Файл: mailapi/payment.php
Строк: 58
<?php
require_once'../core/system.php';
if (isset($_GET['sig']) && isset($_GET['uid']) && isset($_GET['mailiki_price']) && isset($_GET['app_id']) && isset($_GET['service_id']))
{
//параметры приложения
$appKey=" ";
$application_secret_key = " ";
//читаем переданные параметры
$app_id = $_REQUEST["app_id"];
$uid = $_REQUEST["uid"];
$mailiki_price = $_REQUEST["mailiki_price"];
$profit = $_REQUEST["profit"];
$sig = $_REQUEST["sig"];
$transaction_id = $_REQUEST["transaction_id"];
$service_id = $_REQUEST["service_id"];
$other_price = $_REQUEST["other_price"];
$debug = $_REQUEST["debug"];
//собираем переданные параметры без учета sig
$i = 0;
$params = array();
foreach ($_GET as $key => $value) {
if($key != "sig") {
$params[$i] = "$key=$value";
$i++;
}
}
sort($params);
$params = join('', $params);
$mySig = md5($params . $application_secret_key);
//проверяем подпись
if($sig != $mySig) {
header('invocation-error: 104');
print('<?xml version="1.0" encoding="UTF-8"?>');
?>
<ns2:error_response xmlns:ns2='http://api.forticom.com/1.0/'>
<error_code>104</error_code>
<error_msg>Invalid signature.</error_msg>
</ns2:error_response>
<?php
die();
}
$id = iconv('windows-1251','utf-8',$_GET['uid']);
$su = floatval ($_GET['mailiki_price']);
if($su==10){
$kol = 40; $sneg = 0;
}
if($su==25){
$kol = 100; $sneg = 0;
}
if($su==50){
$kol = 200 + 35;
}
if($su==250){
$kol = 1000 + 250;
}
if($su==1000){
$kol = 4000 + 1000;
}
if($su==2500){
$kol = 10000 + 3500;
}
$sumx = $kol*100;
$apr = floor($sumx*0.20);
$reqj = mysql_query("SELECT * FROM `user` WHERE `mail` = '".$id."'");
$user = mysql_fetch_array($reqj);
if($su >= 250) {
mysql_query("INSERT INTO `chests_user` set `user_id`='".$user['id']."', `chest_id`='3', `time`='".time()."'");
mysql_query("UPDATE `user` set `topaz`=`topaz`+10,`rubyn`=`rubyn`+10,`almaz`=`almaz`+10,`sapfyr`=`sapfyr`+10,`izumrud`=`izumrud`+10 where `id` = '".$user['id']."'");
}
/* if($su >= 1000) {
mysql_query("INSERT INTO `chests_user` set `user_id`='".$user['id']."', `chest_id`='4', `time`='".time()."'");
} */
$av = mysql_num_rows(mysql_query("SELECT * FROM `task` WHERE `usr`='".$user['id']."' and `status`='2' and `task`='12'"));
if($av > 0){
mysql_query("UPDATE `task` SET `min` = `min`+'$kol' WHERE `usr`='".$user['id']."' and `status`='2' and `task`='12'");
}
$time = time();
$timer = time() + 2592000;
//$text = "Поздравляем, Вы успешно приобрели <img src=/images/icon/gold.png>$kol золота!";
$text = "Поздравляем, Вы успешно приобрели $kol золота! </br> По акции Вам начислено дополнительно $aprel золота!";
mysql_query("INSERT INTO `logi` set `user_id` = '".$user['id']."', `text` = 'Куплено золото', `time` = '".$time."', `kol`='$sumx', `kto`='+'");
//mysql_query("INSERT INTO `logi` set `user_id` = '".$user['id']."', `text` = 'Куплено золото', `time` = '".$tm."', `kol`='$apr', `kto`='+'");
if (mysql_query(
"UPDATE `user` SET `gold`=`gold`+'".($sumx+$apr)."' WHERE `id`='".$user['id']."'"
) ) {//+$apr в 165 строке
//, `snow`=`snow`+'".floor($kol/100)."'
} else {
$f = fopen($_SERVER['DOCUMENT_ROOT'] . '/donate.txt', 'w+');
fwrite($f, 'Игрок '.$user['id'].' с Мэйла купил золото, но оно не дошло, ошибка : '.mysql_error());
fclose($f);
}
mysql_query("INSERT INTO `mail` SET `id_user` = '2', `id_kont` = '$user[id]', `time` = '$time', `timer` = '$timer',`read` = '1', `msg` = '$text'");
$req = mysql_query("SELECT * FROM `users_konts` WHERE `id_user`='$user[id]' and `id_kont` = '2'");
$avto = mysql_num_rows($req);
if($avto==0){
mysql_query("INSERT INTO `users_konts` SET `id_user` = '$user[id]', `id_kont` = '2', `time` = '$time', `timer` = '$timer', `new_msg` = '1'");
} else {
mysql_query("UPDATE `users_konts` SET `time` = '$time', `timer` = '$timer', `new_msg` = '1' WHERE`id_user` = '$user[id]' and `id_kont` = '2'");
}
}
$response = ['status'=>1];
echo json_encode($response);
?>