File size: 1.17Kb
<?php
require_once('../Sys/connect.php');
$set = $mysqli->query("SELECT * FROM `ads_settings`")->fetch_assoc();
if($_POST['LMI_PREREQUEST'] == 1) {
$row = $mysqli->query("SELECT `id`, `sum` FROM `ads` WHERE `id` = '".(int) $_POST['LMI_PAYMENT_NO']."'")->fetch_assoc();
if(empty($row['id'])) {
echo "ERR: НЕТ ТАКОГО ТОВАРА";
exit;
}
if($row['sum'] != (int) $_POST['LMI_PAYMENT_AMOUNT']) {
echo "ERR: НЕВЕРНАЯ СУММА ".$_POST['LMI_PAYMENT_AMOUNT'];
exit;
}
if(trim($_POST['LMI_PAYEE_PURSE']) != $set['wmr']) {
echo "ERR: НЕВЕРНЫЙ КОШЕЛЕК ПОЛУЧАТЕЛЯ ".$_POST['LMI_PAYEE_PURSE'];
exit;
}
echo "YES";
} else {
$secret_key = $set['key'];
$common_string = $_POST['LMI_PAYEE_PURSE'].$_POST['LMI_PAYMENT_AMOUNT'].$_POST['LMI_PAYMENT_NO'].$_POST['LMI_MODE'].$_POST['LMI_SYS_INVS_NO'].$_POST['LMI_SYS_TRANS_NO'].$_POST['LMI_SYS_TRANS_DATE'].$secret_key.$_POST['LMI_PAYER_PURSE'].$_POST['LMI_PAYER_WM'];
$hash = strtoupper(md5($common_string));
if($hash != $_POST['LMI_HASH']) exit;
$mysqli->query("UPDATE `ads` SET `pay` = '1' WHERE `id` = '".(int) $_POST['LMI_PAYMENT_NO']."'");
}
?>