Danger II
tibiara.com
Not sure if released already, but deleting tons of scripts from my computer, maybe this could help someone.
I've made it for someone around a year ago.
I've made it for someone around a year ago.
Code:
<?php
// check if the request comes from Fortumo server
if(!in_array($_SERVER['REMOTE_ADDR'],array(
'127.0.0.1' ,
'81.20.151.38',
'81.20.148.122',
'79.125.125.1',
'209.20.83.207' ,
'54.72.6.23',
'54.72.6.126',
'54.72.6.27' ,
'54.72.6.17' ,
'54.72.6.23' ,
'79.125.125.1' ,
'79.125.5.95' ,
'79.125.5.205'
))) {
header("HTTP/1.0 403 Forbidden");
die("Error: Unknown IP");
}
// read $_GET from Fortumo servers
$sender = $_GET['sender'];//phone num.
$amount = $_GET['amount'];//credit
$payment_id = $_GET['cuid'];//unique id
$custom = $_GET['custom'];
$country = $_GET['country'];
$currency = $_GET['currency'];
$service_id = $_GET['service_id'];
$operator = $_GET['operator'];
$status = $_GET['status'];
$price = $_GET['price'];
$points = $_GET['amount'];
$created = time();
$ip = $_SERVER['REMOTE_ADDR'];
$con=mysqli_connect("localhost","root","passwd","database");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con, "SELECT * FROM z_fortumo WHERE 'payment_id' != '$payment_id'") or die(mysqli_error($con));
if ($result && $payment_id != "undefined"){
//id, account_id, price,service_id,points,operator,payment_id,sender,currency,status,ip,created
mysqli_query($con,"INSERT INTO z_fortumo VALUES ('', '$payment_id', '$price', '$service_id', '$points', '$operator', '$sender', '$currency', '$status', '$ip', '$created')");
// update the points in database
mysqli_query($con,"UPDATE accounts SET premium_points = premium_points + '$points' WHERE id = '$payment_id'");
$count->close();
mysqli_close($con);
}
?>