Файл: 100loto.best/user/result.php
Строк: 39
<?php
require_once'../inc/base.php';
require_once'../inc/head.php';
if(isset($_POST["signature"]) && isset($_POST["data"]))
{
$received_signature = $_POST['signature'];
$received_data = $_POST['data'];
$private_key = 'bJ9xIDCLAerGkmbQgUjNTGAauxxTN1nvzHjs7ykN';
$decode_data = json_decode(base64_decode($received_data));
$generated_signature = base64_encode(sha1($private_key.$received_data.$private_key, 1));
$order_id = $decode_data->order_id;
$status = $decode_data->status;
$description = $decode_data->description;
$amount = $decode_data->amount;
$currency = $decode_data->currency;
$info =
$decode_data->info;
if ($received_signature !== $generated_signature) {
die('No ident signature');
}else{
if($status == 'success') {
//Добавим проверку от повторного зачисления после обновления страницы
$check=$db->query(" SELECT * FROM `liqpay` WHERE `order_id`='".$order_id."' ")->num_rows;
if($check > 0){
echo'Error';
}else{
$db->query("INSERT INTO `liqpay` SET `order_id`='".$order_id."', `user_id`='".$user['id']."', `amount`='$amount', `status`='yes', `price`='".$info."', `time`='".time()."' ");
$db->query("UPDATE `users` SET `bilets` = `bilets` + '".$info."' WHERE `id` = '".$user['id']."' ");
$db->query("UPDATE `bilets` SET `amount` = `amount` + '".$amount."' ");
header('Location: /user/');
$_SESSION['popoln']="Билеты начислены";
}
} else{
header('Location: /user/');
}
}
}
require_once'../inc/foot.php';
?>