include_once _SERVER DOCUMENT_ROOT sys fnc php mysql_query INSERT INTO

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
<?
include_once $_SERVER['DOCUMENT_ROOT'] .'/sys/fnc.php';
//mysql_query("INSERT INTO `history_money` (`user`, `money`, `mp`, `usl`, `time`) values('$user[id]', '".sprintf("%.02f",$_POST[LMI_PAYER_PURSE])."', '1', 'test', '".time()."')");
if ($_POST['LMI_PREREQUEST'] == 1) {
if(trim($_POST['LMI_PAYEE_PURSE']) != "R400141185976") { ///Ваш кош
echo "ERR:НЕВЕРНЫЙ КОШЕЛЕК ".$_POST['LMI_PAYEE_PURSE'];
exit;
}
echo 'YES';
} else {
$secret_key="83-4hs_df902nsv83bsnfg_eo23dfg";
$common_string = $_POST['LMI_PAYEE_PURSE'].$_POST['LMI_PAYMENT_AMOUNT'].$_POST['LMI_PAYMENT_NO'].$_POST['LMI_MODE'].$_POST['LMI_SYS_INVS_NO'].$_POST['LMI_SYS_TRANS_NO'].$_POST['LMI_SYS_TRANS_DATE'].$secret_key.$_POST['LMI_PAYER_PURSE'].$_POST['LMI_PAYER_WM'];
$hash = strtoupper(hash($common_string));
if ($hash != $_POST['LMI_HASH']) {
echo "Ошибка";
exit();
}
$user_id = intval($_POST['LMI_PAYMENT_NO']);
$user = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '$user_id' LIMIT 1"));
$add_balance = $_POST['LMI_PAYER_PURSE'];
mysql_query("UPDATE `user` SET `balance` = '" . ($user['balance'] + $add_balance) . "' WHERE `id` = '$user[id]'");
mysql_query("INSERT INTO `history_money` (`user`, `money`, `mp`, `usl`, `time`) values('$user[id]', '".sprintf("%.02f",$_POST[LMI_PAYER_PURSE])."', '1', 'Пополнил баланс', '".time()."')");
}
?>