Файл: zfarm.mobi/worldkassa/result.php
Строк: 69
<?
include_once 'config.php';
include_once '../inc/system/start_sess.php';
if (isset($_POST['id_shop']) && is_numeric($_POST['id_shop']) && isset($_POST['id_bill']) && is_numeric($_POST['id_bill']) && isset($_POST['summa']) && is_numeric($_POST['summa']) && isset($_POST['hash']))
{
$sql=mysql_query("SELECT * FROM `worldkassa` WHERE `id_bill` = '".$_POST['id_bill']."'");
if (mysql_num_rows($sql)>0)
{
$data=mysql_fetch_assoc($sql);
if ($_POST['summa']<$data['summa'])
{
//Можно поставить уведомление на подмену суммы пополнения
}
elseif($_POST['hash']!=md5($hash.$id_shop.$_POST['id_bill'].$_POST['summa']))
{
//Можно поставить уведомление, что не совпал хеш
}
else
{
if ($data['type']=='1')
{
foreach($cena_gold as $gold=>$summa)
{
if ($summa==$data['summa'])mysql_query("UPDATE `kolhoz_user` SET `money` = `money`+".$gold." WHERE `id` = '".$data['id_user']."'");
}
}
elseif($data['type']=='2')
{
foreach($cena_rubin as $rubin=>$summa)
{
$banks = mysql_fetch_array(mysql_query("SELECT * FROM `kolhoz_collective_user` WHERE `id_user` = '".$data['id_user']."'"));
$bank = mysql_fetch_array(mysql_query("SELECT * FROM `kolhoz_collective` WHERE `id` = '".intval($banks['id_collective'])."'"));
$usering = mysql_fetch_array(mysql_query("SELECT * FROM `kolhoz_user` WHERE `id` = '".$data['id_user']."'"));
$user = $rubin;
$rubies = $user/100;
$Rbank = $rubies*($bank['bank']*5);
$Raction = $rubies*150;
$ogran = $user;
$action =mysql_fetch_array(mysql_query("SELECT * FROM `action` WHERE `id` = '1';"));
if($usering[flowerbed]==11)$Rbanks = $rubies*50;
if($usering[flowerbed]>11)$Rbanks = $rubies*100;
if($usering[flowerbed]<11)$Rbanks = 0;
$summa1 = $user+$Raction+$Rbank+$Rbanks;
$time=time();
$time=time();
$collective = $rubin+($rubin*2);
if ($summa==$data['summa'] && $action['action']==5)mysql_query("INSERT INTO `kolhoz_collective_cash` SET `id_user` = '".$data['id_user']."', `id_collective` = '$bank[id]', `type` = 'rubies', `time` = '$time', `count` = '$collective'");
if ($summa==$data['summa'] && $action['action']==5)mysql_query("UPDATE `kolhoz_collective` SET `rubies` = '".($bank['rubies']+$collective)."' WHERE `id` = '$bank[id]'");
if ($summa==$data['summa'] && $action['action']==1)mysql_query("UPDATE `kolhoz_user` SET `action` = '1' WHERE `id` = '".$data['id_user']."'");
if ($summa==$data['summa'] && $action['action']==2)mysql_query("UPDATE `kolhoz_user` SET `action` = '2' WHERE `id` = '".$data['id_user']."'");
if ($summa==$data['summa'] && $action['action']==3)mysql_query("UPDATE `kolhoz_user` SET `action` = '3' WHERE `id` = '".$data['id_user']."'");
if ($summa==$data['summa'] && $action['action']==4)mysql_query("UPDATE `kolhoz_user` SET `rubies` = `rubies`+'250' WHERE `id` = '".$data['id_user']."'");
if ($summa==$data['summa'])mysql_query("UPDATE `kolhoz_user` SET `rubies` = `rubies`+".$summa1." WHERE `id` = '".$data['id_user']."'");
if ($summa==$data['summa'])mysql_query("INSERT INTO `info_user` SET `id_user` = '".$data['id_user']."', `status` = '+', `many` = '$summa1', `kuda` = 'покупка рубинов', `time` = '$time'");
if ($summa==$data['summa'])mysql_query("UPDATE `kolhoz_user` SET `ogran` = `ogran`+".$summa1." WHERE `id` = '".$data['id_user']."'");
if ($summa==$data['summa'])mysql_query("INSERT INTO `kolhoz_mail` SET `id_user` = '".$data['id_user']."', `id_kont` = '0', `msg` = 'На ваш счет поступил платеж $rubin рубинов
Бонус за клумбу: $Rbanks
Бонус за банк: $Rbank
Бонус за акцию: $Raction
Всего: $summa1
', `time` = '$time', `type` = 'to'");
}
}
mysql_query("UPDATE `worldkassa` SET `time_oplata` = '".time()."' WHERE `id` = '".$data['id']."'");
}
}
}
?>