Файл: app/merchant/payments.php
Строк: 93
<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
$pay = $db->prepare('select * from payments where id = ?');
$pay -> execute([Clean :: int($_GET['id'])]);
$pay = $pay -> fetch(PDO :: FETCH_OBJ);
$shop = shop($pay->shop);
$curs = $db->prepare('select * from curs order by id desc');
$curs -> execute();
$curs = $curs -> fetch(PDO ::FETCH_OBJ);
$array = ['mobile','qiwi','yandex','card','balans','webmoney','payeer','bitcoin','litecoin','dash','vkpay','advcash'];
if(!isset($pay->id) or $pay -> time < time()-86400 or $pay->status > 0){
Notif :: error('Счет не найден!','/');
exit;
}
if($shop->status == 0){
Notif :: error('Касса на модерации - платежи на данный момент не дрступны');
exit;
}
if($shop->status == 2){
Notif :: error('Касса заблокирована - платежи на данный момент не дрступны');
exit;
}
if(empty($pay->method)){
if(isset($_POST['method'])){
$method = Clean :: str($_POST['method']);
if(!in_array($method,$array)){
redirect('/payments?id='.$pay->id);
exit;
}
if($shop->$method == 0){
Notif :: error('Данный способ оплаты отключен администратором магазина','/payments?id='.$pay->id);
exit;
}
$crypt = json_decode(json_encode(['bitcoin' => $pay->summa/$curs->bitcoin,
'litecoin' => $pay->summa/$curs->litecoin,
'dash' => $pay->summa/$curs->dash,
]));
$cryptArray = ['bitcoin','litecoin','dash'];
if(in_array($method,$cryptArray)){
$cryptName = json_decode(json_encode(['bitcoin'=>'BTC','litecoin'=>'LTC','dash'=>'DASH']));
if($crypt->$method < 0.005){
Notif :: error('Сумма оплаты должна быть больше 0,005 '.$cryptName->$method,'/payments?id='.$pay->id);
exit;
}
}
$tel = Clean :: int($_POST['tel']);
$email = Clean :: str($_POST['email']);
if(empty($email)){
Notif :: error('Необходимо указать E-Mail','/payments?id='.$pay->id);
exit;
}
$payments = $db->prepare('update payments set method = ?, tel = ?, email = ? where id = ?');
$payments -> execute([$method,$tel,$email,$pay->id]);
redirect('/payments?id='.$pay->id);
exit;
}
echo $template->render('merchant.index',
['pay' => $pay,
'shop' => $shop
]
);
}
else {
function pay(){
global $shop,$pay,$curs;
$crypt = ['bitcoin' => $pay->summa/$curs->bitcoin,
'litecoin' => $pay->summa/$curs->litecoin,
'dash' => $pay->summa/$curs->dash,
];
if(!empty($crypt[$pay->method])) $pay->summa = $crypt[$pay->method];
return $pay->summa-$pay->summa*(method($shop->id)*100);
}
if(isset($_POST['p2p'])){
$key = '48e7qUxn9T7RyYE1MVZswX1FRSbE6iyCj2gCRwwF3Dnh5XrasNTx3BGPiMsyXQFNKQhvukniQG8RTVhYm3iPxDXBwY3ktsaT6Fk3vHapC6224U4BJgUwohWky813SVoVpS6bvvu8hH3HJ3H3oG1cbzaQ2LiPGVMibUfQYyTcrw4X9CjXUYNDtc9gWHrk4';
$id = time()*100000;
$params = [
'publicKey' => $key,
'billId' => $id,
'amount'=> pay(),
'comment'=>'#'.$pay->id,
'customFields' =>
[
'themeCode'=> 'Evgenyi-AfbgsbDKDh'
],
'successUrl'=>'https://uspay.ru/success?id='.$pay->id
];
$url = 'https://oplata.qiwi.com/create?'.http_build_query($params);
redirect($url);
exit;
}
if(isset($_GET['re'])){
$payments = $db->prepare('update payments set method = ? where id = ?');
$payments -> execute([0,$pay->id]);
redirect('/payments?id='.$pay->id);
exit;
}
$session = base64_encode(json_encode(
[
'session' => $_COOKIE['PHPSESSID'],
'payments' => $pay->id
]
));
if(isset($_POST['balance'])){
if($_POST['session'] != $_COOKIE['PHPSESSID']){
Notif :: error('Произошла попытка подмены токена','/payments?id='.$pay->id.'&error=102');
exit;
}
if($user->get($pay->user)->money < $pay->summa){
Notif :: error('Недостаточно средств для оплаты','/payments?id='.$pay->id.'&error=101');
exit;
}
$upUs = $db->prepare('UPDATE `users` SET `money` = ? WHERE `user_id` = ?');
$upUs -> execute([$user->get($pay->user)->money-$pay->summa,$user->get($pay->user)->user_id]);
$money = $db->prepare('update `shop` set `money` = `money` + ? where `id` = ?');
$money -> execute([$pay->summa,$shop->id]);
$up = $db->prepare('UPDATE `payments` SET `status` = ? WHERE `id` = ?');
$up -> execute([2,$pay->id]);
redirect('/success?id='.$pay->id);
exit;
}
$arParams = [
'success_url' => 'https://pay.uspay.ru/success?id='.$pay->id,
'reference' => [
'var1' => '1',
],
'submerchant' => 'mail.ru'
];
$m_params = @urlencode(base64_encode(openssl_encrypt(json_encode($arParams), 'AES-256-CBC', md5(PayeerKey.$pay->id), OPENSSL_RAW_DATA)));
$arHash[] = $m_params;
$arHash[] = PayeerKey;
$sign = strtoupper(hash('sha256', implode(':', $arHash)));
echo $template->render('merchant.'.$pay->method,
['pay' => $pay,
'shop' => $shop,
'session' => $session,
'sign' => $sign,
'm_params' => $m_params
]
);
}