battles/bank.balans.php
2018-01-28 18:40:49 +02:00

44 lines
1.3 KiB
PHP

<?
include "config.php";
include "functions.php";//
if ($_REQUEST['PREVIEW']) {
$r = mysql_fetch_array(mysql_query("SELECT * FROM `ekrpayments` WHERE `id`='".$_POST['PAYMENT_ORDER_ID']."' LIMIT 1;"));
if($r) {
echo "__YES__";
} else {
echo "__NO__";
}
die();
}
$hash = strtoupper (md5($_POST['LMI_PAYEE_PURSE'].$_POST['LMI_PAYMENT_AMOUNT'].$_POST['LMI_PAYMENT_NO'].$_POST['LMI_MODE'].$_POST['LMI_SYS_INVS_NO'].
$_POST['LMI_SYS_TRANS_NO'].$_POST['LMI_SYS_TRANS_DATE'].'ctrhtn'.$_POST['LMI_PAYER_PURSE'].$_POST['LMI_PAYER_WM']));
$hash = strtolower (
md5(
$_POST['SYSTEM_NAME']."::".
$_POST['PAYMENT_USERNAME']."::".
md5('eyruyerjhmernnb2756628782dsdfd')."::".
$_POST['PAYMENT_ORDER_ID']."::".
$_POST['PAYMENT_STATUS']."::".
$_POST['PAYMENT_AMOUNT']."::".
$_POST['PAYMENT_DESCRIPTION']."::".
$_POST['RESULT_URL']."::".
$_POST['SUCCESS_URL']."::".
$_POST['FAIL_URL']
));
if($_POST['SIGN'] == $hash) {
$r = mysql_fetch_array(mysql_query("SELECT * FROM `ekrpayments` WHERE `id`='".$_POST['PAYMENT_ORDER_ID']."' LIMIT 1;"));
if($r) {
mysql_query("UPDATE `bank` SET `ekr`=`ekr`+'".$_POST['PAYMENT_AMOUNT']."' WHERE `id`='".$r['bank']."';");
echo "__YES__";
mysql_query("DELETE FROM `ekrpayment` WHERE `id`='".$_POST['PAYMENT_ORDER_ID']."' LIMIT 1;");
} else {
echo "__NO__";
}
die();
}
?>