· 5 years ago · Apr 28, 2020, 01:02 PM
1<?php
2 if(!DEFINED('EGP'))
3 exit(header('Refresh: 0; URL=http://'.$_SERVER['SERVER_NAME'].'/404'));
4
5 function md5sign($params, $secretKey)
6 {
7 ksort($params);
8 unset($params['sign']);
9
10 return md5(join(null, $params).$secretKey);
11 }
12
13 function getSignature($method, $params, $secretKey)
14 {
15 ksort($params);
16 unset($params['sign']);
17 unset($params['signature']);
18 array_push($params, $secretKey);
19 array_unshift($params, $method);
20
21 return hash('sha256', join('{up}', $params));
22 }
23
24 $unitpayIp = array('31.186.100.49', '178.132.203.105', '52.29.152.23', '52.19.56.234');
25
26 if(!in_array($uip, $unitpayIp))
27 sys::outjs(array('error' => array('message' => 'Некорректный адрес сервера')));
28
29 $secretKey = $cfg['unitpay_key'];
30 $params = $_GET['params'];
31
32 if($params['signature'] != getSignature($_GET['method'], $params, $secretKey))
33 sys::outjs(array('error' => array('message' => 'Некорректная цифровая подпись')));
34
35 if(!in_array($_GET['method'], array('pay', 'check', 'error')))
36 sys::outjs(array('error' => array('message' => 'Некорректный метод')));
37
38 // Оплата по ключу
39 if(!sys::valid($params['account'], 'md5'))
40 {
41 $sql->query('SELECT `id`, `server`, `price` FROM `privileges_buy` WHERE `key`="'.$params['account'].'" LIMIT 1');
42 if(!$sql->num())
43 sys::outjs(array('error' => array('message' => 'bad key: '.$params['account'])));
44
45 $privilege = $sql->get();
46
47 $money = round($params['sum']*$cfg['curinrub'], 2);
48
49 if($money < $privilege['price'])
50 sys::outjs(array('error' => array('message' => 'bad sum')));
51
52 $sql->query('SELECT `user` FROM `servers` WHERE `id`="'.$privilege['server'].'" LIMIT 1');
53 if(!$sql->num())
54 sys::outjs(array('error' => array('message' => 'bad server')));
55
56 $server = $sql->get();
57
58 $sql->query('SELECT `id`, `balance`, `part_money` FROM `users` WHERE `id`="'.$server['user'].'" LIMIT 1');
59 if(!$sql->num())
60 sys::outjs(array('error' => array('message' => 'bad owner')));
61
62 if(isset($_GET['method']) AND $_GET['method'] == 'check')
63 sys::outjs(array('result' => array('message' => 'Запрос успешно обработан')));
64
65 $user = $sql->get();
66
67 if($cfg['part_money'])
68 $sql->query('UPDATE `users` set `part_money`="'.($user['part_money']+$money).'" WHERE `id`="'.$user['id'].'" LIMIT 1');
69 else
70 $sql->query('UPDATE `users` set `balance`="'.($user['balance']+$money).'" WHERE `id`="'.$user['id'].'" LIMIT 1');
71
72 $sql->query('INSERT INTO `logs` set `user`="'.$user['id'].'", `text`="'.sys::updtext(sys::text('logs', 'profit'),
73 array('server' => $privilege['server'], 'money' => $money)).'", `date`="'.$start_point.'", `type`="part", `money`="'.$money.'"');
74
75 $sql->query('UPDATE `privileges_buy` set `status`="1" WHERE `id`="'.$privilege['id'].'" LIMIT 1');
76
77 sys::outjs(array('result' => array('message' => 'Запрос успешно обработан')));
78 }
79
80 switch($_GET['method'])
81 {
82 case 'pay':
83 $sum = round($params['sum'], 2);
84
85 $user = intval($params['account']);
86
87 $sql->query('SELECT `id`, `balance`, `part` FROM `users` WHERE `id`="'.$user.'" LIMIT 1');
88 if(!$sql->num())
89 sys::outjs(array('result' => array('message' => 'Пользователь c ID: '.$user.' не найден')));
90
91 $user = $sql->get();
92
93 $money = round($user['balance']+$sum*$cfg['curinrub'], 2);
94
95 if($cfg['part'])
96 {
97 $part_sum = round($sum/100*$cfg['part_proc'], 2);
98
99 $sql->query('SELECT `balance`, `part_money` FROM `users` WHERE `id`="'.$user['part'].'" LIMIT 1');
100 if($sql->num())
101 {
102 $part = $sql->get();
103
104 if($cfg['part_money'])
105 $sql->query('UPDATE `users` set `part_money`="'.($part['part_money']+$part_sum).'" WHERE `id`="'.$user['part'].'" LIMIT 1');
106 else
107 $sql->query('UPDATE `users` set `balance`="'.($part['balance']+$part_sum).'" WHERE `id`="'.$user['part'].'" LIMIT 1');
108
109 $sql->query('INSERT INTO `logs` set `user`="'.$user['part'].'", `text`="'.sys::updtext(sys::text('logs', 'part'),
110 array('part' => $uid, 'money' => $part_sum)).'", `date`="'.$start_point.'", `type`="part", `money`="'.$part_sum.'"');
111 }
112 }
113
114 $sql->query('UPDATE `users` set `balance`="'.$money.'" WHERE `id`="'.$user['id'].'" LIMIT 1');
115
116 $sql->query('INSERT INTO `logs` set `user`="'.$user['id'].'", `text`="Пополнение баланса на сумму: '.$sum.' '.$cfg['currency'].'", `date`="'.$start_point.'", `type`="replenish", `money`="'.$sum.'"');
117
118 sys::outjs(array('result' => array('message' => 'Запрос успешно обработан')));
119
120 case 'check':
121 $sql->query('SELECT `id` FROM `users` WHERE `id`="'.intval($params['account']).'" LIMIT 1');
122 if($sql->num())
123 sys::outjs(array('result' => array('message' => 'Запрос успешно обработан')));
124
125 sys::outjs(array('jsonrpc' => "2.0", 'error' => array('code' => -32000, 'message' => 'Пользователь не найден'), 'id' => 1));
126
127 case 'error':
128 sys::outjs(array('result' => array('message' => 'Запрос успешно обработан')));
129 }
130?>