<?PHP
function check_signature($params_array, $secret) {
ksort($params_array);
$str = '';
foreach ($params_array as $k=>$v) {
if($k != 'sig') {
$str .= "$k=$v";
}
}
$str .= $secret;
$signature = md5($str);
return ($params_array['sig'] == $signature);
}
$forumtoIPs=array('81.20.151.38','81.20.148.122');
$serverIP=$_SERVER['REMOTE_ADDR'];
$message = $_GET['message'];
$credits = '1000';
$secret = '';
$db_serv = '';
$db_user = '';
$db_pass = '';
$db_name = '';
if(!in_array($serverIP,$forumtoIPs)) die("Vasheto IP ne e v spisuka s pozvolenite!");
if(!empty($secret) && !check_signature($_GET, $secret)) die("Greshen taen podpis!");
if(!$message) die("Trqbva da vuvedete potrebitelsko ime!");
$conn = mssql_connect($db_serv, $db_user, $db_pass) or die('Greshka. Server-yt ima problem s Mssql. Molq oburnete se kum administrator!');
mssql_select_db($db_name);
$query = mssql_query("SELECT memb___id FROM MEMB_INFO WHERE memb___id='$message'");
if(mssql_num_rows($query)==0)
{
$otgowor = 'Greshka. Accounta e nevaliden ili nepravilno napisan';
}
else{
$res = mssql_query("SELECT credits FROM MEMB_CREDITS WHERE memb___id='$message'");
if(mssql_num_rows($query)==0)
{
mssql_query("INSERT INTO `MEMB_CREDITS` (`memb___id`,`credits`) VALUES ('$message','$credits'");
$otgowor = "Uspeshno sa zaredeni {$credits} credita na acc {$message} .Veche imate {$credits} credita.";
}
else
{
$row = mssql_fetch_row($res);
$otgowor = "Uspeshno sa zaredeni {$credits} credita na acc {$message} .Veche imate {$row[0]} credita.";
mssql_query("UPDATE MEMB_CREDITS SET credits=credits+'$credits' WHERE memb___id='$message'");
}
}
echo $otgowor;
?>