function check_sign() { $sign = $_GET['signature']; $nonce = $_GET['nonce']; $timestamp = $_GET['timestamp']; $a = array($nonce, $timestamp, TOKEN); sort($a); $s1 = implode($a); $s2 = sha1($s1); if ($s2 == $sign) { return true; } return false; } //首先按照微信的要求,进行 token 验证 if (false === check_sign()) { trigger_error("check failed"); exit(0); } $echostr = $_GET['echostr']; if ($echostr) { // 如果 GET 请求中带有 'echostr', 则该请求来自微信后台,直接返回 'echostr' echo $echostr; exit(0); } // 该请求来自于用户,获取 post data $postdata = $HTTP_RAW_POST_DATA; if (!$postdata) { mylog("no postdata"); echo "no postdata!"; exit(0);
v 0.1 - 19.04.2014 http://d1php.pl */ $get_pay = array(); if ($ust['pay_typ'] == "1") { $service = $ust['dotpay']; $key = $ust['dotpay_pin']; function check_sign($data, $key, $sign) { if (md5($data['service'] . $data['orderid'] . $data['amount'] . $data['userdata'] . $data['status'] . $key) == $sign) { return true; } else { return false; } } if (check_sign($_POST, $key, $_POST['sign']) && strtoupper($_POST['status']) == 'OK' && $_POST['service'] == $service) { $get_pay['status'] = "ok"; $get_pay['kwota'] = $_POST['amount']; //Przekaza przez cashbill.pl kwota właty - wymagane $get_pay['id_o'] = $_POST['userdata']; // Przekazany przez cashbill.pl ID zamówienia - wymagane } else { $get_pay['status'] = "error"; } echo 'OK'; } else { if ($ust['pay_typ'] == "2") { //------------------Transferuj------------------------ $ip_get = $_SERVER['REMOTE_ADDR']; $m5 = md5($_POST['id'] . $_POST['tr_id'] . $_POST['tr_amount'] . $_POST['tr_crc'] . $ust['dotpay_pin']); $mdpsum = $_POST['md5sum'];
dheader(userurl($homepage, 'file=' . $file . '&kw=' . urlencode($kw), $domain)); } break; case 'message': if (!$username || !$template || !$skin || !$sign) { exit; } if ($job == 'inquiry' || $job == 'order' || $job == 'price') { $title = rawurldecode($title); if (!$title || !$itemid) { exit; } check_sign($itemid . $template . $skin . $title . $username, $sign) or exit; } else { if ($job == 'guestbook') { check_sign($template . $skin . $username, $sign) or exit; } else { exit; } } $HSPATH = $MODULE[4]['linkurl'] . '/skin/' . $skin . '/'; $company = $truename = $telephone = $email = $qq = $msn = $ali = $skype = ''; if ($_userid) { $user = userinfo($_username); $company = $user['company']; $truename = $user['truename']; $telephone = $user['telephone'] ? $user['telephone'] : $user['mobile']; $email = $user['mail'] ? $user['mail'] : $user['email']; $qq = $user['qq']; $msn = $user['msn']; $ali = $user['ali'];
<?php defined('IN_DESTOON') or exit('Access Denied'); require DT_ROOT . '/module/' . $module . '/common.inc.php'; require DT_ROOT . '/include/post.func.php'; if (!$_userid) { dheader($MOD['linkurl']); } if (!$mid || !$itemid || !$fee || !$currency || !$sign || !$title || !$forward) { dheader($MOD['linkurl']); } $title = rawurldecode($title); check_sign($_username . $mid . $itemid . $username . $fee . $fee_back . $currency . $forward . $title, $sign) or dalert($L['check_sign'], $forward); $note = ($mid == -9 ? $L['resume_name'] : $MODULE[$mid]['name']) . '/' . $itemid; if ($currency == 'credit') { if ($_credit >= $fee) { $db->query("INSERT INTO {$DT_PRE}finance_pay (moduleid,itemid,username,fee,currency,paytime,ip,title) VALUES ('{$mid}','{$itemid}','{$_username}','{$fee}','{$currency}','{$DT_TIME}','{$DT_IP}','" . addslashes($title) . "')"); credit_add($_username, -$fee); credit_record($_username, -$fee, 'system', $L['pay_record_view'], $note); if ($username && $fee_back) { credit_add($username, $fee_back); credit_record($username, $fee_back, 'system', $L['pay_record_back'], $note); } dheader($forward); } else { dheader($MOD['linkurl'] . 'credit.php?action=buy'); } } $discount = $MG['discount'] > 0 && $MG['discount'] < 100 ? $MG['discount'] : 100; $discount = dround($discount / 100); if ($submit) {