case 'web':
function getIP() {
if(isset($_SERVER['HTTP_X_REAL_IP'])) return $_SERVER['HTTP_X_REAL_IP'];
return $_SERVER['REMOTE_ADDR'];
}
if (!in_array(getIP(), array('168.119.157.136', '168.119.60.227', '138.201.88.124', '178.154.197.79'))) die("hacking attempt!");
$sign = md5($merchant_id.':'.$_REQUEST['AMOUNT'].':'.$secret_word2.':'.$_REQUEST['MERCHANT_ORDER_ID']);
if ($sign != $_REQUEST['SIGN']) die('wrong sign');
if (isset($_POST['MERCHANT_ID']) && is_numeric($_POST['MERCHANT_ID'])
&& isset($_POST['MERCHANT_ORDER_ID']) && is_numeric($_POST['MERCHANT_ORDER_ID'])
&& isset($_POST['AMOUNT']) && is_numeric($_POST['AMOUNT'])
&& isset($_POST['SIGN']))
{
$num = ($_POST['MERCHANT_ORDER_ID']);
$data = mysql_query("SELECT * FROM `rek` WHERE `num` = '".$num."'");
$row = mysql_fetch_assoc($data);
$number = mysql_fetch_assoc(mysql_query("SELECT * FROM `rek` WHERE `num` = '".$num."'"));
mysql_query("UPDATE `rek` SET `ok` = '1' WHERE `num` = '".$number['num']."'");
die('YES');
}
die('ошибка POST')
}