45 lines
1.0 KiB
PHP
45 lines
1.0 KiB
PHP
<?php
|
|
require('../common.php');
|
|
|
|
if(empty($_SERVER['HTTP_HMAC'])){
|
|
die("No HMAC signature sent");
|
|
}
|
|
|
|
$merchant = $_POST['merchant'] ?? '';
|
|
if(empty($merchant)){
|
|
die("No Merchant ID passed");
|
|
}
|
|
|
|
if($merchant !== COINPAYMENTS_MERCHANT_ID){
|
|
die("Invalid Merchant ID");
|
|
}
|
|
|
|
$request = file_get_contents('php://input');
|
|
if(empty($request)){
|
|
die("Error reading POST data");
|
|
}
|
|
|
|
$hmac = hash_hmac("sha512", $request, COINPAYMENTS_IPN_SECRET);
|
|
if($hmac !== $_SERVER['HTTP_HMAC']){
|
|
die("HMAC signature does not match");
|
|
}
|
|
|
|
$db = get_db_instance();
|
|
$status = 0;
|
|
if($_POST['status'] < 0){
|
|
$status = -1;
|
|
}elseif($_POST['status'] > 0 && $_POST['status'] < 100){
|
|
$status = 1;
|
|
}elseif($_POST['status'] >= 100){
|
|
$status = 2;
|
|
}
|
|
$stmt = $db->prepare('SELECT status FROM payments WHERE txn_id = ?;');
|
|
$stmt->execute([$_POST['txn_id']]);
|
|
if($tmp = $stmt->fetch(PDO::FETCH_ASSOC)){
|
|
if($status != $tmp['status']){
|
|
$stmt = $db->prepare('UPDATE payments SET status = ? WHERE txn_id = ?;');
|
|
$stmt->execute([$status, $_POST['txn_id']]);
|
|
payment_status_update($_POST['txn_id']);
|
|
}
|
|
}
|