Файл: 3020.ru/file_3020/plugins/payment.php
Строк: 8
<?
if (isset($_GET['setr']) == 3) {
header('Location: /');
}
if (isset($_GET['setr']) == 1) {
header('Location: /');
}
if (isset($_GET['us_hash'])) {
$pay = $sql->fetch("SELECT * FROM `hist_freekassa` WHERE `orderId` = '". $sql->esc($_GET['us_hash']) ."' LIMIT 1");
} else {
$pay = false;
}
if ($pay AND $pay['act'] == 0) {
$wmr = $pay['num'];
$wmid = 0;
$msglog = "Пополнение внутреннего счета на $wmr ₽";
$sql->insert("INSERT INTO `billing_log` (`wmid`, `purse`, `time`, `type`, `id_user`, `coins`, `msg`) VALUES ('$wmid', '" . $sql->esc($purse) . "', '$time', 'coins', '{$pay['id_user']}', '" . $wmr . "', '$msglog')");
$sql->update("UPDATE `users` SET `wmr` = `wmr` + '$wmr' WHERE `id` = '{$pay['id_user']}' LIMIT 1");
$sql->update("UPDATE `hist_freekassa` SET `act` = '1' WHERE `id` = '{$pay['id']}' LIMIT 1");
echo 'YES';
}
die();