Файл: 4wx.ru/scripts/kassa/webmoney/result.php
Строк: 27
<?
include_once $_SERVER['DOCUMENT_ROOT'] .'/sys/fnc.php';
//mysql_query("INSERT INTO `history_money` (`user`, `money`, `mp`, `usl`, `time`) values('$user[id]', '".sprintf("%.02f",$_POST[LMI_PAYER_PURSE])."', '1', 'test', '".time()."')");
if ($_POST['LMI_PREREQUEST'] == 1)
{
if(trim($_POST['LMI_PAYEE_PURSE']) != "R309278991243")
{ ///Ваш кош
echo "ERR:НЕВЕРНЫЙ КОШЕЛЕК ".$_POST['LMI_PAYEE_PURSE'];
exit;
}
echo 'YES';
}
else
{
$secret_key="qwghj2amkllpvaqtyuf";
$common_string = $_POST['LMI_PAYEE_PURSE'].$_POST['LMI_PAYMENT_AMOUNT'].$_POST['LMI_PAYMENT_NO'].$_POST['LMI_MODE'].$_POST['LMI_SYS_INVS_NO'].$_POST['LMI_SYS_TRANS_NO'].$_POST['LMI_SYS_TRANS_DATE'].$secret_key.$_POST['LMI_PAYER_PURSE'].$_POST['LMI_PAYER_WM'];
$hash = strtoupper(hash("sha256", $common_string));
/*ob_start();
print_r($GLOBALS);
$data = ob_get_clean();
$f = @fopen("dump.txt", "w");
fwrite($f, $data);
fclose($f);*/
if ($hash != $_POST['LMI_HASH']){echo "Ошибка";exit();}
// LMI_PAYMENT_AMOUNT
$user_id = intval($_POST['ID']);
$users = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '$user_id' LIMIT 1"));
$add_balance = $_POST['LMI_PAYMENT_AMOUNT'];
mysql_query("UPDATE `user` SET `balance` = '" . ($users['balance'] + $add_balance) . "' WHERE `id` = '$users[id]'");
mysql_query("UPDATE `user` SET `wmr` = `wmr`+".$add_balance." WHERE `id` = '".$users[id]."'");
mysql_query("INSERT INTO `history_money` (`user`, `money`, `mp`, `usl`, `time`) values('$users[id]', '".sprintf("%.02f",$add_balance)."', '1', 'Пополнил баланс', '".time()."')");
mysql_query("INSERT INTO `logs_bill` (`id_user`, `time`, `razd`, `text`) values('$users[id]', '".time()."', 'Пополнил счет на ".$add_balance." - ', 'Пользователь #ID - ".$users['id']." | WebmoneyMerchant')"); // Записуем лог
}
?>