Файл: xsolla_otvet.php
Строк: 149
<?
if ($_GET) {
verifyIP();
if (!isset($_GET["command"]))
response(4, "Incomplete set of parameters");
$dbh = new PDO("mysql:host=localhost;dbname=aweik_sidonias", "aweik_sidonias", "08091993Lex");
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
try {
switch ($_GET["command"]) {
case "check":
if (!isset($_GET["v1"], $_GET["md5"]))
response(4, "Incomplete set of parameters");
verifyMD5("check");
check();
break;
case "pay":
if (!isset($_GET["id"], $_GET["v1"], $_GET["md5"], $_GET["sum"], $_GET["date"]))
response(4, "Incomplete set of parameters");
verifyMD5("pay");
pay();
break;
case "cancel":
if (!isset($_GET["id"], $_GET["md5"]))
response(4, "Incomplete set of parameters");
verifyMD5("cancel");
cancel();;
break;
default:
response(5, "Wrong command: " . $_GET["command"]);
}
}
catch (PDOException $e) {
response(1, "Error: " . $e->getMessage());
}
}
function verifyIP()
{
$whiteList = array(
"94.103.26.178","94.103.26.181","159.255.220.241","159.255.220.242",
"159.255.220.243","159.255.220.244","159.255.220.245","159.255.220.246",
"159.255.220.247","159.255.220.248","159.255.220.249","159.255.220.250",
"159.255.220.251","159.255.220.252","159.255.220.253","159.255.220.254"
);
return true;
}
function verifyMD5($command = NULL)
{
// $sk="password";
$sk = "hlRxdK58Ikw7Lpwk";
$md5Str = "";
switch ($command) {
case "check":
$md5Str = "check" . $_GET["v1"] . $sk;
break;
case "pay":
$md5Str = "pay" . $_GET["v1"] . $_GET["id"] . $sk;
break;
case "cancel":
$md5Str = "cancel" . $_GET["id"] . $sk;
break;
}
if (strtolower(md5($md5Str)) != strtolower($_GET["md5"]))
response(3);
}
function check()
{
if (isUserExists())
response(0);
response(7);
}
function pay()
{
if (!isUserExists())
response(2);
$date = getDateIfCorrect();
if (isInvoiceExists())
response(0);
$id = $_GET["id"]+$_GET["sum"];
$v1 = $_GET["v1"];
$sum = $_GET["sum"];
$invoice = $_GET["id"];
if (!preg_match("/^[0-9]+(.[0-9]{2})?$/", $sum))
response(4, "Invalid payment sum format");
global $dbh;
$dbh->exec("insert into payments (id, invoice, v1, sum, payment_date, date_xsolla, status)
values ('$id',$invoice,'$v1',$sum, now(), str_to_date('$date','%Y-%m-%d %T'),0)
");
response(0);
}
function cancel()
{
$invoice = isInvoiceExists();
if (!$invoice)
response(5, "The transaction number don't exist");
if ($invoice['canceled'])
response(0);
global $dbh;
$dbh->exec("update payments
set canceled=1, canceled_date=now()
where invoice={$invoice['invoice']}
");
$sth = $dbh->query("select v1,sum
from payments
where invoice={$invoice['invoice']}
");
$v1_sum = $sth->fetch();
$dbh->exec("update users
set almaz=round(almaz-{$v1_sum['sum']},2)
where id='{$v1_sum['v1']}'
");
response(0);
}
function isUserExists()
{
$v1 = $_GET["v1"];
global $dbh;
$sth = $dbh->query("select usr from users where id='$v1'");
if ($sth->fetch())
return true;
return false;
}
function isInvoiceExists()
{
$invoice = $_GET["id"];
try {
global $dbh;
$sth = $dbh->query("select invoice, canceled from payments where invoice=$invoice");
$invoice = $sth->fetch();
if ($invoice)
return $invoice;
return false;
}
catch (PDOException $e) {
response(1, "Error: " . $e->getMessage());
}
}
function getDateIfCorrect()
{
$parts = array();
preg_match("/^([0-9]{4}-[0-9]{2}-[0-9]{2}) ([0-9]{2}:[0-9]{2}:[0-9]{2})$/", $_GET["date"], $parts);
if (count($parts) !== 3)
response(4, "Invalid date format");
return $parts[1] . " " . $parts[2];
}
function response($result, $comment = NULL)
{
switch ($result) {
case 0:$comment = "OK";break;
case 1: $comment = "Temporary error, repeat the request later. n" . $comment ;break;
case 2:$comment = "Invalid user's ID";break;
case 3:$comment = "Invalid md5 signature";break;
case 4:break; //Invalid request format (invalid sum, incomplete set of parameters)
case 5:break; //Another error (preferable should be describe in comment)
case 7:$comment = "Transaction for this user is denied due to technical difficulties";
break;
}
$response = new SimpleXMLElement("<response></response>");
$response->addChild("result", $result);
if ($_GET['command'] == "pay") {
$response->addChild("id", $_GET['id']);
$response->addChild("sum", $_GET['sum']);
$response->addChild("id_shop", $_GET['id']+$_GET['sum']);
}
$response->addChild("comment", $comment);
header("Content-Type: text/xml; charset=utf-8");
echo $response->asXML();
global $dbh;
$dbh = null;
die();
}
?>