· 9 years ago · Sep 05, 2016, 08:04 AM
1<?PHP
2/**
3 * Pingback Listener Script
4 * For Virtual Currency API
5 * Copyright (c) 2010-2013 Paymentwall Team
6 */
7
8/**
9 * Define your application-specific options
10 */
11define('SECRET', 'dbdbfa76ae486d16595df369b071f61e'); // secret key of your application
12define('IP_WHITELIST_CHECK_ACTIVE', true);
13
14define('CREDIT_TYPE_CHARGEBACK', 2);
15
16/**
17 * The IP addresses below are Paymentwall's
18 * servers. Make sure your pingback script
19 * accepts requests from these addresses ONLY.
20 *
21 */
22$ipsWhitelist = array(
23 '174.36.92.186',
24 '174.36.96.66',
25 '174.36.92.187',
26 '174.36.92.192',
27 '174.37.14.28'
28);
29
30/**
31 * Collect the GET parameters from the request URL
32 */
33$secret_key = "dbdbfa76ae486d16595df369b071f61e";
34$userId = isset($_GET['uid']) ? $_GET['uid'] : null;
35$credits = isset($_GET['currency']) ? $_GET['currency'] : null;
36$type = isset($_GET['type']) ? $_GET['type'] : null;
37$refId = isset($_GET['ref']) ? $_GET['ref'] : null;
38$signature = isset($_GET['sig']) ? $_GET['sig'] : null;
39$sign_version = isset($_GET['sign_version']) ? $_GET['sign_version'] : null;
40
41$result = false;
42
43/**
44 * If there are any errors encountered, the script will list them
45 * in an array.
46 */
47
48function checkHash()
49{
50if($signature == md5("uid=".$userId."currency=".$credits."type=".$type."ref=".$refId."".$secret_key.""))
51{
52return true;
53}
54}
55
56$errors = array ();
57if (checkHash())
58{
59if (!empty($userId) && !empty($credits) && isset($type) && !empty($refId)) {
60 if (!true || in_array($_SERVER['REMOTE_ADDR'], $ipsWhitelist)) {
61 $result = true;
62 if ($type == CREDIT_TYPE_CHARGEBACK) {
63 $sqlServ1 = mysql_connect('ip', 'user', 'password');
64 $sqlCoins = "SELECT coins FROM account.account WHERE login='$userId'";
65 $qryCoins = mysql_query($sqlCoins,$sqlServ1);
66 $getCoins = mysql_fetch_object($qryCoins);
67 $ocoins = $getCoins->coins;
68 $nCoins = $ocoins + $credits;
69 $sqlCmd1 = "UPDATE account.account SET coins ='$nCoins' WHERE login='$userId'";
70 $sqlQry1 = mysql_query($sqlCmd1,$sqlServ1);
71 } else {
72 $timestamp = date("Y-m-d H:i:s", time());
73 $sqlServ1 = mysql_connect('ip', 'user', 'password');
74 $sqlCoins = "SELECT coins FROM account.account WHERE login='$userId'";
75 $qryCoins = mysql_query($sqlCoins,$sqlServ1);
76 $getCoins = mysql_fetch_object($qryCoins);
77 $ocoins = $getCoins->coins;
78 $nCoins = $ocoins + $credits;
79 $sqlCmd1 = "UPDATE account.account SET coins = '$nCoins' WHERE login='$userId'";
80 $sqlQry1 = mysql_query($sqlCmd1,$sqlServ1);
81 $sqllogtotal = "INSERT INTO account.coins_total (`account_id`,`total`) VALUES('$userId', total+$credits) ON DUPLICATE KEY UPDATE `account_id`='$userId',total=total+$credits";
82 $sqlQrylogtotal = mysql_query($sqllogtotal,$sqlServ1);
83 }
84 } else {
85 $errors['whitelist'] = 'IP not in whitelist!';
86 }
87} else {
88 $errors['params'] = 'Missing parameters!';
89}
90} else{
91 echo 'Wrong Signature!';
92}
93
94if ($result) {
95 echo 'OK';
96} else {
97 echo implode(' ', $errors);
98}