Файл: weatut.ru/paywk/result.php
Строк: 36
<?
if (isset($_POST['WK_PAY_AMOUNT']) && isset($_POST['WK_PAY_TIME']) && isset($_POST['WK_PAY_HASH']))
{
include_once 'sett.php';
require_once ('../system/func.php');
$common_string = WK_ID.$_POST['WK_PAY_AMOUNT'].$_POST['WK_PAY_TIME'].WK_CODE;
$hash = strtoupper(hash("sha256",$common_string));
if($hash!=$_POST['WK_PAY_HASH']) exit('NO HACK!');
$summ = wk_summ($_POST['WK_PAY_AMOUNT']);
$id = abs(intval($_POST['WK_PAY_USER']));
$sql=mysql_query("SELECT * FROM `wapkassa` WHERE `id` = '".$id."' AND `wmr` = '".$summ."' LIMIT 1");
if (mysql_num_rows($sql)>0) {
$pay = mysql_fetch_assoc($sql);
$count = $pay['count'];
// есть ли на данное количество бонус - прибавляем его
if (isset($wk_bonus_gold[$count])) $count = $count + $wk_bonus_gold[$count];
$ank = mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE `id` = '".$pay['id_user']."' LIMIT 1"));
mysql_query("UPDATE `users` SET `gold` = `gold` + '".$count."', `limit_clan_gold` = `limit_clan_gold`+ '".$count."', `limit_clan_crystals` = `limit_clan_crystals` + '".($count*100)."'WHERE `id` = '".$ank['id']."' LIMIT 1");
mysql_query("UPDATE `users` SET `gold` = `gold` + '".ceil($pay['count']*25/100)."' WHERE `id` = '".$ank['id_partner']."' LIMIT 1");
// аукцион какой то Гг
if($auction == 1){
mysql_query("UPDATE `users` SET `auction` = `auction`+".$count." WHERE `id` = '".$ank['id']."' LIMIT 1");
}
mysql_query("UPDATE `wapkassa` SET `time_pay` = '".time()."' WHERE `id` = '".$id."' LIMIT 1");
exit('YES');
}
exit('ERROR');
}
?>