Файл: DARK WARS/callback.php
Строк: 58
<?php
$secret = 'dark-war';
if (isset($_POST['sms_body']) AND ! empty($_POST['sms_body']))
{
$sms_id = htmlspecialchars($_POST['sms_id']);
$sms_body = htmlspecialchars($_POST['sms_body']);
$site_service_id = htmlspecialchars($_POST['site_service_id']);
$user_num = htmlspecialchars($_POST['user_num']);
$num = htmlspecialchars($_POST['num']);
$operator_id = htmlspecialchars($_POST['operator_id']);
$sms_price = htmlspecialchars($_POST['sms_price']);
$secret_key = htmlspecialchars($_POST['secret_key']);
$check = md5($sms_id.$sms_body.$site_service_id.$operator_id.$num.$sms_price.$secret);
if ($check != $secret_key)
{
echo "sms_id:".$sms_id."n";
echo "response:Kontrol'naya summa ne soshlas $check n";
echo "error:1";
die;
}
require_once 'fnc.php';
//находим id юзера. Разделитель в смс знак +
$uid = substr($sms_body, strpos($sms_body, '+') + 1);
$uid = trim(str_replace(array(chr(10), chr(13), 'id'), '', $uid));
$result = @mysql_query("
INSERT INTO `incoming`
(
`uid`,
`sms_id`,
`sms_body`,
`site_service_id`,
`user_num`,
`num`,
`pay_state`,
`time`
)
VALUES
(
".$uid.",
".$sms_id.",
'".$sms_body."',
".$site_service_id.",
".$user_num.",
".$num.",
'inserted',
".time()."
);
");
$parse = parse_ini_file('smsbill.ini', TRUE);
$list = array();
foreach ($parse as $c => $value)
{
foreach ($value as $k => $v)
{
if ($k == 'info' OR $k == 'prefix')
{
continue;
}
list($price, $coint) = explode(',', $v);
$list[str_replace('n_', '', $k)] = $coint;
}
}
echo "sms_id:".$sms_id."n";
echo "response:Vam nachisleno ".$list[$num]." $n";
echo "error:0";
}
// Проверка статуса платежа
if (isset($_POST['status']))
{
require_once 'fnc.php';
if ($_POST['status'] == '1')
{
$res = @mysql_query("
SELECT *
FROM `incoming`
WHERE `sms_id`=".mysql_real_escape_string($_POST['sms_id'])."
AND `site_service_id`=".mysql_real_escape_string($_POST['site_service_id']).";"
);
$arr = mysql_fetch_assoc($res);
if( ! empty($arr))
{
reset ($arr);
while (list($key, $value) = each ($arr)) $arr[$key] = mysql_escape_string($value);
}
else
{
exit("Нет sms для которого пришел статус");
}
$parse = parse_ini_file('smsbill.ini', TRUE);
$list = array();
foreach ($parse as $c => $value)
{
foreach ($value as $k => $v)
{
if ($k == 'info' OR $k == 'prefix')
{
continue;
}
list($price, $coint) = explode(',', $v);
$list[str_replace('n_', '', $k)] = $coint;
}
}
@mysql_query("
UPDATE `dark_war_users`
SET `crystal`=`crystal`+".$list[$arr['num']]."
WHERE `id`=".$arr['uid']." LIMIT 1;
");
@mysql_query("
UPDATE `incoming`
SET `pay_state`='payed'
WHERE `sms_id`=".mysql_real_escape_string($_POST['sms_id']).";
");
}
else
{
@mysql_query("
UPDATE `incoming`
SET `pay_state`='not_payed'
WHERE `sms_id`=".mysql_real_escape_string($_POST['sms_id']).";
");
}
}