First commit
This commit is contained in:
55
app/ZnoteAAC/paygol_ipn.php
Normal file
55
app/ZnoteAAC/paygol_ipn.php
Normal file
@@ -0,0 +1,55 @@
|
||||
<?php
|
||||
require 'config.php';
|
||||
require 'engine/database/connect.php';
|
||||
|
||||
// Fetch and sanitize POST and GET values
|
||||
function getValue($value) {
|
||||
return (!empty($value)) ? sanitize($value) : false;
|
||||
}
|
||||
function sanitize($data) {
|
||||
return htmlentities(strip_tags(mysql_znote_escape_string($data)));
|
||||
}
|
||||
|
||||
// get the variables from PayGol system
|
||||
$message_id = getValue($_GET['message_id']);
|
||||
$service_id = getValue($_GET['service_id']);
|
||||
$shortcode = getValue($_GET['shortcode']);
|
||||
$keyword = getValue($_GET['keyword']);
|
||||
$message = getValue($_GET['message']);
|
||||
$sender = getValue($_GET['sender']);
|
||||
$operator = getValue($_GET['operator']);
|
||||
$country = getValue($_GET['country']);
|
||||
$custom = getValue($_GET['custom']);
|
||||
$points = getValue($_GET['points']);
|
||||
$price = getValue($_GET['price']);
|
||||
$currency = getValue($_GET['currency']);
|
||||
$secret = getValue($_GET['secret']);
|
||||
|
||||
// config paygol settings
|
||||
$paygol = $config['paygol'];
|
||||
|
||||
// Check for valid secret key
|
||||
if($secret != $paygol['secret']) {
|
||||
header("HTTP/1.0 403 Forbidden");
|
||||
die("Error: secretKey does not match.");
|
||||
}
|
||||
|
||||
// Check if request serviceID is the same as it is in config
|
||||
if($service_id != $paygol['serviceID']) {
|
||||
header("HTTP/1.0 403 Forbidden");
|
||||
die("Error: serviceID does not match.");
|
||||
}
|
||||
|
||||
$new_points = $paygol['points'];
|
||||
|
||||
// Update logs:
|
||||
mysql_insert("INSERT INTO `znote_paygol` VALUES ('', '$custom', '$price', '$new_points', '$message_id', '$service_id', '$shortcode', '$keyword', '$message', '$sender', '$operator', '$country', '$currency')");
|
||||
|
||||
// Fetch points
|
||||
$account = mysql_select_single("SELECT `points` FROM `znote_accounts` WHERE `account_id`='$custom';");
|
||||
|
||||
// Calculate new points
|
||||
$new_points = $account['points'] + $new_points;
|
||||
|
||||
// Update new points
|
||||
mysql_update("UPDATE `znote_accounts` SET `points`='$new_points' WHERE `account_id`='$custom'");
|
Reference in New Issue
Block a user