+- LCKB (https://lckb.dev/forum)
+-- Forum: ** OLD LCKB DATABASE ** (https://lckb.dev/forum/forumdisplay.php?fid=109)
+--- Forum: Website Scripting & Security (https://lckb.dev/forum/forumdisplay.php?fid=197)
+---- Forum: Security (https://lckb.dev/forum/forumdisplay.php?fid=164)
+----- Forum: Website Security (https://lckb.dev/forum/forumdisplay.php?fid=141)
+----- Thread: Script PaymentWall (/showthread.php?tid=960)
- fonsy84 - 07-14-2012
i try Wiza thx
- fonsy84 - 07-14-2012
no work Wiza:
HTTP/1.0 200 OK
Date: Sat, 14 Jul 2012 21:42:58 GMT
Server: Apache/2.2.21 (Win32) mod_ssl/2.2.21 OpenSSL/1.0.0e PHP/5.3.8 mod_perl/2.0.4 Perl/v5.10.1
X-powered-by: PHP/5.3.8
Content-length: 36
Content-type: text/html
Connection: close
Reference: can only contain 0-9 a-Z
- Wizatek - 07-14-2012
Enter a random reference in the input boxes when u test it.
- fonsy84 - 07-14-2012
lol now this :S sorry wiza for your time
Notice: Undefined variable: db in C:\xampp\htdocs\donations\pingback.php on line 136
Fatal error: Call to a member function prepare() on a non-object in C:\xampp\htdocs\donations\pingback.php on line 136
THX AGAIN
- fonsy84 - 07-14-2012
i use id name wiza
- Wizatek - 07-14-2012
Ah right,
/*
* PaymentWall Pingback script
* Author: Wizatek
*
* This script can be used for your server so u can embed the paymentwall system in your
* website. This version of the pingback uses the user ID, the number, not the username
*
*/
// Set this to your secret key provided by PaymentWall.
$secretKey = 12345678901234567890;
// Set the database settings.
$dbs[server] = localhost;
$dbs[user] = root;
$dbs[pass] = ;
// Since the server can use bg_user and t_users in _db and _auth depending on your connector settings
$dbs[user_dbase] = newproject_db_auth;
//========================================================== No need to edit below unless u know what u are doing ======================================
// Get the IP of the one connecting to this page
$ip = $_SERVER[REMOTE_ADDR];
// Array of allowed ip addresses as provided by PaymentWall
$allowIP[0] = 66.220.10.2;
$allowIP[1] = 66.220.10.3;
$allowIP[2] = 174.36.92.186;
$allowIP[3] = 174.36.96.66;
$allowIP[4] = 174.36.92.187;
$allowIP[5] = 174.36.92.192;
$allowIP[6] = 174.37.14.28;
// If the one is using one of the ips in the array
if( in_array($ip, $allowIP) )
{
// Create the DSN
$dbs[dsn] = sprintf("mysql:host=%s", $dbs[server] );
// Try to connect to the database
try
{
$db = new PDO( $dbs[dsn],
$dbs[user],
$dbs[pass] );
}
catch(PDOException $e)
{
die(Error connecting to the database);
}
// Function to ban the user.
// It is prepared with a reason so u can embed it in your system easily
function BanUser($uid, $reason)
{
global $dbs, $db;
$query = sprintf
("
UPDATE %s.t_users
SET a_enable = 0
WHERE a_portal_index = :uid
", $dbs[user_dbase] );
$dbh = $db->prepare( $query );
$dbh->execute( array( :uid => $uid ));
}
// Add the cash to the account.
// In case of a drawback or fraud paymentwall deletes the cash also
// But since they use a negative amount, this will work perfectly
function SetCash($uid, $amount)
{
global $dbs, $db;
$query = sprintf
("
UPDATE %s.bg_user
SET cash = cash + :amount
WHERE user_code = :uid
", $dbs[user_dbase] );
$dbh = $db->prepare( $query );
$dbh->execute( array( :amount => $amount,
:uid => $uid ));
}
// Function to check if the user exists
function CheckUserExist( $uid )
{
global $dbs, $db;
$query = sprintf
("
SELECT count(*)
FROM %s.bg_user
WHERE user_code = :uid
", $dbs[user_dbase] );
$dbh = $db->prepare( $query );
$dbh->execute( array( :uid => $uid ));
$result = $dbh->fetch();
if( $result[0] == 1 )
return true;
else
return false;
}
$uid = $_GET[uid];
$currency = $_GET[currency];
$type = $_GET[type];
$ref = $_GET[ref];
$sig = $_GET[sig];
// Check the incomming data
if( !ctype_digit( $uid ) )
echo UID: . htmlspecialchars( $uid ) . is not a number;
elseif( !is_numeric( $currency ) )
echo Currency: . htmlspecialchars( $currency ) . is not a number;
elseif( !ctype_digit( $type ) )
echo Type: . htmlspecialchars( $type ) . is not a number;
elseif( !ctype_alnum($ref) )
echo Reference: . htmlspecialchars( $ref ) . can only contain 0-9 a-Z;
elseif( !ctype_alnum($sig) )
echo Signature: . htmlspecialchars( $sig ) . can only contain 0-9 a-Z;
else
{
// See if the userid exists
if( CheckUserExist( $uid ) )
{
// Add the cash to the user
if( $type == 0 || $type == 1 )
{
SetCash($uid, $currency);
echo OK;
}
// Chargeback or Fraud
elseif( $type == 2 )
{
$reason = $_GET[reason];
switch( $reason )
{
case 1:
BanUser($uid,Chargeback);
break;
case 2:
BanUser($uid,Credit Card fraud);
break;
case 3:
BanUser($uid,Order fraud);
break;
case 4:
BanUser($uid,Bad data entry);
break;
case 5:
BanUser($uid,Fake / proxy user);
break;
case 6:
BanUser($uid,Rejected by advertiser);
break;
case 7:
BanUser($uid,Duplicate conversions);
break;
case 8:
BanUser($uid,Goodwill credit taken back);
break;
case 9:
BanUser($uid,Cancelled order);
break;
case 10:
BanUser($uid,Partially reversed transaction);
break;
}
// Remove the cash
SetCash($uid, $currency);
echo OK;
}
else
echo Unknown type : . htmlspecialchars( $type );
}
else
echo Not found user : . htmlspecialchars($uid);
}
}
else
echo IP Unknown : . $ip;
?>
Or in short.
Find all the
function ...(...)
{
global $dbs;
and change to
function ...(...)
{
global $dbs, $db;
- fonsy84 - 07-14-2012
work perfect wiza very very very thx man (apllication accepted)
- barroso - 07-27-2012
please wizatek can u help i get this error:
UID: is not a number
error in line 150 until 154
$uid = $_GET[uid];
$currency = $_GET[currency];
$type = $_GET[type];
$ref = $_GET[ref];
$sig = $_GET[sig];
thanks
- Wizatek - 07-27-2012
Probably u are using the username, and not the user id (the number)
This script is made to work with the numbers, but it can be modifyd to work with usernames also
- barroso - 07-27-2012
im using this widget
you change the code for me? to see if the right