function check_sign()
{
$sign = $_GET['signature'];
$nonce = $_GET['nonce'];
$timestamp = $_GET['timestamp'];
$a = array($nonce, $timestamp, TOKEN);
sort($a);
$s1 = implode($a);
$s2 = sha1($s1);
if ($s2 == $sign) {
return true;
}
return false;
}
//首先按照微信的要求,进行 token 验证
if (false === check_sign()) {
trigger_error("check failed");
exit(0);
}
$echostr = $_GET['echostr'];
if ($echostr) {
// 如果 GET 请求中带有 'echostr', 则该请求来自微信后台,直接返回 'echostr'
echo $echostr;
exit(0);
}
// 该请求来自于用户,获取 post data
$postdata = $HTTP_RAW_POST_DATA;
if (!$postdata) {
mylog("no postdata");
echo "no postdata!";
exit(0);
v 0.1 - 19.04.2014
http://d1php.pl
*/
$get_pay = array();
if ($ust['pay_typ'] == "1") {
$service = $ust['dotpay'];
$key = $ust['dotpay_pin'];
function check_sign($data, $key, $sign)
{
if (md5($data['service'] . $data['orderid'] . $data['amount'] . $data['userdata'] . $data['status'] . $key) == $sign) {
return true;
} else {
return false;
}
}
if (check_sign($_POST, $key, $_POST['sign']) && strtoupper($_POST['status']) == 'OK' && $_POST['service'] == $service) {
$get_pay['status'] = "ok";
$get_pay['kwota'] = $_POST['amount'];
//Przekaza przez cashbill.pl kwota właty - wymagane
$get_pay['id_o'] = $_POST['userdata'];
// Przekazany przez cashbill.pl ID zamówienia - wymagane
} else {
$get_pay['status'] = "error";
}
echo 'OK';
} else {
if ($ust['pay_typ'] == "2") {
//------------------Transferuj------------------------
$ip_get = $_SERVER['REMOTE_ADDR'];
$m5 = md5($_POST['id'] . $_POST['tr_id'] . $_POST['tr_amount'] . $_POST['tr_crc'] . $ust['dotpay_pin']);
$mdpsum = $_POST['md5sum'];
dheader(userurl($homepage, 'file=' . $file . '&kw=' . urlencode($kw), $domain));
}
break;
case 'message':
if (!$username || !$template || !$skin || !$sign) {
exit;
}
if ($job == 'inquiry' || $job == 'order' || $job == 'price') {
$title = rawurldecode($title);
if (!$title || !$itemid) {
exit;
}
check_sign($itemid . $template . $skin . $title . $username, $sign) or exit;
} else {
if ($job == 'guestbook') {
check_sign($template . $skin . $username, $sign) or exit;
} else {
exit;
}
}
$HSPATH = $MODULE[4]['linkurl'] . '/skin/' . $skin . '/';
$company = $truename = $telephone = $email = $qq = $msn = $ali = $skype = '';
if ($_userid) {
$user = userinfo($_username);
$company = $user['company'];
$truename = $user['truename'];
$telephone = $user['telephone'] ? $user['telephone'] : $user['mobile'];
$email = $user['mail'] ? $user['mail'] : $user['email'];
$qq = $user['qq'];
$msn = $user['msn'];
$ali = $user['ali'];
<?php
defined('IN_DESTOON') or exit('Access Denied');
require DT_ROOT . '/module/' . $module . '/common.inc.php';
require DT_ROOT . '/include/post.func.php';
if (!$_userid) {
dheader($MOD['linkurl']);
}
if (!$mid || !$itemid || !$fee || !$currency || !$sign || !$title || !$forward) {
dheader($MOD['linkurl']);
}
$title = rawurldecode($title);
check_sign($_username . $mid . $itemid . $username . $fee . $fee_back . $currency . $forward . $title, $sign) or dalert($L['check_sign'], $forward);
$note = ($mid == -9 ? $L['resume_name'] : $MODULE[$mid]['name']) . '/' . $itemid;
if ($currency == 'credit') {
if ($_credit >= $fee) {
$db->query("INSERT INTO {$DT_PRE}finance_pay (moduleid,itemid,username,fee,currency,paytime,ip,title) VALUES ('{$mid}','{$itemid}','{$_username}','{$fee}','{$currency}','{$DT_TIME}','{$DT_IP}','" . addslashes($title) . "')");
credit_add($_username, -$fee);
credit_record($_username, -$fee, 'system', $L['pay_record_view'], $note);
if ($username && $fee_back) {
credit_add($username, $fee_back);
credit_record($username, $fee_back, 'system', $L['pay_record_back'], $note);
}
dheader($forward);
} else {
dheader($MOD['linkurl'] . 'credit.php?action=buy');
}
}
$discount = $MG['discount'] > 0 && $MG['discount'] < 100 ? $MG['discount'] : 100;
$discount = dround($discount / 100);
if ($submit) {
