Digitalstack/ZnoteAAC
2
0
Fork 0
mirror of https://github.com/Znote/ZnoteAAC.git synced 2025-04-29 10:49:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

Paygol IPN update (#306)

Browse Source 
* Update config.php and paygol_ipn for secret key

* Align values

* Character encoding fix
This commit is contained in:
Alvaro Carvajal 2017-09-28 14:00:18 +02:00 committed by Stefan A. Brannfjell
parent 5ec2bd2461
commit 64040451a7
2 changed files with 19 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
config.php
View File

@ -880,10 +880,11 @@
// to you 1 month after recieving 50+ eur. // to you 1 month after recieving 50+ eur.
$config['paygol'] = array( $config['paygol'] = array(
'enabled' => false, 'enabled' => false,
'serviceID' => 86648,// Service ID from paygol.com 'serviceID' => 86648, // Service ID from paygol.com
'secretKey' => 'xxxx-xxxx-xxxx-xxxx', // Secret key from paygol.com. Never share your secret key
'currency' => 'SEK', 'currency' => 'SEK',
'price' => 20, 'price' => 20,
'points' => 20, // Remember to write same details in paygol.com! 'points' => 20,
'name' => '20 points', 'name' => '20 points',
'returnURL' => "http://".$_SERVER['HTTP_HOST']."/success.php", 'returnURL' => "http://".$_SERVER['HTTP_HOST']."/success.php",
'cancelURL' => "http://".$_SERVER['HTTP_HOST']."/failed.php" 'cancelURL' => "http://".$_SERVER['HTTP_HOST']."/failed.php"

29
paygol_ipn.php
View File

@ -2,13 +2,6 @@
require 'config.php'; require 'config.php';
require 'engine/database/connect.php'; require 'engine/database/connect.php';
// check that the request comes from PayGol server
if(!in_array($_SERVER['REMOTE_ADDR'],
array('109.70.3.48', '109.70.3.146', '109.70.3.58'))) {
header("HTTP/1.0 403 Forbidden");
die("Error: Unknown IP");
}
// Fetch and sanitize POST and GET values // Fetch and sanitize POST and GET values
function getValue($value) { function getValue($value) {
return (!empty($value)) ? sanitize($value) : false; return (!empty($value)) ? sanitize($value) : false;
@ -23,17 +16,24 @@ $service_id = getValue($_GET['service_id']);
$shortcode = getValue($_GET['shortcode']); $shortcode = getValue($_GET['shortcode']);
$keyword = getValue($_GET['keyword']); $keyword = getValue($_GET['keyword']);
$message = getValue($_GET['message']); $message = getValue($_GET['message']);
$sender = getValue($_GET['sender']); $sender = getValue($_GET['sender']);
$operator = getValue($_GET['operator']); $operator = getValue($_GET['operator']);
$country = getValue($_GET['country']); $country = getValue($_GET['country']);
$custom = getValue($_GET['custom']); $custom = getValue($_GET['custom']);
$points = getValue($_GET['points']); $points = getValue($_GET['points']);
$price = getValue($_GET['price']); $price = getValue($_GET['price']);
$currency = getValue($_GET['currency']); $currency = getValue($_GET['currency']);
$secret = getValue($_GET['secret']);
// config paygol settings // config paygol settings
$paygol = $config['paygol']; $paygol = $config['paygol'];
// Check for valid secret key
if($secret != $paygol['secret']) {
header("HTTP/1.0 403 Forbidden");
die("Error: secretKey does not match.");
}
// Check if request serviceID is the same as it is in config // Check if request serviceID is the same as it is in config
if($service_id != $paygol['serviceID']) { if($service_id != $paygol['serviceID']) {
header("HTTP/1.0 403 Forbidden"); header("HTTP/1.0 403 Forbidden");
@ -41,12 +41,15 @@ if($service_id != $paygol['serviceID']) {
} }
$new_points = $paygol['points']; $new_points = $paygol['points'];
// Update logs: // Update logs:
mysql_insert("INSERT INTO `znote_paygol` VALUES ('', '$custom', '$price', '$new_points', '$message_id', '$service_id', '$shortcode', '$keyword', '$message', '$sender', '$operator', '$country', '$currency')"); mysql_insert("INSERT INTO `znote_paygol` VALUES ('', '$custom', '$price', '$new_points', '$message_id', '$service_id', '$shortcode', '$keyword', '$message', '$sender', '$operator', '$country', '$currency')");
// Fetch points // Fetch points
$account = mysql_select_single("SELECT `points` FROM `znote_accounts` WHERE `account_id`='$custom';"); $account = mysql_select_single("SELECT `points` FROM `znote_accounts` WHERE `account_id`='$custom';");
// Calculate new points // Calculate new points
$new_points = $account['points'] + $new_points; $new_points = $account['points'] + $new_points;
// Update new points // Update new points
mysql_update("UPDATE `znote_accounts` SET `points`='$new_points' WHERE `account_id`='$custom'"); mysql_update("UPDATE `znote_accounts` SET `points`='$new_points' WHERE `account_id`='$custom'");
?>