Файл: modules/payment/index.php
Строк: 61
<?php
switch($act){
case 'serialize':
if($CONFIG['uid']==0) die('Access denied. Auth required.');
if(is_numeric($_GET['summ']) && $_GET['summ']>0 || is_numeric($_GET['package'])){
unset($_SESSION['package']);
unset($_SESSION['fastorder']);
if($_GET['package']){
$Package = Core::MysqlSelect('packs','`id`,`col`,`discount`',array('id'=>$_GET['package']));
$_SESSION['package']['col'] = $Package[0]['col'];
$_SESSION['package']['discount'] = $Package[0]['discount'];
$_GET['summ'] = ($Package[0]['col']*0.10)-(($Package[0]['col']*0.10)*($Package[0]['discount']/100));
}
$login = "14603";
$amount = floatval($_GET['summ']); // floatval нужен, чтобы привести значения типа "99.00" к "99"
$id = 0;
$pwd1 = "wu18m2t9";
$signature = md5($login . ":" . $amount . ":" . $id . ":" . $pwd1);
$action = 'http://www.free-kassa.ru/merchant/cash.php';
$url = $action.'?MrchLogin='.$login.'&OutSum='.$_GET['summ'].'&InvId=0&Desc=Пополнение баланса&SignatureValue='.$signature;
header("location: $url");
} else {
echo 'ERR';
}
break;
case 'success':
if(is_array($_SESSION['fastorder'])){
if($CONFIG['uid']!=0) die('Access denied.');
} else {
if($CONFIG['uid']==0) die('Access denied. Auth required.');
}
$test = Core::MysqlSelect('orders','status',array('id'=>$_REQUEST['InvId']));
if($test[0]['status']!='1' && $test[0]['status']!='2' && $test[0]['status']!='3'){
$mrh_pass1 = "Aa407028";
$out_summ = $_REQUEST["OutSum"];
$inv_id = $_REQUEST["InvId"];
$crc = $_REQUEST["SignatureValue"];
$crc = strtoupper($crc);
$my_crc = strtoupper(md5("$out_summ:$inv_id:$mrh_pass1"));
if ($my_crc != $crc)
{
echo "bad signn";
exit();
}
$uid = $CONFIG['uid'];
$setmoney = $CONFIG['Globals']['money']+$out_summ;
if(is_array($_SESSION['package'])){
$Ball_count = $CONFIG['Globals']['balance']+$_SESSION['package']['col'];
$Col = $_SESSION['package']['col'];
mysql_query("UPDATE `orders` SET `uid` = '$uid', `status` = '2', `bal` = '$Col' WHERE `id` = '$inv_id';");
mysql_query("UPDATE `users` SET `balance` = '$Ball_count' WHERE `id` = '$uid';");
} elseif(is_array($_SESSION['fastorder'])){
$price = $_SESSION['fastorder']['price'];
$bal = $_SESSION['fastorder']['bal'];
$social = $_SESSION['fastorder']['social'];
$type = $_SESSION['fastorder']['type'];
$email = $_SESSION['fastorder']['email'];
$url = $_SESSION['fastorder']['url'];
$uid = '0';
$fast_col = $_SESSION['fastorder']['col'];
mysql_query("INSERT INTO `tasks` (
`id` ,
`social` ,
`type` ,
`url` ,
`uid` ,
`pay` ,
`bal`
)
VALUES (
NULL , '$social', '$type', '$url', '$uid', '$price', '$bal'
);");
mysql_query("UPDATE `orders` SET `uid` = '$uid', `status` = '3', `email` = '$email' WHERE `id` = '$inv_id';");
//Отправим мыло
$subject = 'Задание создано';
$message = '
<html>
<head>
<title>Enterlike.com</title>
</head>
<body>
<p>Здравствуйте. Спасибо за заказ, ваше задание успешно создано, и добавлено в базу.</p>
</body>
</html>
';
$m= new Mail("utf-8"); // начинаем
$m->From( "onlinesentr@mail.ru" ); // от кого отправляется почта
$m->To( $email ); // кому адресованно
$m->Subject( $subject );
$m->Body( $message , "html" );
$m->Send(); // а теперь пошла отправка
//Отправили
} else {
mysql_query("UPDATE `orders` SET `uid` = '$uid', `status` = '1' WHERE `id` = '$inv_id';");
mysql_query("UPDATE `users` SET `money` = '$setmoney' WHERE `id` = '$uid';");
}
$Templater = new Templater;
if(is_array($_SESSION['package'])){
$Templater->vars = array('package_bal'=>$Col,'payment'=>'0');
} elseif(is_array($_SESSION['fastorder'])){
$Templater->vars = array('fast_col'=>$fast_col,'package_bal'=>'0','payment'=>'0');
} else {
$Templater->vars = array('payment'=>$out_summ);
}
$Templater->Module = 'payment';
$Templater->GetTmpl('success');
$Templater->Exec();
} else {
$Templater = new Templater;
$Templater->vars = array('payment'=>0);
$Templater->Module = 'payment';
$Templater->GetTmpl('success');
$Templater->Exec();
}
break;
case 'fail':
if($CONFIG['uid']==0) die('Access denied. Auth required.');
$Templater = new Templater;
$Templater->vars = array();
$Templater->Module = 'payment';
$Templater->GetTmpl('fail');
$Templater->Exec();
break;
}