Файл: vkolhoze.com/xsolla.php
Строк: 37
<?
include_once 'inc/start_sess.php';
error_reporting(E_ALL^E_NOTICE);
// Подготавливаем параметры
$request['command']='calculate';
$request['project']='8480';
$request['sum']=10;
$request['userip']='94.103.26.178';
// Формируем подпись
$md5='yDq}S+-q>O-s_M';
foreach ($request as $value) {
$md5.= $value;
}
$request['md5'] = md5($md5.$secret_key);
// Формируем строку запроса
$url = 'https://secure.xsolla.com/api/mobile/payment/?';
foreach ($request as $key => $value) {
$url.=$key . '=' . urlencode($value) . '&';
}
$url = rtrim($url, '&');
if(isset($_GET[command])){
if($_GET[command]==check){
echo"<response>
<result>0</result>
</response>";
}
if($_GET[command]==pay){
$action=off;
$time=time();
$id = mysql_query("SELECT * FROM `price` WHERE `id`='$_GET[id]'");
$avto=mysql_num_rows($id);
$_GET[v1] = htmlspecialchars(stripslashes(addslashes($_GET['v1'])));
if($avto==0){$sum=$_GET[sum];
mysql_query("INSERT INTO `price` SET `id`='$_GET[id]',`sum`='$_GET[sum]', `v1`='$_GET[v1]' ");
if($action=="on"){$_GET[sum]=$_GET[sum]*2;}
$usr = mysql_query("SELECT * FROM `kolhoz_user` WHERE `id`='$_GET[v1]'");
$data = mysql_fetch_array($usr);
mysql_query("UPDATE `kolhoz_user` SET `rubies` = '$data[rubies]'+'$_GET[sum]' WHERE `id` = '$_GET[v1]' LIMIT 1") or die (mysql_error());
$kol=intval($_GET[sum]);
$rest = substr("$kol", -1);
if($rest>=1){$tex="рубинов";}
if($kol>=21 and $rest==1){$tex="рубин";}
if($kol>=21 and $rest>=2 and $rest<=4){$tex="рубина";}
if($kol>=21 and $rest>=5){$tex="рубинов";}
if($rest==0){$tex="рубинов";}
$text="Вы оплатили счет и получили $kol $tex!";
mysql_query("INSERT INTO `kolhoz_mail` SET `id_user` = '$data[id]', `id_kont` = '1', `msg` = '$text', `time` = '$time', `type` = 'to'") or die (mysql_error());
}else{
if($action=="on"){$_GET[sum]=$_GET[sum]*2;}
$v=htmlspecialchars(stripslashes(addslashes($_GET['v1'])));
$usr = mysql_query("SELECT * FROM `kolhoz_user` WHERE `id`='$v'") or die (mysql_error());
$data = mysql_fetch_array($usr);
mysql_query("UPDATE `kolhoz_user` SET `rubies` = '$data[rubies]'+'$_GET[sum]' WHERE `id` = '$v' LIMIT 1") or die (mysql_error());
$kol=intval($_GET[sum]);
$rest = substr("$kol", -1);
if($rest>=1){$tex="рубинов";}
if($kol>=21 and $rest==1){$tex="рубин";}
if($kol>=21 and $rest>=2 and $rest<=4){$tex="рубина";}
if($kol>=21 and $rest>=5){$tex="рубинов";}
if($rest==0){$tex="рубинов";}
$text="Вы оплатили счет и получили $kol $tex!";
mysql_query("INSERT INTO `kolhoz_mail` SET `id_user` = '$data[id]', `id_kont` = '1', `msg` = '$text', `time` = '$time', `type` = 'to'") or die (mysql_error());
$pri = mysql_fetch_array($id);
$sum=$pri[sum];
}
$req = mysql_query("SELECT * FROM `price` WHERE `id`='0' and `sum`='0'");
$price = mysql_fetch_array($req);
mysql_query("UPDATE `price` SET `id_shop`='$price[id_shop]'+'1' WHERE `id`='0' and `sum`='0'");
$req = mysql_query("SELECT * FROM `price`");
$price = mysql_fetch_array($req);
echo"<response>
<id>$_GET[id]</id> <id_shop>$price[id_shop]</id_shop> <sum>$sum</sum> <result>0</result>
</response>";
}
}
//http://darkmob.ru/price.php?command=pay&id=100009&v1=Admin&date=2012-05-//18+15%3A45%3A26&sum=1&md5=c33eb2b92c7bcb02bc6ce0d9da082877//
?>