Code:
<?php
/*
Note:Before starting you have to create an account at http://www.paygol.com/register?affiliatecode=T8Y7-LK0M-NY0R-Y6O3
*/
// check that the request comes from PayGol server
if(!in_array($_SERVER['REMOTE_ADDR'],
array('109.70.3.48', '109.70.3.146', '109.70.3.58'))) {
header("HTTP/1.0 403 Forbidden");
die("Error: Unknown IP");
}
// get the variables from PayGol system
$message_id = $_GET['message_id'];
$service_id = $_GET['service_id'];
$shortcode = $_GET['shortcode'];
$keyword = $_GET['keyword'];
$message = $_GET['message'];
$sender = $_GET['sender'];
$operator = $_GET['operator'];
$country = $_GET['country'];
$custom = $_GET['custom'];
$points = $_GET['points'];
$price = $_GET['price'];
$currency = $_GET['currency'];
//Replace these parameters by your database details
$dbhost = "localhost"; //Your database domain
$dbuser = "root"; //Database username
$dbpassword = "dbpass"; //Database password
$db = "dbname"; //Database name
//Connect to Database
$conn = mysql_connect($dbhost, $dbuser, $dbpassword);
mysql_select_db($db);
$sql = "UPDATE accounts SET premium_points = premium_points+$points WHERE name = '$custom'";
mysql_query($sql);
mysql_close($conn);
?>
I explained him that user provides the 'custom' GET parameter, so as his account name he can put anything, also something what will for example add points to all users. I fixed that for him but today I came with another idea.
I've created PayGol account, created own multiprice service with price 1 euro, 9000000 points for that and IPN URL pointing to... wladca's website.
Than I turned on testing mode, made the purchase in testing mode and on wladca's server I had 9000000 points :)
So what is the solution for this problem?
Check if parameters passed to your IPN script match the values you obtained from PayGol (especially service_id, price and points).
Brak komentarzy:
Prześlij komentarz