Нашёл заброшенный исходник одностраничника с фрикассой, попытался воскресить, но всё тщетно.
Критует в консоль:
Код:
<?
include_once('config.php');
ini_set('error_reporting', E_ALL);
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
if(isset($_REQUEST['nickname']) && isset($_REQUEST['buy']) && !isset($_REQUEST['checkprice'])) {
$promo = "none";
if(array_key_exists($_REQUEST['buy'], $goods['groups'])) {
$toPay = $goods['groups'][$_REQUEST['buy']]['price'];
if (isset($_REQUEST['promo']) && $_REQUEST['promo'] != "") {
if (array_key_exists($_REQUEST['promo'], $goods['promo'])) {
$promo = $_REQUEST['promo'];
$discount = $goods['promo'][$_REQUEST['promo']];
$toPay = $toPay - ($toPay / 100 * $discount);
}
}
$dopzapros = "SELECT * FROM buy WHERE nickname = '".$mysqli->real_escape_string($_REQUEST['nickname'])."' AND paid = '1'";
foreach($goods['cases'] as $name => $forunban) $dopzapros .= " AND goods != '".$name."' ";
foreach($goods['unban'] as $name => $forcases) $dopzapros .= " AND goods != '".$name."' ";
$dopzapros .= 'ORDER BY price DESC LIMIT 1';
$basemoney = $mysqli->query($dopzapros);
$basemoney = $basemoney->fetch_assoc();
if($toPay > $basemoney['price']) {
$toPay = $toPay - $basemoney['price'];
}
if($goods['groups'][$_REQUEST['buy']]['price'] <= $basemoney['price']) {
$toPay = 0;
}
if($toPay == 0) {
die('Сумма к оплате меньше или равна нулю.');
}
$mysqli->query("INSERT INTO buy (nickname, goods, price, date, promo, paid) VALUES ('".$_REQUEST['nickname']."', '".$_REQUEST['buy']."', '".$toPay."', '".time()."', '".$promo."', '0')");
$payid = $mysqli->query("SELECT id FROM buy WHERE nickname = '".$mysqli->real_escape_string($_REQUEST['nickname'])."' AND paid = '0' ORDER BY id DESC LIMIT 1");
$payid = $payid->fetch_assoc();
echo "
<script type=\"text/javascript\">
load_form();
function load_form() {
var form = new FK();
form.loadWidget({
merchant_id: '".$settings['fk']['shop_id']."',
amount: '".$toPay."',
order_id: '".$payid['id']."',
sign: '".$fkey."',
});
}
</script>
";
} elseif(array_key_exists($_REQUEST['buy'], $goods['cases'])) {
$toPay = $goods['cases'][$_REQUEST['buy']]['price'];
$mysqli->query("INSERT INTO buy (nickname, goods, price, date, promo, paid) VALUES ('".$_REQUEST['nickname']."', '".$_REQUEST['buy']."', '".$toPay."', '".time()."', '".$promo."', '0')");
$payid = $mysqli->query("SELECT id FROM buy WHERE nickname = '".$mysqli->real_escape_string($_REQUEST['nickname'])."' AND paid = '0' ORDER BY id DESC LIMIT 1");
$payid = $payid->fetch_assoc();
echo "
<script type=\"text/javascript\">
load_form();
function load_form() {
var form = new FK();
form.loadWidget({
merchant_id: '".$settings['fk']['shop_id']."',
amount: '".$toPay."',
order_id: '".$payid['id']."',
sign: '".$fkey."',
});
}
</script>
";
} elseif(array_key_exists($_REQUEST['buy'], $goods['unban'])) {
$toPay = $goods['unban'][$_REQUEST['buy']]['price'];
$mysqli->query("INSERT INTO buy (nickname, goods, price, date, promo, paid) VALUES ('".$_REQUEST['nickname']."', '".$_REQUEST['buy']."', '".$toPay."', '".time()."', '".$promo."', '0')");
$payid = $mysqli->query("SELECT id FROM buy WHERE nickname = '".$mysqli->real_escape_string($_REQUEST['nickname'])."' AND paid = '0' ORDER BY id DESC LIMIT 1");
$payid = $payid->fetch_assoc();
echo "
<script type=\"text/javascript\">
load_form();
function load_form() {
var form = new FK();
form.loadWidget({
merchant_id: '".$settings['fk']['shop_id']."',
amount: '".$toPay."',
order_id: '".$payid['id']."',
sign: '".$fkey."',
});
}
</script>
";
}
} elseif(isset($_REQUEST['nickname']) && isset($_REQUEST['buy']) && isset($_REQUEST['checkprice'])) {
if(array_key_exists($_REQUEST['buy'], $goods['groups'])) {
$toPay = $goods['groups'][$_REQUEST['buy']]['price'];
if (isset($_REQUEST['promo']) && $_REQUEST['promo'] != "") {
if (array_key_exists($_REQUEST['promo'], $goods['promo'])) {
$promo = $_REQUEST['promo'];
$discount = $goods['promo'][$_REQUEST['promo']];
$toPay = $toPay - ($toPay / 100 * $discount);
}
}
$dopzapros = "SELECT * FROM buy WHERE nickname = '".$mysqli->real_escape_string($_REQUEST['nickname'])."' AND paid = '1'";
foreach($goods['cases'] as $name => $forunban) $dopzapros .= " AND goods != '".$name."' ";
foreach($goods['unban'] as $name => $forcases) $dopzapros .= " AND goods != '".$name."' ";
$dopzapros .= 'ORDER BY price DESC LIMIT 1';
$basemoney = $mysqli->query($dopzapros);
$basemoney = $basemoney->fetch_assoc();
if($toPay > $basemoney['price']) {
$toPay = $toPay - $basemoney['price'];
}
if($goods['groups'][$_REQUEST['buy']]['price'] <= $basemoney['price']) {
echo '<a class="btn btn-danger btn-block disabled">Вы не можете купить данную привилегию</a>';
} else {
echo '<button type="submit" class="btn btn-success btn-block">Купить '.$goods['groups'][$_REQUEST['buy']]['name'].' за '.$toPay.' рублей</button>';
}
} elseif(array_key_exists($_REQUEST['buy'], $goods['cases'])) {
echo '<button type="submit" class="btn btn-success btn-block">Открыть кейс '.$goods['cases'][$_REQUEST['buy']]['name'].' за '.$goods['cases'][$_REQUEST['buy']]['price'].' рублей</button>';
} elseif(array_key_exists($_REQUEST['buy'], $goods['unban'])) {
echo '<button type="submit" class="btn btn-success btn-block">Купить разбан за '.$goods['unban'][$_REQUEST['buy']]['price'].' рублей</button>';
}
} elseif(isset($_REQUEST['MERCHANT_ID']) && isset($_REQUEST['AMOUNT']) && isset($_REQUEST['intid']) && isset($_REQUEST['SIGN'])) {
function getIP() {
if(isset($_SERVER['HTTP_X_REAL_IP'])) return $_SERVER['HTTP_X_REAL_IP'];
return $_SERVER['REMOTE_ADDR'];
}
if (!in_array(getIP(), array('136.243.38.147', '136.243.38.149', '136.243.38.150', '136.243.38.151', '136.243.38.189', '88.198.88.98'))) {
die("hacking attempt!");
}
$sign = md5($settings['fk']['shop_id'].':'.$_REQUEST['AMOUNT'].':'.$settings['fk']['secretkey_2'].':'.$_REQUEST['MERCHANT_ORDER_ID']);
if ($sign != $_REQUEST['SIGN']) {
die('wrong sign');
}
$payinfo = $mysqli->query("SELECT * FROM buy WHERE id = '".$_REQUEST['MERCHANT_ORDER_ID']."' AND paid = '0' ORDER BY price DESC LIMIT 1");
$payinfo = $payinfo->fetch_assoc();
if($payinfo['price'] != $_REQUEST['AMOUNT']) {
$mysqli->query("UPDATE `buy` SET `paid` = '2', `date` = '".time()."' WHERE `id` = '".$_REQUEST['MERCHANT_ORDER_ID']."'");
} else {
if(array_key_exists($payinfo['goods'], $goods['unban'])) {
$command = str_replace("%username%", $payinfo['nickname'], $goods['unban'][$payinfo['goods']]['command']);
$mysqligame->query("INSERT INTO commands (player, command) VALUES ('".$payinfo['nickname']."', '".$command."')");
$mysqli->query("UPDATE buy SET paid = '1', date = '".time()."' WHERE id = '".$_REQUEST['MERCHANT_ORDER_ID']."'");
} elseif(array_key_exists($payinfo['goods'], $goods['groups'])) {
$command = explode("&", $goods['groups'][$payinfo['goods']]['command']);
$command = str_replace("%username%", $payinfo['nickname'], $command);
$mysqli->query("UPDATE buy SET paid = '1', date = '".time()."' WHERE id = '".$_REQUEST['MERCHANT_ORDER_ID']."'");
foreach($command as $id => $value)
{
$mysqligame->query("INSERT INTO commands (player, command) VALUES ('".$payinfo['nickname']."', '".$value."')");
}
} elseif(array_key_exists($payinfo['goods'], $goods['cases'])) {
$randomcase = count($goods['cases'][$payinfo['goods']]['items']);
$randomcase = $randomcase - 1;
$randomcase = mt_rand(0, $randomcase);
$itemcase = $goods['cases'][$payinfo['goods']]['items'];
$randomcase = $itemcase[$randomcase];
$mysqli->query("UPDATE buy SET paid = '1', date = '".time()."', goods = '".$payinfo['goods']."_".$randomcase."' WHERE id = '".$_REQUEST['MERCHANT_ORDER_ID']."'");
$command = str_replace("%username%", $payinfo['nickname'], $goods['groups'][$randomcase]['command']);
$mysqligame->query("INSERT INTO commands (player, command) VALUES ('".$payinfo['nickname']."', '".$command."')");
}
}
die('YES');
}
?>
Код из config:
<?php
$settings = array(
'fk' => array(
'shop_id' => '00000', // ID магазина в кассе
'secretkey_1' => 'первый ключ', // Секретный ключ 1
'secretkey_2' => 'второй ключ', // Секретный ключ 2
),
);
$fkey = md5($settings['fk']['shop_id'].$settings['fk']['secretkey_1']);
?>
Смотрел документацию, либо я что-то не понимаю, либо не знаю на что грешить уже.
Простой