<?
include "config.php";
include "functions.php";// 

if ($_REQUEST['PREVIEW']) {
  $r = mysql_fetch_array(mysql_query("SELECT * FROM `ekrpayments` WHERE `id`='".$_POST['PAYMENT_ORDER_ID']."' LIMIT 1;"));
  if($r) {
    echo "__YES__";
  } else {
    echo "__NO__";
  }
die();
}

$hash = strtoupper (md5($_POST['LMI_PAYEE_PURSE'].$_POST['LMI_PAYMENT_AMOUNT'].$_POST['LMI_PAYMENT_NO'].$_POST['LMI_MODE'].$_POST['LMI_SYS_INVS_NO'].
$_POST['LMI_SYS_TRANS_NO'].$_POST['LMI_SYS_TRANS_DATE'].'ctrhtn'.$_POST['LMI_PAYER_PURSE'].$_POST['LMI_PAYER_WM']));

$hash = strtolower (
  md5(
  $_POST['SYSTEM_NAME']."::".
  $_POST['PAYMENT_USERNAME']."::".
  md5('eyruyerjhmernnb2756628782dsdfd')."::".
  $_POST['PAYMENT_ORDER_ID']."::".
  $_POST['PAYMENT_STATUS']."::".
  $_POST['PAYMENT_AMOUNT']."::".
  $_POST['PAYMENT_DESCRIPTION']."::".
  $_POST['RESULT_URL']."::".
  $_POST['SUCCESS_URL']."::".
  $_POST['FAIL_URL']
));

if($_POST['SIGN'] == $hash) {
  $r = mysql_fetch_array(mysql_query("SELECT * FROM `ekrpayments` WHERE `id`='".$_POST['PAYMENT_ORDER_ID']."' LIMIT 1;"));
  if($r) {
    mysql_query("UPDATE `bank` SET `ekr`=`ekr`+'".$_POST['PAYMENT_AMOUNT']."' WHERE `id`='".$r['bank']."';");
    echo "__YES__";
    mysql_query("DELETE FROM `ekrpayment` WHERE `id`='".$_POST['PAYMENT_ORDER_ID']."' LIMIT 1;");
  } else {
    echo "__NO__";
  }
die();
}
?>