我买了一个PayPal文件并发生致命错误。有些黑客可以免费购买。
这是我的代码
<?php
require('.'.DIRECTORY_SEPARATOR.'app_ndc'.DIRECTORY_SEPARATOR.'boot.php');
require_once( MODEL_PATH . 'payment.php' );
class GPage extends WebService {
function load() {
$AppConfig = $GLOBALS['AppConfig'];
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$cost= $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$usedPackage = NULL;
foreach ($AppConfig['plus']['packages'] as $package) {
if ($package['cost'] == $cost) {
$usedPackage = $package;
}
}
$merchant_id = $AppConfig['plus']['payments']['paypal']['merchant_id'];
$usedPayment = NULL;
foreach ($AppConfig['plus']['payments'] as $payment) {
if ($payment['merchant_id'] == $merchant_id) {
$usedPayment = $payment;
}
}
if (strtoupper($payment_status)=='COMPLETED'){
$m = new PaymentModel();
$this->payconfairm = $m->getMonaydata( $txn_id );
if ( $usedPackage != NULL && $usedPayment != NULL && $this->payconfairm == null){
$goldNumber = $usedPackage['gold'];
$m = new PaymentModel();
// Give gold
$pg = $goldNumber+($goldNumber*$usedPackage['plus']/100);
$m->incrementPlayerGold ($_POST['custom'], $pg);
// End to give the gold
$userid = $m->getPlayerDataById ($_POST['custom']);
$usernam = $userid['name'];
// Insert purchasing operations
$m->InsertMoneyLog( $txn_id, $usernam, $goldNumber, $cost, "USD", "cashu" );
$m->updatetotalonecard( $goldNumber, $cost );
//end
//here ern gold
$tatarzx = new QueueModel();
//here 10% =>
$show = $tatarzx->provider->fetchRow( "SELECT `invite_by` FROM `p_players` WHERE id = '".$_POST['custom']."'" );
if ($show['invite_by']) {
$ng = $goldNumber*10/100;
$m->incrementPlayerGold( $show['invite_by'], $ng );
//here 1% =>
$show1 = $tatarzx->provider->fetchRow( "SELECT `invite_by` FROM `p_players` WHERE id = '".$show['invite_by']."'" );
if ($show1['invite_by']) {
$ng = $goldNumber*1/100;
$m->incrementPlayerGold( $show1['invite_by'], $ng );
}
}
//end ern gold
// Send a message to the player to inform him that the operation was successful
$name = "القسم المالي paypal";
require_once( MODEL_PATH."msg.php" );
$mm = new MessageModel( );
$subject = "تمت العمليه الشرائية بنجاح";
$message = 'تحيه طيبه
عزيزي '.$usernam.',
لقد تم شحن ذهب بقيمة '.$cost.' دولار مقابل '.$goldNumber.' من الذهب وتمت العمليه بنجاح.
ادارة اللعبةالقسم المالي paypal
';
$messageId = $mm->sendMessage( 1, $name, $_POST['custom'], $usernam, $subject, $message );
$quizArray[] = $messageId;
$m->dispose();
//end
}
}
}
}
$p = new GPage();
$p->run ();