LCKB
Script PaymentWall - Printable Version

+- LCKB (https://lckb.dev/forum)
+-- Forum: ** OLD LCKB DATABASE ** (https://lckb.dev/forum/forumdisplay.php?fid=109)
+--- Forum: Website Scripting & Security (https://lckb.dev/forum/forumdisplay.php?fid=197)
+---- Forum: Security (https://lckb.dev/forum/forumdisplay.php?fid=164)
+----- Forum: Website Security (https://lckb.dev/forum/forumdisplay.php?fid=141)
+----- Thread: Script PaymentWall (/showthread.php?tid=960)

Pages: 1 2 3 4 5 6 7 8

- barroso - 07-27-2012


youre referring to the bg_user newproject_db_auth?

 

user_code or user_id?

 

Sad



- Wizatek - 07-27-2012

Your website gives the bg_user.user_id to the script, and it needs to give the bg_user.user_code



- barroso - 07-27-2012


ok i changed all the User_code to user_id but dont work

 

i get the same error

________________________

 

can you change it for me ?

<?php

/*
* PaymentWall Pingback script
* Author: Wizatek
*
* This script can be used for your server so u can embed the paymentwall system in your
* website. This version of the pingback uses the user ID, the number, not the username
*
*/

// Set this to your secret key provided by PaymentWall.
$secretKey = 80e73b0e69e48389029f679d7ca3de53;

// Set the database settings.
$dbs[server] = localhost;
$dbs[user] = root;
$dbs[pass] = ;

// Since the server can use bg_user and t_users in _db and _auth depending on your connector settings
$dbs[user_dbase] = newproject_db_auth;

//========================================================== No need to edit below unless u know what u are doing ======================================

// Get the IP of the one connecting to this page
$ip = $_SERVER[REMOTE_ADDR];

// Array of allowed ip addresses as provided by PaymentWall
$allowIP[0] = 64.31.60.42;
$allowIP[1] = 201.25.202.105;
$allowIP[2] = 174.36.92.186;
$allowIP[3] = 174.36.96.66;
$allowIP[4] = 174.36.92.187;
$allowIP[5] = 174.36.92.192;
$allowIP[6] = 174.37.14.28;

// If the one is using one of the ips in the array
if( in_array($ip, $allowIP) )
{

// Create the DSN
$dbs[dsn] = sprintf("mysql:host=%s", $dbs[server] );

// Try to connect to the database
try
{
$db = new PDO( $dbs[dsn],
$dbs[user],
$dbs[pass] );

}
catch(PDOException $e)
{
die(Error connecting to the database);
}

// Function to ban the user.
// It is prepared with a reason so u can embed it in your system easily
function BanUser($uid, $reason)
{
global $dbs, $db;

$query = sprintf
("
UPDATE %s.t_users
SET a_enable = 0
WHERE a_portal_index = :uid

", $dbs[user_dbase] );

$dbh = $db->prepare( $query );

$dbh->execute( array( :uid => $uid ));

}

// Add the cash to the account.
// In case of a drawback or fraud paymentwall deletes the cash also
// But since they use a negative amount, this will work perfectly
function SetCash($uid, $amount)
{
global $dbs, $db;

$query = sprintf
("
UPDATE %s.bg_user
SET cash = cash + :amount
WHERE user_id = :uid

", $dbs[user_dbase] );

$dbh = $db->prepare( $query );

$dbh->execute( array( :amount => $amount,
:uid => $uid ));

}

// Function to check if the user exists
function CheckUserExist( $uid )
{
global $dbs, $db;

$query = sprintf
("
SELECT count(*)
FROM %s.bg_user
WHERE user_id = :uid

", $dbs[user_dbase] );

$dbh = $db->prepare( $query );

$dbh->execute( array( :uid => $uid ));

$result = $dbh->fetch();

if( $result[0] == 1 )
return true;
else
return false;
}

$uid = $_GET[uid];
$currency = $_GET[currency];
$type = $_GET[type];
$ref = $_GET[ref];
$sig = $_GET[sig];

// Check the incomming data
if( !ctype_digit( $uid ) )
echo UID: . htmlspecialchars( $uid ) . is not a number;

elseif( !is_numeric( $currency ) )
echo Currency: . htmlspecialchars( $currency ) . is not a number;

elseif( !ctype_digit( $type ) )
echo Type: . htmlspecialchars( $type ) . is not a number;

elseif( !ctype_alnum($ref) )
echo Reference: . htmlspecialchars( $ref ) . can only contain 0-9 a-Z;

elseif( !ctype_alnum($sig) )
echo Signature: . htmlspecialchars( $sig ) . can only contain 0-9 a-Z;

else
{

// See if the userid exists
if( CheckUserExist( $uid ) )
{

// Add the cash to the user
if( $type == 0 || $type == 1 )
{
SetCash($uid, $currency);
echo OK;
}

// Chargeback or Fraud
elseif( $type == 2 )
{

$reason = $_GET[reason];

switch( $reason )
{
case 1:
BanUser($uid,Chargeback);
break;
case 2:
BanUser($uid,Credit Card fraud);
break;
case 3:
BanUser($uid,Order fraud);
break;
case 4:
BanUser($uid,Bad data entry);
break;
case 5:
BanUser($uid,Fake / proxy user);
break;
case 6:
BanUser($uid,Rejected by advertiser);
break;
case 7:
BanUser($uid,Duplicate conversions);
break;
case 8:
BanUser($uid,Goodwill credit taken back);
break;
case 9:
BanUser($uid,Cancelled order);
break;
case 10:
BanUser($uid,Partially reversed transaction);
break;

}

// Remove the cash
SetCash($uid, $currency);
echo OK;

}
else
echo Unknown type : . htmlspecialchars( $type );
}
else
echo Not found user : . htmlspecialchars($uid);
}

}
else
echo IP Unknown : . $ip;

?>



- barroso - 07-27-2012


i need to change anything in the code of widget? like [uSER_ID]?

 

In HTML code please replace [uSER_ID] placeholder with id of end-user who is viewing the widget



- Wizatek - 07-27-2012

Yes, u need to change the [uSER_ID] with the user_code of the currently logged in user on your website



- barroso - 07-27-2012


Pingback wasn't successful. Reason: Response body does not match the expected pattern: OK

 

_________________________________________________________________________________________

error in line 150 until 154

$uid = $_GET['uid'];
$currency = $_GET['currency'];
$type = $_GET['type'];
$ref = $_GET['ref'];
$sig = $_GET['sig'];

i try it

 

original:

 

iframe src=http://wallapi.com/api/ps/?key=mykeyxd=[uSER_ID]&widget=m1_1 width="670" height="776" frameborder="0">

 

iframe src=http://wallapi.com/api/ps/?key=mykeyxd=$uid&widget=m1_1 width="670" height="776" frameborder="0"> and it

iframe src=http://wallapi.com/api/ps/?key=mykeyxd=user_code&widget=m1_1 width="670" height="776" frameborder="0"

__________________

but dont work..................

 





- Wizatek - 07-27-2012


U must search the problem on your website, not on the pingback

 

Did u make the website? or it is max website ?



- barroso - 07-27-2012


the website show it

 

Notice: Undefined index: uid in C:php on line 151

 

Notice: Undefined index: currency in C.php on line 152

 

Notice: Undefined index: type in C:php on line 153

 

Notice: Undefined index: ref in C:php on line 154

 

Notice: Undefined index: sig in C:php on line 155

UID: is not a number

______________________________________

i use max website the first version



- Wizatek - 07-28-2012


Oh, but u dont run the script yourself.

The pingback is for paymentwall, they connect to it.

For the website u must just put the application code u get from paymentwall



- barroso - 07-28-2012


ok but i creat a file .php with the code of pingback

and i need to put here?

 

right?