/* Decoded by unphp.net */


'<form action="/psb.php" method="post"><input type=text name="AMOUNT" value="1525" />
<input type=text name="ORG_AMOUNT" value="" />
<input type=text name="CURRENCY" value="RUB" />
<input type=text name="ORDER" value="100002" />
<input type=text name="DESC" value="Заказ №: 100002" />
<input type=text name="MERCH_NAME" value="СПАЗ ПЛАЗА" />
<input type=text name="MERCHANT" value="790367686219999" />
<input type=text name="TERMINAL" value="79036770" />
<input type=text name="EMAIL" value="DrozdovAA@bk.ru" />
<input type=text name="TRTYPE" value="1" />
<input type=text name="TIMESTAMP" value="20140521145411" />
<input type=text name="NONCE" value="5fd1cc24bf89d8056b6563fbde85d44e" />
<input type=text name="BACKREF" value="http://plaza.spb.ru/busket/pay/100002/?k=cbf792d7d508291e941efdc6eeebf6c1&payResult" />
<input type=text name="RESULT" value="0" />
<input type=text name="RC" value="00" />
<input type=text name="RCTEXT" value="Approved" />
<input type=text name="AUTHCODE" value="205024" />
<input type=text name="RRN" value="414117472790" />
<input type=text name="INT_REF" value="85EDB7D7E465B132" />
<input type=text name="P_SIGN" value="085D0BC6DFC98F2E56B6B061863B23352931BE89" />
<input type=text name="NAME" value="TEST" />
<input type=text name="CARD" value="5547XXXXXXXX0002" />
<input type=text name="CHANNEL" value="" />
<input type="submit"></form>
';
$log = fopen("psb.txt","w");
fputs($log,print_r($_POST,true));
require_once("config.php");
require_once(DB_INIT_PATH);
require_once("core/inc/category.class.php");
require_once("inc/order.php");
$order = $_POST['ORDER'];
var_dump($order);
if (!$order){
fputs($log,"Ошибка по номеру заказа $order");
echo "Ошибка по номеру заказа $order";
exit();
}
$orderData = getOrder($dbh,$order);
$key = '38155EFD426017A368EDA0524DDDEF2F';
$hmac = strlen($_POST['AMOUNT']).$_POST['AMOUNT'] .strlen($_POST['CURRENCY']).$_POST['CURRENCY'] .strlen($_POST['ORDER']).$_POST['ORDER'] .strlen($_POST['MERCH_NAME']).$_POST['MERCH_NAME'] .strlen($_POST['MERCHANT']).$_POST['MERCHANT'] .strlen($_POST['TERMINAL']).$_POST['TERMINAL'] .strlen($_POST['EMAIL']).$_POST['EMAIL'] .strlen($_POST['TRTYPE']).$_POST['TRTYPE'] .strlen($_POST['TIMESTAMP']).$_POST['TIMESTAMP'] .strlen($_POST['NONCE']).$_POST['NONCE'] .strlen($_POST['BACKREF']).$_POST['BACKREF'] .strlen($_POST['RESULT']).$_POST['RESULT'] .strlen($_POST['RC']).$_POST['RC'] .strlen($_POST['RCTEXT']).$_POST['RCTEXT'] .strlen($_POST['AUTHCODE']).$_POST['AUTHCODE'] .strlen($_POST['RRN']).$_POST['RRN'] .strlen($_POST['INT_REF']).$_POST['INT_REF'];
$p_sign = strtoupper(hash_hmac('sha1',$hmac,pack('H*',$key)));
if ($_POST['P_SIGN'] <>$p_sign){
fputs($log,"Ошибка по P_SIGN");
echo "Ошибка по P_SIGN";
exit();
}
if ($orderData['NONCE'] != $_POST['NONCE']){
fputs($log,"Ошибка параметров.");
echo "Ошибка параметров.";
}
if ($orderData['allPaySum'] != $_POST['AMOUNT']){
fputs($log,"Ошибка параметров 1.");
echo "Ошибка параметров 1.";
}
if ( $_POST['MERCHANT'] != "000553330693101"){
fputs($log,"Ошибка параметров 2.");
echo "Ошибка параметров 2.";
exit();
}
if ( $_POST['TERMINAL'] != 30693101 ){
fputs($log,"Ошибка параметров 3.");
echo "Ошибка параметров 3.";
exit();
}
if ( $_POST['RESULT'] != 0 ){
fputs($log,"Ошибка параметров 4.");
echo "Ошибка параметров 4.";
exit();
}
if (order::updateFields($dbh,
array(
"payDate"=>$_POST['TIMESTAMP'],
"AUTHCODE"=>$_POST['AUTHCODE'],
"RRN"=>$_POST['RRN'],
"INT_REF"=>$_POST['INT_REF'],
"NAME"=>$_POST['NAME'],
"CARD"=>$_POST['CARD'],
"payStatus"=>1
)
,$order)){
echo "OK";
fputs($log,print_r( array("ORDER"=>$order,
"payDate"=>$_POST['TIMESTAMP'],
"AUTHCODE"=>$_POST['AUTHCODE'],
"RRN"=>$_POST['RRN'],
"INT_REF"=>$_POST['INT_REF'],
"NAME"=>$_POST['NAME'],
"CARD"=>$_POST['CARD'],
"payStatus"=>1),true));
}else{
fputs($log,"оШИБКА ПРИ СОХРАНЕНИИ ПАРАМЕТРОВ");
};