Файл: price.php
Строк: 40
<?
$time = date("H:i d.m.y");
session_start();
$db_host = "localhost";
$db_user = "honer235_darkmob";
$db_table = "honer235_darkmob";
$db_pass = "dadada";
$connect = @ mysql_pconnect($db_host, $db_user, $db_pass) or die('cannot connect to server');
@ mysql_select_db($db_table) or die('cannot connect to db');
@ mysql_query("SET NAMES 'utf8'", $connect);
// Подготавливаем параметры
$request['command']='calculate';
$request['project']='6752';
$request['sum']=10;
$request['userip']='94.103.26.178';
// Формируем подпись
$md5='7T_H+f>R(>U2_6#KB8=b.||';
foreach ($request as $value) {
$md5.= $value;
}
$request['md5'] = md5($md5.$secret_key);
// Формируем строку запроса
$url = 'https://secure.xsolla.com/api/mobile/payment/?';
foreach ($request as $key => $value) {
$url.=$key . '=' . urlencode($value) . '&';
}
$url = rtrim($url, '&');
if(isset($_GET[command])){
if($_GET[command]==check){
echo"<response>
<result>0</result>
</response>";
}
if($_GET[command]==pay){
$action=on;
$id = mysql_query("SELECT * FROM `price` WHERE `id`='$_GET[id]'");
$avto=mysql_num_rows($id);
$_GET[v1] = htmlspecialchars(stripslashes(addslashes($_GET['v1'])));
if($avto==0){$sum=$_GET[sum];
mysql_query("INSERT INTO `price` SET `id`='$_GET[id]',`sum`='".mysql_real_escape_string($_GET[sum])."', `v1`='$_GET[v1]'");
if($action=="on"){$_GET[sum]=$_GET[sum]*2;}
$text="Вы оплатили счет и получили $_GET[sum] алмазов!";
$usr = mysql_query("SELECT * FROM `users` WHERE `usr`='$_GET[v1]'");
$data = mysql_fetch_array($usr);
mysql_query("UPDATE `users` SET `almaz` = '$data[almaz]'+'$_GET[sum]' WHERE `usr` = '$_GET[v1]' LIMIT 1") or die (mysql_error());
mysql_query("INSERT INTO `msg_r` SET `user_from` = 'Обработчик платежей', `user_to` = '$_GET[v1]', `time` = '$time', `read` = 1, `mail_msg` = '$text'") or die (mysql_error());
}else{
if($action=="on"){$_GET[sum]=$_GET[sum]*2;}
$text="Вы оплатили счет и получили $_GET[sum] алмазов!";
$v=htmlspecialchars(stripslashes(addslashes($_GET['v1'])));
$usr = mysql_query("SELECT * FROM `users` WHERE `usr`='$v'") or die (mysql_error());
$data = mysql_fetch_array($usr);
mysql_query("UPDATE `users` SET `almaz` = '$data[almaz]'+'$_GET[sum]' WHERE `usr` = '$v' LIMIT 1") or die (mysql_error());
mysql_query("INSERT INTO `msg_r` SET `user_from` = 'Обработчик платежей', `user_to` = '$v', `time` = '$time', `read` = 1, `mail_msg` = '$text'") or die (mysql_error());
$pri = mysql_fetch_array($id);
$sum=$pri[sum];
}
$req = mysql_query("SELECT * FROM `price` WHERE `id`='0' and `sum`='0'");
$price = mysql_fetch_array($req);
mysql_query("UPDATE `price` SET `id_shop`='$price[id_shop]'+'1' WHERE `id`='0' and `sum`='0'");
$req = mysql_query("SELECT * FROM `price`");
$price = mysql_fetch_array($req);
echo"<response>
<id>$_GET[id]</id> <id_shop>$price[id_shop]</id_shop> <sum>$sum</sum> <result>0</result>
</response>";
}
}
//http://darkmob.ru/price.php?command=pay&id=100009&v1=Admin&date=2012-05-18+15%3A45%3A26&sum=1&md5=c33eb2b92c7bcb02bc6ce0d9da082877//
?>