· last year · Aug 17, 2024, 02:40 PM
1<?php
2
3//POST vs GET?
4
5 if($_GET){
6
7 // Filtracja przesłanych danych
8
9
10 if(isset($_GET['key'])==0){
11
12 die("Brak klucz api!
13");
14
15 }
16
17 if(isset($_GET['pay'])==0){
18
19 die("Brak klucza platnosci!
20");
21
22 }
23
24 if(isset($_GET['buyer'])==0){
25
26 $buyer = NULL;
27
28 }else{
29
30 $buyer = urldecode($_GET['buyer']);}
31
32 if(isset($_GET['code'])==0){
33
34 die("Brak kodu do sprawdzenia!
35");
36
37 }
38
39 $code = $_GET['code'];
40
41 if(!preg_match("/^[A-Za-z0-9]{8}$/",$code)){
42
43 die("Zly format kodu!
44");
45
46 }
47
48
49
50
51 try{
52
53 $servername = "localhost";
54
55 $username = "root";
56
57 $password = "T45R52g2";
58
59 $dbname = "sms";
60
61
62 $dbHandle = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
63
64 //echo 'Połączenie nawiązane!
65';
66
67 //$dbHandle->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
68
69 }
70
71 catch (PDOException $e)
72
73 {
74
75 //$dbHandle = null;
76
77 die("Błąd połączenia z bazą!: " . $e->getMessage() . "
78");
79
80 }
81
82
83 //pobiera id z klucza api
84
85 $statement = $dbHandle->prepare('SELECT id FROM api_key WHERE aut = :key');
86
87 $statement->bindValue(':key', $_GET['key'], PDO::PARAM_STR);
88
89 $statement->execute();
90
91 //czy zwraca
92
93 if($statement->rowCount() != 1){$dbHandle = null; $statement->closeCursor(); die("Błędny klucz API!
94");}
95
96
97 foreach($statement as $row)
98
99 $iduser = $row['id'];
100
101 $statement->closeCursor();
102
103 //echo 'Dobry klucz API! '.$iduser.'
104';
105
106
107 //sprawdza poprawnosc i istnienie pay
108
109 $statement = $dbHandle->prepare('SELECT inter FROM api_sms_pay WHERE id = :pay');
110
111 $statement->bindValue(':pay', $_GET['pay'], PDO::PARAM_INT);
112
113 $statement->execute();
114
115 //czy zwraca
116
117 if($statement->rowCount() != 1){$dbHandle = null; $statement->closeCursor(); die("Błędny klucz platnosci!
118");}
119
120
121 foreach($statement as $row)
122
123 $inter = $row['inter'];
124
125 $statement->closeCursor();
126
127 //echo 'Dobry klucz platnosci! Inter = '.$inter.'
128';
129
130
131
132
133
134 // 0 - HomePay 1 - CashBill
135
136 switch ($inter) {
137
138 case 0:
139
140 $statement = $dbHandle->prepare('SELECT id_acc, cost FROM api_sms_pay WHERE id = :pay');
141
142 $statement->bindValue(':pay', $_GET['pay'], PDO::PARAM_INT);
143
144 $statement->execute();
145
146 foreach($statement as $row){
147
148 $acc = $row['id_acc'];
149
150 $cost = $row['cost'];
151
152 }
153
154 $statement->closeCursor();
155
156 /*KOD MA WYKONYWAC PO DOSTARCZENIU CODE*/
157
158 $handle=fopen("http://homepay.pl/API/check_code.php?usr_id=3078 &acc_id=".$acc."&code=".$code,'r');
159
160 $check=fgets($handle,8);
161
162 fclose($handle); //dotad ok!!
163
164 //$check=1; //debug
165
166 switch($check){
167
168 case 0:
169
170 die("0"); //Nieprawidlowy kod
171
172 break;
173
174 case 1:
175
176
177 $cost*=0.47; //normalnie 48%
178
179
180 $statement = $dbHandle->prepare('INSERT INTO api_sms_history (id_user, code, buyer, cost) VALUES (:id, :code, :buyer, :cost)');
181
182 $statement->bindValue(':buyer', $buyer, PDO::PARAM_STR);
183
184 $statement->bindValue(':code', $code, PDO::PARAM_STR);
185
186 $statement->bindValue(':cost', $cost, PDO::PARAM_INT);
187
188 $statement->bindValue(':id', $iduser, PDO::PARAM_INT);
189
190 $statement->execute();
191
192
193 $statement = $dbHandle->prepare('SELECT wallet1 FROM konta WHERE id = :id');
194
195 $statement->bindValue(':id', $iduser, PDO::PARAM_INT);
196
197 $statement->execute();
198
199 foreach($statement as $row)
200
201 $wallet1 = $row['wallet1'];
202
203
204 $wallet1+=$cost;
205
206
207 $statement = $dbHandle->prepare("UPDATE konta SET wallet1=:wallet1 WHERE id = :id");
208
209 $statement->bindValue(':id', $iduser, PDO::PARAM_INT);
210
211 $statement->bindValue(':wallet1', $wallet1, PDO::PARAM_INT);
212
213 $statement->execute();
214
215
216
217 $dbHandle = null; die ("1"); //powodzenie platnosci
218
219 break;
220
221 case 2:
222
223 $dbHandle = null; die ("1"); //powodzenie platnosci
224
225 break;
226
227 default:
228
229 $dbHandle = null; die("Niepowodzenie płatności"); //niepowodzenie platnosci
230
231 break;
232
233 }
234
235 break;
236
237 case 1:
238
239 $statement = $dbHandle->prepare('SELECT sufix, numer, cost FROM api_sms_pay WHERE id = :pay');
240
241 $statement->bindValue(':pay', $_GET['pay'], PDO::PARAM_INT);
242
243 $statement->execute();
244
245 foreach($statement as $row){
246
247 $sufix = $row['sufix'];
248
249 $numer = $row['numer'];
250
251 $cost = $row['cost'];
252
253 }
254
255 $statement->closeCursor();
256
257 /*KOD MA WYKONYWAC PO DOSTARCZENIU CODE*/
258
259 $idcb = ''; # kod referencyjny (ref)
260
261 $txt = urlencode('ag.'.$sufix); # pelny prefiks kodów bezobslugowych
262
263 $handle=fopen("http://sms.cashbill.pl/backcode_check_fulloutput.php?id=".$idcb."&code=".$txt."&check=".$code."", 'r');
264
265 $status = fgets($handle, 8);
266
267 $czas_zycia = fgets($handle, 24);
268
269 $foo = fgets($handle, 96); //tresc
270
271 $bramka = fgets($handle, 96); //nr na ktory wyslano
272
273 fclose($handle); //dotad ok!!
274
275
276 //echo $numer.'='.$bramka.'';
277
278
279 if($status == '0')
280
281 {
282
283die("0"); //Nieprawidlowy kod
284
285 }
286
287 else
288
289 {
290
291 if($numer!=$bramka){unset($numer); $dbHandle = null; die("Nie oszukuj");}
292
293
294// kod prawidlowy
295
296 $cost*=0.49; //normalnie 50%
297
298
299 $statement = $dbHandle->prepare('INSERT INTO api_sms_history (id_user, code, buyer, cost) VALUES (:id, :code, :buyer, :cost)');
300
301 $statement->bindValue(':buyer', $buyer, PDO::PARAM_STR);
302
303 $statement->bindValue(':code', $code, PDO::PARAM_STR);
304
305 $statement->bindValue(':cost', $cost, PDO::PARAM_INT);
306
307 $statement->bindValue(':id', $iduser, PDO::PARAM_INT);
308
309 $statement->execute();
310
311
312 $statement = $dbHandle->prepare('SELECT wallet1 FROM konta WHERE id = :id');
313
314 $statement->bindValue(':id', $iduser, PDO::PARAM_INT);
315
316 $statement->execute();
317
318 foreach($statement as $row)
319
320 $wallet1 = $row['wallet1'];
321
322
323 $wallet1+=$cost;
324
325
326 $statement = $dbHandle->prepare("UPDATE konta SET wallet1=:wallet1 WHERE id = :id");
327
328 $statement->bindValue(':id', $iduser, PDO::PARAM_INT);
329
330 $statement->bindValue(':wallet1', $wallet1, PDO::PARAM_INT);
331
332 $statement->execute();
333
334
335
336 $dbHandle = null; die ("1"); //powodzenie platnosci
337
338 }
339
340
341 break;
342
343 }
344
345
346 } else {
347
348 $dbHandle = null; die("Błąd danych klienta!");
349
350 }
351
352$dbHandle = null;
353>[/code]