<?php
require_once '../functions.php';
//$request = implode(' | ', $_REQUEST);
$request = 'REQUEST: ' . "\n";
foreach ($_REQUEST as $var => $val) {
	$request .= $var . ' = ' . $val . ' | ' . "\n";
}
$request .= "\n" . 'POST: ' . "\n";
foreach ($_POST as $var => $val) {
	$request .= $var . ' = ' . $val . ' | ' . "\n";
}
$request .= "\n" . 'GET: ' . "\n";
foreach ($_GET as $var => $val) {
	$request .= $var . ' = ' . $val . ' | ' . "\n";
}
$request .= "\n" . "URL : " . "\n" . $_SERVER['REQUEST_URI'];

function getCurrentIP() {
        $ip = (getenv(HTTP_X_FORWARDED_FOR))
    ?  getenv(HTTP_X_FORWARDED_FOR)
    :  getenv(REMOTE_ADDR);
    $ip = getenv(REMOTE_ADDR);
    
  return $ip;
}

//Validation de signature
$parameters = $_GET;

$signature = $parameters['api_sig'];
unset($parameters['api_sig']);
ksort($parameters);

$secretKey      = '4e06989e52c2bd5b569f4c55ac2a4ad4'; // fill here with your personal secret key
$string2compute = '';

foreach ($parameters as $name => $value) {
    $string2compute .= $name . $value;
}

// true if OK, false if not
// if your are using md5 instead of sha1 please replace

if (sha1($string2compute . $secretKey) == $signature) {
    $code    = 240;
    $message = 'OK';
}
else {
    $code    = 340;
    $message = 'KO';
}

if (isset($_POST['xml'])) { $hipay = 'HIPAY';} else {$hipay = 'ALLOPASS';}

if ($hipay == 'HIPAY') {
	$secretKey = '83f187c9ff746d0fd7a930714f2632b9';
	$pos = strpos($_POST['xml'], '<result>');
	$string2compute = substr(substr($_POST['xml'], $pos), 0, -8);
	//$xmlhash = substr($_POST['xml'], );
	//$request .= "\n" . "XML Hash : " . $xmlhash;
	$request .= "\n" . "Hipay string2compute :" . $string2compute . $secretKey;
	$request .= "\n" . "Hipay Computed Hash :" . md5($string2compute . $secretKey);
}

$request .= "\n" . "Validation signature : " . sha1($string2compute . $secretKey);
$request .= "\n" . "string2compute : " . $string2compute . $secretKey;
$request .= "\n" . "Notification Server IP : " . getCurrentIP();


$db = connect();

if ($db) {
	$query = "INSERT INTO notifications SET type = '".$hipay." - ".$_REQUEST['type']." - ".$_REQUEST['customer_country']."', message = '" . $request . "'" ;
	$result = mysql_query($query);
	if ($result) {
		//echo "OK";
		//$code    = 0;
    	//$message = 'OK';
		
	}
}

// 4a0d48499e6cd739e4c169e399f9f0a2

//$code    = 0;
//$message = 'KO';

header('Content-Type: text/xml; charset=UTF-8');

echo '<?xml version="1.0" encoding="UTF-8" ?>';
?>
<response status="1">
 <code><?php echo $code; ?></code>
 <message><?php echo $message; ?></message>
</response>
<?php 

//else echo "KO";
/*
$RECALL = $_GET["RECALL"];
if (!empty($RECALL)) {
	$AUTH = urlencode( "222616/879233/4096001" );
  	$r = @file( "http://payment.allopass.com/api/checkcode.apu?code=$RECALL&auth=$AUTH" );
	echo "<br><br>Recall = ".$RECALL."<br>AUTH : " . $AUTH . "<br>File : ";
	var_dump($r);
}
*/

//echo "<pre>";
//var_dump($_REQUEST);
//echo "</pre>";
// 1234548041728642
// jabella@hi-media.com

// [12:01:35] Mickael [Hi-media Payments]: 1234456470961326
// http://payelex.appspot.com/list_channels?app_id=7f5d1e8c9b26f00ef80621744c21012b&uid=40908839

// https://payment.allopass.com/buy/buy.apu?ids=222616&idd=879233&forward_target=current&bundle_purchase=0&type=dineromail&access_form=0
?>