· 6 years ago · Sep 01, 2019, 10:30 AM
1<?php
2require("../../mainconfig.php");
3header("Content-Type: application/json");
4
5if (isset($_POST['api_key']) AND isset($_POST['action'])) {
6 $post_key = $_POST['api_key'];
7 $post_action = $_POST['action'];
8 if (empty($post_key) || empty($post_action)) {
9 $array = array("error" => "Incorrect request");
10 } else {
11 $check_user = mysqli_query($db, "SELECT * FROM users WHERE api_key = '$post_key'");
12 $data_user = mysqli_fetch_assoc($check_user);
13 if (mysqli_num_rows($check_user) == 1) {
14 $username = $data_user['username'];
15 if ($post_action == "order") {
16 if (isset($_POST['service']) AND isset($_POST['phone'])) {
17 $post_service = $_POST['service'];
18 $post_phone = $_POST['phone'];
19
20 if (empty($post_service) || empty($post_phone)) {
21 $array = array("error" => "Request Tidak Sesuai");
22 } else {
23 $check_service = mysqli_query($db, "SELECT * FROM services_pulsa WHERE pid = '$post_service' AND status = 'Active'");
24 $data_service = mysqli_fetch_assoc($check_service);
25
26 $check_orders = mysqli_query($db, "SELECT * FROM orders_pulsa WHERE data = '$post_data' AND status = 'Pending'");
27 $data_orders = mysqli_fetch_assoc($check_orders);
28
29 if (mysqli_num_rows($check_service) == 0) {
30 $array = array("error" => "Layanan Tidak Tersedia");
31 } else if (mysqli_num_rows($check_orders) == 1) {
32 $array = array("error" => "Terdapat Orderan Yang Sama Berstatus Pending");
33 } else {
34 $nn = 1;
35 $price = $data_service['price'];
36 $service = $data_service['name'];
37 $provider = $data_service['provider'];
38 $pid = $data_service['pid'];
39 if ($data_user['balance'] < $price) {
40 $array = array("error" => "Saldo Tidak Mencukupi");
41 } else {
42 $check_provider = mysqli_query($db, "SELECT * FROM provider WHERE code = '$provider'");
43 $data_provider = mysqli_fetch_assoc($check_provider);
44 $provider_key = $data_provider['api_key'];
45 $provider_link = $data_provider['link'];
46
47 $postdata = "api_key=$api_key&service=$post_service&phone=$post_phone";
48 $apibase= $api_link;
49
50 $ch = curl_init();
51curl_setopt($ch, CURLOPT_URL, "https://serverh2h.id/order/pulsa");
52curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
53curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
54curl_setopt($ch, CURLOPT_POST, 1);
55curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
56 $chresult = curl_exec($ch);
57 curl_close($ch);
58 $json_result = json_decode($chresult, true);
59
60
61 if ($json_result['error'] == true) {
62 $msg_type = "error";
63 $msg_content = "<b>Gagal:</b>".$json_result['error'];
64 } else {
65 $oid = $json_result['code_trx'];
66
67 $update_user = mysqli_query($db, "UPDATE users SET balance = balance-$price WHERE username = '$username'");
68 if ($update_user == TRUE) {
69 $insert_order = mysqli_query($db, "INSERT INTO balance_history (username, action, quantity, msg, date, time) VALUES ('$username', 'Cut Balance', '$price', 'Saldo dipotong untuk pembelian $service, OID => $oid', '$date', '$time')");
70 $insert_order = mysqli_query($db, "INSERT INTO orders_pulsa (oid, user, service, price, phone, status, date, place_from, provider) VALUES ('$oid', '$username', '$service', '$price', '$post_phone', 'Pending', '$date', 'API', '$provider')");
71 $insert_order = mysqli_query($db, "UPDATE hof SET pembelian_pulsa = pembelian_pulsa+$price, jumlah_pulsa = jumlah_pulsa+$hof WHERE username = '$username'");
72 if ($insert_order == TRUE) {
73 $array = array(
74 "data" => array(
75 "id" => "$oid"
76 ));
77 } else {
78 $array = array("error" => "System error");
79 }
80 } else {
81 $array = array("error" => "System error");
82 }
83 }
84 }
85 }
86 }
87
88
89
90 } else {
91 $array = array("error" => "Request Tidak Sesuai");
92 }
93 } else {
94 $array = array("error" => "Action Tidak Sesuai !!");
95 }
96 } else {
97 $array = array("error" => "Api Key Salah !!");
98 }
99 }
100 } else {
101 $array = array("error" => "incorect request !!");
102 }
103
104
105
106
107$print = json_encode($array);
108print_r($print);