API tools faq
paste
Guest User

PayGol IPN

a guest
Dec 19th, 2012
1,217
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.55 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. $MySQL_host = 'localhost';
  3. $MySQL_user = '';
  4. $MySQL_pw = '';
  5. $MySQL_db = '';
  6. $MySQL_db_table = 'users';
  7.  
  8. $PayGol_IPs = array
  9. (
  10.         '109.70.3.48',
  11.         '109.70.3.146',
  12.         '109.70.3.58'
  13. );
  14.  
  15. $min_price = 50;
  16. $allowed_currencies = array('NOK');
  17.  
  18. $logging = true;
  19. $log_path = 'log_paygol_'; // error|success
  20.  
  21. function pgLog($type, $msg)
  22. {
  23.         global $logging, $log_path;
  24.         if (!$logging) return false;
  25.  
  26.         $fh = @fopen($log_path . $type, 'a');
  27.         if ($fh)
  28.         {
  29.                 fwrite($fh, "------\n Date: " . date('d.m.Y H:i:s') . "\tIP: " . $_SERVER['REMOTE_ADDR'] . (isset($_GET['sender']) ? ("\tSender: " . $_GET['sender']) : "") . "\n Msg: " . $msg . "\n------\n");
  30.                 fclose($fh);
  31.         }
  32.         else
  33.         {
  34.                 echo '!!! Not allowed to write to ' . $log_path . $type . ' !!!' . PHP_EOL;
  35.                 echo 'whoami: ' . @exec('whoami') . PHP_EOL;
  36.         }
  37. }
  38.  
  39. try
  40. {
  41.         if (!in_array($_SERVER['REMOTE_ADDR'], $PayGol_IPs))
  42.         {
  43.                 throw new Exception('Invalid remote IP');
  44.         }
  45.  
  46.         if ($_GET['price'] < $min_price)
  47.         {
  48.                 throw new Exception('Too low price: ' . $_GET['price']);
  49.         }
  50.  
  51.         if (!in_array($_GET['currency'], $allowed_currencies))
  52.         {
  53.                 throw new Exception('Invalid currency');
  54.         }
  55.  
  56.         $db = new mysqli($MySQL_host, $MySQL_user, $MySQL_pw, $MySQL_db);
  57.         if ($db->connect_error)
  58.         {
  59.                 throw new Exception('MySQL connect error (' . $db->connect_errno . '): ' . $db->connect_error);
  60.         }
  61.        
  62.         if (@$db->query('UPDATE `' . $MySQL_db_table . '` SET `vip_points` = `vip_points` + 100 WHERE `id` = \'' . $db->real_escape_string($_GET['custom']) . '\' '))
  63.         {
  64.                 if ($db->affected_rows == 0)
  65.                 {
  66.                         throw new Exception('Query: No rows affected (non-existing user-id? custom = ' . $_GET['custom'] . ')');
  67.                 }
  68.         }
  69.         else
  70.         {
  71.                 throw new Exception('Query error (' . $db->errno . '): ' . $db->error);
  72.         }
  73.  
  74.         $db->close();
  75.  
  76.         header('Content-Type: text/plain');
  77.         echo 'OK';
  78.  
  79.         pgLog('success', "User-Id: " . $_GET['custom'] . "\tPrice: " . $_GET['price']);
  80. }
  81. catch (Exception $ex)
  82. {
  83.         header('HTTP/1.1 400 Bad Request');
  84.         header('Content-Type: text/plain');
  85.  
  86.         pgLog('error', $ex->getMessage());
  87.         echo $ex->getMessage();
  88.         exit;
  89. }
  90. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!