Witam.
Otóż mamy Account Panel do pewnej gry w którym mamy system Dostacji, za dotację gracze otrzymują "wirtualną walutę" lecz system nie działa tak jak powinien, mianowicie:
Prowadzi bez problemu do płatności, lecz po jej wykonaniu w naszym panelu nie otrzymujemy wirtualnej waluty, jakby nie zostało to sprawdzone, lub zostało sprawdzone błędnie.
oto Kody:
ConfirmPayment.php
<?php
if(!isset($load))
exit;
if(!!!$settings['enableCreditPurchase'])
exit(header("Location: ?page=player"));
$subContent = "";
if(!$validate->blank($_GET['system']) || !$validate->blank($_GET['credits']))
exit(header("Location: ?page=credits"));
elseif(!$validate->letters($_GET['system']) || !$validate->money($_GET['credits']))
exit(header("Location: ?page=credits"));
elseif($_GET['system'] !== "paypal" && $_GET['system'] !== "pagseguro" && $_GET['system'] != "paysera" && $_GET['system'] != "paysafecard")
exit(header("Location: ?page=credits"));
elseif($_GET['system'] == "paysafecard" && ($_GET['credits'] != 10.00 && $_GET['credits'] != 25.00 && $_GET['credits'] != 50.00 && $_GET['credits'] != 100.00))
exit(header("Location: ?page=credits"));
elseif($_GET['credits'] <= 0.00)
exit(header("Location: ?page=credits"));
elseif(number_format($_GET['credits'] * $settings['creditPrice'],2) >= 999.1)
exit(header("Location: ?page=credits"));
if(!(isset($_GET['confirm']) && $_GET['confirm'] == "true"))
$mysqlClientLoginServer->execute("INSERT INTO `acp_payments` (`account`,`amount`,`reward`,`method`,`time`) VALUES (?,?,?,?,?);",array($player['account'],number_format($_GET['credits'] * $settings['creditPrice'],2),$_GET['credits'],$_GET['system'],time()));
$paymentData = $mysqlClientLoginServer->select("SELECT * FROM `acp_payments` WHERE `account` = ? AND `status` = 0 ORDER BY `id` DESC LIMIT 1;",array($player['account']));
if(!$paymentData)
exit(header("Location: ?page=player"));
if($_GET['system'] == 'paypal' && $settings['enablePaypalPayment'] == 1 && $settings['paypalAddress'] !== ''){
$subContent = "<button class=\"redirect\" value=\"https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=".$settings['paypalAddress']."&lc=en_EN&item_name=Obtain ".number_format($paymentData['reward'],2)." Credits by ".number_format($paymentData['amount'],2)." Euro&item_number=".$paymentData['id']."-".$client['id']."&amount=".number_format($paymentData['amount'],2)."¤cy_code=EUR&cancel_return=".getCurrentURL()."?page=credits&return=".getCurrentURL()."?page=credits&no_note=0¤cy_code=EUR&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHostedGuest\">Pay Now</button>";
}elseif($_GET['system'] == 'pagseguro' && $settings['enablePagSeguroPayment'] == 1 && $settings['pagseguroAddress'] !== ''){
$subContent = '<form method="post" target="pagseguro" action="https://pagseguro.uol.com.br/v2/checkout/payment.html"><input name="receiverEmail" type="hidden" value="'.$settings['pagseguroAddress'].'"><input name="currency" type="hidden" value="EUR"><input name="itemId1" type="hidden" value="0001"><input name="itemDescription1" type="hidden" value="Creditos"><input name="itemAmount1" type="hidden" value="'.number_format($paymentData['amount'],2).'"><input name="itemQuantity1" type="hidden" value="1"><input name="reference" type="hidden" value="'.$client['id'].'"><input alt="Pague com PagSeguro" name="submit" type="submit" value="Pay Now"/></form>';
}elseif($_GET['system'] == "paysera" && !!$settings['enablePayseraPayment'] && $settings['payseraProjectId'] && $settings['payseraProjectPassword']){
if(!$validate->blank($settings['payseraProjectId']) || !$validate->blank($settings['payseraProjectPassword']))
exit(header("Location: ?page=credits"));
if(isset($_GET['confirm']) && $_GET['confirm'] == "true"){
require_once(PATH_LIBRARIES."paysera.php");
try{
$request = WebToPay::redirectToPayment(array(
'projectid' => $settings['payseraProjectId'],
'sign_password' => $settings['payseraProjectPassword'],
'orderid' => $paymentData['id']."-".$client['id'],
'amount' => ($paymentData['amount'] * 100),
'paytext' => "Purchasing ".number_format($paymentData['reward'],2)." credits for ".number_format($paymentData['amount'],2)." EUR. Order ID [order_nr] on [site_name].",
'currency' => "EUR",
'country' => "EN",
'accepturl' => getCurrentURL()."?credits=",
'cancelurl' => getCurrentURL()."?credits=",
'callbackurl' => getCurrentURL()."/payments/payseraCallback.php",
'test' => 0,
));
}catch(WebToPayException $e){
echo $e;
}
}
$subContent = "<button class=\"redirect\" value=\"?page=confirmPayment&system=paysera&credits=".$_GET['credits']."&confirm=true\">Pay now</button>";
}elseif($_GET['system'] == "paysafecard" && !!$settings['enablePaysafecardPayment'])
$subContent = "<form name=\"envia\" id=\"purchasePaySafeCard\">
Please enter your pin
<input type=\"hidden\" id=\"id\" value=\"".$paymentData['id']."\" />
<div class=\"input\"><input type=\"text\" id=\"pin\" value=\"\" /><span>PIN</span></div>
<button>Confirm</button>
</form>";
else
exit(header("Location: ?page=credits"));
$templateContent->replace("button",$subContent);
?>
paypalCallback.php
<?php
error_reporting(E_STRICT);
$req = "cmd=_notify-validate";
foreach($_POST as $key => $value){
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: ".strlen($req)."\r\n\r\n";
$fp = fsockopen("www.paypal.com",80,$errno,$errstr,30);
// test 1
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
if(!$fp)
exit();
fputs($fp,$header.$req);
while(!feof($fp)){
$res = fgets($fp,1024);
if(strcmp($res,"VERIFIED") == 0){
if($_POST['payment_status'] == "Completed" && $_POST['mc_currency'] == "EUR"){
$order = $_POST['item_number'];
$amount = $_POST['mc_gross'];
require_once("../core.php");
if(!!!$settings['enablePaypalPayment'])
exit("Paypal payment option is disabled.");
if(!$validate->blank(@$order))
exit("Missing some details.");
elseif(!$validate->numeric($order))
exit("Some of the fields contain fobidden symbols.");
$paymentData = $mysqlClientLoginServer->select("SELECT * FROM `acp_payments` WHERE `id` = ? AND `status` = 0 ORDER BY `id` DESC LIMIT 1;",array($order));
if(!$paymentData)
exit("There's no outstanding order with such ID.");
if($paymentData['amount'] != $amount)
exit("The money sent does not match the order amount.");
$player['account'] = $paymentData['account'];
$mysqlClientLoginServer->execute("UPDATE `acp_payments` SET `status` = 2 WHERE `id` = ?;",array($order));
$credits->increase($paymentData['reward']);
$log->add("Purchased ".sprintf('%0.2f',$paymentData['reward'])."¢ for ".sprintf('%0.2f',$paymentData['amount'])." EUR through PayPal, thank you.");
}
elseif($_POST['payment_status'] == "Reversed"){
$order = $_POST['item_number'];
$amount = $_POST['mc_gross'];
require_once("../core.php");
if(!$validate->blank(@$order))
exit("Missing some details.");
elseif(!$validate->numeric($order))
exit("Some of the fields contain fobidden symbols.");
$paymentData = $mysqlClientLoginServer->select("SELECT * FROM `acp_payments` WHERE `id` = ? ORDER BY `id` DESC LIMIT 1;",array($order));
if(!$paymentData)
exit("There's no such order.");
$mysqlClientLoginServer->execute($queryLogin['disableAccount'],array($paymentData['account']));
$log->add("Account has been banned for reversing the payment.");
}
}
}
fclose($fp);
?>