<?php 
header('Content-Type: text/xml; charset=UTF-8');

require_once '../functions.php';
//$request = implode(' | ', $_REQUEST);
$request = 'ID FLOW : '  . "\n" . ' REQUEST: ' . "\n";
foreach ($_REQUEST as $var => $val) {
	$request .= $var . ' = ' . $val . ' | ' . "\n";
}
$request .= "\n" . 'POST: ' . "\n";
foreach ($_POST as $var => $val) {
	$request .= $var . ' = ' . $val . ' | ' . "\n";
}
$request .= "\n" . 'GET: ' . "\n";
foreach ($_GET as $var => $val) {
	$request .= $var . ' = ' . $val . ' | ' . "\n";
}
$db = connect();


/*
echo '<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE response [
        <!ELEMENT response (transaction_id,message,product_name)>
        <!ELEMENT transaction_id (#PCDATA)>
        <!ELEMENT message (#PCDATA)>
        <!ELEMENT product_name (#PCDATA)>
]>
<response code="0">
        <transaction_id><![CDATA[84995]]></transaction_id>
        <message><![CDATA[Votre compte Vincent a été crédité de 1 Oopad]]></message>
        <product_name><![CDATA[1_OOPAD]]></product_name>
</response>
';
*/
/*
echo "<?xml version='1.0' encoding='utf-8' ?>
<response code='0'>
 <transaction_id><![CDATA[trx_123456]]></transaction_id>
 <message><![CDATA[User: ".$_REQUEST['user_id'].", Price: ".$_REQUEST['amount'].$_REQUEST['currency']."]]></message>
 <product_name><![CDATA[Achat pack de X tokens.]]></product_name>
</response>";
*/
/*
 * action=new-message&amount=3&api_hash=sha1&api_key=ec51e20e4d41995d249d0be1886fa9eb&currency=EUR&customer_country=FR&date=1294850623&payout_amount=1.28&payout_currency=EUR&pricepoint_id=57&reference_amount=3&reference_currency=EUR&reference_payout=1.28&site_id=215&transaction_id=fd5aa059-3951-4c8e-a9f7-b02c76eda8ae&user_id=1&api_sig=229b9829ef7d8cb35f135823d1e5afcb79781f76 
 * */

$parameters = $_GET;
$signature = $parameters['api_sig'];
unset($parameters['api_sig']);
ksort($parameters);
$secretKey = '79c73619962ed310c95a9ff67b20c194'; // fill here with your personal secret key
$string2compute = '';
foreach ($parameters as $name => $value) {
$string2compute .= $name . $value;
}
// true if OK, false if not
// if you are using md5 instead of sha1 please replace
if (sha1($string2compute . $secretKey) == $signature) {
$sign = 0;
$message = 'OK';
}
else {
$sign = 1;
$message = 'KO';
}

if ($_REQUEST['user_id'] == '12345' && $sign == 0) 
	$code = 0;
else 	
	$code = 1;


if ($db) {
	$query = "INSERT INTO notifications SET message = 'CODE = ". $code . "\n" . sha1($string2compute . $secretKey) . "\n" . $request . "'" ;
	$result = mysql_query($query);
	if ($result) {
		//echo "saved";
	}
}


header('Content-Type: text/xml; charset=UTF-8');
echo '<?xml version="1.0" encoding="UTF-8" ?>';
?>
<response code="<?php echo $code ?>">
<transaction_id><![CDATA[trx_123456]]></transaction_id>
<product_name><![CDATA[Actuanimaux IdFlow Audiotel]]></product_name>
<credits></credits>
</response>

