iVcuFXH1

1<?php
2header( 'Content-type: text/xml' );
3	
4$check_ip[] = "82.146.40.60";
5$check_ip[] = "188.120.245.101";
6$check_ip[] = "188.120.245.102";
7$check_ip[] = "10.108.20.27";
8
9$secret_key = "-----";
10 
11$server = '-';//сервер с базами оплты
12$user = '-';// имя пользователя для доступа
13$pass = '-';//пароль для этого пользователя
14$db = '-';//имя базы данных с таблицами платежей
15	
16$flag = $_REQUEST['command'];
17$md5 = $_REQUEST['md5'];
18
19
20if( isset($_REQUEST['v1']) ) $v1 = $_REQUEST['v1']; else $v1 = "";	
21//$v2 = $_REQUEST['v2'];
22//$v3 = $_REQUEST['v3'];
23
24$v1_utf8 = iconv("windows-1251", "UTF-8", $v1);
25
26if( isset($_REQUEST['id']) ) $id = $_REQUEST['id']; else $id = 0;
27$kod = 1;
28	
29if (in_array($_SERVER['REMOTE_ADDR'], $check_ip)) {
30	$link = mysql_connect($server, $user, $pass) or die("Can't connect to database");
31	mysql_query("SET NAMES 'utf8'", $link);
32	mysql_select_db($db) or die("Can't select database ".$db);
33		//проверка
34		if( ($flag == 'check') && ($md5 == md5($flag.$v1.$secret_key)) ) 
35		{	// Ищем платеж
36			$sql = mysql_query("SELECT charId FROM `characters` WHERE `char_name`='".$v1_utf8."'");
37			$rows = mysql_num_rows($sql);
38			$charid = mysql_fetch_array($sql);
39			if ($rows > 0) {
40			   	$sql2 = mysql_query("SELECT id,sum,date FROM `character_payment` WHERE `charId`='".$charid['charId']."' ORDER BY `id` DESC LIMIT 1");
41			   	$rows2 = mysql_num_rows($sql2);
42			   	$idpay = mysql_fetch_array($sql2);
43			   	if ($rows2 > 0) {$desc = "Last payment : ".$idpay['sum'].", ".$idpay['date']; $kod = 0;}
44			   	else {$desc = $v1.' not paid yet'; $kod = 0;}
45			} else {
46				$kod = 2;
47				$desc = 'no such user: '.$v1;
48			}
49		} else    
50		{   //платеж
51			if( ($flag == 'pay') && ($md5 == md5($flag.$v1.$id.$secret_key)) ) 
52			{
53				$sql=mysql_query("SELECT * FROM `character_payment` WHERE `id`='".$id."'");
54				$rows = mysql_num_rows($sql);
55                // Если платеж был проведен ранее
56				if ($rows > 0) 
57				{
58					$kod=0;
59					$desc='Payment was send earlier';
60				} else 
61				{   // Пытаемся завершить процедуру	
62					$sql = mysql_query("SELECT charId FROM `characters` WHERE `char_name`='".$v1_utf8."'");
63					$charid = mysql_fetch_array($sql);
64					$sql2 = mysql_query("INSERT INTO `character_payment` (`id`, `charId`, `sum`) VALUES (".$id.", ".$charid['charId'].", ".$_REQUEST['sum'].");");
65					
66					if( $sql == true && $sql2 == true)
67					{
68					    $kod=0;
69					    $desc = 'ok';
70					} else
71					{
72					    $kod = 2;
73					    $desc = mysql_error();
74					}					
75				}
76			} else 
77			{
78				if( ($flag == 'cancel') && ($md5 == md5($flag.$id.$secret_key)) )
79				{
80					$sql = mysql_query("SELECT * FROM `character_don` WHERE `id`='".$id."'");
81					$rows = mysql_num_rows($sql);
82					if ($rows > 0) 
83					{
84						$sql = mysql_query("DELETE FROM `character_payment` WHERE `id`='".$id."'");
85						$kod = 0;
86						$desc = 'Payment was successfully rolled back';
87					} else 
88					{
89						$kod = 2;
90						$desc = 'Payment with given ID does not exists';
91					}
92				}
93				else 
94				{ 
95				// Если неизвестный запрос
96				$kod = 2;
97				$desc = 'Unknown request or account not found';
98				}
99			}
100		}
101
102	mysql_close($link);
103	} else {$desc = 'Parametrs or IP is not correct';}
104// Ответ
105if ($flag == 'check') {
106    $html = '<?xml version="1.0" encoding="windows-1251"?><response><result>'.$kod.'</result><comment>'.$desc.'</comment></response>';
107    } else if ($flag == 'pay') {
108    $html = '<?xml version="1.0" encoding="windows-1251"?><response><id>'.$id.'</id><sum>'.$_REQUEST['sum'].'</sum><result>'.$kod.'</result><comment>'.$desc."</comment></response>";
109    } else {
110    $html = '<?xml version="1.0" encoding="windows-1251"?><response><id>'.$id.'</id><result>'.$kod.'</result><comment>'.$desc."</comment></response>";
111    }
112    echo $html;
113?>