<?php
include_once '/Common/CommFunc.php';
include_once '/Common/Logging.php';
include_once "/ProjComm/CfgReader.php";

header("Content-type: text/html; charset=utf-8");

// https://developer.shg.vn/article/view?id=87&lang=ch

\Logging\CreateLogging("sohagame.payment.php");
\Logging\LogInfo("_POST: " . print_r($_POST, true));

$result = array('status' => 'failed', 'message' => '', 'repeat' => 0, 'request' => $_REQUEST);

$signed_request = $_POST['signed_request'];
if ($signed_request == '') {
    $result['message'] = "signed_request empty";
    echo json_encode($result);
    exit;
}

$spid = "sohagame";
if ($_POST["spid"]) {
    // 可选参数，也可用于测试用
    $spid = $_POST["spid"];
}

\CommFunc\GetKeyFromConfig(dirname(__FILE__) . '\\..\\..\\InterfaceConfig.php', "SP." . $spid, "app_secret", $app_secret);
$redata = parse_signed_request($signed_request, $app_secret);
if ($redata) { //verify ok
    \Logging\LogInfo("redata: " . print_r($redata, true));
    // detail $re:

    //user_id: id of user platform
    //app_id: app_id of user platform
    //order_id: id of order (unix)(note :  order_id is unix,game must check before add money in game for ensure one order_id add one time only)
    //order_info: code of package
    //role_id: code of character
    //area_id: code of  server
    //time: time call

    //handle add money game to account here
    $returnArr = send_to_gameserver_exchange($spid, $redata);
    \Logging\LogInfo("returnArr: " . print_r($returnArr, true));

    //if order_id has added before then no add more and set $result = array('status' => 'settled','message'=>'success','repeat'=>1);

    //if add money game success then
    // $result = array('status' => 'settled', 'message' => 'success', 'repeat' => 0, 'request' => $_REQUEST);

    //else add money game error then
    //$result = array('status' => 'failed','message'=>'');
    //  message : reason fail
    //if fail platform's server will try call again after if fail too then rollback money of platform and notice to user

    switch ($returnArr["errorcode"]) {
        case 1:
            $result['status'] = "settled";
            $result['message'] = "success";
            $result['repeat'] = 0;
            break;
        case 2:
            $result['status'] = "settled";
            $result['message'] = "success";
            $result['repeat'] = 1;
            break;
        default:
            $result['status'] = "failed";
            $result['message'] = $returnArr["errordesc"];
            break;
    }
} else {
    $result['message'] = "verify incorrect";
}
\Logging\LogInfo("result: " . print_r($result, true));
echo json_encode($result);
exit;

function send_to_gameserver_exchange($spid, $redata)
{
    $returnArr = array("errorcode" => 0, "errordesc" => "fail");
    $area_id = $redata["area_id"];
    $serverIDArray = array(intval($area_id));
    $serverPageInfo = \CommFunc\GetGameServerPageInfo($spid, $serverIDArray);
    if (count($serverPageInfo) <= 0) {
        $returnArr["errordesc"] = "not serverPageInfo";
        return $returnArr;
    }

    // 目标角色对应游戏服务器gmtool地址
    $serverPageValues = array_values($serverPageInfo);

    $pageUrl = $serverPageValues[0]["Page"];
    if (!$pageUrl) {
        $returnArr["errordesc"] = "not page url";
        return $returnArr;
    }

    $appID = $redata["app_id"];

    if (!\CfgReader\ReadConfig()) {
        $returnArr["errordesc"] = "cfgreader error";
        return $returnArr;
    }

    if (
        !\CfgReader\GetConfigData("ExChange", "Key_" . $appID, $strKey) ||
        !\CfgReader\GetConfigData("Config", "IsDecryptKey", $isDecryptKey)
    ) {
        $returnArr["errordesc"] = "not exChange appid key";
        return $returnArr;
    }

    //如果配置了需要解密，对登录key进行解密
    if ($isDecryptKey == 1) {
        $strKey = \CommFunc\GetDecodePsw($strKey);
    }

    \Logging\LogInfo("strKey: " . $strKey);

    $postUrl = str_replace("Server/Tool.php", "api/exchange/index.php", $pageUrl);
    \Logging\LogInfo("postUrl: " . $postUrl);

    $payData = array(
        "AccountID" => $redata["user_id"],
        "RegionName" => "s" . $area_id,
        "OrderAmount" => 0, // 越南版没有传订单金额
        "BillNO" => $redata["order_id"],
        "OrderInfo" => $redata["order_info"],
        "OperatorID" => $appID,
    );

    $opqid = $payData['AccountID'];
    $orderID = $payData["BillNO"];
    $orderAmount = $payData['OrderAmount'];
    $getServer_id = $payData['RegionName'];
    $sign = md5($opqid . $orderAmount . $orderID . $getServer_id . $strKey);
    $payData["Sign"] = $sign;
    \Logging\LogInfo("payData: " . print_r($payData, true));
    $payretStr = \CommFunc\DoPost($postUrl, $payData);
    \Logging\LogInfo("payretStr: " . $payretStr);
    return json_decode($payretStr, true);
}

function parse_signed_request($signed_request, $secret)
{
    list($encoded_sig, $payload) = explode('.', $signed_request, 2);
    // decode the data
    $sig = base64_decode(strtr($encoded_sig, '-_', '+/'));
    $data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);

    if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
        // error_log('Unknown algorithm. Expected HMAC-SHA256');
        return false;
    }
    // check sig
    $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
    if ($sig !== $expected_sig) {
        return false;
    }
    return $data;
}