Файл: moduls/success.php
Строк: 15
<?php
require ('../core/sys.php');
define('WP_ID', 1); //id площадки
define('WP_HASH', 'Fs4cNEU3PUDA8aX7'); //секретный код
if (isset($_POST['WP_PAYMENT_AMOUNT']) && isset($_POST['WP_PAYMENT_DATE']) && isset($_POST['WP_PAYMENT_HASH']))
{
$wp = array(
'platform' => trim(filter_input(INPUT_POST, 'WP_PAYMENT_SITE', FILTER_UNSAFE_RAW)),
'money' => trim(filter_input(INPUT_POST, 'WP_PAYMENT_AMOUNT', FILTER_UNSAFE_RAW)),
'var' => trim(filter_input(INPUT_POST, 'WP_PAYMENT_VAR', FILTER_UNSAFE_RAW)),
'time' => trim(filter_input(INPUT_POST, 'WP_PAYMENT_DATE', FILTER_UNSAFE_RAW)),
'id' => trim(filter_input(INPUT_POST, 'WP_PAYMENT_ID', FILTER_UNSAFE_RAW)),
'com' => trim(htmlspecialchars(base64_decode($_POST['WP_PAYMENT_COMM']), ENT_QUOTES, 'UTF-8')),
'hash' => trim(filter_input(INPUT_POST, 'WP_PAYMENT_HASH', FILTER_UNSAFE_RAW)),
);
$hash = strtoupper(hash('sha256', implode(":", WP_HASH.WP_ID)));
if($hash != $wp['hash']) exit('NO | Не верный хэш');
elseif(WP_ID != $wp['platform']) exit('NO | Не верный ID платформы');
$update = $db->prepare("UPDATE `users` SET `money` = `money` + ? WHERE `id` = ?");
$update -> execute([$wp['money'],$wp['var']]);
money_log($wp['var'],$wp['money'],'Пополнение личного счета');
exit('YES|'.$wp['id']);
}
?>