Файл: payment_callback.php
Строк: 120
<?php
header('Content-Type: application/xml; charset=utf-8');
error_reporting(E_ERROR);
//параметры приложения
$appKey="CBALNCHLEBABABABA";
$application_secret_key = "D7CF9B1AE4E98C23AE2422F6";
//читаем переданные параметры
$method = $_REQUEST["method"];
$application_key = $_REQUEST["application_key"];
$call_id = $_REQUEST["call_id"];
$sig = $_REQUEST["sig"];
$uid = $_REQUEST["uid"];
$amount = $_REQUEST["amount"];
$transaction_time = $_REQUEST["transaction_time"];
$product_code = $_REQUEST["product_code"];
$transaction_id = $_REQUEST["transaction_id"];
//проверяем метод
if($method != "callbacks.payment") {
header('invocation-error: 3');
print('<?xml version="1.0" encoding="UTF-8"?>');
?>
<ns2:error_response xmlns:ns2='http://api.forticom.com/1.0/'>
<error_code>3</error_code>
<error_msg>Method does not exist.</error_msg>
</ns2:error_response>
<?php
die();
}
//проверяем appKey
if($appKey != $application_key) {
header('invocation-error: 101');
print('<?xml version="1.0" encoding="UTF-8"?>');
?>
<ns2:error_response xmlns:ns2='http://api.forticom.com/1.0/'>
<error_code>101</error_code>
<error_msg>Parameter application_key not specified or invalid</error_msg>
</ns2:error_response>
<?php
die();
}
//собираем переданные параметры без учета sig
$i = 0;
$params = array();
foreach ($_GET as $key => $value) {
if($key != "sig") {
$params[$i] = "$key=$value";
$i++;
}
}
sort($params);
$params = join('', $params);
$mySig = md5($params . $application_secret_key);
//проверяем подпись
if($sig != $mySig) {
header('invocation-error: 104');
print('<?xml version="1.0" encoding="UTF-8"?>');
?>
<ns2:error_response xmlns:ns2='http://api.forticom.com/1.0/'>
<error_code>104</error_code>
<error_msg>Invalid signature.</error_msg>
</ns2:error_response>
<?php
die();
}
$price1='1_Диагер5';
$price2='10_Диагер50';
$price3='50_Диагер450';
$price4='100_Диагер480';
if($price1==$product_code.$amount or $price2==$product_code.$amount or $price3==$product_code.$amount or $price4+=$product_code.$amount) {
}
else {
header('invocation-error: 104');
print('<?xml version="1.0" encoding="UTF-8"?>');
?>
<ns2:error_response xmlns:ns2='http://api.forticom.com/1.0/'>
<error_code>1001</error_code>
<error_msg>Service temporary unavailible.</error_msg>
</ns2:error_response>
<?php
die();
}
//TODO: 1) Transaction ID is unique and Application/Game server must ignore transactions with duplicated ID.
//TODO: It must return positive result, if transaction was processed successfully earlier.
//TODO: 2) Cообщаем серверу о поступившем платеже
//TODO: 3) Cохраняем в БД успешную транзакцию
$dbh = new PDO("mysql:host=localhost;dbname=aweik_beta", "aweik_beta", "beta_pass");
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
$sum=round($amount/5);
if($sum<1)
{
$sum=1;
}
$ds=date('d');
if($ds==4)
{
$sum=round($sum+$sum/100*10);
}
if($ds==28)
{
$sum=round($sum+$sum/100*15);
}
global $dbh;
$dbh->exec("insert into payment_ok (id, method, call_id, uid, amount, transaction_time, product_code, transaction_id, status)
values ('','$method','$call_id','$uid','$amount','$transaction_time','$product_code','$transaction_id','off')
");
$dbh->exec("update users
set jem=jem+$sum
where ok_id='$uid'");
//отдаем успешный статус
print('<?xml version="1.0" encoding="UTF-8"?>');
?>
<callbacks_payment_response xmlns="http://api.forticom.com/1.0/">true</callbacks_payment_response>