File: /home/httpd/html/porn.tw/public_html/billers/process_segpay.php
<?
include('../admin/db.php');
if(!$segpayPostbackEnabled) {
exit("Please enable Segpay postback in script configuration");
}
$PRIVATE_KEY = '';
$SUCCESS = '200';
$FAILURE = '400';
$log = mysqli_real_escape_string($dblink,print_r($_REQUEST,true));
dbQuery("INSERT INTO biller_log SET `date` = NOW(), biller = 'Segpay', ip = '".$_SERVER['REMOTE_ADDR']."', data = '$log'");
$_REQUEST = mysql_real_escape_array($_REQUEST);
if($_REQUEST['action'] == 'Enable') {
$result = mysqli_query($dblink,"SELECT * FROM users WHERE username = '$_REQUEST[username]'");
if(mysqli_num_rows($result) > 0) {
if(mysqli_query($dblink,"UPDATE users SET premium = 1, password = md5('$_POST[password]'), salt = '' WHERE username = '$_REQUEST[username]'")) {
echo $SUCCESS;
}
else {
echo $FAILURE;
}
}
else {
if(mysqli_query($dblink,"INSERT INTO users (username, password, premium) VALUES ('$_REQUEST[username]', md5('$_REQUEST[password]'),1)")) {
echo $SUCCESS;
}
else {
echo $FAILURE;
}
}
} elseif($_REQUEST['action'] == 'Disable') {
if(mysqli_query($dblink,"DELETE FROM users WHERE username = '$_REQUEST[username]'")) {
echo $SUCCESS;
}
else {
echo $FAILURE;
}
} else {
echo $SUCCESS; //default to success message so we don't throw errors on other functions we aren't using here.
}
?>