Файл: vkolhoze.com/pay_rubi/myresult.php
Строк: 38
<?php
include_once '../inc/start_sess.php';
//if(!empty($_GET['wInvId']))echo'OK_'.(intval($_GET['wInvId'])).'';
if(!isset($_GET['type']))$_GET['type']='';
if($_GET['type']=="check"){
if(mysql_result(mysql_query("SELECT COUNT(*) FROM `kolhoz_user` WHERE `id` = '".intval($_GET['pay_for'])."' LIMIT 1"),0)==0){$code=2;$comm='User account doesn’t exist';}else{$code=0;$comm='OK';}
echo'<?xml version="1.0" encoding="UTF-8"?>
<result>
<code>'.$code.'</code>
<pay_for>'.(intval($_GET['pay_for'])).'</pay_for>
<comment>'.$comm.'</comment>
<md5>'.(htmlspecialchars(addslashes(stripslashes($_GET['md5'])))).'</md5>
</result>';}
if($_GET['type']=="pay"){
$balans=intval($_GET['balance_amount']);
$pays=mysql_fetch_array(mysql_query("SELECT * FROM `kolhoz_price` WHERE `id_user` = '".intval($_GET['pay_for'])."' "));
if(empty($pays['id_user'])){$comm='OK';
mysql_query("INSERT INTO `kolhoz_price` SET `id_user` = '".intval($_GET['pay_for'])."', `kol` = '$balans', `kol_all` = '$balans'") or die (mysql_error());
$order_id=mysql_insert_id();
}else{$comm='OK (существующая транзакция)';$order_id="$pays[id]";
mysql_query("UPDATE `kolhoz_price` SET `kol` = '$balans',`kol_all`='".($balans+$pays[kol_all])."' WHERE `id` = '".intval($_GET['pay_for'])."' ") or die (mysql_error());
}
echo'<?xml version="1.0" encoding="UTF-8"?>
<result>
<code>0</code>
<comment>'.$comm.'</comment>
<onpay_id>'.(intval($_GET['onpay_id'])).'</onpay_id>
<pay_for>'.(intval($_GET['pay_for'])).'</pay_for>
<order_id>'.$order_id.'</order_id>
<md5>'.(htmlspecialchars(addslashes(stripslashes($_GET['md5'])))).'</md5>
</result>';}
?>