Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- header('Content-type: text/html; charset=utf-8');
- ?>
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
- <?php
- // tell PHP to log errors to ipn_errors.log in this directory
- ini_set('log_errors', true);
- ini_set('error_log', dirname(__FILE__).'/ipn_errors.log');
- // intantiate the IPN listener
- include('ipnlistener.php');
- $listener = new IpnListener();
- // For sandbox testing
- //$pp_hostname = "www.sandbox.paypal.com";
- //live
- $pp_hostname = "www.paypal.com";
- // tell the IPN listener to use the PayPal test sandbox
- //$listener->use_sandbox = true;
- // try to process the IPN POST
- try {
- $listener->requirePostMethod();
- $verified = $listener->processIpn();
- } catch (Exception $e) {
- error_log($e->getMessage());
- exit(0);
- }
- if ($verified) {
- $errmsg = ''; // stores errors from fraud checks
- // 1. Make sure the payment status is "Completed"
- if ($_POST['payment_status'] != 'Completed') {
- // simply ignore any IPN that is not completed
- exit(0);
- }
- // 2. Make sure seller email matches your primary account email.
- if ($_POST['receiver_email'] != 'anna@energyshop.se') {
- $errmsg .= "'receiver_email' does not match: ";
- $errmsg .= $_POST['receiver_email']."\n";
- }
- // 3. Make sure the currency code matches
- if ($_POST['mc_currency'] != 'SEK' && $_POST['mc_currency'] != 'USD') {
- $errmsg .= "'mc_currency' does not match: ";
- $errmsg .= $_POST['mc_currency']."\n";
- }
- // 4. Ensure the transaction is not a duplicate.
- mysql_connect('energyshop.se.mysql', 'energyshop_se', 'dxymNrJd') or exit(0);
- mysql_select_db('energyshop_se') or exit(0);
- $txn_id = mysql_real_escape_string($_POST['txn_id']);
- $sql = "SELECT COUNT(*) FROM orders WHERE txn_id = '$txn_id'";
- $r = mysql_query($sql);
- if (!$r) {
- error_log(mysql_error());
- exit(0);
- }
- $exists = mysql_result($r, 0);
- mysql_free_result($r);
- if ($exists) {
- $errmsg .= "'txn_id' has already been processed: ".$_POST['txn_id']."\n";
- }
- if (!empty($errmsg)) {
- // manually investigate errors from the fraud checking
- $body = "IPN failed fraud checks: \n$errmsg\n\n";
- $body .= $listener->getTextReport();
- mail('anna@energyshop.se', 'IPN Fraud Warning', $body);
- } else {
- // add this order to a table of completed orders
- $payer_email = mysql_real_escape_string($_POST['payer_email']);
- $mc_gross = mysql_real_escape_string($_POST['mc_gross']);
- $sql = "INSERT INTO orders VALUES
- (NULL, '$txn_id', '$payer_email', $mc_gross)";
- if (!mysql_query($sql)) {
- error_log(mysql_error());
- exit(0);
- }}}
- // STEP 1: Read POST data
- // reading posted data from directly from $_POST causes serialization
- // issues with array data in POST
- // reading raw POST data from input stream instead.
- $raw_post_data = file_get_contents('php://input');
- $raw_post_array = explode('&', $raw_post_data);
- $myPost = array();
- foreach ($raw_post_array as $keyval) {
- $keyval = explode ('=', $keyval);
- if (count($keyval) == 2)
- $myPost[$keyval[0]] = urldecode($keyval[1]);
- }
- // read the post from PayPal system and add 'cmd'
- $req = 'cmd=_notify-validate';
- if(function_exists('get_magic_quotes_gpc')) {
- $get_magic_quotes_exists = true;
- }
- foreach ($myPost as $key => $value) {
- if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
- $value = urlencode(stripslashes($value));
- } else {
- $value = urlencode($value);
- }
- $req .= "&$key=$value";
- }
- // STEP 2: Post IPN data back to paypal to validate
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, "https://www.paypal.com/cgi-bin/webscr");
- curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
- curl_setopt($ch, CURLOPT_POST, 1);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
- curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
- curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
- curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
- curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
- // In wamp like environments that do not come bundled with root authority certificates,
- // please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
- // of the certificate as shown below.
- // curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
- if( !($res = curl_exec($ch)) ) {
- error_log("Got " . curl_error($ch) . " when processing IPN data");
- curl_close($ch);
- exit;
- }
- curl_close($ch);
- // STEP 3: Inspect IPN validation result and act accordingly
- if (strcmp ($res, "VERIFIED") == 0) {
- // check whether the payment_status is Completed
- // check that txn_id has not been previously processed
- // check that receiver_email is your Primary PayPal email
- // check that payment_amount/payment_currency are correct
- // process payment
- // assign posted variables to local variables
- $item_name = $_POST['item_name'];
- $item_number = $_POST['item_number'];
- $payment_status = $_POST['payment_status'];
- $payment_amount = $_POST['mc_gross'];
- $payment_currency = $_POST['mc_currency'];
- $txn_id = $_POST['txn_id'];
- $receiver_email = $_POST['receiver_email'];
- $payer_email = $_POST['payer_email'];
- // send user an email with a confirmation
- $h1 = 0;
- $h2 = 0;
- $h3 = 0;
- $h4 = 0;
- $h5 = 0;
- $h6 = 0;
- $h7 = 0;
- $h8 = 0;
- $h9 = 0;
- $h10 = 0;
- $h11 = 0;
- $h12 = 0;
- $h13 = 0;
- $h14 = 0;
- $h15 = 0;
- $h16 = 0;
- $h17 = 0;
- $h18 = 0;
- $h19 = 0;
- $h20 = 0;
- $h21 = 0;
- $h22 = 0;
- $h23 = 0;
- $h24 = 0;
- $h25 = 0;
- $h26 = 0;
- $h27 = 0;
- $h28 = 0;
- $h29 = 0;
- $h30 = 0;
- $h31 = 0;
- $num = $_POST['num_cart_items'];
- $amount = $_POST['mc_gross'];
- $firstname = $_POST['first_name'];
- $lastname = $_POST['last_name'];
- $to = filter_var($_POST['payer_email'], FILTER_SANITIZE_EMAIL);
- $to2 = filter_var('anna@energyshop.se', FILTER_SANITIZE_EMAIL);
- $date = date('Y-m-d');
- $name = $_POST['item_name'];
- $subject = "Tack för Ert köp! / Thank you for your order!";
- $subject2 = "(COPY) Tack för Ert köp! / Thank you for your order!";
- $headerFields = array(
- 'Date: ' . date('r', $_SERVER['REQUEST_TIME']),
- "Subject: =?UTF-8?Q?".imap_8bit($subject)."?=",
- "From: {$to}",
- "MIME-Version: 1.0",
- "Content-Type: text/html;charset=utf-8"
- );
- $headerFields2 = array(
- 'Date: ' . date('r', $_SERVER['REQUEST_TIME']),
- "Subject: =?UTF-8?Q?".imap_8bit($subject2)."?=",
- "From: {$to}",
- "MIME-Version: 1.0",
- "Content-Type: text/html;charset=utf-8"
- );
- $message = '<html><body>';
- $message .= "$firstname $lastname, $payer_email \r\n";
- $message .= '<br />';
- $message .= "Tack för din beställning från energyshop.se. $date";
- $message .= '<br>';
- $message .= "Vi hoppas att varorna motsvarar dina förväntningar! \r\n";
- $message .= '<br />';
- $message .= "Du köpte $num produkter för totalt $amount kronor.";
- $message .= '<br>';
- $message .= 'Varor:';
- $message .= "$name";
- $message .= '<br>';
- $message .= 'Moms är inkluderad i priset:';
- $message .= '<br>';
- $message .= "6% moms Böcker, 12% moms EnergyUnion, 25% moms på övriga sortimentet \r\n";
- $message .= '<br />';
- $message .= 'Har du köpt digitala varor, ska du direkt efter betalningen fått tillgång till en sida där du laddar ned din beställning.';
- $message .= '<br>';
- $message .= "Har du köpt fysiska varor, skickas de till dig så snart som möjligt med Posten, dock senast en vecka efter din beställning.\r\n";
- $message .= '<br />';
- $message .= 'Vi på energyshop.se önskar dig en trevlig dag.';
- $message .= '<br>';
- $message .= 'Välkommen tillbaka när du vill!';
- $message .= '</body></html>';
- $message2 = "$message";
- $message2 .= '<br />';
- $message2 .= '(NOTE: THIS IS A COPY)';
- mail($to, $subject, $message, implode("\r\n", $headerFields));
- mail('anna@energyshop.se', $subject2, $message2, implode("\r\n", $headerFields2));
- }
- else {
- // log for manual investigation
- mail('anna@energyshop.se', 'Invalid IPN', $listener->getTextReport());
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement