Файл: payment_payer.php
Строк: 41
<?
$db_host = "localhost";
$db_user = "root";
$db_table = "sidonia";
$db_pass = "";
$connect = @ mysql_pconnect($db_host, $db_user, $db_pass) or die('cannot connect to server');
@ mysql_select_db($db_table) or die('cannot connect to db');
@ mysql_query("SET NAMES 'utf8'", $connect);
if (!in_array($_SERVER['REMOTE_ADDR'], array('185.71.65.92', '185.71.65.189', '149.202.17.210'))) return;
if (isset($_POST['m_operation_id']) && isset($_POST['m_sign']))
{
$m_key = 'bZDeUDMkUcaDf96';
$arHash = array(
$_POST['m_operation_id'],
$_POST['m_operation_ps'],
$_POST['m_operation_date'],
$_POST['m_operation_pay_date'],
$_POST['m_shop'],
$_POST['m_orderid'],
$_POST['m_amount'],
$_POST['m_curr'],
$_POST['m_desc'],
$_POST['m_status']
);
if (isset($_POST['m_params']))
{
$arHash[] = $_POST['m_params'];
}
$arHash[] = $m_key;
$sign_hash = strtoupper(hash('sha256', implode(':', $arHash)));
if ($_POST['m_sign'] == $sign_hash && $_POST['m_status'] == 'success')
{
$payement=mysql_query("SELECT * FROM `payments` WHERE `id`='".$_POST['m_orderid']."' and `status`='0'");
$num=mysql_num_rows($payement);
if($num!=0){
$pay=mysql_fetch_array($payement);
mysql_query("UPDATE `payments` SET `status`='1' WHERE `id`='".$pay['id']."'");
}
ob_end_clean(); exit($_POST['m_orderid'].'|success');
}
ob_end_clean(); exit($_POST['m_orderid'].'|error');
}
?>