<?php
if (isset($_POST['WK_PAY_AMOUNT']) && isset($_POST['WK_PAY_TIME']) && isset($_POST['WK_PAY_HASH']))
{
include '../system/common.php';
include ('sett.php');
$common_string = wk_id.$_POST['WK_PAY_AMOUNT'].$_POST['WK_PAY_TIME'].wk_code;
$hash = strtoupper(hash("sha256",$common_string));
if($hash!=$_POST['WK_PAY_HASH']) exit('NO HACK!');
$summ = wk_summ($_POST['WK_PAY_AMOUNT']);
$id = abs(intval($_POST['WK_PAY_USER']));
$count = abs(intval($_POST['WK_PAY_COUNT']));
$type = $_POST['WK_PAY_TOVAR'];
if($count == '100'){$bonus=5;}
if($count == '500'){$bonus=50;}
if($count == '1000'){$bonus=150;}
if($count == '5000'){$bonus=1000;}
if($count == '10000'){$bonus=2500;}
$gold=$count+$bonus;
if($type == 'gold' && isset($wk_cena_gold[$count]) && $wk_cena_gold[$count]==$summ)
{
// Задания
$task_id=7;// Купи 200 золота и получи еще 20 золота в подарок
$req = mysql_query ('select * from `task_user` WHERE (`user`="'.$id.'") AND (`task`="'.$task_id.'") AND (`complete`="0")');
$task = mysql_fetch_array(mysql_query ('SELECT * FROM `task` WHERE (`id`="'.$task_id.'")'));
if (mysql_num_rows ($req) != 0) {
while ($t = mysql_fetch_array ($req)) {
if ($t['how'] < $task['how']){
if($t['how'] >= 200 OR $count >= 200) {
mysql_query ('UPDATE `task_user` SET `how`=200 WHERE (`user`="'.$id.'") AND (`task`="'.$task_id.'")');
}else{
mysql_query ('UPDATE `task_user` SET `how`=`how`+"'.$count.'" WHERE (`user`="'.$id.'") AND (`task`="'.$task_id.'")');
}}}}
// Задания
$task_id_8=8;// Купи 1000 золота и получи еще 20 золота в подарок
$req = mysql_query ('select * from `task_user` WHERE (`user`="'.$id.'") AND (`task`="'.$task_id_8.'") AND (`complete`="0")');
$task = mysql_fetch_array(mysql_query ('SELECT * FROM `task` WHERE (`id`="'.$task_id_8.'")'));
if (mysql_num_rows ($req) != 0) {
while ($t = mysql_fetch_array ($req)) {
if ($t['how'] < $task['how']){
if($t['how'] >= 1000 OR $count >= 1000) {
mysql_query ('UPDATE `task_user` SET `how`=1000 WHERE (`user`="'.$id.'") AND (`task`="'.$task_id_8.'")');
}else{
mysql_query ('UPDATE `task_user` SET `how`=`how`+"'.$count.'" WHERE (`user`="'.$id.'") AND (`task`="'.$task_id_8.'")');
}}}}
mysql_query("UPDATE `users` SET `g` = `g` + '".$gold."' WHERE `id` = '".$id."'");
exit('YES');
}
}
?>