Server doesn't change database when there is a postback

[cherri8]

hi i have a little issue. Host server doesn't want to change database when there is incoming info from postbacks. Is there a code to stop this in htaccess or something?. I had a gpt site that had no issues but i didnt create the script and the script was encrypted.

[justsomeguy]

What do you mean?  Web servers don't "want" to do anything, they simply do what they are told to do.  What specifically are you seeing?

Are you sure that your issue is related to PHP?  .NET is the only platform that uses the term "postback" to describe a common behavior.

[cherri8]

hi when i get postbacks from the outside like mediumpath which is an offerwall, my database doesnt update or select member's info. i didnt use the exact postback below but it's the same idea. it's an example from that site.

if(!empty($_POST)){
	
	define('EvolutionScript', 1);
	define('ROOTPATH',dirname(__FILE__).'/');
	define('INCLUDES',ROOTPATH.'includes/');
	require(INCLUDES.'core.php');
	require_once INCLUDES.'global.php';

	$user_id = isset($_POST['user_id']) ? $_POST['user_id'] : null;
	$transId = isset($_POST['transId']) ? $_POST['transId'] : null;
	$reward = isset($_POST['reward']) ? $_POST['reward'] : null;
	$currency = isset($_POST['currency']) ? $_POST['currency'] : null;
	$signature = isset($_POST['signature']) ? $_POST['signature'] : null;
	$status = isset($_POST['status']) ? $_POST['status'] : null;
	$userIp = isset($_POST['userIp']) ? $_POST['userIp'] : null;
	$campaign_id = isset($_POST['campaign_id']) ? $_POST['campaign_id'] : null;
	$country = isset($_POST['country']) ? $_POST['country'] : null;

	$secret = "[YOUR_WEBSITE/APP_SECRET_KEY]"; // check your app info at www.mediumpath.com

	$user_id = isset($_POST['user_id']) ? $_POST['user_id'] : null;
	$transId = isset($_POST['transId']) ? $_POST['transId'] : null;
	$reward = isset($_POST['reward']) ? $_POST['reward'] : null;
	$signature = isset($_POST['signature']) ? $_POST['signature'] : null;

	if(md5($user_id.$transId.$reward.$secret) != $signature){
		print_r($_POST);
		exit;
	}else{
		$insert = array(
						'user_id' => $user_id,
						'transId' => $transId,
						'reward' => $reward,
						'currency' => $currency,
						'signature' => $signature,
						'status' => $status,
						'userIp' => $userIp,
						'campaign_id' => $campaign_id,
						'country' => $country,
						);
		$insertdb = $db->insert("mediumpathipn", $insert);
		$orderid = $db->lastInsertId();

		$user_info = $db->fetchRow("SELECT * FROM members WHERE id={$user_id}");
		if(!empty($user_info)){
			$set = array(
						'money' => $user_info['money']+$reward,
						);
			$upd = $db->update("members", $set, "id = {$user_id}");
		}
	}
}else{
echo "ERROR: No key founds";
exit;
}

 

[justsomeguy]

Everything inside the else block there is what you want to happen on your site, so you would change that to match whatever your site is doing.  That code shows adding everything to a table called mediumpathipn, and then updating the members table.  You can replace that with whatever makes sense for your site.  If the user ID that they pass you doesn't match the user IDs on your site then you need to have a way to map their user ID to your users.

[cherri8]

i dont have members for it as yet but i did postback test on those offerwall sites. i did change code to match my site. it seems that the server will only allow changes to the database if someone is present on the page and if it's my own site. 

[justsomeguy]

I'm not sure what you're describing, but of course you can only run code on your own server.  No other site is going to allow you to run arbitrary server-side code on a server or site that isn't yours.