<?php
include ('config.php');
include ('../inc/base.php');
include ('../inc/functions.php');
if (isset($_POST['id_shop']) && is_numeric($_POST['id_shop']) && isset($_POST['id_bill']) && is_numeric($_POST['id_bill']) && isset($_POST['summa']) && is_numeric($_POST['summa']) && isset($_POST['hash']))
{
$sql=mysql_query("SELECT * FROM `worldkassa` WHERE `id_bill` = '".(text($_POST['id_bill']))."'");
if (mysql_num_rows($sql)>0)
{
$data=mysql_fetch_assoc($sql);
if ($_POST['summa']<$data['summa'])
{
}
elseif($_POST['hash']!=md5($hash.$id_shop.$_POST['id_bill'].$_POST['summa']))
{
exit();
}
else
{
foreach($cena_cash as $cash=>$summa)
{
if ($summa==$data['summa']) {
$us = mysql_fetch_assoc(mysql_query("SELECT * FROM `accounts` WHERE `id` = '".$data['id_user']."'"));
if($us) {
$us_cash = round($us['action']/100*$cash);
$c_cash = $cash + $us_cash;
mysql_query('UPDATE `accounts` SET `cash` = `cash` + "'.$c_cash.'" WHERE `id` = "'.$data['id_user'].'"');
if($us['ref'] != '0') {
$ref_cash = round(30/100*$c_cash);
mysql_query("update `accounts` set `cash` = `cash` + '".$ref_cash."', `ref_cash` = `ref_cash` + '".$ref_cash."' where `id` = '".$us['ref']."'");
}
}
}
}
mysql_query("UPDATE `worldkassa` SET `time_oplata` = '".time()."' WHERE `id` = '".$data['id']."'");
}
}
}
?>