276ec7f3eb
This change replaces the use of $_SERVER['SERVER_NAME'] with $_SERVER['HTTP_HOST'] throughout the codebase. The modification ensures consistency and compliance with best practices, since $_SERVER['HTTP_HOST'] is often used to extract the host header from an HTTP request. This update may improve compatibility and security, especially in scenarios where the Host header plays a key role in proper server configuration and routing. Please review and test the changes carefully to ensure smooth functionality in different environments.
117 lines
5.3 KiB
PHP
117 lines
5.3 KiB
PHP
<?php
|
|
if (!DEFINED('EGP'))
|
|
exit(header('Refresh: 0; URL=http://' . $_SERVER['HTTP_HOST'] . '/404'));
|
|
|
|
function getSha256SignatureByMethodAndParams($method, array $params, $secretKey)
|
|
{
|
|
$delimiter = '{up}';
|
|
ksort($params);
|
|
unset($params['sign']);
|
|
unset($params['signature']);
|
|
return hash('sha256', $method . $delimiter . join($delimiter, $params) . $delimiter . $secretKey);
|
|
}
|
|
|
|
$unitpayIp = array('31.186.100.49', '178.132.203.105', '52.29.152.23', '52.19.56.234');
|
|
|
|
if (!in_array($uip, $unitpayIp))
|
|
sys::outjs(array('error' => array('message' => 'Некорректный адрес сервера')));
|
|
|
|
$secretKey = $cfg['unitpay_key'];
|
|
$params = $_GET['params'];
|
|
|
|
if ($params['signature'] != getSha256SignatureByMethodAndParams(
|
|
$_REQUEST["method"], $params, $GATEWAY['SecretKey']
|
|
)) ;
|
|
|
|
if (!in_array($_GET['method'], array('pay', 'check', 'error')))
|
|
sys::outjs(array('error' => array('message' => 'Некорректный метод')));
|
|
|
|
// Оплата по ключу
|
|
if (!sys::valid($params['account'], 'md5')) {
|
|
$sql->query('SELECT `id`, `server`, `price` FROM `privileges_buy` WHERE `key`="' . $params['account'] . '" LIMIT 1');
|
|
if (!$sql->num())
|
|
sys::outjs(array('error' => array('message' => 'bad key: ' . $params['account'])));
|
|
|
|
$privilege = $sql->get();
|
|
|
|
$money = round($params['sum'] * $cfg['curinrub'], 2);
|
|
|
|
if ($money < $privilege['price'])
|
|
sys::outjs(array('error' => array('message' => 'bad sum')));
|
|
|
|
$sql->query('SELECT `user` FROM `servers` WHERE `id`="' . $privilege['server'] . '" LIMIT 1');
|
|
if (!$sql->num())
|
|
sys::outjs(array('error' => array('message' => 'bad server')));
|
|
|
|
$server = $sql->get();
|
|
|
|
$sql->query('SELECT `id`, `balance`, `part_money` FROM `users` WHERE `id`="' . $server['user'] . '" LIMIT 1');
|
|
if (!$sql->num())
|
|
sys::outjs(array('error' => array('message' => 'bad owner')));
|
|
|
|
if (isset($_GET['method']) and $_GET['method'] == 'check')
|
|
sys::outjs(array('result' => array('message' => 'Запрос успешно обработан')));
|
|
|
|
$user = $sql->get();
|
|
|
|
if ($cfg['part_money'])
|
|
$sql->query('UPDATE `users` set `part_money`="' . ($user['part_money'] + $money) . '" WHERE `id`="' . $user['id'] . '" LIMIT 1');
|
|
else
|
|
$sql->query('UPDATE `users` set `balance`="' . ($user['balance'] + $money) . '" WHERE `id`="' . $user['id'] . '" LIMIT 1');
|
|
|
|
$sql->query('INSERT INTO `logs` set `user`="' . $user['id'] . '", `text`="' . sys::updtext(sys::text('logs', 'profit'),
|
|
array('server' => $privilege['server'], 'money' => $money)) . '", `date`="' . $start_point . '", `type`="part", `money`="' . $money . '"');
|
|
|
|
$sql->query('UPDATE `privileges_buy` set `status`="1" WHERE `id`="' . $privilege['id'] . '" LIMIT 1');
|
|
|
|
sys::outjs(array('result' => array('message' => 'Запрос успешно обработан')));
|
|
}
|
|
|
|
switch ($_GET['method']) {
|
|
case 'pay':
|
|
$sum = round($params['sum'], 2);
|
|
|
|
$user = intval($params['account']);
|
|
|
|
$sql->query('SELECT `id`, `balance`, `part` FROM `users` WHERE `id`="' . $user . '" LIMIT 1');
|
|
if (!$sql->num())
|
|
sys::outjs(array('result' => array('message' => 'Пользователь c ID: ' . $user . ' не найден')));
|
|
|
|
$user = $sql->get();
|
|
|
|
$money = round($user['balance'] + $sum * $cfg['curinrub'], 2);
|
|
|
|
if ($cfg['part']) {
|
|
$part_sum = round($sum / 100 * $cfg['part_proc'], 2);
|
|
|
|
$sql->query('SELECT `balance`, `part_money` FROM `users` WHERE `id`="' . $user['part'] . '" LIMIT 1');
|
|
if ($sql->num()) {
|
|
$part = $sql->get();
|
|
|
|
if ($cfg['part_money'])
|
|
$sql->query('UPDATE `users` set `part_money`="' . ($part['part_money'] + $part_sum) . '" WHERE `id`="' . $user['part'] . '" LIMIT 1');
|
|
else
|
|
$sql->query('UPDATE `users` set `balance`="' . ($part['balance'] + $part_sum) . '" WHERE `id`="' . $user['part'] . '" LIMIT 1');
|
|
|
|
$sql->query('INSERT INTO `logs` set `user`="' . $user['part'] . '", `text`="' . sys::updtext(sys::text('logs', 'part'),
|
|
array('part' => $uid, 'money' => $part_sum)) . '", `date`="' . $start_point . '", `type`="part", `money`="' . $part_sum . '"');
|
|
}
|
|
}
|
|
|
|
$sql->query('UPDATE `users` set `balance`="' . $money . '" WHERE `id`="' . $user['id'] . '" LIMIT 1');
|
|
|
|
$sql->query('INSERT INTO `logs` set `user`="' . $user['id'] . '", `text`="Пополнение баланса на сумму: ' . $sum . ' ' . $cfg['currency'] . '", `date`="' . $start_point . '", `type`="replenish", `money`="' . $sum . '"');
|
|
|
|
sys::outjs(array('result' => array('message' => 'Запрос успешно обработан')));
|
|
|
|
case 'check':
|
|
$sql->query('SELECT `id` FROM `users` WHERE `id`="' . intval($params['account']) . '" LIMIT 1');
|
|
if ($sql->num())
|
|
sys::outjs(array('result' => array('message' => 'Запрос успешно обработан')));
|
|
|
|
sys::outjs(array('jsonrpc' => "2.0", 'error' => array('code' => -32000, 'message' => 'Пользователь не найден'), 'id' => 1));
|
|
|
|
case 'error':
|
|
sys::outjs(array('result' => array('message' => 'Запрос успешно обработан')));
|
|
}
|
|
?>
|