tT2U2zQc

· 8 years ago · Jun 19, 2017, 05:34 PM
1<?php
2header( 'Content-type: text/xml' );
3	
4$check_ip[] = "82.146.40.60";
5$check_ip[] = "188.120.245.101";
6$check_ip[] = "188.120.245.102";
7
8$secret_key = "-----";
9
10$server = '-';//ÑÐµÑ€Ð²ÐµÑ€ Ñ Ð±Ð°Ð·Ð°Ð¼Ð¸ Ð¾Ð¿Ð»Ñ‚Ñ‹
11$user = '-';// Ð¸Ð¼Ñ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð´Ð»Ñ Ð´Ð¾ÑÑ‚ÑƒÐ¿Ð°
12$pass = '-';//Ð¿Ð°Ñ€Ð¾Ð»ÑŒ Ð´Ð»Ñ ÑÑ‚Ð¾Ð³Ð¾ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ
13$db = '-';//Ð¸Ð¼Ñ Ð±Ð°Ð·Ñ‹ Ð´Ð°Ð½Ð½Ñ‹Ñ… Ñ Ñ‚Ð°Ð±Ð»Ð¸Ñ†Ð°Ð¼Ð¸ Ð¿Ð»Ð°Ñ‚ÐµÐ¶ÐµÐ¹
14	
15$flag = $_REQUEST['command'];
16$md5 = $_REQUEST['md5'];
17
18$v1 = $_REQUEST['v1'];	
19$v2 = $_REQUEST['v2'];
20$v3 = $_REQUEST['v3'];
21
22$v1_utf8 = iconv("windows-1251", "UTF-8", $v1);
23
24if( isset($_REQUEST['id']) ) $id = $_REQUEST['id']; else $id = 0;
25$kod = 1;
26	
27if (in_array($_SERVER['REMOTE_ADDR'], $check_ip)) {
28	$link = mysql_connect($server, $user, $pass) or die("Can't connect to database");
29	mysql_query("SET NAMES 'utf8'", $link);
30	mysql_select_db($db) or die("Can't select database ".$db);
31		//Ð¿Ñ€Ð¾Ð²ÐµÑ€ÐºÐ°
32		if( ($flag == 'check') && ($md5 == md5($flag.$v1.$secret_key)) ) 
33		{	// Ð˜Ñ‰ÐµÐ¼ Ð¿Ð»Ð°Ñ‚ÐµÐ¶
34			$sql = mysql_query("SELECT charId FROM `characters` WHERE `char_name`='".$v1_utf8."'");
35			$rows = mysql_num_rows($sql);
36			$charid = mysql_fetch_array($sql);
37			if ($rows > 0) {
38			   	$sql2 = mysql_query("SELECT id,sum,date FROM `character_payments` WHERE `charId`='".$charid['charId']."' ORDER BY `id` DESC LIMIT 1");
39			   	$rows2 = mysql_num_rows($sql2);
40			   	$idpay = mysql_fetch_array($sql2);
41			   	if ($rows2 > 0) {$desc = "Last payment : ".$idpay['sum'].", ".$idpay['date']; $kod = 0;}
42			   	else {$desc = $v1.' not paid yet'; $kod = 0;}
43			} else {
44				$kod = 2;
45				$desc = 'no such user: '.$v1;
46			}
47		} else    
48		{   //Ð¿Ð»Ð°Ñ‚ÐµÐ¶
49			if( ($flag == 'pay') && ($md5 == md5($flag.$v1.$id.$secret_key)) ) 
50			{
51				$sql=mysql_query("SELECT * FROM `character_payments` WHERE `id`='".$id."'");
52				$rows = mysql_num_rows($sql);
53                // Ð•ÑÐ»Ð¸ Ð¿Ð»Ð°Ñ‚ÐµÐ¶ Ð±Ñ‹Ð» Ð¿Ñ€Ð¾Ð²ÐµÐ´ÐµÐ½ Ñ€Ð°Ð½ÐµÐµ
54				if ($rows > 0) 
55				{
56					$kod=0;
57					$desc='Payment was send earlier';
58				} else 
59				{   // ÐŸÑ‹Ñ‚Ð°ÐµÐ¼ÑÑ Ð·Ð°Ð²ÐµÑ€ÑˆÐ¸Ñ‚ÑŒ Ð¿Ñ€Ð¾Ñ†ÐµÐ´ÑƒÑ€Ñƒ	
60					$sql = mysql_query("SELECT charId FROM `characters` WHERE `char_name`='".$v1_utf8."'");
61					$charid = mysql_fetch_array($sql);
62					$sql2 = mysql_query("INSERT INTO `character_payments` (`id`, `charId`, `sum`) VALUES (".$id.", ".$charid['charId'].", ".$_REQUEST['sum'].");");
63					
64					if( $sql == true && $sql2 == true)
65					{
66					    $kod=0;
67					    $desc = 'ok';
68					} else
69					{
70					    $kod = 2;
71					    $desc = mysql_error();
72					}					
73				}
74			} else 
75			{
76				if( ($flag == 'cancel') && ($md5 == md5($flag.$v1.$id.$secret_key)) )
77				{
78					$sql = mysql_query("SELECT * FROM `character_payments` WHERE `id`='".$id."'");
79					$rows = mysql_num_rows($sql);
80					if ($rows > 0) 
81					{
82						$sql = mysql_query("DELETE FROM `character_payments` WHERE `id`='".$id."'");
83						$kod = 0;
84						$desc = 'Payment was successfully rolled back';
85					} else 
86					{
87						$kod = 2;
88						$desc = 'Payment with given ID does not exists';
89					}
90				}
91				else 
92				{ 
93				// Ð•ÑÐ»Ð¸ Ð½ÐµÐ¸Ð·Ð²ÐµÑÑ‚Ð½Ñ‹Ð¹ Ð·Ð°Ð¿Ñ€Ð¾Ñ
94				$kod = 2;
95				$desc = 'Unknown request or account not found';
96				}
97			}
98		}
99
100	mysql_close($link);
101	} else {$desc = 'Parametrs or IP is not correct';}
102// ÐžÑ‚Ð²ÐµÑ‚
103if ($flag == 'check') {
104    $html = '<?xml version="1.0" encoding="windows-1251"?><response><result>'.$kod.'</result><comment>'.$desc.'</comment></response>';
105    } else {
106    $html = '<?xml version="1.0" encoding="windows-1251"?><response><id>'.$id.'</id><sum>'.$_REQUEST['sum'].'</sum><result>'.$kod.'</result><comment>'.$desc."</comment></response>";
107    }
108    echo $html;
109?>