lib/unitpay.php <?php /** * UnitPay Payment Module * * NOTICE OF LICENSE * * This source file is subject to the Open Software License (OSL 3.0) * that is available through the world-wide-web at this URL: * http://opensource.org/licenses/osl-3.0.php * * @category UnitPay * @package unitpay/unitpay * [USER=8993]@version[/USER] 1.0.0 * @author UnitPay * @copyright Copyright (c) 2015 UnitPay * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) * * EXTENSION INFORMATION * * UNITPAY API https://unitpay.ru/doc * */ /** * Payment method UnitPay process * * @author UnitPay <support@unitpay.ru> */ class UnitPay { private $supportedCurrencies = array('EUR','UAH', 'BYR', 'USD','RUB'); private $supportedUnitpayMethods = array('initPayment'); private $supportedPartnerMethods = array('check', 'pay'); private $supportedUnitpayIp = array( '31.186.100.49', '178.132.203.105', '78.85.73.231' // for debug ); private $apiUrl = 'https://unitpay.ru/api'; private $formUrl = 'https://unitpay.ru/pay/'; private $secretKey; public function __construct($secretKey = null) { $this->secretKey = $secretKey; } /** * Create digital signature * * @param array $params * * @return string */ private function getMd5sign($params) { ksort($params); unset($params['sign']); return md5(join(null, $params).$this->secretKey); } /** * Get URL for pay through the form * * @param $publicKey * @param $sum * @param $account * @param $desc * @param string $currency * @param string $locale * * @return string */ public function form($publicKey, $sum, $account, $desc, $currency = 'RUB', $locale = 'ru') { $params = [ 'account' => $account, 'currency' => $currency, 'desc' => $desc, 'sum' => $sum, ]; if ($this->secretKey) { $params['sign'] = $this->getMd5sign($params); } $params['locale'] = $locale; return $this->formUrl.$publicKey.'?'.http_build_query($params); } /** * Call API * * @param $method * @param array $params * * @return object * * @throws InvalidArgumentException * @throws UnexpectedValueException */ public function api($method, $params = array()) { if (!in_array($method, $this->supportedUnitpayMethods)) { throw new UnexpectedValueException('Method is not supported'); } if (!isset($params['sum'])) { throw new InvalidArgumentException('Sum is null'); } if (!isset($params['account'])) { throw new InvalidArgumentException('Account is null'); } if (!isset($params['desc'])) { throw new InvalidArgumentException('Desc is null'); } if (isset($params['currency']) && !in_array($params['currency'], $this->supportedCurrencies)) { throw new UnexpectedValueException('Currency is not supported'); } else { $params['currency'] = null; } if ($this->secretKey) { $params['sign'] = $this->getMd5sign([ 'account' => $params['account'], 'currency' => $params['currency'], 'desc' => $params['desc'], 'sum' => $params['sum'], ]); } $requestUrl = $this->apiUrl.'?'.http_build_query([ 'method' => $method, 'params' => $params ], null, '&', PHP_QUERY_RFC3986); $response = json_decode(file_get_contents($requestUrl)); if (!is_object($response)) { throw new InvalidArgumentException('Temporary server error. Please try again later.'); } return $response; } /** * Check request on handler from UnitPay * * @return bool * * @throws InvalidArgumentException * @throws UnexpectedValueException */ public function checkHandlerRequest() { $ip = empty($_SERVER['HTTP_CF_CONNECTING_IP']) ? $_SERVER['REMOTE_ADDR'] : $_SERVER['HTTP_CF_CONNECTING_IP']; if (!isset($_GET['method'])) { throw new InvalidArgumentException('Method is null'); } if (!isset($_GET['params'])) { throw new InvalidArgumentException('Params is null'); } list($method, $params) = array($_GET['method'], $_GET['params']); if (!in_array($method, $this->supportedPartnerMethods)) { throw new UnexpectedValueException('Method is not supported'); } if ($params['sign'] != $this->getMd5sign($params)) { throw new InvalidArgumentException('Wrong signature'); } /** * IP address check * [USER=19032]@link[/USER] https://unitpay.ru/doc#overview */ if (!in_array($ip, $this->supportedUnitpayIp)) { throw new InvalidArgumentException('IP address Error'); } return true; } /** * Response for UnitPay if handle success * * @param $message * * @return string */ public function getSuccessHandlerResponse($message) { return json_encode(array( "result" => array( "message" => $message ) )); } /** * Response for UnitPay if handle error * * @param $message * * @return string */ public function getErrorHandlerResponse($message) { return json_encode(array( "error" => array( "message" => $message ) )); } } Code <?php /** * UnitPay Payment Module * * NOTICE OF LICENSE * * This source file is subject to the Open Software License (OSL 3.0) * that is available through the world-wide-web at this URL: * http://opensource.org/licenses/osl-3.0.php * * @category UnitPay * @package unitpay/unitpay * [USER=8993]@version[/USER] 1.0.0 * @author UnitPay * @copyright Copyright (c) 2015 UnitPay * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) * * EXTENSION INFORMATION * * UNITPAY API https://unitpay.ru/doc * */ /** * Payment method UnitPay process * * @author UnitPay <support@unitpay.ru> */ class UnitPay { private $supportedCurrencies = array('EUR','UAH', 'BYR', 'USD','RUB'); private $supportedUnitpayMethods = array('initPayment'); private $supportedPartnerMethods = array('check', 'pay'); private $supportedUnitpayIp = array( '31.186.100.49', '178.132.203.105', '78.85.73.231' // for debug ); private $apiUrl = 'https://unitpay.ru/api'; private $formUrl = 'https://unitpay.ru/pay/'; private $secretKey; public function __construct($secretKey = null) { $this->secretKey = $secretKey; } /** * Create digital signature * * @param array $params * * @return string */ private function getMd5sign($params) { ksort($params); unset($params['sign']); return md5(join(null, $params).$this->secretKey); } /** * Get URL for pay through the form * * @param $publicKey * @param $sum * @param $account * @param $desc * @param string $currency * @param string $locale * * @return string */ public function form($publicKey, $sum, $account, $desc, $currency = 'RUB', $locale = 'ru') { $params = [ 'account' => $account, 'currency' => $currency, 'desc' => $desc, 'sum' => $sum, ]; if ($this->secretKey) { $params['sign'] = $this->getMd5sign($params); } $params['locale'] = $locale; return $this->formUrl.$publicKey.'?'.http_build_query($params); } /** * Call API * * @param $method * @param array $params * * @return object * * @throws InvalidArgumentException * @throws UnexpectedValueException */ public function api($method, $params = array()) { if (!in_array($method, $this->supportedUnitpayMethods)) { throw new UnexpectedValueException('Method is not supported'); } if (!isset($params['sum'])) { throw new InvalidArgumentException('Sum is null'); } if (!isset($params['account'])) { throw new InvalidArgumentException('Account is null'); } if (!isset($params['desc'])) { throw new InvalidArgumentException('Desc is null'); } if (isset($params['currency']) && !in_array($params['currency'], $this->supportedCurrencies)) { throw new UnexpectedValueException('Currency is not supported'); } else { $params['currency'] = null; } if ($this->secretKey) { $params['sign'] = $this->getMd5sign([ 'account' => $params['account'], 'currency' => $params['currency'], 'desc' => $params['desc'], 'sum' => $params['sum'], ]); } $requestUrl = $this->apiUrl.'?'.http_build_query([ 'method' => $method, 'params' => $params ], null, '&', PHP_QUERY_RFC3986); $response = json_decode(file_get_contents($requestUrl)); if (!is_object($response)) { throw new InvalidArgumentException('Temporary server error. Please try again later.'); } return $response; } /** * Check request on handler from UnitPay * * @return bool * * @throws InvalidArgumentException * @throws UnexpectedValueException */ public function checkHandlerRequest() { $ip = empty($_SERVER['HTTP_CF_CONNECTING_IP']) ? $_SERVER['REMOTE_ADDR'] : $_SERVER['HTTP_CF_CONNECTING_IP']; if (!isset($_GET['method'])) { throw new InvalidArgumentException('Method is null'); } if (!isset($_GET['params'])) { throw new InvalidArgumentException('Params is null'); } list($method, $params) = array($_GET['method'], $_GET['params']); if (!in_array($method, $this->supportedPartnerMethods)) { throw new UnexpectedValueException('Method is not supported'); } if ($params['sign'] != $this->getMd5sign($params)) { throw new InvalidArgumentException('Wrong signature'); } /** * IP address check * [USER=19032]@link[/USER] https://unitpay.ru/doc#overview */ if (!in_array($ip, $this->supportedUnitpayIp)) { throw new InvalidArgumentException('IP address Error'); } return true; } /** * Response for UnitPay if handle success * * @param $message * * @return string */ public function getSuccessHandlerResponse($message) { return json_encode(array( "result" => array( "message" => $message ) )); } /** * Response for UnitPay if handle error * * @param $message * * @return string */ public function getErrorHandlerResponse($message) { return json_encode(array( "error" => array( "message" => $message ) )); } } inc/unitpay.php <?php if(!defined('DIR')) die('access error'); $projectId = 12371; $secretKey = '1ec4d13ce3ecf30fdfca0ff43bbfdcce'; lib('unitpay'); $unitPay = new UnitPay($secretKey); try { // Validate request (check ip address, signature and etc) $unitPay->checkHandlerRequest(); $method = $_GET['method']; $params = $_GET['params']; $db = load_db(); $db->query("SET NAMES 'utf8'"); $db->query("SET CHARACTER SET 'utf8'"); $goods = $db->query('SELECT * FROM `unitpay_ivents` WHERE `id`="'.intval($params['account']).'"'); $goods->setFetchMode(PDO::FETCH_ASSOC); $goods = $goods->fetch(); // Very important! Validate request with your order data, before complete order if(!$goods){ die('{"error": {"message": "Такой ID не найден"}}'); }elseif($params['orderSum'] != $goods['size'] or ($method==='pay' and $goods['size']<$params['orderSum'])){ die('{"error": {"message": "Аренда стоит '.$goods['size'].'.00 руб., а Вы хотите купить её за '.$params['orderSum'].' руб."}}'); }elseif($params['projectId'] != $projectId){ die('{"error": {"message": "Неверный ID проекта"}}'); }elseif($goods['paid']==1){ die('{"error": {"message": "Это счет уже оплачен"}}'); } // Just check order (check server status, check order in DB and etc) if ('check' == $method) { print $unitPay->getSuccessHandlerResponse('Check Success'); // Method Pay means that the money received } elseif ('pay' == $method) { $update = $db->prepare('UPDATE `unitpay_ivents` SET `paid`=1 WHERE `id`=:id'); $update->execute(array('id'=>$params['account'])); $select = $db->prepare('SELECT * FROM `accounts` WHERE `status`=1 AND `domain`=:domain AND `deleted`=0'); $select->execute(array('domain'=>$goods['domain'])); $select->setFetchMode(PDO::FETCH_ASSOC); $select = $select->fetch(); if(!$select and $goods['type']==0){ include DIR.'/engine/inc/start_shop.php'; }elseif($select and $goods['type']==1){ include DIR.'/engine/inc/renewal.php'; }else{ print $unitPay->getSuccessHandlerResponse('Type Error'); die(); } print $unitPay->getSuccessHandlerResponse('Pay Success'); } elseif ('error' == $method) { log_message('error', json_encode($_GET)); } // Oops! Something went wrong. } catch (Exception $e) { print $unitPay->getErrorHandlerResponse($e->getMessage()); } ?> Code <?php if(!defined('DIR')) die('access error'); $projectId = 12371; $secretKey = '1ec4d13ce3ecf30fdfca0ff43bbfdcce'; lib('unitpay'); $unitPay = new UnitPay($secretKey); try { // Validate request (check ip address, signature and etc) $unitPay->checkHandlerRequest(); $method = $_GET['method']; $params = $_GET['params']; $db = load_db(); $db->query("SET NAMES 'utf8'"); $db->query("SET CHARACTER SET 'utf8'"); $goods = $db->query('SELECT * FROM `unitpay_ivents` WHERE `id`="'.intval($params['account']).'"'); $goods->setFetchMode(PDO::FETCH_ASSOC); $goods = $goods->fetch(); // Very important! Validate request with your order data, before complete order if(!$goods){ die('{"error": {"message": "Такой ID не найден"}}'); }elseif($params['orderSum'] != $goods['size'] or ($method==='pay' and $goods['size']<$params['orderSum'])){ die('{"error": {"message": "Аренда стоит '.$goods['size'].'.00 руб., а Вы хотите купить её за '.$params['orderSum'].' руб."}}'); }elseif($params['projectId'] != $projectId){ die('{"error": {"message": "Неверный ID проекта"}}'); }elseif($goods['paid']==1){ die('{"error": {"message": "Это счет уже оплачен"}}'); } // Just check order (check server status, check order in DB and etc) if ('check' == $method) { print $unitPay->getSuccessHandlerResponse('Check Success'); // Method Pay means that the money received } elseif ('pay' == $method) { $update = $db->prepare('UPDATE `unitpay_ivents` SET `paid`=1 WHERE `id`=:id'); $update->execute(array('id'=>$params['account'])); $select = $db->prepare('SELECT * FROM `accounts` WHERE `status`=1 AND `domain`=:domain AND `deleted`=0'); $select->execute(array('domain'=>$goods['domain'])); $select->setFetchMode(PDO::FETCH_ASSOC); $select = $select->fetch(); if(!$select and $goods['type']==0){ include DIR.'/engine/inc/start_shop.php'; }elseif($select and $goods['type']==1){ include DIR.'/engine/inc/renewal.php'; }else{ print $unitPay->getSuccessHandlerResponse('Type Error'); die(); } print $unitPay->getSuccessHandlerResponse('Pay Success'); } elseif ('error' == $method) { log_message('error', json_encode($_GET)); } // Oops! Something went wrong. } catch (Exception $e) { print $unitPay->getErrorHandlerResponse($e->getMessage()); } ?> /inc/buy.php <?php if(!defined('DIR')) die('access error'); $result['error']['size'] = ''; $result['error']['email'] = ''; $result['error']['domain'] = ''; $result['error']['passwd'] = ''; if(isset($_POST['domain'], $_POST['email'], $_POST['passwd'], $_POST['size'])){ $_POST['email'] = trim($_POST['email']); $_POST['passwd'] = trim($_POST['passwd']); $_POST['domain'] = trim($_POST['domain']); $_POST['size'] = trim($_POST['size']); if(empty($_POST['size'])){ $code = 0; $result['error']['size'] = '<b style="color: red;">Выберите срок оплаты</b>'; }elseif(empty($_POST['email'])){ $code = 0; $result['error']['email'] = '<b style="color: red;">Введите email</b>'; }elseif(!valid_email($_POST['email'])){ $code = 0; $result['error']['email'] = '<b style="color: red;">Введен не верный email</b>'; }elseif(empty($_POST['passwd'])){ $code = 0; $result['error']['passwd'] = '<b style="color: red;">Введите пароль</b>'; }elseif(iconv_strlen($_POST['passwd'])<=5){ $code = 0; $result['error']['passwd'] = '<b style="color: red;">Пароль слишком короткий</b>'; }elseif(iconv_strlen($_POST['passwd'])>=50){ $code = 0; $result['error']['passwd'] = '<b style="color: red;">Пароль слишком длинный</b>'; }elseif(empty($_POST['domain'])){ $code = 0; $result['error']['domain'] = '<b style="color: red;">Введите домен</b>'; }elseif(preg_match("/[^a-z0-9\-]/i", $_POST['domain'])){ $code = 0; $result['error']['domain'] = '<b style="color: red;">Не верный домен</b>'; }elseif(iconv_strlen($_POST['domain'])>50){ $code = 0; $result['error']['domain'] = '<b style="color: red;">Максимальная длина домена 50 символов</b>'; }else{ $db = load_db(); $db->query("SET NAMES 'utf8'"); $db->query("SET CHARACTER SET 'utf8'"); $select = $db->prepare('SELECT COUNT(*) as `count` FROM `accounts` WHERE `domain`=:dom AND `deleted`=0 AND `status`=1'); $dat = array('dom'=>$_POST['domain']); $select->execute($dat); $select = $select->fetch(); if($select['count']>0){ $code = 0; $result['error']['domain'] = '<b style="color: red;">Домен занят</b>'; }else{ if(!empty($_COOKIE['referer'])) { $referer = $_COOKIE['referer']; }else { $referer = ''; } $id = $db->insert('unitpay_ivents', array('size'=>$_POST['size'], 'domain'=>$_POST['domain'].$_POST['domain_suffix'], 'passwd'=>$_POST['passwd'], 'email'=>$_POST['email'], 'referer'=>$referer)); header("Location: https://any-pay.org/merchant?id=960&summ={$_POST['size']}&pay_id={$id}&desc=Покупка"); // header("Location: https://unitpay.ru/pay/12371-6a90f/yandex?sum={$_POST['size']}&account={$id}&desc=Покупка"); die(); } } $_POST['size'] = isset($_POST['size']) ? $_POST['size'] : ''; $_POST['domain'] = isset($_POST['domain']) ? $_POST['domain'] : ''; $_POST['email'] = isset($_POST['email']) ? $_POST['email'] : ''; $_POST['passwd'] = isset($_POST['passwd']) ? $_POST['passwd'] : ''; view('buy', $result); }else{ $_POST['size'] = isset($_POST['size']) ? $_POST['size'] : ''; $_POST['domain'] = isset($_POST['domain']) ? $_POST['domain'] : ''; $_POST['email'] = isset($_POST['email']) ? $_POST['email'] : ''; $_POST['passwd'] = isset($_POST['passwd']) ? $_POST['passwd'] : ''; view('buy', $result); } ?> Code <?php if(!defined('DIR')) die('access error'); $result['error']['size'] = ''; $result['error']['email'] = ''; $result['error']['domain'] = ''; $result['error']['passwd'] = ''; if(isset($_POST['domain'], $_POST['email'], $_POST['passwd'], $_POST['size'])){ $_POST['email'] = trim($_POST['email']); $_POST['passwd'] = trim($_POST['passwd']); $_POST['domain'] = trim($_POST['domain']); $_POST['size'] = trim($_POST['size']); if(empty($_POST['size'])){ $code = 0; $result['error']['size'] = '<b style="color: red;">Выберите срок оплаты</b>'; }elseif(empty($_POST['email'])){ $code = 0; $result['error']['email'] = '<b style="color: red;">Введите email</b>'; }elseif(!valid_email($_POST['email'])){ $code = 0; $result['error']['email'] = '<b style="color: red;">Введен не верный email</b>'; }elseif(empty($_POST['passwd'])){ $code = 0; $result['error']['passwd'] = '<b style="color: red;">Введите пароль</b>'; }elseif(iconv_strlen($_POST['passwd'])<=5){ $code = 0; $result['error']['passwd'] = '<b style="color: red;">Пароль слишком короткий</b>'; }elseif(iconv_strlen($_POST['passwd'])>=50){ $code = 0; $result['error']['passwd'] = '<b style="color: red;">Пароль слишком длинный</b>'; }elseif(empty($_POST['domain'])){ $code = 0; $result['error']['domain'] = '<b style="color: red;">Введите домен</b>'; }elseif(preg_match("/[^a-z0-9\-]/i", $_POST['domain'])){ $code = 0; $result['error']['domain'] = '<b style="color: red;">Не верный домен</b>'; }elseif(iconv_strlen($_POST['domain'])>50){ $code = 0; $result['error']['domain'] = '<b style="color: red;">Максимальная длина домена 50 символов</b>'; }else{ $db = load_db(); $db->query("SET NAMES 'utf8'"); $db->query("SET CHARACTER SET 'utf8'"); $select = $db->prepare('SELECT COUNT(*) as `count` FROM `accounts` WHERE `domain`=:dom AND `deleted`=0 AND `status`=1'); $dat = array('dom'=>$_POST['domain']); $select->execute($dat); $select = $select->fetch(); if($select['count']>0){ $code = 0; $result['error']['domain'] = '<b style="color: red;">Домен занят</b>'; }else{ if(!empty($_COOKIE['referer'])) { $referer = $_COOKIE['referer']; }else { $referer = ''; } $id = $db->insert('unitpay_ivents', array('size'=>$_POST['size'], 'domain'=>$_POST['domain'].$_POST['domain_suffix'], 'passwd'=>$_POST['passwd'], 'email'=>$_POST['email'], 'referer'=>$referer)); header("Location: https://any-pay.org/merchant?id=960&summ={$_POST['size']}&pay_id={$id}&desc=Покупка"); // header("Location: https://unitpay.ru/pay/12371-6a90f/yandex?sum={$_POST['size']}&account={$id}&desc=Покупка"); die(); } } $_POST['size'] = isset($_POST['size']) ? $_POST['size'] : ''; $_POST['domain'] = isset($_POST['domain']) ? $_POST['domain'] : ''; $_POST['email'] = isset($_POST['email']) ? $_POST['email'] : ''; $_POST['passwd'] = isset($_POST['passwd']) ? $_POST['passwd'] : ''; view('buy', $result); }else{ $_POST['size'] = isset($_POST['size']) ? $_POST['size'] : ''; $_POST['domain'] = isset($_POST['domain']) ? $_POST['domain'] : ''; $_POST['email'] = isset($_POST['email']) ? $_POST['email'] : ''; $_POST['passwd'] = isset($_POST['passwd']) ? $_POST['passwd'] : ''; view('buy', $result); } ?> Кто может переписать под any-pay кто сможет подкину денег