Script PaymentWall

[Creep]

Any1 knows about that one?

 

<?phperror_reporting(E_ALL);

ini_set('display_errors', '1');

 

include '../Site_Settings/configuration.php';

 

$ip = $_SERVER['REMOTE_ADDR'];

 

$allowIP[0] = '174.36.92.186';

$allowIP[1] = '174.36.96.66';

$allowIP[2] = '174.36.92.187';

$allowIP[3] = '174.36.92.192';

$allowIP[4] = ''174.37.14.28;

 

 

if( in_array($ip, $allowIP) )

{

 

function Sanitize($data)

{

 

// remove whitespaces (not a must though)

$data = trim($data);

 

// apply stripslashes if magic_quotes_gpc is enabled

if(get_magic_quotes_gpc())

{

$data = stripslashes($data);

}

 

// a mySQL connection is required before using this function

$data = mysql_real_escape_string($data);

 

return $data;

}

 

function BanUser($uid, $reason)

{

include '../site_settings/configuration.php';

$mysql = mysql_select_db( $SiteSQL["config-database_auth"] , $Site_sqlcon) or die( mysql_error() );

$result = mysql_query("UPDATE t_users SET a_enable = 0 WHERE a_portal_index = '". $uid ."'") or die( mysql_error() );

$mysql = mysql_select_db( $SiteSQL["config-database_site"] , $Site_sqlcon) or die( mysql_error() );

$result = mysql_query("INSERT INTO t_banlist (a_user_index, a_timestamp, a_reason, a_admin_name, a_action)

VALUES ('". $uid ."','". time() ."','". $reason ."','Paymentwall','BAN')") or die( mysql_error() );

}

 

function AddCash($uid, $amount, $ref)

{

include '../site_settings/configuration.php';

$mysql = mysql_select_db( $SiteSQL["config-database_auth"] , $Site_sqlcon) or die( mysql_error() );

$result = mysql_query("UPDATE newproject_db_auth.bg_user SET cash = cash + ". $amount ." WHERE user_code = '". $uid ."'") or die( mysql_error() );

$mysql = mysql_select_db( $SiteSQL["config-database_site"] , $Site_sqlcon) or die( mysql_error() );

$result = mysql_query("INSERT INTO t_donate_log (a_user_index, a_timestamp, a_points, a_gm, a_ref)

VALUES('". $uid ."','".time()."','". $amount ."','Paymentwall','". $ref ."')") or die( mysql_error() );

}

 

function RemCash($uid, $amount, $ref)

{

include '../site_settings/configuration.php';

$mysql = mysql_select_db( $SiteSQL["config-database_auth"] , $Site_sqlcon) or die( mysql_error() );

$result = mysql_query("UPDATE bg_user SET cash = cash + ". addslashes( $amount )." WHERE user_code = '". addslashes( $uid ) ."'") or die( mysql_error() );

$mysql = mysql_select_db( $SiteSQL["config-database_site"] , $Site_sqlcon) or die( mysql_error() );

$result = mysql_query("INSERT INTO t_donate_log (a_user_index, a_timestamp, a_points, a_gm, a_ref)

VALUES('". $uid ."','".time()."','". $amount ."','Paymentwall','". $ref ."')") or die( mysql_error() );

}

 

 

$mysql = mysql_select_db( $SiteSQL["config-database_site"] , $Site_sqlcon) or die( mysql_error() );

$result22 = mysql_query("SELECT a_secretkey from t_settings WHERE a_index = 1");

$key = mysql_fetch_array( $result22 );

 

$secretKey = $key['a_secretkey'];

 

$uid = Sanitize( $_GET['uid'] );

$currency = Sanitize( $_GET['currency'] );

$type = Sanitize( $_GET['type'] );

$ref = Sanitize( $_GET['ref'] );

$sig = Sanitize( $_GET['sig'] );

 

$pingback = 1;

$mysql = mysql_select_db( $SiteSQL["config-database_auth"] , $Site_sqlcon) or die( mysql_error() );

$query = sprintf("SELECT count(*) FROM bg_user WHERE user_code = '%s';", $uid);

$result = mysql_query($query) or die( mysql_error() );

$r = mysql_fetch_row( $result );

 

if( $r[0] == 1 )

{

 

 

if( $type == 0 || $type == 1 ) // Add cash

{

AddCash($uid, $currency, $ref);

echo 'OK';

}

 

 

// --> Chargeback

elseif( $type == 2 )

{

 

$reason = $_GET['reason'];

 

switch( $reason )

{

case 1:

BanUser($uid,'Chargeback',$ref);

break;

case 2:

BanUser($uid,'Credit Card fraud',$ref);

break;

case 3:

BanUser($uid,'Order fraud',$ref);

break;

case 4:

BanUser($uid,'Bad data entry',$ref);

break;

case 5:

BanUser($uid,'Fake / proxy user',$ref);

break;

case 6:

BanUser($uid,'Rejected by advertiser',$ref);

break;

case 7:

BanUser($uid,'Duplicate conversions',$ref);

break;

case 8:

BanUser($uid,'Goodwill credit taken back',$ref);

break;

case 9:

BanUser($uid,'Cancelled order',$ref);

break;

case 10:

BanUser($uid,'Partially reversed transaction',$ref);

break;

 

 

 

}

 

RemCash($uid, $currency);

echo 'OK';

 

 

}

// <---

 

 

 

}

else

{

echo 'Not found user '. $uid;

}

 

 

}

else

{

echo 'NO Access : ' . $_SERVER['REMOTE_ADDR'];

}

 

?>

 

well this it what happens:

Pingback wasn't successful. Reason: HTTP status code is different from 200

 

HTTP/1.0 500 Internal Server Error

Content-type: text/html

Server: Microsoft-IIS/7.5

X-powered-by: ASP.NET

X-powered-by-plesk: PleskWin

Date: Fri, 24 Aug 2012 12:57:13 GMT

Content-length: 1410

Connection: close

 

<HTML>

<HEAD>

<TITLE>500 Internal Server Error</TITLE>

</HEAD><BODY>

<H1>Internal Server Error</H1>

The server encountered an internal error or

misconfiguration and was unable to complete

your request.<P>

Please contact the server administrator to inform of the time the error occurred

and of anything you might have done that may have

caused the error.<P>

More information about this error may be available

in the server error log.<P>

<HR>

<ADDRESS>

Web Server at ******

</ADDRESS>

</BODY>

</HTML>

 

<!--

- Unfortunately, Microsoft has added a clever new

- "feature" to Internet Explorer. If the text of

- an error's message is "too small", specifically

- less than 512 bytes, Internet Explorer returns

- its own error message. You can turn that off,

- but it's pretty tricky to find switch called

- "smart error messages". That means, of course,

- that short error messages are censored by default.

- IIS always returns error messages that are long

- enough to make Internet Explorer happy. The

- workaround is pretty simple: pad the error

- message with a big comment like this to push it

- over the five hundred and twelve bytes minimum.

- Of course, that's exactly what you're reading

- right now.

-->