<?php
require_once "inc/config.php";
require_once "inc/shopier.php";
function logToFile($message) {
$log_file = 'shopier_log.txt';
$timestamp = date("Y-m-d H:i:s");
$log_message = $timestamp . " - " . $message . PHP_EOL;
file_put_contents($log_file, $log_message, FILE_APPEND);
}
if (!isset($_POST["status"], $_POST["platform_order_id"], $_POST["payment_id"], $_POST["signature"], $_POST["random_nr"])) {
logToFile("Missing POST parameters");
header("Location: addfunds?status=failed");
exit;
}
$shopierSecret = '
$status = $_POST["status"];
$invoiceId = $_POST["platform_order_id"];
$transactionId = $_POST["payment_id"];
$installment = $_POST["installment"] ?? '';
$signature = $_POST["signature"];
$data = $_POST["random_nr"] . $_POST["platform_order_id"] . (isset($_POST["total_order_value"]) ? $_POST["total_order_value"] : 0) . (isset($_POST["currency"]) ? $_POST["currency"] : 'TRY');
$expected_signature = base64_encode(hash_hmac('sha256', $data, $shopierSecret, true));
logToFile("Verilen Data: " . $data);
logToFile("Hesaplanan İmza (Base64): " . $expected_signature);
logToFile("Alınan İmza (Base64): " . $signature);
if (hash_equals($signature, $expected_signature)) {
logToFile("İmza doğrulandı. İşlem başarılı.");
$status = strtolower($status);
try {
$stmt = $pdo->prepare("SELECT UserID FROM transitions WHERE PlatformID = :platform_order_id LIMIT 1");
$stmt->execute(['platform_order_id' => $invoiceId]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if ($result) {
$userID = $result['UserID'];
} else {
logToFile("UserID bulunamadı. Platform Order ID: $invoiceId");
header("Location: addfunds?status=failed");
exit;
}
} catch (PDOException $e) {
logToFile("UserID alınırken hata oluştu. Hata: " . $e->getMessage());
header("Location: addfunds?status=failed");
exit;
}
if ($status == "success") {
$amount = isset($_POST["total_order_value"]) ? floatval($_POST["total_order_value"]) : 0;
if (!empty($userID) && $amount > 0) {
if (deposit($userID, $amount)) {
logToFile("Payment success for User ID: $userID, Amount: $amount");
header("Location: addfunds?status=success");
exit;
} else {
logToFile("Payment success but failed to update balance for User ID: $userID");
header("Location: addfunds?status=failed");
exit;
}
} else {
logToFile("Invalid User ID or amount. User ID: $userID, Amount: $amount");
header("Location: addfunds?status=failed");
exit;
}
} else {
logToFile("Payment failed. Status: $status, User ID: $userID, Transaction ID: $transactionId");
header("Location: addfunds?status=failed");
exit;
}
} else {
logToFile("İmza doğrulaması başarısız. Hesaplanan İmza: $expected_signature, Alınan İmza: $signature");
logToFile("Gönderilen veri içerikleri: Random: " . $_POST["random_nr"] . ", Platform Order ID: " . $_POST["platform_order_id"] . ", Total Order Value: " . (isset($_POST["total_order_value"]) ? $_POST["total_order_value"] : 0) . ", Currency: " . (isset($_POST["currency"]) ? $_POST["currency"] : 'TRY'));
header("Location: addfunds?status=failed");
exit;
}
function deposit($userID, $amount) {
global $pdo;
try {
$stmt = $pdo->prepare("UPDATE users SET Balance = Balance + :amount WHERE ID = :userid");
$stmt->execute([
'amount' => $amount,
'userid' => $userID
]);
if ($stmt->rowCount() > 0) {
return true;
} else {
logToFile("Deposit failed for User ID: $userID. No rows affected.");
return false;
}
} catch (PDOException $e) {
logToFile("Error updating balance for User ID: $userID. Error: " . $e->getMessage());
return false;
}
}
[B][/B]