Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- include 'config.php';
- if((isset($_POST['summ']) && isset($_SESSION['post_steamid'])) || isset($_POST['summ'])) {
- if(isset($_POST['steamid'])) {
- $part1 = explode(":", $_POST['steamid']);
- if($part1[0] == 'STEAM_0') {
- $_POST['steamid'] = "STEAM_1:".$part1[1].":".$part1[2];
- }
- $_SESSION['post_steamid'] = $_POST['steamid'];
- }
- if($_POST['summ'] >= $minSumm) {
- $_SESSION['summ'] = 'correct';
- $sql = 'INSERT INTO `buy` (`status`, `steamid`, `summ`, `time`) VALUES (:status, :steamid, :summ, :time)';
- $stmt = $pdo->prepare($sql);
- $stmt->bindValue(':status', 0);
- $stmt->bindValue(':steamid', $_SESSION['post_steamid']);
- $stmt->bindValue(':summ', $_POST['summ']);
- $stmt->bindValue(':time', time());
- $inserted = $stmt->execute();
- echo "<script language='JavaScript'> window.location.href = 'http://www.free-kassa.ru/merchant/cash.php?m=".$shopid."&oa=".$_POST['summ']."&o=".$pdo->lastInsertId()."&s=".md5($shopid.':'.$_POST['summ'].':'.$secret.':'.$pdo->lastInsertId())."'; </script>";
- } else {
- $_SESSION['summ'] = 'incorrect';
- echo '<script>location.replace(\'index.php\')</script>';
- }
- } else {
- die('hacking attempt!');
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement