Кто шарит в api any-pay требуется помощь

GOLD_9 · 3 фев 2017

<?php
/**
* UnitPay Payment Module
*
* NOTICE OF LICENSE
*
* This source file is subject to the Open Software License (OSL 3.0)
* that is available through the world-wide-web at this URL:
* http://opensource.org/licenses/osl-3.0.php
*
* @category UnitPay
* @package unitpay/unitpay
* [USER=8993]@version[/USER] 1.0.0
* @author UnitPay
* @copyright Copyright (c) 2015 UnitPay
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
*
* EXTENSION INFORMATION
*
* UNITPAY API https://unitpay.ru/doc
*
*/

/**
* Payment method UnitPay process
*
* @author UnitPay <support@unitpay.ru>
*/
class UnitPay
{
private $supportedCurrencies = array('EUR','UAH', 'BYR', 'USD','RUB');
private $supportedUnitpayMethods = array('initPayment');
private $supportedPartnerMethods = array('check', 'pay');
private $supportedUnitpayIp = array(
'31.186.100.49',
'178.132.203.105',
'78.85.73.231' // for debug
);
private $apiUrl = 'https://unitpay.ru/api';
private $formUrl = 'https://unitpay.ru/pay/';
private $secretKey;

public function __construct($secretKey = null)
{
$this->secretKey = $secretKey;
}

/**
* Create digital signature
*
* @param array $params
*
* @return string
*/
private function getMd5sign($params)
{
ksort($params);
unset($params['sign']);

return md5(join(null, $params).$this->secretKey);
}

/**
* Get URL for pay through the form
*
* @param $publicKey
* @param $sum
* @param $account
* @param $desc
* @param string $currency
* @param string $locale
*
* @return string
*/
public function form($publicKey, $sum, $account, $desc, $currency = 'RUB', $locale = 'ru')
{
$params = [
'account' => $account,
'currency' => $currency,
'desc' => $desc,
'sum' => $sum,
];
if ($this->secretKey) {
$params['sign'] = $this->getMd5sign($params);
}
$params['locale'] = $locale;

return $this->formUrl.$publicKey.'?'.http_build_query($params);
}

/**
* Call API
*
* @param $method
* @param array $params
*
* @return object
*
* @throws InvalidArgumentException
* @throws UnexpectedValueException
*/
public function api($method, $params = array())
{
if (!in_array($method, $this->supportedUnitpayMethods)) {
throw new UnexpectedValueException('Method is not supported');
}
if (!isset($params['sum'])) {
throw new InvalidArgumentException('Sum is null');
}
if (!isset($params['account'])) {
throw new InvalidArgumentException('Account is null');
}
if (!isset($params['desc'])) {
throw new InvalidArgumentException('Desc is null');
}
if (isset($params['currency']) && !in_array($params['currency'], $this->supportedCurrencies)) {
throw new UnexpectedValueException('Currency is not supported');
} else {
$params['currency'] = null;
}

if ($this->secretKey) {
$params['sign'] = $this->getMd5sign([
'account' => $params['account'],
'currency' => $params['currency'],
'desc' => $params['desc'],
'sum' => $params['sum'],
]);
}
$requestUrl = $this->apiUrl.'?'.http_build_query([
'method' => $method,
'params' => $params
], null, '&', PHP_QUERY_RFC3986);

$response = json_decode(file_get_contents($requestUrl));
if (!is_object($response)) {
throw new InvalidArgumentException('Temporary server error. Please try again later.');
}

return $response;
}

/**
* Check request on handler from UnitPay
*
* @return bool
*
* @throws InvalidArgumentException
* @throws UnexpectedValueException
*/
public function checkHandlerRequest()
{
$ip = empty($_SERVER['HTTP_CF_CONNECTING_IP']) ? $_SERVER['REMOTE_ADDR'] : $_SERVER['HTTP_CF_CONNECTING_IP'];
if (!isset($_GET['method'])) {
throw new InvalidArgumentException('Method is null');
}
if (!isset($_GET['params'])) {
throw new InvalidArgumentException('Params is null');
}
list($method, $params) = array($_GET['method'], $_GET['params']);

if (!in_array($method, $this->supportedPartnerMethods)) {
throw new UnexpectedValueException('Method is not supported');
}

if ($params['sign'] != $this->getMd5sign($params)) {
throw new InvalidArgumentException('Wrong signature');
}

/**
* IP address check
* [USER=19032]@link[/USER] https://unitpay.ru/doc#overview
*/
if (!in_array($ip, $this->supportedUnitpayIp)) {
throw new InvalidArgumentException('IP address Error');
}

return true;
}

/**
* Response for UnitPay if handle success
*
* @param $message
*
* @return string
*/
public function getSuccessHandlerResponse($message)
{
return json_encode(array(
"result" => array(
"message" => $message
)
));
}

/**
* Response for UnitPay if handle error
*
* @param $message
*
* @return string
*/
public function getErrorHandlerResponse($message)
{
return json_encode(array(
"error" => array(
"message" => $message
)
));
}
}

Код
<?php

/**

 * UnitPay Payment Module

 *

 * NOTICE OF LICENSE

 *

 * This source file is subject to the Open Software License (OSL 3.0)

 * that is available through the world-wide-web at this URL:

 * http://opensource.org/licenses/osl-3.0.php

 *

 * @category UnitPay

 * @package unitpay/unitpay

 * [USER=8993]@version[/USER] 1.0.0

 * @author UnitPay

 * @copyright Copyright (c) 2015 UnitPay

 * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)

 *

 * EXTENSION INFORMATION

 *

 * UNITPAY API https://unitpay.ru/doc

 *

 */



/**

 * Payment method UnitPay process

 *

 * @author UnitPay <support@unitpay.ru>

 */

class UnitPay

{

 private $supportedCurrencies = array('EUR','UAH', 'BYR', 'USD','RUB');

 private $supportedUnitpayMethods = array('initPayment');

 private $supportedPartnerMethods = array('check', 'pay');

 private $supportedUnitpayIp = array(

 '31.186.100.49',

 '178.132.203.105',

 '78.85.73.231' // for debug

 );

 private $apiUrl = 'https://unitpay.ru/api';

 private $formUrl = 'https://unitpay.ru/pay/';

 private $secretKey;



 public function __construct($secretKey = null)

 {

 $this->secretKey = $secretKey;

 }



 /**

 * Create digital signature

 *

 * @param array $params

 *

 * @return string

 */

 private function getMd5sign($params)

 {

 ksort($params);

 unset($params['sign']);



 return md5(join(null, $params).$this->secretKey);

 }



 /**

 * Get URL for pay through the form

 *

 * @param $publicKey

 * @param $sum

 * @param $account

 * @param $desc

 * @param string $currency

 * @param string $locale

 *

 * @return string

 */

 public function form($publicKey, $sum, $account, $desc, $currency = 'RUB', $locale = 'ru')

 {

 $params = [

 'account' => $account,

 'currency' => $currency,

 'desc' => $desc,

 'sum' => $sum,

 ];

 if ($this->secretKey) {

 $params['sign'] = $this->getMd5sign($params);

 }

 $params['locale'] = $locale;



 return $this->formUrl.$publicKey.'?'.http_build_query($params);

 }



 /**

 * Call API

 *

 * @param $method

 * @param array $params

 *

 * @return object

 *

 * @throws InvalidArgumentException

 * @throws UnexpectedValueException

 */

 public function api($method, $params = array())

 {

 if (!in_array($method, $this->supportedUnitpayMethods)) {

 throw new UnexpectedValueException('Method is not supported');

 }

 if (!isset($params['sum'])) {

 throw new InvalidArgumentException('Sum is null');

 }

 if (!isset($params['account'])) {

 throw new InvalidArgumentException('Account is null');

 }

 if (!isset($params['desc'])) {

 throw new InvalidArgumentException('Desc is null');

 }

 if (isset($params['currency']) && !in_array($params['currency'], $this->supportedCurrencies)) {

 throw new UnexpectedValueException('Currency is not supported');

 } else {

 $params['currency'] = null;

 }



 if ($this->secretKey) {

 $params['sign'] = $this->getMd5sign([

 'account' => $params['account'],

 'currency' => $params['currency'],

 'desc' => $params['desc'],

 'sum' => $params['sum'],

 ]);

 }

 $requestUrl = $this->apiUrl.'?'.http_build_query([

 'method' => $method,

 'params' => $params

 ], null, '&', PHP_QUERY_RFC3986);



 $response = json_decode(file_get_contents($requestUrl));

 if (!is_object($response)) {

 throw new InvalidArgumentException('Temporary server error. Please try again later.');

 }



 return $response;

 }



 /**

 * Check request on handler from UnitPay

 *

 * @return bool

 *

 * @throws InvalidArgumentException

 * @throws UnexpectedValueException

 */

 public function checkHandlerRequest()

 {

 $ip = empty($_SERVER['HTTP_CF_CONNECTING_IP']) ? $_SERVER['REMOTE_ADDR'] : $_SERVER['HTTP_CF_CONNECTING_IP'];

 if (!isset($_GET['method'])) {

 throw new InvalidArgumentException('Method is null');

 }

 if (!isset($_GET['params'])) {

 throw new InvalidArgumentException('Params is null');

 }

 list($method, $params) = array($_GET['method'], $_GET['params']);



 if (!in_array($method, $this->supportedPartnerMethods)) {

 throw new UnexpectedValueException('Method is not supported');

 }



 if ($params['sign'] != $this->getMd5sign($params)) {

 throw new InvalidArgumentException('Wrong signature');

 }



 /**

 * IP address check

 * [USER=19032]@link[/USER] https://unitpay.ru/doc#overview

 */

 if (!in_array($ip, $this->supportedUnitpayIp)) {

 throw new InvalidArgumentException('IP address Error');

 }



 return true;

 }



 /**

 * Response for UnitPay if handle success

 *

 * @param $message

 *

 * @return string

 */

 public function getSuccessHandlerResponse($message)

 {

 return json_encode(array(

 "result" => array(

 "message" => $message

 )

 ));

 }



 /**

 * Response for UnitPay if handle error

 *

 * @param $message

 *

 * @return string

 */

 public function getErrorHandlerResponse($message)

 {

 return json_encode(array(

 "error" => array(

 "message" => $message

 )

 ));

 }

}
<?php
if(!defined('DIR')) die('access error');

$projectId = 12371;
$secretKey = '1ec4d13ce3ecf30fdfca0ff43bbfdcce';

lib('unitpay');

$unitPay = new UnitPay($secretKey);

try {
// Validate request (check ip address, signature and etc)
$unitPay->checkHandlerRequest();

$method = $_GET['method'];
$params = $_GET['params'];

$db = load_db();
$db->query("SET NAMES 'utf8'");
$db->query("SET CHARACTER SET 'utf8'");

$goods = $db->query('SELECT * FROM `unitpay_ivents` WHERE `id`="'.intval($params['account']).'"');
$goods->setFetchMode(PDO::FETCH_ASSOC);
$goods = $goods->fetch();

// Very important! Validate request with your order data, before complete order

if(!$goods){
die('{"error": {"message": "Такой ID не найден"}}');
}elseif($params['orderSum'] != $goods['size'] or ($method==='pay' and $goods['size']<$params['orderSum'])){
die('{"error": {"message": "Аренда стоит '.$goods['size'].'.00 руб., а Вы хотите купить её за '.$params['orderSum'].' руб."}}');
}elseif($params['projectId'] != $projectId){
die('{"error": {"message": "Неверный ID проекта"}}');
}elseif($goods['paid']==1){
die('{"error": {"message": "Это счет уже оплачен"}}');
}
// Just check order (check server status, check order in DB and etc)
if ('check' == $method) {
print $unitPay->getSuccessHandlerResponse('Check Success');
// Method Pay means that the money received
} elseif ('pay' == $method) {
$update = $db->prepare('UPDATE `unitpay_ivents` SET `paid`=1 WHERE `id`=:id');
$update->execute(array('id'=>$params['account']));

$select = $db->prepare('SELECT * FROM `accounts` WHERE `status`=1 AND `domain`=:domain AND `deleted`=0');
$select->execute(array('domain'=>$goods['domain']));
$select->setFetchMode(PDO::FETCH_ASSOC);
$select = $select->fetch();

if(!$select and $goods['type']==0){
include DIR.'/engine/inc/start_shop.php';
}elseif($select and $goods['type']==1){
include DIR.'/engine/inc/renewal.php';
}else{
print $unitPay->getSuccessHandlerResponse('Type Error');
die();
}

print $unitPay->getSuccessHandlerResponse('Pay Success');
} elseif ('error' == $method) {
log_message('error', json_encode($_GET));
}
// Oops! Something went wrong.
} catch (Exception $e) {
print $unitPay->getErrorHandlerResponse($e->getMessage());
}
?>

Код
<?php

if(!defined('DIR')) die('access error');





$projectId = 12371;

$secretKey = '1ec4d13ce3ecf30fdfca0ff43bbfdcce';



lib('unitpay');



$unitPay = new UnitPay($secretKey);



try {

 // Validate request (check ip address, signature and etc)

 $unitPay->checkHandlerRequest();



 $method = $_GET['method'];

 $params = $_GET['params'];

 

 $db = load_db();

 $db->query("SET NAMES 'utf8'"); 

$db->query("SET CHARACTER SET 'utf8'");

 

 $goods = $db->query('SELECT * FROM `unitpay_ivents` WHERE `id`="'.intval($params['account']).'"');

 $goods->setFetchMode(PDO::FETCH_ASSOC);

 $goods = $goods->fetch();



 // Very important! Validate request with your order data, before complete order

 

 if(!$goods){

 die('{"error": {"message": "Такой ID не найден"}}');

 }elseif($params['orderSum'] != $goods['size'] or ($method==='pay' and $goods['size']<$params['orderSum'])){

 die('{"error": {"message": "Аренда стоит '.$goods['size'].'.00 руб., а Вы хотите купить её за '.$params['orderSum'].' руб."}}');

 }elseif($params['projectId'] != $projectId){

 die('{"error": {"message": "Неверный ID проекта"}}');

 }elseif($goods['paid']==1){

 die('{"error": {"message": "Это счет уже оплачен"}}');

 }

 // Just check order (check server status, check order in DB and etc)

 if ('check' == $method) {

 print $unitPay->getSuccessHandlerResponse('Check Success');

 // Method Pay means that the money received

 } elseif ('pay' == $method) {

 $update = $db->prepare('UPDATE `unitpay_ivents` SET `paid`=1 WHERE `id`=:id');

 $update->execute(array('id'=>$params['account']));

 

 $select = $db->prepare('SELECT * FROM `accounts` WHERE `status`=1 AND `domain`=:domain AND `deleted`=0');

 $select->execute(array('domain'=>$goods['domain']));

 $select->setFetchMode(PDO::FETCH_ASSOC);

 $select = $select->fetch();

 

 if(!$select and $goods['type']==0){

 include DIR.'/engine/inc/start_shop.php';

 }elseif($select and $goods['type']==1){

 include DIR.'/engine/inc/renewal.php';

 }else{

 print $unitPay->getSuccessHandlerResponse('Type Error');

 die();

 }

 

 print $unitPay->getSuccessHandlerResponse('Pay Success');

 } elseif ('error' == $method) {

 log_message('error', json_encode($_GET));

 }

// Oops! Something went wrong.

} catch (Exception $e) {

 print $unitPay->getErrorHandlerResponse($e->getMessage());

}

?>
<?php

if(!defined('DIR')) die('access error');

$result['error']['size'] = '';
$result['error']['email'] = '';
$result['error']['domain'] = '';
$result['error']['passwd'] = '';

if(isset($_POST['domain'], $_POST['email'], $_POST['passwd'], $_POST['size'])){
$_POST['email'] = trim($_POST['email']);
$_POST['passwd'] = trim($_POST['passwd']);
$_POST['domain'] = trim($_POST['domain']);
$_POST['size'] = trim($_POST['size']);

if(empty($_POST['size'])){
$code = 0;
$result['error']['size'] = 'Выберите срок оплаты';
}elseif(empty($_POST['email'])){
$code = 0;
$result['error']['email'] = 'Введите email';
}elseif(!valid_email($_POST['email'])){
$code = 0;
$result['error']['email'] = 'Введен не верный email';
}elseif(empty($_POST['passwd'])){
$code = 0;
$result['error']['passwd'] = 'Введите пароль';
}elseif(iconv_strlen($_POST['passwd'])<=5){
$code = 0;
$result['error']['passwd'] = 'Пароль слишком короткий';
}elseif(iconv_strlen($_POST['passwd'])>=50){
$code = 0;
$result['error']['passwd'] = 'Пароль слишком длинный';
}elseif(empty($_POST['domain'])){
$code = 0;
$result['error']['domain'] = 'Введите домен';
}elseif(preg_match("/[^a-z0-9\-]/i", $_POST['domain'])){
$code = 0;
$result['error']['domain'] = 'Не верный домен';
}elseif(iconv_strlen($_POST['domain'])>50){
$code = 0;
$result['error']['domain'] = 'Максимальная длина домена 50 символов';
}else{
$db = load_db();
$db->query("SET NAMES 'utf8'");
$db->query("SET CHARACTER SET 'utf8'");

$select = $db->prepare('SELECT COUNT(*) as `count` FROM `accounts` WHERE `domain`=:dom AND `deleted`=0 AND `status`=1');
$dat = array('dom'=>$_POST['domain']);
$select->execute($dat);
$select = $select->fetch();

if($select['count']>0){
$code = 0;
$result['error']['domain'] = 'Домен занят';
}else{

if(!empty($_COOKIE['referer']))
{
$referer = $_COOKIE['referer'];
}else
{
$referer = '';
}

$id = $db->insert('unitpay_ivents', array('size'=>$_POST['size'], 'domain'=>$_POST['domain'].$_POST['domain_suffix'], 'passwd'=>$_POST['passwd'], 'email'=>$_POST['email'], 'referer'=>$referer));

header("Location: https://any-pay.org/merchant?id=960&summ={$_POST['size']}&pay_id={$id}&desc=Покупка");
// header("Location: https://unitpay.ru/pay/12371-6a90f/yandex?sum={$_POST['size']}&account={$id}&desc=Покупка");
die();
}
}

$_POST['size'] = isset($_POST['size']) ? $_POST['size'] : '';
$_POST['domain'] = isset($_POST['domain']) ? $_POST['domain'] : '';
$_POST['email'] = isset($_POST['email']) ? $_POST['email'] : '';
$_POST['passwd'] = isset($_POST['passwd']) ? $_POST['passwd'] : '';

view('buy', $result);
}else{
$_POST['size'] = isset($_POST['size']) ? $_POST['size'] : '';
$_POST['domain'] = isset($_POST['domain']) ? $_POST['domain'] : '';
$_POST['email'] = isset($_POST['email']) ? $_POST['email'] : '';
$_POST['passwd'] = isset($_POST['passwd']) ? $_POST['passwd'] : '';

view('buy', $result);
}

?>

Код
<?php



if(!defined('DIR')) die('access error');





$result['error']['size'] = '';

$result['error']['email'] = '';

$result['error']['domain'] = '';

$result['error']['passwd'] = '';



if(isset($_POST['domain'], $_POST['email'], $_POST['passwd'], $_POST['size'])){

 $_POST['email'] = trim($_POST['email']);

 $_POST['passwd'] = trim($_POST['passwd']);

 $_POST['domain'] = trim($_POST['domain']);

 $_POST['size'] = trim($_POST['size']);

 

 if(empty($_POST['size'])){

 $code = 0;

 $result['error']['size'] = 'Выберите срок оплаты';

 }elseif(empty($_POST['email'])){

 $code = 0;

 $result['error']['email'] = 'Введите email';

 }elseif(!valid_email($_POST['email'])){

 $code = 0;

 $result['error']['email'] = 'Введен не верный email';

 }elseif(empty($_POST['passwd'])){

 $code = 0;

 $result['error']['passwd'] = 'Введите пароль';

 }elseif(iconv_strlen($_POST['passwd'])<=5){

 $code = 0;

 $result['error']['passwd'] = 'Пароль слишком короткий';

 }elseif(iconv_strlen($_POST['passwd'])>=50){

 $code = 0;

 $result['error']['passwd'] = 'Пароль слишком длинный';

 }elseif(empty($_POST['domain'])){

 $code = 0;

 $result['error']['domain'] = 'Введите домен';

 }elseif(preg_match("/[^a-z0-9\-]/i", $_POST['domain'])){

 $code = 0;

 $result['error']['domain'] = 'Не верный домен';

 }elseif(iconv_strlen($_POST['domain'])>50){

 $code = 0;

 $result['error']['domain'] = 'Максимальная длина домена 50 символов';

 }else{

 $db = load_db();

 $db->query("SET NAMES 'utf8'"); 

$db->query("SET CHARACTER SET 'utf8'");

 

 $select = $db->prepare('SELECT COUNT(*) as `count` FROM `accounts` WHERE `domain`=:dom AND `deleted`=0 AND `status`=1');

 $dat = array('dom'=>$_POST['domain']);

 $select->execute($dat);

 $select = $select->fetch();



 if($select['count']>0){

 $code = 0;

 $result['error']['domain'] = 'Домен занят';

 }else{

 

 if(!empty($_COOKIE['referer']))

 {

 $referer = $_COOKIE['referer'];

 }else

 {

 $referer = '';

 }





 $id = $db->insert('unitpay_ivents', array('size'=>$_POST['size'], 'domain'=>$_POST['domain'].$_POST['domain_suffix'], 'passwd'=>$_POST['passwd'], 'email'=>$_POST['email'], 'referer'=>$referer));





header("Location: https://any-pay.org/merchant?id=960&summ={$_POST['size']}&pay_id={$id}&desc=Покупка");

 // header("Location: https://unitpay.ru/pay/12371-6a90f/yandex?sum={$_POST['size']}&account={$id}&desc=Покупка");

 die();

 }

 }

 

 $_POST['size'] = isset($_POST['size']) ? $_POST['size'] : '';

 $_POST['domain'] = isset($_POST['domain']) ? $_POST['domain'] : '';

 $_POST['email'] = isset($_POST['email']) ? $_POST['email'] : '';

 $_POST['passwd'] = isset($_POST['passwd']) ? $_POST['passwd'] : '';

 

 view('buy', $result);

}else{

 $_POST['size'] = isset($_POST['size']) ? $_POST['size'] : '';

 $_POST['domain'] = isset($_POST['domain']) ? $_POST['domain'] : '';

 $_POST['email'] = isset($_POST['email']) ? $_POST['email'] : '';

 $_POST['passwd'] = isset($_POST['passwd']) ? $_POST['passwd'] : '';

 

 view('buy', $result);

}



?>
Кто может переписать под any-pay

кто сможет подкину денег

Грач · 4 фев 2017

@Gratsh (телеграм)
*****forcepro (скайп)
добавляй, обсудим.

Требуется помощь с фиксом ошибок готового скрипта магазина на PHP

Начало пути

Платежный шлюз CryptoBot для WHMCS

Как открыть сайт, который работает на ПК через ОпенСервер, на телефоне?

Focus Messenger - скрипт Мессенджера на PHP

Помогите с наполнением для сайта

(Вопрос) Вк боты и SQL Инъекции

PHP Скрипт накрутки друзей для ВК 2025

Сделаю сайт бесплатно

[Вопрос] Как отправить batch с Laravel?

NotCoinBot многофункциональный кликер

Слив казино продавался раньше за 2600$

Учу PHP, нужна ваша помощь.

Какие материалы (книжки, видео, курсы) помогут разобраться в backend разработке?

Сайт ложиться при любом запросе пользователя к базе данных . ????

Какой сайтик сделать?

Подскажите как можно польностью защитить авторизацию для сайт?

Скрипт крипто биржи | Крипто биржа Обменник Crypto Wallet

Coolify - альтернатива Heroku / Netlify / Vercel

Shlink - Самостоятельный сокращатель URL-адресов

Какие методы авторизации пользователя вы используете ?

Как отправить почту от лица другого отправителя?

Как активировать phpstorm бесплатно

Как ускорить загрузку?

Скрипт HOTSKINS - 15 режимов - Слоты Монетка Кейсы Блекджек Upgrade КНБ Наперстки Defuse Рулетка

Скрипт рулетки bellereve за 15.000 рублей

Проблема с phpMyAdmin

Кто шарит за sql иньекции?

Подключение SSL

Searching help t.me/simyoseller

Кто шарит в api any-pay требуется помощь