Файл: worldkassa/result.php
Строк: 55
<?
include_once 'config.php';
include_once '../inc/system/start_sess.php';
if (isset($_POST['id_shop']) && is_numeric($_POST['id_shop']) && isset($_POST['id_bill']) && is_numeric($_POST['id_bill']) && isset($_POST['summa']) && is_numeric($_POST['summa']) && isset($_POST['hash']))
{
$sql=mysql_query("SELECT * FROM `worldkassa` WHERE `id_bill` = '".$_POST['id_bill']."'");
if (mysql_num_rows($sql)>0)
{
$data=mysql_fetch_assoc($sql);
if ($_POST['summa']<$data['summa'])
{
//Можно поставить уведомление на подмену суммы пополнения
}
elseif($_POST['hash']!=md5($hash.$id_shop.$_POST['id_bill'].$_POST['summa']))
{
//Можно поставить уведомление, что не совпал хеш
}
else
{
if ($data['type']=='1')
{
foreach($cena_gold as $gold=>$summa)
{
if ($summa==$data['summa'])mysql_query("UPDATE `kolhoz_user` SET `money` = `money`+".$gold." WHERE `id` = '".$data['id_user']."'");
}
}
elseif($data['type']=='2')
{
foreach($cena_rubin as $rubin=>$summa)
{
$banks = mysql_fetch_array(mysql_query("SELECT * FROM `kolhoz_collective_user` WHERE `id_user` = '".$data['id_user']."'"));
$bank = mysql_fetch_array(mysql_query("SELECT * FROM `kolhoz_collective` WHERE `id` = '".intval($banks['id_collective'])."'"));
$usering = mysql_fetch_array(mysql_query("SELECT * FROM `kolhoz_user` WHERE `id` = '".$data['id_user']."'"));
$user = $rubin;
$rubies = $user/100;
$Rbank = $rubies*($bank['bank']*5);
$action =mysql_fetch_array(mysql_query("SELECT * FROM `action` WHERE `id` = '1';"));
$Raction = $rubies*($action['time'] > time() ? $action['plus'] : 1);
$ogran = $user;
if($usering[flowerbed]==11)$Rbanks = $rubies*50;
if($usering[flowerbed]>11)$Rbanks = $rubies*100;
if($usering[flowerbed]<11)$Rbanks = 0;
$summa1 = $user+$Raction+$Rbank+$Rbanks;
$time=time();
if ($summa==$data['summa'])mysql_query("UPDATE `kolhoz_user` SET `rubies` = `rubies`+".$summa1.", `boy_rubies` = `boy_rubies` +".$summa1." WHERE `id` = '".$data['id_user']."'");
if ($summa==$data['summa'])mysql_query("INSERT INTO `info_user` SET `id_user` = '".$data['id_user']."', `status` = '+', `many` = '$summa1', `kuda` = 'покупка рубинов', `time` = '$time'");
$req_set= mysql_query("SELECT * FROM `set_bonus` WHERE `id` = 1 and `time_col` > '".time()."'");
$set = mysql_fetch_array($req_set);
if(mysql_num_rows($req_set) > 0){
$req= mysql_query("SELCT * FROM `kolhoz_collective_user` WHERE `id_user` = '".$data['id_user']."'");
if(mysql_num_rows($req) > 0){
$col = mysql_fetch_array($req);
$kol = $summa1/100*$set['bonus_colective'];
if ($summa==$data['summa'])mysql_query("UPDATE `kolhoz_collective` SET `rubies` = `rubies`+".$kol." WHERE `id` = '".$col['id_collective']."'");
}
}
if ($summa==$data['summa'])mysql_query("UPDATE `kolhoz_user` SET `ogran` = `ogran`+".$summa1." WHERE `id` = '".$data['id_user']."'");
if ($summa==$data['summa'])mysql_query("INSERT INTO `kolhoz_mail` SET `id_user` = '".$data['id_user']."', `id_kont` = '0', `msg` = 'На ваш счет поступил платеж $rubin рубинов
Бонус за клумбу: $Rbanks
Бонус за банк: $Rbank
Бонус за акцию: $Raction
Всего: $summa1
', `time` = '$time', `type` = 'to'");
}
}
mysql_query("UPDATE `worldkassa` SET `time_oplata` = '".time()."' WHERE `id` = '".$data['id']."'");
}
}
}
?>