<?php
function updateUser($id, $credits) {
	$cnx = mysql_connect('////', '///', '///');
    mysql_select_db('////');

    $sql = 'UPDATE users SET bank=bank+'.$credits.' WHERE id='.$id;
    $update = mysql_query($sql) or die(mysql_error());
	
	mysql_close($cnx);
}

function errorMail($message) {
    $headers  = 'MIME-Version: 1.0' . '\r\n';
    $headers .= 'Content-type: text/html; charset=iso-8859-1' . '\r\n';
    mail('arthur.valverde@gmail.com', '[XBXParadise] Callback error' , $message, $headers);
}

// SUPERSONICADS
if (isset($_GET['app']) && $_GET['app'] == 'supads') {
    $userId     = $_GET['applicationUserId'];
    $eventId    = $_GET['eventId'];
    $rewards    = $_GET['rewards'];
    $signature  = $_GET['signature'];
    $timestamp  = $_GET['timestamp'];
    $privateKey = 'd85547';
    
    if (md5($timestamp.$eventId.$userId.$rewards.$privateKey) == $signature){
        updateUser($userId, $rewards);
        echo $eventId.":OK";
    }
    else {
        errorMail('[SupersonicAds]: Signature invalide - Call back url: '.$_SERVER['REQUEST_URI']);
        header ("HTTP/1.0 400 Bad Request");
    }
}
// RENTABILIWEB
elseif (isset($_GET['docId']) && isset($_GET['hash'])) {
    $MYSECRETKEY = 'KJ834YOFS';
    $docId		= (int) $_GET['docId'];
    $uid		= $_GET['uid'];
    $awards		= (int) $_GET['awards'];
    $trId		= $_GET['trId'];
    $promoId	= ((isset($_GET['promoId'])) ? (int) $_GET['promoId'] : 0 );
    $hash		= $_GET['hash'];
    
    if(md5($uid . $awards . $trId . $MYSECRETKEY) == $hash) {
        updateUser($uid, $awards);
        echo "OK";
    }
    else {
        errorMail('[Rentabiliweb]: Hash error - Call back url: '.$_SERVER['REQUEST_URI'].' - md5: '.md5($uid . $awards . $trId . $MYSECRETKEY).' - hash: '.$hash);
        header ("HTTP/1.0 400 Bad Request");
    }
}
// SPONSORPAY
elseif (isset($_GET['amount']) && isset($_GET['uid'])) {    
    $security_token = 'KJ834YOFS';
    $amount = $_GET['amount'];
    $userid = $_GET['uid'];
    
    $hash = sha1($security_token . $userid . $amount);
    
    if ( $_GET['sid'] == $hash ) {
        updateUser($userid, $amount);
    }
    else {
        errorMail('[SponsorPay]: Hash error - Call back url: '.$_SERVER['REQUEST_URI'].' - sha1: '.$hash.' - hash: '.$_GET['sid']);
        header ("HTTP/1.0 400 Bad Request");
    }
}
// ALLOPASS
elseif(isset($_GET['action']) && $_GET['action'] == 'payment-confirm') {
    $parameters = $_GET; 
	$signature = $parameters['api_sig']; 
	unset($parameters['api_sig']); 
	ksort($parameters); 
	$secretKey = 'f952786ac6f15a6417fbf0bee75e1a42'; // renseignez ici votre Clé d’API secrète
	$string2compute = ''; 
	foreach ($parameters as $name => $value) { 
	  $string2compute .= $name . $value; 
	} 
	 if (sha1($string2compute . $secretKey) == $signature) { 
	 	$updatedata = explode('|',$_GET['data']);
		if (isset($_GET['user_id']) && isset($_GET['virtual_amount'])){
			updateUser($_GET['user_id'], $_GET['virtual_amount']);
		} else {
			updateUser($updatedata[0], $updatedata[1]);
		}
		echo "OK";
	}else { 
		errorMail('[Allopass]: Signature invalide - Call back url: '.$_SERVER['REQUEST_URI']);
		header ("HTTP/1.0 400 Bad Request");
	}    
}
// FIN ALLOPASS
?>