API tools faq
paste
Advertisement
alexx876

Untitled

alexx876
Apr 16th, 2019
474
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.43 KB | None | 0 0
raw download clone embed print report
  1.     //Функция для работы с QIWI WEBHOOK
  2.     private function getReqParams(){
  3.         //Make sure that it is a POST request.
  4.         if(strcasecmp($_SERVER['REQUEST_METHOD'], 'POST') != 0){
  5.             throw new Exception('Request method must be POST!');
  6.         }
  7.  
  8.         //Receive the RAW post data.
  9.         $content = trim(file_get_contents("php://input"));
  10.  
  11.         //Attempt to decode the incoming RAW post data from JSON.
  12.         $decoded = json_decode($content, true);
  13.  
  14.         //If json_decode failed, the JSON is invalid.
  15.         if(!is_array($decoded)){
  16.             throw new Exception('Received content contained invalid JSON!');
  17.         }
  18.  
  19.         //Check if test
  20.         if ($decoded['test'] == 'true') {
  21.           throw new Exception('Test!');
  22.         }
  23.  
  24.         // Строка параметров
  25.         $reqparams = $decoded['payment']['sum']['currency'] . '|' . $decoded['payment']['sum']['amount'] . '|'. $decoded['payment']['type'] . '|' . $decoded['payment']['account'] . '|' . $decoded['payment']['txnId'];
  26.         // Подпись из запроса
  27.         foreach ($decoded as $name=>$value) {
  28.            if ($name == 'hash') {
  29.                 $SIGN_REQ = $value;
  30.            }
  31.         }
  32.  
  33.         return [$reqparams, $SIGN_REQ];
  34.     }
  35.    
  36.     public function qiwi_hook()
  37.     {
  38.         $content = json_decode(trim(file_get_contents("php://input")));
  39.         if (!$content->hookId || $content->hookId != config_item('qiwi_hookid')) {
  40.             die(json_encode(['error' => 1]));
  41.         }
  42.        
  43.         //Проверяем контрольную подпись запроса
  44.         $request = getReqParams();
  45.         $reqres = hash_hmac("sha256", $request[0], base64_decode(config_item('qiwi_hookkey')));
  46.        
  47.         if (!hash_equals($reqres, $request[1])) {
  48.             die(json_encode(['error' => 2]));
  49.         }
  50.        
  51.         //Проверяем на то, что не зачисли ранее баланс пользователю
  52.         if ($this->paymentsystems_model->get_by(['uniq_id' => $content->payment->txnId])) {
  53.             die(json_encode(['error' => 3]));
  54.         }
  55.        
  56.         //Проверяем на нужную валюту и статус платежа
  57.         if ($content->payment->total->currency != 643 || $content->payment->status != 'SUCCESS' || !$content->payment->comment) {
  58.             die(json_encode(['error' => 4]));
  59.         }
  60.        
  61.         //Проверяем наличие пользователя в базе данных
  62.         $user = $this->user_model->get((int)$content->payment->comment);
  63.        
  64.         if (!$user->id) die(json_encode(['error' => 5]));
  65.        
  66.         //Зачисляем баланс пользовател.
  67.         die(json_encode(['ok' => true]));
  68.     }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!