ryW3Qyvi

1<?php
2error_reporting(E_ALL ^ E_DEPRECATED);
3require_once("l2_delivery_config.php");
4$STATUS_ORDER_DELIVERED = 1;
5
6$orderId = null;
7$la2ItemId = null;
8$productCount = null;
9$orderHash = null;
10$char = null;
11$profit = null;
12$volute = null;
13$comment = null;
14
15global $SQL_SERVER_ITEMS;
16
17
18function logOrder()
19{
20    $link = mysqli_connect("185.195.26.61", "nextp", "753159Zx","test");
21    global $orderId, $la2ItemId, $profit, $volute, $productCount, $L2_SERVER_ID, $char;
22
23	$orderIdSQL = mysqli_escape_string($link,$orderId);
24
25	$query = "select 1 from nextpay_l2_order where order_id = '$orderIdSQL'";
26	$res = mysqli_query($link,$query) or die(mysqli_connect_error());
27	if(mysqli_num_rows($res) == 0)
28	{
29		$la2ItemIdSQL = mysqli_escape_string($link,$la2ItemId);
30		$profitSQL = mysqli_escape_string($link,$profit);
31		$voluteSQL = mysqli_escape_string($link,$volute);
32		$serverSQL = mysqli_escape_string($link,$L2_SERVER_ID);
33		$charSQL = mysqli_escape_string($link,$char);
34		$productCountSQL = mysqli_escape_string($link,$productCount);
35		global $STATUS_ORDER_DELIVERED;
36		$status = $STATUS_ORDER_DELIVERED;
37		$commentSQL = 'NULL';
38		$query = "insert into nextpay_l2_order (order_id, date_created, product_id, profit, volute, product_count, server, char_name, comment, status)";
39		$query .= " values('$orderIdSQL', now(),  '$la2ItemIdSQL', '$profitSQL', '$voluteSQL', '$productCountSQL', '$serverSQL', '$charSQL', $commentSQL, $status)";
40		mysqli_query($link,$query) or die(mysqli_connect_error()());
41	}
42	mysqli_close($link);
43}
44
45
46function isOrderDelivered($orderId)
47{
48    $link = mysqli_connect("185.195.26.61", "nextp", "753159Zx","test");
49    $orderIdSQL = mysqli_escape_string($link,$orderId);
50	$query = "select 1 from nextpay_l2_order where order_id = '$orderIdSQL' and status = 1";
51	$res = mysqli_query($link,$query) or die(mysqli_connect_error());
52	$ret = mysqli_num_rows($res) != 0;
53	mysqli_close($link);
54	return $ret;
55}
56
57
58function getNameById($id, $array)
59{
60	if($id == null)
61	{
62		return "";
63	}
64	else
65	{
66		if(array_key_exists($id, $array))
67		{
68			return $array[$id];
69		}
70		else
71		{
72			return "";
73		}
74	}
75}
76
77
78function getVoluteName($id)
79{
80	global $VOLUTE_NAMES;
81	return getNameById($id, $VOLUTE_NAMES);
82}
83
84
85function success()
86{
87	sendNotificationEmail("Product delivered");
88	echo "ok";
89}
90
91function sendNotificationEmail($message)
92{
93	global $SEND_NOTIFICATION_BY_EMAIL_ENABLED;
94	if($SEND_NOTIFICATION_BY_EMAIL_ENABLED)
95	{
96		global $EMAIL_FROM_ADDRESS;
97		global $EMAIL_ADDRESS;
98		global $EMAIL_SUBJECT;
99		global $L2_SERVER_NAME;
100
101		$headers = 'From: '.$EMAIL_FROM_ADDRESS.'' . "\r\n" .
102		'Reply-To: '.$EMAIL_FROM_ADDRESS.'' . "\r\n" .
103		'X-Mailer: PHP/' . phpversion();
104
105		$orderId = $_REQUEST["order_id"];
106		$profit = $_REQUEST["profit"];
107		$char =  $_REQUEST["character"];
108		$count = $_REQUEST["product_count"];
109		$serverName = $L2_SERVER_NAME;
110		$volute = $_REQUEST["volute"];
111		$voluteName = getVoluteName($volute);
112		$comment = $_REQUEST["comment"];
113
114
115		$msg =
116		"order=$orderId
117		currency=$voluteName
118		sum=$profit
119		server=$serverName
120		charname=$char
121		product count=$count
122		comment=$comment
123		STATUS=$message";
124		mail($EMAIL_ADDRESS, $EMAIL_SUBJECT, $msg, $headers);
125	}
126}
127
128function error($msg)
129{
130	echo "Ошибка при обработке. $msg";
131	sendNotificationEmail($msg);
132	die();
133}
134
135
136function preprocess()
137{
138	global $orderId, $la2ItemId, $productCount, $orderHash, $char, $profit, $volute, $SECRET_KEY, $comment;
139	$orderId = $_REQUEST["order_id"];
140	if($orderId == null)
141	{
142		error("Не передан ID заказа");
143	}
144	$orderId = intval($orderId);
145
146
147	$la2ItemId =  $_REQUEST["seller_product_id"];
148	if($la2ItemId == null)
149	{
150		error("Не передан ID продукта");
151	}
152	$la2ItemId = intval($la2ItemId);
153
154	$productCount =  $_REQUEST["product_count"];
155	if($productCount == null)
156	{
157		error("Не передано количество продукта");
158	}
159	$productCount = intval($productCount);
160
161	if($productCount <= 0)
162	{
163		error("Неверное значение параметра \"количество продукта\"");
164	}
165
166	$orderHash =  $_REQUEST["hash"];
167	if($orderHash == null)
168	{
169		error("Не передана контрольная сумма заказа");
170	}
171
172	$profit = $_REQUEST["profit"];
173	if($profit == null)
174	{
175		error("Не передана стоимость заказа");
176	}
177	if($profit < 0)
178	{
179		error("Неверное значение параметра \"стоимость заказа\"");
180	}
181
182	$volute = $_REQUEST["volute"];
183	if($volute == null)
184	{
185		error("Не передана валюта заказа");
186	}
187	$volute = intval($volute);
188
189	$comment = $_REQUEST["comment"];
190
191	//custom parameter
192	$char = $_REQUEST["character"];
193	if($char == null)
194	{
195		error("Не передан ник");
196	}
197
198
199	//Проверка контрольной суммы
200	$hash = "$orderId$la2ItemId$productCount$profit$volute$SECRET_KEY";
201	$hash = sha1($hash);
202
203	if($hash != $orderHash)
204	{
205		error("Контрольные суммы не совпадают");
206	}
207
208	if(isOrderDelivered($orderId))
209	{
210		error("Данный заказ уже доставлен");
211	}
212}
213
214
215function deliverProduct()
216{
217	global $char, $la2ItemId, $productCount, $orderId, $PRODUCT_COUNT_FACTOR;
218	if($PRODUCT_COUNT_FACTOR >= 1)
219	{
220		//Умножаем на фактор, если мы продаем продукт в пакетах
221		$productCount *= $PRODUCT_COUNT_FACTOR;
222	}
223    $link = mysqli_connect("185.195.26.61", "nextp", "753159Zx","test");
224    
225	$charSQL = mysqli_real_escape_string($link,$char);
226	$sql = "SELECT `obj_Id` FROM `characters` `c` WHERE `c`.`char_name` = '$charSQL'";
227	$result = mysqli_query($link,$sql) or die(mysqli_connect_error());
228
229	if (mysqli_num_rows($result) == 0)
230	{
231		mysqli_close($link);
232		error("Нет такого персонажа: $char");
233	}
234
235
236	$ownerId = mysqli_result($result, 0, "obj_Id");
237    $ownerId = (int) ($ownerId);    
238    $itemTypeId = (int) ($la2ItemId);
239    $itemsAmount = (int) ($productCount);
240
241    
242    $desc = 'Nextpayru item ' . $itemTypeId . '(' . $itemsAmount . ') for user ' . $ownerId . ' by order ' . $orderId;
243    $desc = mysqli_real_escape_string($link,$desc);
244    
245	$la2ItemIdSQL = mysqli_escape_string($link,$la2ItemId);
246    $query = "INSERT INTO `items_delayed`(
247                `owner_id`, 
248                `item_id`, 
249                `count`, 
250                `description`
251              ) VALUES (
252                $ownerId,
253                $itemTypeId,
254                $itemsAmount,
255                '$desc'
256              )";
257
258	$result = mysqli_query($link,$query) or die(mysqli_connect_error());
259	mysqli_close($link);
260
261	logOrder();
262	success();
263}
264
265function mysqli_result($res,$row=0,$col=0){
266    $numrows = mysqli_num_rows($res);
267    if ($numrows && $row <= ($numrows-1) && $row >=0){
268        mysqli_data_seek($res,$row);
269        $resrow = (is_numeric($col)) ? mysqli_fetch_row($res) : mysqli_fetch_assoc($res);
270        if (isset($resrow[$col])){
271            return $resrow[$col];
272        }
273    }
274    return false;
275}
276
277?>