Файл: app/merchant/subscriptions.php
Строк: 60
<?php
if(!isset($_SESSION['subID']) or isset($_POST['shop_id'])){
$form =
['amount' => Clean :: price($_POST['amount']),
'time' => Clean :: int($_POST['time']),
'shop_id' => Clean :: int($_POST['shop_id']),
'purse' => Clean :: int($_POST['purse']),
'hash' => Clean :: text($_POST['hash'])
];
$shop = $db->prepare('SELECT * FROM `shop` WHERE `id` = ?');
$shop -> execute([$form['shop_id']]);
$shop = $shop -> fetch(PDO :: FETCH_OBJ);
if($shop->status != 1){
Notif :: error('Касса на модерации или заблокирована','/');
exit;
}
$hash = hash('sha256', $form['shop_id'].$form['amount'].$shop->hash.$form['purse']);
if($hash != $form['hash']){
Notif :: error('Не верно составлен HASH платежа','/');
exit;
}
if($form['amount'] < 1 or $form['amount'] > 10000){
Notif :: error('Не верно указана сумма платежа','/');
exit;
}
if($form['time'] < 1 or $form['time'] > 365){
Notif :: error('Дата списывания средств должна быть в пределах 1-365 дней','/');
exit;
}
$sql = $db->prepare('INSERT INTO `subscriptions` (`amount`,`time`,`shop`,`purse`) VALUES (?,?,?,?)');
$sql -> execute([
$form['amount'],
$form['time'],
$shop->id,
$form['purse']
]);
$id = $db->lastInsertId();
$_SESSION['subID'] = $id;
redirect('/api/subscriptions');
exit;
}
else
{
$sub = $db->prepare('SELECT * FROM `subscriptions` WHERE `id` = ?');
$sub -> execute([$_SESSION['subID']]);
$sub = $sub -> fetch(PDO :: FETCH_OBJ);
$shop = $db->prepare('SELECT * FROM `shop` WHERE `id` = ?');
$shop -> execute([$sub->shop]);
$shop = $shop -> fetch(PDO :: FETCH_OBJ);
$setting = [
'client_id' => '5CAAE296BCE3BDAAFA0C80DD73F4BDCDCB97788B53AFAB0FC49BB2255467E42B',
'client_secret' => '302EA2F73EC73DE93EA005B7E4101F08B80F439D9A28A0BF01C676164524E04C37DEAA045BE24D510C7D9F884CDBF91E496C48A1EDD7C00C1657360B3D3484D1',
'redirect_uri' => 'https://uspay.ru/api/subscriptions'
];
if (!empty($_GET['code'])) {
if($curl = curl_init()) {
curl_setopt($curl, CURLOPT_URL, 'https://money.yandex.ru/oauth/token');
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($curl, CURLOPT_POSTFIELDS, 'code='.$_GET['code'].'&client_id='. $setting['client_id'] . '&grant_type=authorization_code&redirect_uri=' . $setting['redirect_uri'] . '&client_secret=' . $setting['client_secret']);
$out = curl_exec($curl);
curl_close($curl);
$token = json_decode($out);
}
if(empty($token->access_token)){
Notif :: error('При оформлении подписки произошла ошибка','/');
exit;
}
$ya = new Ya($token->access_token);
if($ya->balance() < $sub->amount){
Notif :: error('Недостаточно средств для оплаты подписки.','/');
exit;
}
if($ya -> send(YandexNum,$sub->amount,'Оплата подписки на сайте '.$shop->url) == 0){
Notif :: error('При оформлении подписки произошла ошибка','/');
exit;
}
$sql = $db->prepare('UPDATE `shop` SET `money` = ? WHERE `id` = ?');
$sql -> execute([$shop->money+$sub->amount,$shop->id]);
$update = $db->prepare('UPDATE `subscriptions` SET `token` = ?, `time_next` = ?, `status` = ? WHERE `id` = ?');
$update -> execute([$token -> access_token,time()+86400*$sub->time,1,$sub->id]);
redirect($shop->success);
exit;
}
echo $template->render('merchant.subscriptions',
['sub' => $sub,
'shop' => $shop
]
);
}