Digitalstack/ZnoteAAC
2
0
Fork 0
mirror of https://github.com/Znote/ZnoteAAC.git synced 2025-04-29 18:59:21 +02:00
Code Issues Packages Projects Releases Wiki Activity
ZnoteAAC/paygol_ipn.php
Atte 52ae81233d Fix paygol IPN by adding the missing functions (sanitize, getValue) 
Now it will also check if the serviceID in config.php is the same as it is in paygol. Because, it is possible to do 'fake' payments at paygol, by just changing the report URL, to report url on any other OT (assuming we know the file name) and thus it will pass the IP check, because the request is coming from paygol.
2015-08-18 16:24:19 +03:00

52 lines
1.8 KiB
PHP
Raw Blame History

<?php
require 'config.php';
require 'engine/database/connect.php';
// check that the request comes from PayGol server
if(!in_array($_SERVER['REMOTE_ADDR'],
array('109.70.3.48', '109.70.3.146', '109.70.3.58'))) {
header("HTTP/1.0 403 Forbidden");
die("Error: Unknown IP");
}
// Fetch and sanitize POST and GET values
function getValue($value) {
return (!empty($value)) ? sanitize($value) : false;
}
function sanitize($data) {
return htmlentities(strip_tags(mysql_znote_escape_string($data)));
}
// get the variables from PayGol system
$message_id = getValue($_GET['message_id']);
$service_id = getValue($_GET['service_id']);
$shortcode = getValue($_GET['shortcode']);
$keyword = getValue($_GET['keyword']);
$message = getValue($_GET['message']);
$sender = getValue($_GET['sender']);
$operator = getValue($_GET['operator']);
$country = getValue($_GET['country']);
$custom = getValue($_GET['custom']);
$points = getValue($_GET['points']);
$price = getValue($_GET['price']);
$currency = getValue($_GET['currency']);
// config paygol settings
$paygol = $config['paygol'];
// Check if request serviceID is the same as it is in config
if($service_id != $paygol['serviceID']) {
header("HTTP/1.0 403 Forbidden");
die("Error: serviceID does not match.");
}
$new_points = $paygol['points'];
// Update logs:
mysql_insert("INSERT INTO `znote_paygol` VALUES ('', '$custom', '$price', '$new_points', '$message_id', '$service_id', '$shortcode', '$keyword', '$message', '$sender', '$operator', '$country', '$currency')");
// Fetch points
$account = mysql_select_single("SELECT `points` FROM `znote_accounts` WHERE `account_id`='$custom';");
// Calculate new points
$new_points = $account['points'] + $new_points;
// Update new points
mysql_update("UPDATE `znote_accounts` SET `points`='$new_points' WHERE `account_id`='$custom'");
?>
Reference in New Issue View Git Blame Copy Permalink