Файл: __system/payment/resultUrl.php
Строк: 26
<?
define('HOME',''.$_SERVER['DOCUMENT_ROOT'].'');
include HOME.'/__core/__PDO_connect.php';
include HOME.'/__core/__function.php';
$sekretKey = 'Webmoney KEy';
$hash = $_POST['LMI_PAYEE_PURSE'].$_POST['LMI_PAYMENT_AMOUNT'].$_POST['LMI_PAYMENT_NO'].$_POST['LMI_MODE'].$_POST['LMI_SYS_INVS_NO'].$_POST['LMI_SYS_TRANS_NO'].$_POST['LMI_SYS_TRANS_DATE'].$sekretKey.$_POST['LMI_PAYER_PURSE'].$_POST['LMI_PAYER_WM'];
$md5sum = strtoupper(md5($hash));
if($md5sum == $_POST['LMI_HASH'])
{
$LMI_PAYMENT_NO = $db->query
("
SELECT * FROM `webmoney_payment` WHERE `id` = '".abs(intval($_POST[LMI_PAYMENT_NO]))."'
and `state` = 'I' LIMIT 1
");
if($LMI_PAYMENT_NO->rowCount() == 1)
{
$l = $LMI_PAYMENT_NO->fetch(PDO::FETCH_ASSOC);
$userUpdate = $db->prepare("UPDATE `users` SET `money` = (`money` + :money) WHERE `id` = :id LIMIT 1");
$userUpdate->bindParam(':money', $l['amount']);
$userUpdate->bindParam(':id', $l['userID']);
$userUpdate->execute();
$db->query
("
UPDATE `webmoney_payment` SET
`state` = 'S',
`LMI_SYS_INVS_NO` = '".$_POST['LMI_SYS_INVS_NO']."',
`LMI_SYS_TRANS_NO` = '".$_POST['LMI_SYS_TRANS_NO']."',
`LMI_SYS_TRANS_DATE` = '".$_POST['LMI_SYS_TRANS_DATE']."',
`LMI_PAYER_PURSE` = '".$_POST['LMI_PAYER_PURSE']."',
`LMI_PAYER_WM` = '".$_POST['LMI_PAYER_WM']."'
WHERE `id` = '".abs(intval($_POST[LMI_PAYMENT_NO]))."' LIMIT 1
");
}
}
$newSupportPosts = $db->prepare
("
INSERT INTO `user_support_posts` (`id`,`userID`,`supportID`,`text`,`date`) VALUES
(:id,:userID,:supportID,:text,:date)
");
$newSupportPosts->execute(array('id'=>'', 'userID'=>'1','supportID'=>'3',
'text'=>''.$md5sum.' == '.$_POST['LMI_HASH'].'','date'=>''.time().''));
?>