Untitled

<?php

require "./core/config.php";

$secretKey = $UnitPay['secret_key'];
$price = $UnitPay['price'];

function getSignature($method, $params, $secretKey)
{
    ksort($params);
    unset($params['sign']);
    unset($params['signature']);
    array_push($params, $secretKey);
    array_unshift($params, $method);

    return hash('sha256', join('{up}', $params));
}

/**
* Ошибочный ответ партнера
*
* @param $message
*/
function responseError($message) {
  $error = array(
      "jsonrpc" => "2.0",
      "error" => array(
          "code" => -32000,
          "message" => $message
      ),
      'id' => 1
  );
  echo json_encode($error); exit();
}

/**
* Успешный ответ партнера
*
* @param $message
*/
function responseSuccess($message) {
  $success = array(
      "jsonrpc" => "2.0",
      "result" => array(
          "message" => $message
      ),
      'id' => 1
  );
  echo json_encode($success); exit();
}

if(isset($_GET['method'])) {

    if($_GET['method']=='check') {

        $params = $_GET['params'];
        $sign = $params['sign'];
        unset($params['sign']);

        $db_json = (array)json_decode(file_get_contents('core/db/orders.db'));
        $db_json['orders'] = (array)$db_json['orders'];

        $order = false;

        foreach($db_json['orders'] as $row) {
            if($_GET['params']['account']==$row->{'id'}) {
                if($sign==md5(implode("",$params).$secretKey)) {
                    $order = true;
                    break;
                }
            }
        }

        if($order) {
            echo '{"result": {"message":"Запрос успешно обработан"}}';
        } else {
            echo '{"error": {"message":"Заказ не найден!"}}';
        }

    } elseif($_GET['method']=='pay') {

        $params = $_GET['params'];
        $sign = $params['signature'];

        $db_json = (array)json_decode(file_get_contents('core/db/orders.db'));
        $db_json['orders'] = (array)$db_json['orders'];

        $order = -1;

        foreach($db_json['orders'] as $k=>$row) {
            if($_GET['params']['account']==$row->{'id'}) {
              $order = $k;
              break;
            }
        }

        $unitpayIp = array(
            '31.186.100.49',
            '178.132.203.105',
            '52.29.152.23',
            '52.19.56.234'
        );

        if (!in_array($_SERVER["REMOTE_ADDR"], $unitpayIp)) {
            die('IP address Error');
        }
        if(getSignature($_GET['method'], $params, $secretKey) != $sign){
          responseError("Invalid signature.");
        }

        if($order>-1) {
            require "./core/sql.class.php";
            $coin = $db_json['orders'][$order]->{'sum'}/$price;
            $acc = $db_json['orders'][$order]->{'account'};
            $DB = selectServer($db_json['orders'][$order]->{'server'},$Sql);
             $current = $DB->FetchArray($DB->Query("SELECT VoteBonus FROM MEMB_INFO WHERE memb___id = '$acc'"));
            $current = (int)$current['VoteBonus'];

            if($current<1) { $current = (int)$coin; } else { $current += (int)$coin; }
            $DB->Query("UPDATE MEMB_INFO SET VoteBonus = $current WHERE memb___id = '$acc'");

            unset($db_json['orders'][$order]);
            $db_json['orders'] = array_values($db_json['orders']);
            file_put_contents('core/db/orders.db',json_encode($db_json));
            echo '{"result": {"message":"Запрос успешно обработан"}}';
        } else {
            echo '{"error": {"message":"Заказ не найден!"}}';
        }

    }

}