<?php
//ALLOPASS
require_once '../functions.php';
$db = connect();
$query = "INSERT INTO notifications SET message = '" . $_SERVER['REQUEST_URI'] . "'" ;
$result = mysql_query($query);
$updatedata = explode('|',$_GET['data']);
//updateUser($updatedata[0], $updatedata[1]);
$sql = 'UPDATE users SET bank=bank+'.$updatedata[1].' WHERE id='.$updatedata[0];
$update = mysql_query($sql) or die(mysql_error());
var_dump($sql);
function updateUser($id, $credits) {
	$cnx = mysql_connect('////', '///', '///');
    mysql_select_db('////');

    $sql = 'UPDATE users SET bank=bank+'.$credits.' WHERE id='.$id;
    $update = mysql_query($sql) or die(mysql_error());
	
	mysql_close($cnx);
}

function errorMail($message) {
    $headers  = 'MIME-Version: 1.0' . '\r\n';
    $headers .= 'Content-type: text/html; charset=iso-8859-1' . '\r\n';
    mail('arthur.valverde@gmail.com', '[XBXParadise] Callback error' , $message, $headers);
}

// SUPERSONICADS
if (isset($_GET['app']) && $_GET['app'] == 'supads') {
    $userId     = $_GET['applicationUserId'];
    $eventId    = $_GET['eventId'];
    $rewards    = $_GET['rewards'];
    $signature  = $_GET['signature'];
    $timestamp  = $_GET['timestamp'];
    $privateKey = 'd85547';
    
    if (md5($timestamp.$eventId.$userId.$rewards.$privateKey) == $signature){
        updateUser($userId, $rewards);
        echo $eventId.":OK";
    }
    else {
        errorMail('[SupersonicAds]: Signature invalide - Call back url: '.$_SERVER['REQUEST_URI']);
        header ("HTTP/1.0 400 Bad Request");
    }
}
// RENTABILIWEB
elseif (isset($_GET['docId']) && isset($_GET['hash'])) {
    $MYSECRETKEY = 'KJ834YOFS';
    $docId		= (int) $_GET['docId'];
    $uid		= $_GET['uid'];
    $awards		= (int) $_GET['awards'];
    $trId		= $_GET['trId'];
    $promoId	= ((isset($_GET['promoId'])) ? (int) $_GET['promoId'] : 0 );
    $hash		= $_GET['hash'];
    
    if(md5($uid . $awards . $trId . $MYSECRETKEY) == $hash) {
        updateUser($uid, $awards);
        echo "OK";
    }
    else {
        errorMail('[Rentabiliweb]: Hash error - Call back url: '.$_SERVER['REQUEST_URI'].' - md5: '.md5($uid . $awards . $trId . $MYSECRETKEY).' - hash: '.$hash);
        header ("HTTP/1.0 400 Bad Request");
    }
}
// SPONSORPAY
elseif (isset($_GET['amount']) && isset($_GET['uid'])) {    
    $security_token = 'KJ834YOFS';
    $amount = $_GET['amount'];
    $userid = $_GET['uid'];
    
    $hash = sha1($security_token . $userid . $amount);
    
    if ( $_GET['sid'] == $hash ) {
        updateUser($userid, $amount);
    }
    else {
        errorMail('[SponsorPay]: Hash error - Call back url: '.$_SERVER['REQUEST_URI'].' - sha1: '.$hash.' - hash: '.$_GET['sid']);
        header ("HTTP/1.0 400 Bad Request");
    }
}
// ALLOPASS
elseif(isset($_GET['action']) && $_GET['action'] == 'payment-confirm') {
    $parameters = $_GET; 
	$signature = $parameters['api_sig']; 
	unset($parameters['api_sig']); 
	ksort($parameters); 
	//$secretKey = 'f952786ac6f15a6417fbf0bee75e1a42'; // renseignez ici votre Clé d’API secrète
	$secretKey = '4e06989e52c2bd5b569f4c55ac2a4ad4'; 
	$string2compute = ''; 
	foreach ($parameters as $name => $value) { 
	  $string2compute .= $name . $value; 
	} 
	 if (sha1($string2compute . $secretKey) == $signature) { 
	 	$updatedata = explode('|'.urldecode($_GET['data']));
		//updateUser($updatedata[0], $updatedata[1]);
		$sql = 'UPDATE users SET bank=bank+'.$updatedata[1].' WHERE id='.$updatedata[0];
    	$update = mysql_query($sql) or die(mysql_error());
		echo "OK";
	}else { 
		//errorMail('[Allopass]: Signature invalide - Call back url: '.$_SERVER['REQUEST_URI']);
		//header ("HTTP/1.0 400 Bad Request");
	}    
}
?>