<?php

function getIP() {
   if(isset($_SERVER['HTTP_X_REAL_IP'])) return $_SERVER['HTTP_X_REAL_IP'];
   return $_SERVER['REMOTE_ADDR'];
}

if(getIP() != '31.186.100.49' && getIP() != '178.132.203.105' && getIP() != '52.29.152.23' && getIP() != '52.19.56.234') 
{
 die('..|.,');
}


	function getResponseError($message)
    {
        return json_encode(
            array(
                'error' => array(
                    'message' => $message
                )
            )
        );
    }
	
	function getResponseSuccess($message)
    {
        return json_encode(
            array(
                'result' => array(
                    'message' => $message
                )
            )
        );
    }
date_default_timezone_set('Europe/Moscow');
	$c = array(
		/* MySQL Áàçà äàííûõ */
			'db_name'		=>	'pay_operations', //Òàáëèöà â êîòîðóþ çàíîñÿòñÿ äàííûå
			'db_host'		=>	'localhost',
			'db_user'		=>	'newcom1_abk',
			'db_pass'		=>	'4nWYsIM[c?}P',
			'db_base'		=>	'newcom1_abk',
		/* Íàñòðîéêè ïëàòåæåé 
			'ip_list'		=>	array('127,0,0,1,188.166.34.68,136.243.38.147,136.243.38.149,136.243.38.150,136.243.38.151,136.243.38.189,88.198.88.98'), //Óêàçûâàòü ÷åðåç çàïÿòóþ (Ðàçðåøåííûå IP)
			'key'			=>	'qtzl0igb', //gamedealer key 
			'id'			=>	'65643' //ID ïðîåêòà*/
	);
	

	function connect_db($c) {
		$db = mysql_connect($c['db_host'],$c['db_user'],$c['db_pass']) or die('Îøèáêà ïîäêëþ÷åíèÿ ê MySQL ñåðâåðó!');
		mysql_select_db($c['db_base'],$db) or die('Îøèáêà ïîäêëþ÷åíèÿ ê áàçå äàííûõ!');
		mysql_query('SET NAMES cp1251');
	}
	
	function getFormSignature($account, $currency, $sum, $secretKey) 
	{
		$hashStr = $account.'{up}'.$currency.'{up}'.$sum.'{up}'.$secretKey;
		return hash('sha256', $hashStr);
	}
	

	
	
	
	$request=$_GET;
    if (empty($request['method'])
            || empty($request['params'])
            || !is_array($request['params'])
        )
	{
       echo getResponseError('Invalid request');
	   die();
    }
	$method = $request['method'];
    $params = $request['params'];
	if ($_GET['method']=="check")
	{
		
	  echo getResponseSuccess('CHECK is successful');
	  die();
		//echo "Çàïðîñ óñïåøíî îáðàáîòàí".$pays['account'];
		//echo getFormSignature($_GET['params[account]'],"RUB",$_GET['params[payerSum]'],"392bb04608af9aa823a277173c83f633");;
	}
	//MERCHANT_ORDER_ID=142&P_PHONE=380688028300&P_EMAIL=evhenii_kula%40mail.ru&CUR_ID=94&AMOUNT=90&MERCHANT_ID=65643&SIGN=c0fc70d5446614597d44ff13f2c7a6a5&intid=29728441
	/*
	MERCHANT_ORDER_ID
	P_PHONE
    P_EMAIL
	CUR_ID
	AMOUNT
	MERCHANT_ID
	SIGN
	intid
	
	https://àäðåñ_âàøåãî_îáðàáîò÷èêà?
     method=check 
     params[account]=userId 
     params[date]=2012-10-01 12:32:00 
     params[operator]=beeline 
     params[paymentType]=mc 
     params[projectId]=1 
     params[phone]=9XXXXXXXXX 
     params[payerSum]=10.00 
     params[payerCurrency]=RUB 
     params[signature]=9bdf52a4830779a1383ac24f1b3ed054 
     params[orderSum]=10.00 
     params[orderCurrency]=RUB 
     params[unitpayId]=1234567 
     params[test]=0
	*/
if ($_GET['method']=="pay")
	{
		connect_db($c);
		$nick = mysql_fetch_array(mysql_query('SELECT * FROM `pay_operation` WHERE `id` = "'.$params['account'].'" LIMIT 1'));
		if (!isset($nick['good']))
			{
				echo getResponseError('Bad order');
				die();
			}
		$user = mysql_fetch_array(mysql_query('SELECT * FROM `users` WHERE `id` = "'.$nick['uid'].'" LIMIT 1'));
		if (isset ($params['account']))
			{
				if ($nick['good']!=0)
					{
						echo getResponseError('Already Used');
						die();
					}
				else
					{
		
						mysql_query('UPDATE `users` SET `money2` = `money2` + '.$nick['ekr'].' WHERE `id` = "'.$nick['uid'].'" LIMIT 1');
						mysql_query('UPDATE `pay_operation` SET `good` = "'.time().'" WHERE `id` = "'.$params['account'].'" LIMIT 1');
						mysql_query('UPDATE `users` SET `catch` = `catch` + '.$nick['ekr'].' WHERE `id` = "'.$nick['uid'].'" LIMIT 1');
		
						//mysql_query('INSERT INTO `'.$c['db_name'].'` (`time`,`type`,`ip`,`value`,`money`,`project`) VALUES ("'.time().'","'.mysql_real_escape_string($type).'","'.$_SERVER['HTTP_X_REAL_IP'].'","'.mysql_real_escape_string($value).'","'.mysql_real_escape_string($money).'","'.mysql_real_escape_string($this->id).'")');
		
						$r = '<span class=date>'.date('d.m.Y H:i').'</span> Àëõèìèê <img src=https://img.new-combats.com/i/align/align50.gif width=12 height=15 /><u><b>Àäìèíèñòðàòîð</b> / Àâòîìàòè÷åñêàÿ îïëàòà</u> ñîîáùàåò: ';
						if($user['sex'] == 1) 
							{
								$r .= 'Óâàæàåìàÿ';
							}
						else
							{
								$r .= 'Óâàæàåìûé';
							}
						$r .= ' <b>'.$user['login'].'</b>, íà Âàø èãðîâîé ñ÷åò çà÷èñëåíî '.$nick['ekr'].' Åâðîêðåäèòîâ. Áëàãîäàðèì Âàñ çà ïîêóïêó!';
						//$str1 = iconv("cp1251","UTF-8",$r);
						mysql_query("INSERT INTO `chat` (`new`,`city`,`room`,`login`,`to`,`text`,`time`,`type`,`toChat`) VALUES ('1','".$user['city']."','".$user['room']."','','".$user['login']."','".$r."','-1','5','0')");
						//echo $r."r<br>";
	
		
						if ($nick['ref'] !=0)
							{
								$refecr=round(($nick['ekr']/10));
								mysql_query('UPDATE `users` SET `money2` = `money2` + '.$refecr.' WHERE `id` = "'.$nick['ref'].'" LIMIT 1');
								$referal = mysql_fetch_array(mysql_query('SELECT * FROM `users` WHERE `id` = "'.$nick['ref'].'" LIMIT 1'));
								$r = '<span class=date>'.date('d.m.Y H:i').'</span> Àëõèìèê <img src=https://img.new-combats.com/i/align/align50.gif width=12 height=15 /><u><b>Àäìèíèñòðàòîð</b> / Ðåôåðàëüíûé çàðàáîòîê</u> ñîîáùàåò: ';
								if($referal['sex'] == 1) 
									{
										$r .= 'Óâàæàåìàÿ';
									}
								else
									{
										$r .= 'Óâàæàåìûé';
									}
								$r .= ' <b>'.$referal['login'].'</b>, íà Âàø èãðîâîé ñ÷åò çà÷èñëåíî '.$refecr.' Åâðîêðåäèòîâ. Áëàãîäîðÿ âàøåìó ðåôåðàëó!'.$user['login'].'';
								//$str1 = iconv("cp1251","UTF-8",$r);
								mysql_query("INSERT INTO `chat` (`new`,`city`,`room`,`login`,`to`,`text`,`time`,`type`,`toChat`) VALUES ('1','".$referal['city']."','".$referal['room']."','','".$referal['login']."','".$r."','-1','5','0')");
				
			
							}
		
						//echo "Ïîêóïàòåë: ".$user['login']." | ID: ".$nick['uid']." | Ñóììà: ".$nick['ekr']." | ID îïåðàöèè: ".$params['account']."<br>";
						if (isset ($referal['id']))
							{
								//echo "Ðåôåðàë(òîò êòî ïðèâåë): ".$referal['login']." | ID: ".$referal['id']." | Ñóììà: ".$refecr."<br>";
							}
						else
							{
								//echo "Ïîëüçîâàòåëü ðåôåðàë íå íàéäåí!!";
							}
		
					echo getResponseSuccess('PAY is successful');
					die();
					}
					
			}
		else
			{
				echo getResponseError('No order');
				die();
			}
}
?>