Skip to content

I
iwl-live
Commit 8fad5972 authored by Antonio.Suerte's avatar Antonio.Suerte
Browse files
Options

Flat3 Webhook Security Enhancement

parent 68d36a59
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 500 additions and 330 deletions
api/flat3/ConnectK2020.php 0 → 100644
View file @ 8fad5972
<?php
include_once "Flat3Webhook.php";
class ConnectK2020 extends Flat3Webhook{
public function __construct(){
/**
*
* setting flat3 webhook name
*
*/
parent::__construct("ConnectK2020");
}
public function listen(){
$this -> processTransactionData(VAL_STR_JPV_METHOD, "JP Voucher");
}
}
$connect = new ConnectK2020();
$connect -> listen();
\ No newline at end of file
api/flat3/Flat3Webhook.php 0 → 100644
View file @ 8fad5972
This diff is collapsed.
api/os_payment.php deleted 100644 → 0
View file @ 68d36a59
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
date_default_timezone_set('Asia/Tokyo');
include_once('../system/lib/config.php');
$_GET['IPAddress'] = $_SERVER['REMOTE_ADDR'];
error_log(date("[Y-m-d H:i:s]")." Flat3返回的数据变量为\r\n" . print_r($_GET,true)."\r\n", 3, 'Logs'.DIRECTORY_SEPARATOR.'Flat3'.DIRECTORY_SEPARATOR.'Log_'.date("Y-m-d").'.log');
$ipList = array(
'153.126.141.202',
'116.228.139.34',
'118.243.129.247',
'153.126.183.251',
'160.16.221.180',
'160.16.127.47',
'153.126.199.34',
'153.126.192.157',
'121.58.255.131',
'122.49.220.26',
'52.220.92.7'
);
if(@!isset($_SERVER['REMOTE_ADDR'])){
echo "IP not set";
error_log(date("[Y-m-d H:i:s]")." Flat3返回的数据变量为\r\n" . print_r($_GET,true)."\r\n IP not set \r\n\r\n\r\n\r\n", 3, 'Logs'.DIRECTORY_SEPARATOR.'Flat3'.DIRECTORY_SEPARATOR.'Error'.DIRECTORY_SEPARATOR.'Log_'.date("Y-m-d").'.log');
exit();
}elseif(!in_array($_SERVER['REMOTE_ADDR'], $ipList)){
echo "Not in AllowList";
error_log(date("[Y-m-d H:i:s]")." Flat3返回的数据变量为\r\n" . print_r($_GET,true)."\r\n". $_SERVER['REMOTE_ADDR'] ."\r\nNot in AllowList\r\n\r\n\r\n\r\n", 3, 'Logs'.DIRECTORY_SEPARATOR.'Flat3'.DIRECTORY_SEPARATOR.'Error'.DIRECTORY_SEPARATOR.'Log_'.date("Y-m-d").'.log');
exit();
}
$system = new System();
$get = $_GET;
$sqlObject = new mysql($system->getConfigValue(SECTION_DB,HOST_NAME),$system->getConfigValue(SECTION_DB,USER_NAME),$system->getConfigValue(SECTION_DB,LOGIN_PASS),$system->getConfigValue(SECTION_DB,TARGET_DB_NAME),'','UTF8');
$currency = JPY;
$date = date("Y-m-d H:i:s");
//处理返回数据
$ReturnResponse = explode('__',$system -> getColumnData($get,'data'));
$arrDeposit = array();
foreach($ReturnResponse as $key=>$val){
$arrTmp = array();
$arrExplodeTmp1 = explode('/',$val);
$arrExplodeTmp2 = explode('@',$arrExplodeTmp1[1]);
$arrTmp['TransactionID'] = $arrExplodeTmp1[0];
$arrTmp['DepositAmount'] = $arrExplodeTmp2[0];
$arrTmp['UserID'] = $arrExplodeTmp2[1];
$arrDeposit[] = $arrTmp;
}
//数据处理完毕
//Deposit表与array数组对应模型
$DepositModel = array(
'transaction_number'=>'TransactionID',
'user_account'=>'UserID',
'amount'=>'Amount',
'currency'=>'Currency',
'method'=>'Method',
'deposit_bank'=>'Bank',
'deposit_date'=>'Date',
'fee'=>'Fee',
'message'=>'Message',
'comment'=>'Comment',
'create_time'=>'Date',
'process_user'=>'User',
'type'=>'Type',
'err_flg'=>'Err_flg',
'flat3_transaction_id'=>'F3ID',
);
//array数组默认数据
$arrDepositTmp = array(
'Currency' => $currency,
'deposit_date' => $date,
'create_time'=> $date,
'Bank'=> 'Overseas',
'Method' => 'Overseas',
'User' => '9999',
'Type' => '0',
'Err_flg' => '0',
);
foreach($arrDeposit as $key=>$val){
//需要先查询有没有相同ID号订单
$sqlFlat3 = 'select flat3_transaction_id from t_deposit where flat3_transaction_id = "'.$val['TransactionID'].'"';
$resultFlat3 = $sqlObject -> query($sqlFlat3);
$rowFlat3 = $sqlObject -> fetch_assoc($resultFlat3);
//$rowFlat3 = '';
if(empty($rowFlat3)){
//没有结果,说明不是重复添加,可以进数据库
$arrTmp = array();
//根据内置方法取番号
$arrDepositTmp['TransactionID'] = $system-> getTransactionNumberCommon(VAR_TRANSACTION_DEPOSIT);
//$arrDepositTmp['TransactionID'] = trim(trim(date('YmdHis',time())).mt_rand(10000,99999));
$arrDepositTmp['F3ID'] = $val['TransactionID'];
$arrDepositTmp['UserID'] = $val['UserID'];
$arrDepositTmp['Amount'] = floor($val['DepositAmount'] / 1.05);
$arrDepositTmp['Fee'] = '0';
$arrDepositTmp['Comment'] = $val['TransactionID'].'/'.$val['DepositAmount'].'@'.$val['UserID'];
$arrDepositTmp['Date'] = $date;
foreach($DepositModel as $key=>$value){
if(isset($arrDepositTmp[$value])){
$arrTmp[$key] = $arrDepositTmp[$value];
}
}
$sql = 'insert into t_deposit '.$sqlObject -> InsertSql($arrTmp);
$sqlObject->query($sql);
//数据插入结束,发送邮件
$Params = array(); //设置参数
$Params[] = $val['UserID'];
$Params[] = $system -> getNameCommon($val['UserID']);
$Params[] = $arrDepositTmp['TransactionID'];
$Params[] = $date;
$Params[] = JPY;
$Params[] = ltrim($val['DepositAmount'],'0');
$Params[] = JPY;
$Params[] = $arrDepositTmp['Amount'];
//发送邮件
sendFlat3CompleteMail($system,$val['UserID'],$Params);
}else{
error_log(date("[Y-m-d H:i:s]")." FLAT3\r\n" . print_r($_GET,true)."\r\n Duplicate Transaction: ".$val['TransactionID']." \r\n\r\n\r\n\r\n", 3, 'Logs'.DIRECTORY_SEPARATOR.'FLAT3'.DIRECTORY_SEPARATOR.'Error'.DIRECTORY_SEPARATOR.'Log_'.date("Y-m-d").'.log');
echo "NG";
exit();
}
}
echo "OK";
/*-------------------------------------------------------------------------
* @function_name: CUP支付成功時邮件送信
* @parameter : 无
* @return : 无
-------------------------------------------------------------------------*/
function sendFlat3CompleteMail($system,$account,$params){
// 変数宣言部
$row = $system -> getRowData($system -> getAccountCommon($account));
$system -> sendMailByTmp('deposit_float3_complete.xml'
, $params
, $system -> getColumnData($row, COLUMN_MAIL)
, VAR_CS_MAIL_ADDRESS);
}
?>
\ No newline at end of file
api/sapay_webhook.php deleted 100644 → 0
View file @ 68d36a59
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
date_default_timezone_set('Asia/Tokyo');
include_once('../system/lib/config.php');
$_GET['IPAddress'] = $_SERVER['REMOTE_ADDR'];
error_log(date("[Y-m-d H:i:s]")." SAPAY\r\n" . print_r($_GET,true)."\r\n", 3, 'Logs'.DIRECTORY_SEPARATOR.'SAPAY'.DIRECTORY_SEPARATOR.'Log_'.date("Y-m-d").'.log');
$ipList = array(
'153.126.141.202',
'116.228.139.34',
'118.243.129.247',
'153.126.183.251',
'160.16.221.180',
'160.16.127.47',
'153.126.199.34',
'153.126.192.157',
'121.58.255.131',
'122.49.220.26',
'121.58.194.162',
'52.220.92.7'
);
if(@!isset($_SERVER['REMOTE_ADDR'])){
echo "IP not set";
error_log(date("[Y-m-d H:i:s]")." SAPAY\r\n" . print_r($_GET,true)."\r\n IP not set \r\n\r\n\r\n\r\n", 3, 'Logs'.DIRECTORY_SEPARATOR.'SAPAY'.DIRECTORY_SEPARATOR.'Error'.DIRECTORY_SEPARATOR.'Log_'.date("Y-m-d").'.log');
exit();
}elseif(!in_array($_SERVER['REMOTE_ADDR'], $ipList)){
echo "Not in AllowList";
error_log(date("[Y-m-d H:i:s]")." SAPAY\r\n" . print_r($_GET,true)."\r\n". $_SERVER['REMOTE_ADDR'] ."\r\nNot in AllowList\r\n\r\n\r\n\r\n", 3, 'Logs'.DIRECTORY_SEPARATOR.'SAPAY'.DIRECTORY_SEPARATOR.'Error'.DIRECTORY_SEPARATOR.'Log_'.date("Y-m-d").'.log');
exit();
}
$system = new System();
$get = $_GET;
$sqlObject = new mysql($system->getConfigValue(SECTION_DB,HOST_NAME),$system->getConfigValue(SECTION_DB,USER_NAME),$system->getConfigValue(SECTION_DB,LOGIN_PASS),$system->getConfigValue(SECTION_DB,TARGET_DB_NAME),'','UTF8');
$currency = JPY;
$date = date("Y-m-d H:i:s");
//处理返回数据
$ReturnResponse = explode('__',$system -> getColumnData($get,'data'));
$arrDeposit = array();
foreach($ReturnResponse as $key=>$val){
$arrTmp = array();
$arrExplodeTmp1 = explode('/',$val);
$arrExplodeTmp2 = explode('@',$arrExplodeTmp1[1]);
$arrTmp['TransactionID'] = $arrExplodeTmp1[0];
$arrTmp['DepositAmount'] = $arrExplodeTmp2[0];
$arrTmp['UserID'] = $arrExplodeTmp2[1];
$arrDeposit[] = $arrTmp;
}
//数据处理完毕
//Deposit表与array数组对应模型
$DepositModel = array(
'transaction_number'=>'TransactionID',
'user_account'=>'UserID',
'amount'=>'Amount',
'currency'=>'Currency',
'method'=>'Method',
'deposit_bank'=>'Bank',
'deposit_date'=>'Date',
'fee'=>'Fee',
'message'=>'Message',
'comment'=>'Comment',
'create_time'=>'Date',
'process_user'=>'User',
'type'=>'Type',
'err_flg'=>'Err_flg',
'flat3_transaction_id'=>'F3ID',
);
//array数组默认数据
$arrDepositTmp = array(
'Currency' => $currency,
'deposit_date' => $date,
'create_time'=> $date,
'Bank'=> 'JP Voucher',
'Method' => 'JPV',
'User' => '9999',
'Type' => '0',
'Err_flg' => '0',
);
foreach($arrDeposit as $key=>$val){
if(strpos($val['UserID'],'G')!==FALSE){
$ch = curl_init(VAL_STR_GAPI_FLAT3.$val['TransactionID'].'/'.$val['DepositAmount'].'@'.$val['UserID']);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$data = curl_exec($ch);
$error = 'No error';
if(curl_errno($ch)) {
$error = curl_error($ch);
}
curl_close($ch);
error_log(date("[Y-m-d H:i:s]")." FLAT3-GAPI\r\n" . print_r($_GET,true)."\r\n GAPI Response: ".$data."\r\n Error:".$error."\r\n\r\n\r\n", 3, 'Logs'.DIRECTORY_SEPARATOR.'SAPAY'.DIRECTORY_SEPARATOR.'GAPI'.DIRECTORY_SEPARATOR.'Log_'.date("Y-m-d").'.log');
if($data != 'OK'){
echo 'NG';
exit();
}
}else{
//需要先查询有没有相同ID号订单
$sqlFlat3 = 'select flat3_transaction_id from t_deposit where flat3_transaction_id = "'.$val['TransactionID'].'"';
$resultFlat3 = $sqlObject -> query($sqlFlat3);
$rowFlat3 = $sqlObject -> fetch_assoc($resultFlat3);
//$rowFlat3 = '';
if(empty($rowFlat3)){
//没有结果,说明不是重复添加,可以进数据库
$arrTmp = array();
//根据内置方法取番号
$arrDepositTmp['TransactionID'] = $system-> getTransactionNumberCommon(VAR_TRANSACTION_DEPOSIT);
//$arrDepositTmp['TransactionID'] = trim(trim(date('YmdHis',time())).mt_rand(10000,99999));
$arrDepositTmp['F3ID'] = $val['TransactionID'];
$arrDepositTmp['UserID'] = $val['UserID'];
$arrDepositTmp['Amount'] = floor($val['DepositAmount'] / 1.05);
$arrDepositTmp['Fee'] = '0';
$arrDepositTmp['Comment'] = $val['TransactionID'].'/'.$val['DepositAmount'].'@'.$val['UserID'];
$arrDepositTmp['Date'] = $date;
foreach($DepositModel as $key=>$value){
if(isset($arrDepositTmp[$value])){
$arrTmp[$key] = $arrDepositTmp[$value];
}
}
$sql = 'insert into t_deposit '.$sqlObject -> InsertSql($arrTmp);
$sqlObject->query($sql);
//数据插入结束,发送邮件
$Params = array(); //设置参数
$Params[] = $val['UserID'];
$Params[] = $system -> getNameCommon($val['UserID']);
$Params[] = $arrDepositTmp['TransactionID'];
$Params[] = $date;
$Params[] = JPY;
$Params[] = ltrim($val['DepositAmount'],'0');
$Params[] = JPY;
$Params[] = $arrDepositTmp['Amount'];
//发送邮件
sendFlat3CompleteMail($system,$val['UserID'],$Params);
}else{
error_log(date("[Y-m-d H:i:s]")." SAPAY\r\n" . print_r($_GET,true)."\r\n Duplicate Transaction: ".$val['TransactionID']." \r\n\r\n\r\n\r\n", 3, 'Logs'.DIRECTORY_SEPARATOR.'SAPAY'.DIRECTORY_SEPARATOR.'Error'.DIRECTORY_SEPARATOR.'Log_'.date("Y-m-d").'.log');
echo "NG";
exit();
}
}
}
echo "OK";
/*-------------------------------------------------------------------------
* @function_name: CUP支付成功時邮件送信
* @parameter : 无
* @return : 无
-------------------------------------------------------------------------*/
function sendFlat3CompleteMail($system,$account,$params){
// 変数宣言部
$row = $system -> getRowData($system -> getAccountCommon($account));
$system -> sendMailByTmp('deposit_jpv_complete.xml'
, $params
, $system -> getColumnData($row, COLUMN_MAIL)
, VAR_CS_MAIL_ADDRESS);
}
?>
system/lib/sql.xml
View file @ 8fad5972
......@@ -1685,6 +1685,62 @@
メッセージ
コメント
-->
<SELECT_FLAT3_DEPOSIT_TRANSNUM>
SELECT
flat3_transaction_id
FROM
t_deposit
WHERE 1
__ELEMENT01__
</SELECT_FLAT3_DEPOSIT_TRANSNUM>
<SELECT_ACCOUNT_NUMS>
SELECT
user_account
FROM
t_user
WHERE 1
__ELEMENT01__
</SELECT_ACCOUNT_NUMS>
<INSERT_DEPOSIT_FLAT3>
INSERT INTO t_deposit
(
transaction_number,
user_account,
amount,
currency,
method,
deposit_bank,
deposit_date,
fee,
comment,
create_time,
process_user,
type,
err_flg,
flat3_transaction_id
)
VALUES
(
'__ELEMENT01__',
'__ELEMENT02__',
'__ELEMENT03__',
'__ELEMENT04__',
'__ELEMENT05__',
'__ELEMENT06__',
'__ELEMENT07__',
'__ELEMENT08__',
'__ELEMENT09__',
'__ELEMENT10__',
'__ELEMENT11__',
'__ELEMENT12__',
'__ELEMENT13__',
'__ELEMENT14__'
)
</INSERT_DEPOSIT_FLAT3>
<INSERT_DEPOSIT>
INSERT INTO t_deposit (
user_account
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment