Digitalstack/ZnoteAAC
2
0
Fork 0
mirror of https://github.com/Znote/ZnoteAAC.git synced 2025-04-30 03:09:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #211 from att3/master

Browse Source 
Fix paygol IPN by adding the missing functions (sanitize, getValue)
This commit is contained in:
Stefan A. Brannfjell 2015-08-19 15:01:55 +02:00
commit 40a23dd18b
1 changed files with 19 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
paygol_ipn.php
View File

@ -9,6 +9,14 @@ if(!in_array($_SERVER['REMOTE_ADDR'],
die("Error: Unknown IP"); die("Error: Unknown IP");
} }
// Fetch and sanitize POST and GET values
function getValue($value) {
return (!empty($value)) ? sanitize($value) : false;
}
function sanitize($data) {
return htmlentities(strip_tags(mysql_znote_escape_string($data)));
}
// get the variables from PayGol system // get the variables from PayGol system
$message_id = getValue($_GET['message_id']); $message_id = getValue($_GET['message_id']);
$service_id = getValue($_GET['service_id']); $service_id = getValue($_GET['service_id']);
@ -23,12 +31,18 @@ $points = getValue($_GET['points']);
$price = getValue($_GET['price']); $price = getValue($_GET['price']);
$currency = getValue($_GET['currency']); $currency = getValue($_GET['currency']);
// config paygol settings
$paygol = $config['paygol']; $paygol = $config['paygol'];
$new_points = $paygol['points'];
// Check if request serviceID is the same as it is in config
if($service_id != $paygol['serviceID']) {
header("HTTP/1.0 403 Forbidden");
die("Error: serviceID does not match.");
}
$new_points = $paygol['points'];
// Update logs: // Update logs:
mysql_insert("INSERT INTO `znote_paygol` VALUES ('', '$custom', '$price', '$new_points', '$message_id', '$service_id', '$shortcode', '$keyword', '$message', '$sender', '$operator', '$country', '$currency')"); mysql_insert("INSERT INTO `znote_paygol` VALUES ('', '$custom', '$price', '$new_points', '$message_id', '$service_id', '$shortcode', '$keyword', '$message', '$sender', '$operator', '$country', '$currency')");
// Fetch points // Fetch points
$account = mysql_select_single("SELECT `points` FROM `znote_accounts` WHERE `account_id`='$custom';"); $account = mysql_select_single("SELECT `points` FROM `znote_accounts` WHERE `account_id`='$custom';");
// Calculate new points // Calculate new points