Файл: vkolhoze.com/xsolla/handler.php
Строк: 134
<?php
$isAllowed = checkIP($_SERVER['REMOTE_ADDR']);
function checkIP ($ip){
$allowedIP = array("94.103.26.178","94.103.26.181");
if ($ip == $allowedIP[0] || $ip = $allowedIP[1]){
return 1;
}
}
$db = mysql_connect ("localhost","bestkolhozbase","zx78op00998877");
mysql_select_db ("bestkolhoz",$db);
$sicret = "9GQrY4rH4sLUWpPG";
$v1 = $_GET['v1'];
$command = $_GET['command'];
$md5 = $_GET['md5'];
$sum = $_GET['sum'];
$id = $_GET['id'];
$date = $_GET['date'];
$check = check_nickname($v1);
if ($command == "check" && $isAllowed) {
if ($check && $md5 == md5($command.$v1.$sicret)) {
$code = '0';
$comment = 'Успешно';
echo '<?xml version="1.0" encoding="utf-8"?>
<response>
<result>'. $code .'</result>
</response>';
}
else {
$code = '7';
$comment = 'Аккаунт заблокирован';
echo '<?xml version="1.0" encoding="utf-8"?>
<response>
<result>'. $code .'</result>
<comment>'. $comment .'</comment>
</response>';
}
}
function check_nickname($nick)
{
if ($nick == '') {
return 0;
}
$myrow = mysql_query ("SELECT * FROM kolhoz_user WHERE nick = '$nick'");
$num_rows = mysql_num_rows($myrow);
if ($num_rows > 0 ) {
return 1;
} else {
return 0;
}
}
$paymentId = pay($v1,$sum,$id);
if ($command == "pay") {
if ($paymentId) {
$code = '0'; // valid transaction id
} else {
$code = '4'; //invalid request (invalid transaction id)
$comment = 'Invalid format of request';
echo '<?xml version="1.0" encoding="windows-1251"?>
<response>
<id>'. $id .'</id>
<id_shop>'. $paymentId .'</id_shop>
<sum>'. $sum .'</sum>
<result>'. $code .'</result>
<comment>'. $comment .'</comment>
</response>';
return 1;
}
if ($check && $paymentId && $md5 == md5($command.$v1.$id.$sicret) && $isAllowed ) {
echo '<?xml version="1.0" encoding="windows-1251"?>
<response>
<id>'. $id .'</id>
<id_shop>'. $paymentId .'</id_shop>
<sum>'. $sum .'</sum>
<result>0</result>
</response>';
}
else
{
echo '<?xml version="1.0" encoding="windows-1251"?>
<response>
<id>'. $id .'</id>
<id_shop>'. $paymentId .'</id_shop>
<sum>'. $sum .'</sum>
<result>5</result>
<comment>Другая ошибка</comment>
</response>';
}
}
function pay($v1,$sum,$id)
{
$result = mysql_query("SELECT euro FROM kolhoz_user WHERE nick='".$v1."'");
$balls = mysql_fetch_array ($result);
$num_rows = mysql_num_rows($result);
if ($num_rows > 0 )
{
mysql_query("UPDATE `kolhoz_user` SET `euro` = '".($balls['rubies']+$sum)."' WHERE `nick` = '$v1'");
mysql_query ("INSERT INTO xsolla_billing (invoice,v1,currency,date,canceled) VALUES ('$id','$v1','$sum','$date','0')");
mysql_query ("INSERT INTO xsolla_shop (id,v1,sum) VALUES ('$id','$v1','$sum')");
$result3 = mysql_query("SELECT id_shop FROM xsolla_shop WHERE id='$id'");
$paymentId = mysql_fetch_array ($result3);
return $paymentId['id_shop'];
}
}
$cancelResult = cancel($id);
if ($command == "cancel") {
if ($check && $cancelResult && $md5 == md5($command.$id.$sicret) && $isAllowed )
{
echo '<xml version="1.0" encoding="windows-1251">
<response>
<result>0</result>
</response>';
}
else
{
echo '<xml version="1.0" encoding="windows-1251">
<response>
<result>2</result>
<comment>this payment ID does not exist</comment>
</response>';
}
}
function cancel ($id)
{
$result = mysql_query("SELECT currency,v1 FROM xsolla_billing WHERE invoice='$id'");
$amount = mysql_fetch_array ($result);
$num_rows = mysql_num_rows($result);
if ($num_rows > 0 )
{
$result2 = mysql_query("SELECT euro FROM kolhoz_user WHERE nick='".$amount['v1']."'");
$balls = mysql_fetch_array ($result2);
mysql_query ("UPDATE xsolla_billing SET canceled='1',date_cancel='$date' WHERE invoice ='$id'");
return 1;
}
}
?>