-
Notifications
You must be signed in to change notification settings - Fork 0
/
verify.php
131 lines (126 loc) · 4.31 KB
/
verify.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
<?php
error_reporting(0);
function getUserIP()
{
$client = @$_SERVER['HTTP_CLIENT_IP']; // information ip client
$forward = @$_SERVER['HTTP_X_FORWARDED_FOR']; // information ip forwarde
$remote = $_SERVER['REMOTE_ADDR']; // remote ip
if(filter_var($client, FILTER_VALIDATE_IP))
{
$ip = $client;
}
elseif(filter_var($forward, FILTER_VALIDATE_IP))
{
$ip = $forward;
}
else
{
$ip = $remote;
}
return $ip;
}
$user_ip = getUserIP(); // $user_ip : ip user detail
$expire = time( )+900; // time 15 mint
setcookie ( "filter_ip",$user_ip, $expire , "192.168.1.9" ) ; //ex 192.168.1.9 == addrress web site
// require_once'checkip.php';
$time = date('Y-m-d'); // time day
require_once'config.php';
$cash_cookie = htmlentities(htmlspecialchars($_COOKIE["cash"]));
$tokenid = htmlentities(htmlspecialchars($_COOKIE["tokenid"]));
session_start('a');
if($_SESSION [ 'id' ] != ''){
$id= htmlentities(htmlspecialchars($_SESSION [ 'id' ]));
$cash_session = htmlentities(htmlspecialchars($_SESSION [ 'cash' ]));
}
else
{
$error='user change or delete session verify.php';
}
if($cash_cookie != $cash_session){
$error="user change Cash plan verify.php";
unset($_SESSION['id']);
unset($_SESSION['cash']);
$log = "INSERT INTO log (ip,time,error) VALUES ('$user_ip', '$time', '$error')"; // Insert Data in Database
if(mysqli_query($log_db, $log)){
echo "
<h3>Error</h3>
Please not change cash plan !! your ip filter $user_ip
<hr>
<font size='2px'>PowerBy : phpIDS & WafProments,2017</font>
";
$connect->close();
}
else
{
}
}
$MerchantID = 'test';
$Amount = $cash_cookie; //Amount will be based on Toman
$Authority = htmlentities(htmlspecialchars($_GET['Authority'])); //insert input : URL back
$query = "SELECT Authority FROM pay WHERE tokenid = '$tokenid' AND Authority = '$Authority'";
if(mysqli_connect_errno($connect) > 0)
echo "Can not connect to server<br/>";
else{
$result = mysqli_query($connect, $query);
while($persons = mysqli_fetch_array($result)){
$authority_out= $persons['Authority'];
}
}
if($Authority!=$authority_out){
$error="user change Authority in the verify.php";
unset($_SESSION['id']);
unset($_SESSION['cash']);
$log = "INSERT INTO log (ip,time,error) VALUES ('$user_ip', '$time', '$error')"; // Insert Data in Database
if(mysqli_query($log_db, $log)){
echo "
<h3>Error</h3>
Please not change Authority !! your ip filter $user_ip
<hr>
<font size='2px'>PowerBy : phpIDS & WafProments,2017</font>
";
$connect->close();
}
}
if($_GET['Status'] == 'OK') { //OK status IF
$client = new SoapClient('https://sandbox.zarinpal.com/pg/services/WebGate/wsdl', array('encoding' => 'UTF-8'));
$result=$client->PaymentVerification(
array(
'MerchantID' => $MerchantID,
'Authority' => $Authority,
'Amount' => $Amount,
)
);
}
if ($result->Status == 100) {
$refid=$result->RefID;
$sql = "UPDATE pay SET refid='$refid' WHERE tokenid='$tokenid'";
if (mysqli_query($connect, $sql)) {
if($refid != ''){
echo "Record updated successfully";
}else
$error="refid no paramerts !!";
} else {
$error="payment error becuase change parametrs verify.php";
$log = "INSERT INTO log (ip,time,error) VALUES ('$user_ip', '$time', '$error')"; // Insert Data On Database
if(mysqli_query($log_db, $log)){
}
}
}
if($_GET['Status'] == 'NOK'){
echo "ERROR No Price MINT";
}
$connect->close();
//delete all sessions and cookies
session_start('a');
unset($_SESSION['id']);
unset($_SESSION['cash']);
if (isset($_COOKIE['cash'])) {
unset($_COOKIE['cash']);
unset($_COOKIE['tokenid']);
setcookie('tokenid', null, -1, '/');
setcookie('cash', null, -1, '/');
return true;
} else {
return false;
}
?>