· 7 years ago · Nov 14, 2018, 09:34 PM
1<?php
2
3
4
5include '../includes/imperiamucms.php';
6loadModuleConfigs('donation.paymentwall');
7$secret_key = mconfig('pw_secret_key');
8$app_key = mconfig('pw_app_key');
9$userId = (isset($_GET['uid']) ? $_GET['uid'] : null);
10if ('ps' === mconfig('pw_api')) {
11 $credits = (isset($_GET['currency']) ? $_GET['currency'] : null);
12} else {
13 $credits = (isset($_GET['goodsid']) ? $_GET['goodsid'] : null);
14}
15
16$type = (isset($_GET['type']) ? $_GET['type'] : null);
17$refId = (isset($_GET['ref']) ? $_GET['ref'] : null);
18$signature = (isset($_GET['sig']) ? $_GET['sig'] : null);
19$sign_version = (isset($_GET['sign_version']) ? $_GET['sign_version'] : null);
20$result = false;
21if ($credits < 0) {
22 $credits = abs($credits);
23}
24
25if (empty($sign_version) || $sign_version <= 1) {
26 $signatureParams = ['uid' => $userId, 'goodsid' => $goodsid, 'slength' => $length, 'speriod' => $period, 'type' => $type, 'ref' => $refId];
27} else {
28 $signatureParams = [];
29 foreach ($_GET as $param => $value) {
30 $signatureParams[$param] = $value;
31 }
32 unset($signatureParams['sig']);
33}
34
35$signatureCalculated = calculatepingbacksignature($signatureParams, $secret_key, $sign_version);
36$error = false;
37if (!check_value($userId) || !check_value($credits) || !check_value($type) || !check_value($refId) || !check_value($signature)) {
38 $error = true;
39 $code = 100;
40}
41
42if ($signature !== $signatureCalculated) {
43 $error = true;
44 $code = 101;
45}
46
47if (!$common->userExists($userId)) {
48 $error = true;
49 $code = 102;
50}
51
52if ($common->accountOnline($userId) && mconfig('check_online')) {
53 $error = true;
54 $code = 103;
55}
56
57$checkTID = $dB->query_fetch_single('SELECT * FROM IMPERIAMUCMS_PW_TRANSACTIONS WHERE transaction_id = ?', [$refId]);
58if (is_array($checkTID && 2 !== $type)) {
59 $error = true;
60 $code = 104;
61}
62
63if (!in_array($_SERVER['REMOTE_ADDR'], ['174.36.92.186', '174.36.96.66', '174.36.92.187', '174.36.92.192', '174.37.14.28'], true)) {
64 // $error = true;
65 // $code = 105;
66}
67
68$user_id = $common->retrieveUserID($userId);
69if (null === $user_id || empty($user_id)) {
70 $user_id = 0;
71}
72
73if (!$error) {
74 try {
75 if (!Validator::UnsignedNumber($user_id)) {
76 throw new Exception('invalid userid');
77 }
78
79 $accountInfo = $common->accountInformation($user_id);
80 if (!is_array($accountInfo)) {
81 throw new Exception('invalid account');
82 }
83
84 $creditSystem = new CreditSystem($common, new Character(), $dB, $dB2);
85 $creditSystem->setConfigId(mconfig('credit_config'));
86 $configSettings = $creditSystem->showConfigs(true);
87 switch ($configSettings['config_user_col_id']) {
88 case 'userid':
89 $creditSystem->setIdentifier($accountInfo[_CLMN_MEMBID_]);
90
91 break;
92 case 'username':
93 $creditSystem->setIdentifier($accountInfo[_CLMN_USERNM_]);
94
95 break;
96 case 'email':
97 $creditSystem->setIdentifier($accountInfo[_CLMN_EMAIL_]);
98
99 break;
100 default:
101 throw new Exception('invalid identifier');
102 }
103 $_GET['page'] = 'api';
104 $_GET['subpage'] = 'paymentwall';
105 if (2 === $type) {
106 $creditSystem->subtractCredits($credits);
107 $xtype = 'chargeback';
108 } else {
109 if (0 === $type || 1 === $type) {
110 $creditSystem->addCredits($credits);
111 $xtype = 'payment';
112 }
113 }
114
115 $checkTrans = $dB->query_fetch_single('SELECT transaction_id FROM IMPERIAMUCMS_PW_TRANSACTIONS WHERE transaction_id = ? AND type = ?', [$refId, $xtype]);
116 if ($checkTrans['transaction_id'] === $refId) {
117 echo 'Duplicated REF';
118 } else {
119 $add_logs_data = [$refId, $user_id, $credits, time(), $xtype];
120 switch (mconfig('credit_config')) {
121 case 1:
122 $currencyType = lang('currency_platinum', true);
123
124 break;
125 case 2:
126 $currencyType = lang('currency_gold', true);
127
128 break;
129 case 3:
130 $currencyType = lang('currency_silver', true);
131
132 break;
133 case 4:
134 $currencyType = lang('currency_wcoinc', true);
135
136 break;
137 case 5:
138 $currencyType = lang('currency_gp', true);
139
140 break;
141 case 6:
142 $currencyType = 'Zen';
143
144 break;
145 default:
146 $currencyType = 'unknown';
147
148 break;
149 }
150 $add_logs = $dB->query('INSERT INTO IMPERIAMUCMS_PW_TRANSACTIONS (transaction_id,user_id,credits_amount,transaction_date,type) VALUES (?, ?, ?, ?, ?)', $add_logs_data);
151 $result = true;
152 echo 'OK';
153 }
154 } catch (Exception $ex) {
155 $add_error_logs_data = [$refId, $user_id, $credits, time(), $code];
156 $add_error_logs = $dB->query('INSERT INTO IMPERIAMUCMS_PW_ERROR_LOGS (transaction_id,user_id,credits_amount,transaction_date,error_code) VALUES (?, ?, ?, ?, ?)', $add_error_logs_data);
157 $result = false;
158 echo 'ERROR';
159 }
160} else {
161 $add_error_logs_data = [$refId, $user_id, $credits, time(), $code];
162 $add_error_logs = $dB->query('INSERT INTO IMPERIAMUCMS_PW_ERROR_LOGS (transaction_id,user_id,credits_amount,transaction_date,error_code) VALUES (?, ?, ?, ?, ?)', $add_error_logs_data);
163 $result = false;
164 echo 'ERROR';
165}
166
167function calculatePingbackSignature($params, $secret, $version)
168{
169 $str = '';
170 if (2 === $version) {
171 ksort($params);
172 }
173
174 foreach ($params as $k => $v) {
175 $str .= (string) $k.'='.$v;
176 }
177 $str .= $secret;
178
179 return md5($str);
180}
181
182?>