Файл: iwup.biz/sms/smskey.php
Строк: 79
<?php
include('../db.php');
include('../nast.php');
$msg=mysql_real_escape_string(trim(htmlspecialchars(str_replace('igrun','',str_replace('+', '', $_GET['msg'])))));
$msg=trim(str_replace('+', '', $msg));
$msg=str_replace('igrun', '', $msg);
//print $msg.'<br />';
$smsid=mysql_real_escape_string($_GET['smsid']);
$result=mysql_query("SELECT * from `user` WHERE `login`='$msg'");
$time=time();
/*if(!mysql_num_rows($result))
{
print "smsid:$smsidnstatus:replyncontent-type:text/planennNevernyj login http://igrun.mobi/shop";
}
else*/
{
$cost=floatval($_GET['cost'])*$kurs;
$skey=$_GET['skey'];
if(md5(12345)!=$skey and $skey!=12345)
{
print "smsid:$smsidnstatus:ignorncontent-type:text/planennNevernyj skey http://igrun.mobi/shop
";
}
else
{
$info=mysql_fetch_array($result);
$num=intval($_GET['num']);
$phone=mysql_real_escape_string($_GET['user_id']);
$oper=mysql_real_escape_string($_GET['operator']);
mysql_query("UPDATE `user` SET `balans`=`balans`+$cost WHERE `login`='$msg'");
//mysql_query("INSERT into `vvod` VALUES('0','$info[uid]','$cost','1','$time','Оплата через смс $num.Счет пополнен на $cost рублей<br />')");
$pin=mt_rand(100000,999999).mt_rand(100000,999999);
while(mysql_num_rows(mysql_query("SELECT * from `pinkod` WHERE `pinkod`='$pin' limit 1")))
{
$pin=mt_rand(100000,999999).mt_rand(100000,999999);
}
mysql_query("INSERT into `pinkod` VALUES('0','$pin','$cost','$time','3','','0')");
$cost=round($cost,2);
print "smsid:$smsidnstatus:replyncontent-type:text/planennPinkod popolnenenija na {$cost}r:$pin http://igrun.mobi
";
mysql_query("INSERT into `allsms` VALUES('0','$time','$num','$msg','$phone','$cost','$oper')");
}
}
?>