· 4 years ago · Jan 19, 2021, 08:10 PM
1<?
2
3$SysValue = parse_ini_file("../../phpshop/inc/config.ini", 1);
4while (list($section, $array) = each($SysValue))
5 while (list($key, $value) = each($array))
6 $SysValue['other'][chr(73) . chr(110) . chr(105) . ucfirst(strtolower($section)) . ucfirst(strtolower($key))] = $value;
7
8function callback( $data, $SysValue )
9{
10 $method = '';
11 $params = array();
12 if ((isset($data['params'])) && (isset($data['method'])) && (isset($data['params']['signature']))) {
13 $params = $data['params'];
14 $method = $data['method'];
15 $signature = $params['signature'];
16
17 $secret_key = $SysValue['unitpay']['secret_key'];
18
19 if (empty($signature)) {
20 $status_sign = false;
21 } else {
22 $status_sign = verifySignature($params, $method, $secret_key);
23 }
24 } else {
25 $status_sign = false;
26 }
27// $status_sign = true;
28 if ($status_sign) {
29 switch ($method) {
30 case 'check':
31 $result = check($params, $SysValue);
32 break;
33 case 'pay':
34 $result = pay($params, $SysValue);
35 break;
36 case 'error':
37 $result = error($params, $SysValue);
38 break;
39 default:
40 $result = array('error' =>
41 array('message' => 'неверный метод')
42 );
43 break;
44 }
45 } else {
46 $result = array('error' =>
47 array('message' => 'неверная сигнатура')
48 );
49 }
50 hardReturnJson($result);
51}
52function check( $params, $SysValue )
53{
54
55 $link_db = mysqli_connect($SysValue['connect']['host'], $SysValue['connect']['user_db'], $SysValue['connect']['pass_db']);
56 mysqli_select_db($link_db,$SysValue['connect']['dbase']);
57
58 $sql = "select sum from " . $SysValue['base']['table_name1'] . " where uid=\"" . mysqli_real_escape_string($link_db, $params['account']) . "\" limit 1";
59 $r = mysqli_query($link_db,$sql);
60 $num = @mysqli_num_rows($r);
61
62 if (!empty($num)) {
63
64 $row = mysqli_fetch_row($r);
65 $total = $row[0];
66
67 //general setting id currency
68 $sql = "select dengi from " . $SysValue['base']['table_name3'] . " limit 1";
69 $r = mysqli_query($link_db,$sql);
70 $row = mysqli_fetch_row($r);
71
72 //iso code from currency id
73 $sql = "select iso from " . $SysValue['base']['table_name24'] . " where id=\"" . $row[0] . "\" limit 1";
74 $r = mysqli_query($link_db,$sql);
75 $row = mysqli_fetch_row($r);
76
77 $ISOCode = $row[0];
78
79 if ((float) number_format($total, 2, '.', '') != (float) number_format($params['orderSum'], 2, '.', '')) {
80 $result = array('error' =>
81 array('message' => 'не совпадает сумма заказа')
82 );
83 }elseif ($ISOCode != $params['orderCurrency']) {
84 $result = array('error' =>
85 array('message' => 'не совпадает валюта заказа')
86 );
87 }
88 else{
89
90 $result = array('result' =>
91 array('message' => 'Запрос успешно обработан')
92 );
93 }
94
95 } else {
96 $result = array('error' =>
97 array('message' => 'заказа не существует')
98 );
99 }
100
101
102 return $result;
103}
104function pay( $params, $SysValue )
105{
106 $link_db = mysqli_connect($SysValue['connect']['host'], $SysValue['connect']['user_db'], $SysValue['connect']['pass_db']);
107 mysqli_select_db($link_db,$SysValue['connect']['dbase']);
108
109 $sql = "select sum from " . $SysValue['base']['table_name1'] . " where uid=\"" . mysqli_real_escape_string($link_db, $params['account']) . "\" limit 1";
110 $r = mysqli_query($link_db,$sql);
111 $num = @mysqli_num_rows($r);
112
113 if (!empty($num)) {
114
115 $row = mysqli_fetch_row($r);
116 $total = $row[0];
117
118 //general setting id currency
119 $sql = "select dengi from " . $SysValue['base']['table_name3'] . " limit 1";
120 $r = mysqli_query($link_db,$sql);
121 $row = mysqli_fetch_row($r);
122
123 //iso code from currency id
124 $sql = "select iso from " . $SysValue['base']['table_name24'] . " where id=\"" . $row[0] . "\" limit 1";
125 $r = mysqli_query($link_db,$sql);
126 $row = mysqli_fetch_row($r);
127
128 $ISOCode = $row[0];
129
130 if ((float) number_format($total, 2, '.', '') != (float) number_format($params['orderSum'], 2, '.', '')) {
131 $result = array('error' =>
132 array('message' => 'не совпадает сумма заказа')
133 );
134 }elseif ($ISOCode != $params['orderCurrency']) {
135 $result = array('error' =>
136 array('message' => 'не совпадает валюта заказа')
137 );
138 }
139 else{
140
141 $arr = explode("-", $params['account']);
142 $inv_id = $arr[0]."".$arr[1];
143
144 $sql = "INSERT INTO " . $SysValue['base']['table_name33'] . " VALUES
145 ($inv_id,'Unitpay','{$params['orderSum']}','" . date("U") . "')";
146 $r = mysqli_query($link_db,$sql);
147
148
149 $result = array('result' =>
150 array('message' => 'Запрос успешно обработан')
151 );
152 }
153
154 } else {
155 $result = array('error' =>
156 array('message' => 'заказа не существует')
157 );
158 }
159
160 return $result;
161}
162function error( $params, $SysValue )
163{
164 $result = array('result' =>
165 array('message' => 'Запрос успешно обработан')
166 );
167 return $result;
168}
169function getSignature($method, array $params, $secretKey)
170{
171 ksort($params);
172 unset($params['sign']);
173 unset($params['signature']);
174 array_push($params, $secretKey);
175 array_unshift($params, $method);
176 return hash('sha256', join('{up}', $params));
177}
178function verifySignature($params, $method, $secret)
179{
180 return $params['signature'] == getSignature($method, $params, $secret);
181}
182function hardReturnJson( $arr )
183{
184 header('Content-Type: application/json');
185 $result = json_encode($arr);
186 die($result);
187}
188
189$data = $_GET;
190callback($data, $SysValue);