql_num_rows($res) != 0;
mysql_close();
return $ret;
}
function getCurrencyName($id)
{
global $CURRENCY_NAMES;
$array = $CURRENCY_NAMES;
if(array_key_exists($id, $array))
{
return $array[$id];
}
else
{
return "";
}
}
function openSQLConnection($data)
{
$db_host = $data["host"];
$db_user = $data["login"];
$db_pass = $data["pass"];
$db_name = $data["db"];
mysql_connect($db_host, $db_user, $db_pass) or die(mysql_error());
mysql_select_db($db_name) or die(mysql_error());
}
function sendNotificationEmail($message)
{
global $SEND_NOTIFICATION_BY_EMAIL;
if($SEND_NOTIFICATION_BY_EMAIL)
{
global $EMAIL_FROM_ADDRESS;
global $EMAIL_ADDRESS;
global $EMAIL_SUBJECT;
$headers = 'From: '.$EMAIL_FROM_ADDRESS.'' . "rn" .
'Reply-To: '.$EMAIL_FROM_ADDRESS.'' . "rn" .
'X-Mailer: PHP/' . phpversion();
$orderId = readParam("order_id");
$amount = readParam("profit");
$customer = readParam("character");
$count = readParam("product_count");
$currencyId = readParam("volute");
$currencyName = getCurrencyName($currencyId);
$msg =
"ID заказа: $orderId
Валюта: $currencyName
Сумма: $amount
Покупатель: $customer
Кол-во товара: $count
Статус: $message";
mail($EMAIL_ADDRESS, $EMAIL_SUBJECT, $msg, $headers);
}
}
function error($msg)
{
echo "Ошибка при обработке. $msg";
sendNotificationEmail($msg);
die();
}
function readParam($paramName)
{
$ret = null;
if(isset($_REQUEST[$paramName]))
{
$ret = $_REQUEST[$paramName];
}
return $ret;
}
function process()
{
global $orderId, $sellerProductId, $productCount, $orderHash, $customer, $amount, $currency, $SECRET_KEY;
$orderId = readParam("order_id");
if($orderId == null)
{
error("Не передан ID заказа");
}
$orderId = intval($orderId);
$sellerProductId = readParam("seller_product_id");
$productCount = readParam("product_count");
if($productCount == null)
{
error("Не передано количество продукта");
}
$productCount = intval($productCount);
if($productCount <= 0)
{
error("Неверное значение параметра "количество продукта"");
}
$orderHash = readParam("hash");
if($orderHash == null)
{
error("Не передана контрольная сумма заказа");
}
$amount = readParam("profit");
if($amount == null)
{
error("Не передана стоимость заказа");
}
if($amount < 0)
{
error("Неверное значение параметра "стоимость заказа"");
}
$currency = readParam("volute");
if($currency == null)
{
error("Не передана валюта заказа");
}
$currency = intval($currency);
$customer = readParam("character");
//Проверка контрольной суммы
$hash = "$orderId$sellerProductId$productCount$amount$currency$SECRET_KEY";
$hash = sha1($hash);
if(!eregi($hash, $orderHash))
{
error("Контрольные суммы не совпадают");
}
if(isOrderDelivered($orderId))
{
error("Данный заказ уже доставлен");
}
logOrder();
$success = deliverOrder();
if($success)
{
onOrderDelivered($orderId);
}
}
function setOrderStatus($id, $status)
{
openOrdersDBConnection();
$id = mysql_real_escape_string($id);
$status = mysql_real_escape_string($status);
$query = "update nextpay_orders set status = '$status', last_modified=now() where order_id='$id'";
mysql_query($query) or die(mysql_error());
mysql_close();
}
function onOrderDelivered($id)
{
global $STATUS_ORDER_DELIVERED;
setOrderStatus($id, $STATUS_ORDER_DELIVERED);
echo "ok";
sendNotificationEmail("Заказ доставлен");
}
?>