Файл: modules/tasks/ajax.php
Строк: 104
<?
if($_POST['method']=='fast'){
if($CONFIG['uid']!=0) die('Access denied.');
} else {
if($CONFIG['uid']==0) die('Access denied.');
}
$Fast_Prices = array(
'vk'=>array('like'=>0.1,'repost'=>0.2,'group'=>0.3,'friend'=>0.3),
'tw'=>array('follow'=>0.3,'retweet'=>0.2,'favorite'=>0.1),
'fb'=>array('like'=>0.1,'group'=>0.2,'friend'=>0.2)
);
$socials = array('vk');
$types['vk'] = array('like','repost','friend','group');
switch($this->Act){
case 'getprice':
$id = $_POST['id'];
echo $PRICES[$id];
break;
case 'addcoins':
$id = $_POST['id'];
$col = $_POST['col'];
$uid = $CONFIG['uid'];
$Task = Tasks::GetTask($_POST['id']);
if(ctype_digit($col) && $col>=$Task['pay'] && $col % $Task['pay'] == 0 && $col<=$CONFIG['Globals']['balance'] && $uid==$Task['uid']){
Tasks::ChangeBal($id,$Task['bal']+$col);
mysql_query("UPDATE `users` SET `balance` = balance-".$col." WHERE `id` =$uid;");
Ajax::Responce(array('ok'));
} else {
Ajax::Responce(array('err'));
}
break;
case 'add':
$social = $_POST['social'];
$type = $_POST['type'];
$price = $PRICES[$type];
$col = $_POST['col'];
$url = $_POST['url'];
$uid = $CONFIG['uid'];
if(!is_numeric($price)) $errors[] = 'price';
if(!is_numeric($col)) $errors[] = 'col';
if($col<10) $errors[] = 'col2';
if(!ctype_digit($price)) $errors[] = 'price';
$bal = $price*$col;
if($bal>$CONFIG['Globals']['balance']) $errors[] = 'bal';
if(!in_array($social,$socials)){
$errors[] = 'social';
} elseif(!in_array($type,$types[$social])){
$errors[] = 'type';
} else {
switch($social){
case 'vk':
if($type=='like'){
$u = Tasks::FilterVkLike($url);
if($u=='0'):
$errors[] = 'url';
else:
$url = $u;
endif;
} elseif($type=='repost'){
$u = Tasks::FilterVkRepost($url);
if($u=='0'):
$errors[] = 'url';
else:
$url = $u;
endif;
} elseif($type=='group'){
$u = Tasks::FilterVkGroup($url);
if($u=='0'):
$errors[] = 'url';
else:
$url = $u;
endif;
} elseif($type=='friend'){
$u = Tasks::FilterVkFriend($url);
if($u=='0'):
$errors[] = 'url';
else:
$url = $u;
endif;
} else {
$errors[] = 'url'; // идите нахуй нет горшков
}
break;
}
$social = mysql_real_escape_string($social);
$type = mysql_real_escape_string($type);
$price = mysql_real_escape_string($price);
$col = mysql_real_escape_string($col);
$url = mysql_real_escape_string($url);
$uid = mysql_real_escape_string($uid);
$bal = mysql_real_escape_string($bal);
}
if(is_array($errors)){
Ajax::Responce($errors);
unset($_SESSION['seckey' . md5(date('d.m.H'))]);
} else {
mysql_query("INSERT INTO `tasks` (
`id` ,
`social` ,
`type` ,
`url` ,
`uid` ,
`pay` ,
`bal`
)
VALUES (
NULL , '$social', '$type', '$url', '$uid', '$price', '$bal'
);");
mysql_query("UPDATE `users` SET `balance` = balance-".$bal." WHERE `id` =$uid;");
Ajax::Responce(array('ok'));
unset($_SESSION['seckey' . md5(date('d.m.H'))]);
}
break;
case 'delete':
$id = $_POST['id'];
if(is_numeric($id)){
$usid = $CONFIG['uid'];
$Task = Core::MysqlSelect('tasks','`bal`',array('id'=>$id,'uid'=>$usid));
$Task = $Task[0];
mysql_query("DELETE FROM `tasks` WHERE `id` = '$id' AND `uid` = '$usid' LIMIT 1");
if($Task['bal']!='0'){
$balance = $Task['bal']-($Task['bal']*0.15); //комиссия 15%
$balance = $CONFIG['Globals']['balance']+$balance;
mysql_query("UPDATE `users` SET `balance` = '$balance' WHERE `id` =$usid;");
}
Ajax::Responce(array('ok'));
} else {
Ajax::Responce(array('err'));
}
break;
///////// check
case 'check':
$social = $_POST['social'];
$type = $_POST['type'];
$price = $_POST['price'];
$email = $_POST['email'];
$col = $_POST['col'];
$url = $_POST['url'];
$uid = $CONFIG['uid'];
if($_POST['method']=='fast'){
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) $errors[] = 'email';
}
if($_POST['method']!='fast'){
if(!is_numeric($price)) $errors[] = 'price';
}
if(!is_numeric($col)) $errors[] = 'col';
if($col<10) $errors[] = 'col2';
if($_POST['method']!='fast'){
if(!ctype_digit($price)) $errors[] = 'price';
}
if($_POST['method']!='fast'){
$bal = $price*$col;
if($bal>$CONFIG['Globals']['balance']) $errors[] = 'bal';
}
if(!in_array($social,$socials)){
$errors[] = 'social';
} elseif(!in_array($type,$types[$social])){
$errors[] = 'type';
} else {
switch($social){
case 'vk':
if($type=='like'){
$u = Tasks::FilterVkLike($url);
if($u=='0'):
$errors[] = 'url';
else:
$url = $u;
endif;
} elseif($type=='repost'){
$u = Tasks::FilterVkRepost($url);
if($u=='0'):
$errors[] = 'url';
else:
$url = $u;
endif;
} elseif($type=='group'){
$u = Tasks::FilterVkGroup($url);
if($u=='0'):
$errors[] = 'url';
else:
$url = $u;
endif;
} elseif($type=='friend'){
$u = Tasks::FilterVkFriend($url);
if($u=='0'):
$errors[] = 'url';
else:
$url = $u;
endif;
} else {
$errors[] = 'url'; // идите нахуй нет горшков
}
break;
case 'tw':
if($type=='follow'){
$u = Tasks::FilterTwFollow($url);
if($u=='0'):
$errors[] = 'url';
else:
$url = $u;
endif;
} elseif($type=='retweet' || $type=='favorite'){
$u = Tasks::FilterTwitterTwite($url);
if($u=='0'):
$errors[] = 'url';
else:
$url = $u;
endif;
} else {
$errors[] = 'url'; // идите нахуй нет горшков
}
break;
case 'fb':
if($type=='like'){
$u = Tasks::FilterFbLike($url);
if($u=='0'):
$errors[] = 'url';
else:
$url = $u;
//$errors[] = 'url';
endif;
} else {
$errors[] = 'url';
}
break;
}
}
if(is_array($errors)){
Ajax::Responce($errors);
} else {
if($_POST['method']=='fast'){
$summ = $col*$Fast_Prices[$social][$type];
Ajax::Responce(array('ok',$summ));
} else {
Ajax::Responce(array('ok'));
}
}
break;
////////////// end check
///////////// fast order
case 'fastorder':
$social = $_POST['social'];
$type = $_POST['type'];
$col = $_POST['col'];
$url = $_POST['url'];
$uid = $CONFIG['uid'];
$email = $_POST['email'];
if($_POST['method']=='fast'){
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) $errors[] = 'email';
}
if(!is_numeric($col)) $errors[] = 'col';
if($col<10) $errors[] = 'col2';
if(!in_array($social,$socials)){
$errors[] = 'social';
} elseif(!in_array($type,$types[$social])){
$errors[] = 'type';
} else {
switch($social){
case 'vk':
if($type=='like'){
$u = Tasks::FilterVkLike($url);
if($u=='0'):
$errors[] = 'url';
else:
$url = $u;
endif;
} elseif($type=='repost'){
$u = Tasks::FilterVkRepost($url);
if($u=='0'):
$errors[] = 'url';
else:
$url = $u;
endif;
} elseif($type=='group'){
$u = Tasks::FilterVkGroup($url);
if($u=='0'):
$errors[] = 'url';
else:
$url = $u;
endif;
} elseif($type=='friend'){
$u = Tasks::FilterVkFriend($url);
if($u=='0'):
$errors[] = 'url';
else:
$url = $u;
endif;
} else {
$errors[] = 'url'; // идите нахуй нет горшков
}
break;
}
}
if(is_array($errors)){
Ajax::Responce($errors);
} else {
$summ = $col*$Fast_Prices[$social][$type];
if(is_numeric($summ) && $summ>=1){
$login = "enterlike";
$amount = floatval($summ); // floatval нужен, чтобы привести значения типа "99.00" к "99"
$id = 0;
$pwd1 = "Aa407028";
$signature = md5($login . ":" . $amount . ":" . $id . ":" . $pwd1);
$action = 'https://auth.robokassa.ru/Merchant/Index.aspx';
$url = $action.'?MrchLogin='.$login.'&OutSum='.$summ.'&InvId=0&Desc=Пополнение баланса&SignatureValue='.$signature;
$_SESSION['fastorder']['col'] = $col;
$_SESSION['fastorder']['price'] = $Fast_Prices[$social][$type]*10;
$_SESSION['fastorder']['bal'] = $col*($Fast_Prices[$social][$type]*10);
$_SESSION['fastorder']['social'] = $social;
$_SESSION['fastorder']['type'] = $type;
$_SESSION['fastorder']['email'] = $email;
$_SESSION['fastorder']['url'] = $_POST['url'];
Ajax::Responce(array($url));
} else {
Ajax::Responce(array('err'));
}
}
break;
//////////// end fast order
case 'getall':
$social = false;
$type = false;
$page = false;
if($_POST['social']) $social = $_POST['social'];
if($_POST['type']) $type = $_POST['type'];
if($_POST['page']) $page = $_POST['page'];
echo json_encode(Tasks::GetAll($page,$social,$type));
break;
case 'open':
$id = $_GET['id'];
if(is_numeric($id)){
$Task = Core::MysqlSelect('tasks','`social`,`type`,`url`',array('id'=>$id));
$Task = $Task[0];
$social = $Task['social'];
$type = $Task['type'];
$url = $Task['url'];
/*
Проверка ссылки на соответствие правилам
*/
switch($social){
case 'vk':
if($type=='like'){
$u = Tasks::FilterVkLike($url);
if($u=='0'):
$errors[] = 'url';
else:
$url = $u;
endif;
} elseif($type=='repost'){
$u = Tasks::FilterVkRepost($url);
if($u=='0'):
$errors[] = 'url';
else:
$url = $u;
endif;
} elseif($type=='group'){
$u = Tasks::FilterVkGroup($url);
if($u=='0'):
$errors[] = 'url';
else:
$url = $u;
endif;
} elseif($type=='friend'){
$u = Tasks::FilterVkFriend($url);
if($u=='0'):
$errors[] = 'url';
else:
$url = $u;
endif;
} else {
$errors[] = 'url'; // идите нахуй нет горшков
}
break;
}
if(is_array($errors)){
echo 'Задание нарушает правила сервиса. Закройте это окно, и пропустите его.';
} else {
header("location: $url");
}
} else {
echo 'ERR';
}
break;
}