Script PaymentWall

[Wizatek]

Ah right,

 

/*
* PaymentWall Pingback script
* Author: Wizatek
*
* This script can be used for your server so u can embed the paymentwall system in your
* website. This version of the pingback uses the user ID, the number, not the username
*
*/

// Set this to your secret key provided by PaymentWall.
$secretKey = 12345678901234567890;

// Set the database settings.
$dbs[server] = localhost;
$dbs[user] = root;
$dbs[pass] = ;

// Since the server can use bg_user and t_users in _db and _auth depending on your connector settings
$dbs[user_dbase] = newproject_db_auth;

//========================================================== No need to edit below unless u know what u are doing ======================================

// Get the IP of the one connecting to this page
$ip = $_SERVER[REMOTE_ADDR];

// Array of allowed ip addresses as provided by PaymentWall
$allowIP[0] = 66.220.10.2;
$allowIP[1] = 66.220.10.3;
$allowIP[2] = 174.36.92.186;
$allowIP[3] = 174.36.96.66;
$allowIP[4] = 174.36.92.187;
$allowIP[5] = 174.36.92.192;
$allowIP[6] = 174.37.14.28;

// If the one is using one of the ips in the array
if( in_array($ip, $allowIP) )
{

// Create the DSN
$dbs[dsn] = sprintf("mysql:host=%s", $dbs[server] );

// Try to connect to the database
try
{
$db = new PDO( $dbs[dsn],
$dbs[user],
$dbs[pass] );

}
catch(PDOException $e)
{
die(Error connecting to the database);
}

// Function to ban the user.
// It is prepared with a reason so u can embed it in your system easily
function BanUser($uid, $reason)
{
global $dbs, $db;

$query = sprintf
("
UPDATE %s.t_users
SET a_enable = 0
WHERE a_portal_index = :uid

", $dbs[user_dbase] );

$dbh = $db->prepare( $query );

$dbh->execute( array( :uid => $uid ));

}

// Add the cash to the account.
// In case of a drawback or fraud paymentwall deletes the cash also
// But since they use a negative amount, this will work perfectly
function SetCash($uid, $amount)
{
global $dbs, $db;

$query = sprintf
("
UPDATE %s.bg_user
SET cash = cash + :amount
WHERE user_code = :uid

", $dbs[user_dbase] );

$dbh = $db->prepare( $query );

$dbh->execute( array( :amount => $amount,
:uid => $uid ));

}

// Function to check if the user exists
function CheckUserExist( $uid )
{
global $dbs, $db;

$query = sprintf
("
SELECT count(*)
FROM %s.bg_user
WHERE user_code = :uid

", $dbs[user_dbase] );

$dbh = $db->prepare( $query );

$dbh->execute( array( :uid => $uid ));

$result = $dbh->fetch();

if( $result[0] == 1 )
return true;
else
return false;
}

$uid = $_GET[uid];
$currency = $_GET[currency];
$type = $_GET[type];
$ref = $_GET[ref];
$sig = $_GET[sig];

// Check the incomming data
if( !ctype_digit( $uid ) )
echo UID: . htmlspecialchars( $uid ) . is not a number;

elseif( !is_numeric( $currency ) )
echo Currency: . htmlspecialchars( $currency ) . is not a number;

elseif( !ctype_digit( $type ) )
echo Type: . htmlspecialchars( $type ) . is not a number;

elseif( !ctype_alnum($ref) )
echo Reference: . htmlspecialchars( $ref ) . can only contain 0-9 a-Z;

elseif( !ctype_alnum($sig) )
echo Signature: . htmlspecialchars( $sig ) . can only contain 0-9 a-Z;

else
{

// See if the userid exists
if( CheckUserExist( $uid ) )
{

// Add the cash to the user
if( $type == 0 || $type == 1 )
{
SetCash($uid, $currency);
echo OK;
}

// Chargeback or Fraud
elseif( $type == 2 )
{

$reason = $_GET[reason];

switch( $reason )
{
case 1:
BanUser($uid,Chargeback);
break;
case 2:
BanUser($uid,Credit Card fraud);
break;
case 3:
BanUser($uid,Order fraud);
break;
case 4:
BanUser($uid,Bad data entry);
break;
case 5:
BanUser($uid,Fake / proxy user);
break;
case 6:
BanUser($uid,Rejected by advertiser);
break;
case 7:
BanUser($uid,Duplicate conversions);
break;
case 8:
BanUser($uid,Goodwill credit taken back);
break;
case 9:
BanUser($uid,Cancelled order);
break;
case 10:
BanUser($uid,Partially reversed transaction);
break;

}

// Remove the cash
SetCash($uid, $currency);
echo OK;

}
else
echo Unknown type : . htmlspecialchars( $type );
}
else
echo Not found user : . htmlspecialchars($uid);
}

}
else
echo IP Unknown : . $ip;

?>

 

 

 

Or in short.

Find all the

function ...(...)
{
global $dbs;

 

and change to

 

function ...(...)
{
global $dbs, $db;