File: /home/httpd/html/porn.tw/public_html/billers/netbilling.php
<?
include('../admin/db.php');
if(!$netbillingPostbackEnabled) {
exit("Please enable NetBilling postback in script configuration");
}
$PRIVATE_KEY = '';
$SUCCESS = 'OK';
$FAILURE = 'ERROR';
$log = print_r($_REQUEST,true);
file_put_contents($basepath.'/cache/netbilling_log.txt',date('Y-m-d H:i:s').$log."\n\n\r\r",FILE_APPEND);
$_REQUEST = mysql_real_escape_array($_REQUEST);
if($_REQUEST['cmd'] == 'append_user' || $_REQUEST['cmd'] == 'append_users' ) {
$result = mysqli_query($dblink,"SELECT * FROM users WHERE username = '$_REQUEST[u]'");
if(mysqli_num_rows($result) > 0) {
if(mysqli_query($dblink,"UPDATE users SET premium = 1, password = md5('$_POST[n]'), salt = '' WHERE username = '$_REQUEST[u]'")) {
echo $SUCCESS;
}
else {
echo $FAILURE;
}
}
else {
if(mysqli_query($dblink,"INSERT INTO users (username, password, premium) VALUES ('$_REQUEST[u]', md5('$_REQUEST[n]'),1)")) {
echo $SUCCESS;
}
else {
echo $FAILURE;
}
}
} elseif($_REQUEST['cmd'] == 'delete_users' || $_REQUEST['cmd'] == 'delete_user') {
if(mysqli_query($dblink,"DELETE FROM users username = '$_REQUEST[u]'")) {
echo $SUCCESS;
}
else {
echo $FAILURE;
}
} else {
echo $SUCCESS; //default to success message so we don't throw errors on other functions we aren't using here.
}
?>