<?php
//wshconf.php contains secred keys and sqlcfg.inc contains sql connection data
require 'wshconf.php';
require_once 'inc/sqlcfg.inc';
$userId = isset($_GET['uid']) ? $_GET['uid'] : null;
$credits = isset($_GET['currency']) ? $_GET['currency'] : null;
$type = isset($_GET['type']) ? $_GET['type'] : null;
$refId = isset($_GET['ref']) ? $_GET['ref'] : null;
$signature = isset($_GET['sig']) ? $_GET['sig'] : null;
$result = false;
function SignatureGenerator($params, $secret) {
$str = '';
foreach ($params as $k=>$v) {
$str .= "$k=$v";
}
$str .= $secret;
return md5($str);
}
if (!empty($userId) && !empty($credits) && isset($type) && !empty($refId) && !empty($signature)) {
$signatureParams = array('uid' => $userId, 'currency' => $credits, 'type' => $type, 'ref' => $refId);
$signatureCalculated = SignatureGenerator($signatureParams, $webshop['paymentwall']['secret-key']);
$query = mssql_query("SELECT memb___id FROM MEMB_INFO WHERE memb___id = '$userId'");
$check = mssql_fetch_row($query);
// check if account is exists
if($check[0])
{
// check if IP is in whitelist and if signature matches
if (in_array($_SERVER['REMOTE_ADDR'], array('174.36.92.186', '174.36.96.66', '174.36.92.187', '174.36.92.192', '174.37.14.28')) && ($signature == $signatureCalculated)) {
$result = true;
if ($type == 2) {
// Deduct credits from user
mssql_query("INSERT INTO Donate (memb___id, currency, type, date) VALUES ('".$userId."', '".$credits."', 'Chargeback', '".date("d-m-Y H:i:s")."')");
mssql_query("UPDATE MEMB_CREDITS SET credits = credits + ".$credits." WHERE memb___id = '".$userId."'");
}
elseif ($type == 0 || $type == 1) {
// Give credits to user
mssql_query("INSERT INTO Donate (memb___id, currency, type, date) VALUES ('".$userId."', '".$credits."', 'Payment', '".date("d-m-Y H:i:s")."')");
mssql_query("UPDATE MEMB_CREDITS SET credits = credits + ".$credits." WHERE memb___id = '".$userId."'");
}
}
}
else
{
$result = false;
echo 'ERROR';
}
}
if ($result) {
echo 'OK';
}
?>