File: /home/httpd/html/porn.tw/public_html/billers/ccbill_jpost.php
<?
include('../admin/db.php');
if(!$ccbillPostbackEnabled) {
exit("Please enable CCBill postback in script configuration");
}
$PRIVATE_KEY = '';
$SUCCESS = '111';
$FAILURE = '000';
$DUPLICATE_USER = '001';
$USER_NO_EXIST = '010';
$BAD_PERMISSIONS = '011';
$BAD_CHECKSUM = '100';
$FATAL_ERROR = '101';
$BAD_IP = '110';
$log = mysqli_real_escape_string($dblink,print_r($_REQUEST,true));
dbQuery("INSERT INTO biller_log SET `date` = NOW(), biller = 'CCBill', ip = '".$_SERVER['REMOTE_ADDR']."', data = '$log'");
$_REQUEST = mysql_real_escape_array($_REQUEST);
if($_REQUEST['action'] == 'ADD' || $_REQUEST['action'] == 'UPDATE') {
$result = mysqli_query($dblink,"SELECT * FROM users WHERE username = '$_REQUEST[username]'");
if(mysqli_num_rows($result) > 0) {
if(mysqli_query($dblink,"UPDATE users SET premium = 1, password = md5('$_POST[password]'), salt = '' WHERE username = '$_REQUEST[username]'")) {
echo $SUCCESS;
}
else {
echo $FAILURE;
}
}
else {
if(mysqli_query($dblink,"INSERT INTO users (username, password, premium) VALUES ('$_REQUEST[username]', md5('$_REQUEST[password]'),1)")) {
echo $SUCCESS;
}
else {
echo $FAILURE;
}
}
} elseif($_REQUEST['action'] == 'REMOVE') {
if(mysqli_query($dblink,"DELETE FROM users WHERE username = '$_REQUEST[username]'")) {
echo $SUCCESS;
}
else {
echo $FAILURE;
}
} else {
echo $SUCCESS; //default to success message so we don't throw errors on other functions we aren't using here.
}
?>