<?php
require '../config.php';
// STEP 1: Read POST data
// reading posted data from directly from $_POST causes serialization
// issues with array data in POST
// reading raw POST data from input stream instead.
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
$keyval = explode ('=', $keyval);
if (count($keyval) == 2)
$myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
$get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {
if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
$value = urlencode(stripslashes($value));
} else {
$value = urlencode($value);
}
$req .= "&$key=$value";
}
// STEP 2: Post IPN data back to paypal to validate
$ch = curl_init('https://www.sandbox.paypal.com/cgi-bin/webscr');
//$ch = curl_init('https://www.paypal.com/cgi-bin/webscr');
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
// In wamp like environments that do not come bundled with root authority certificates,
// please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
// of the certificate as shown below.
curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
if( !($res = curl_exec($ch)) ) {
error_log("Got " . curl_error($ch) . " when processing IPN data");
curl_close($ch);
exit;
}
curl_close($ch);
// STEP 3: Inspect IPN validation result and act accordingly
str_replace('\n', '', $res);
//debug info
$ps="not set";
$txn="not set";
$in="not set";
$re="not set";
$pa="not set";
$pc="not set";
$rc="not set";
$rc2="not set";
$debugkey="not set";
$resdb="not set";
//end of debug info
if (strcmp ($res, "VERIFIED") == 0) {
$resdb=$res;
// check whether the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment
// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$cpuid = $_POST['option_selection1'];
$datetime = $_POST['payment_date'];
$paidby = $_POST['custom'];
//this query works fine.
mysql_query("INSERT INTO `debug` (id, postdata, date) VALUES ('', '".json_encode($_POST)."', '".$_POST['payment_date']."')");
if($payment_status=="Completed"){
$ps=$payment_status;
$txn_id_check = mysql_query("SELECT `tid` FROM `transactions` WHERE `tid` LIKE '".$txn_id."'");
if(mysql_num_rows($txn_id_check) == false || mysql_num_rows($txn_id_check) == 0){
$txn=mysql_num_rows($txn_id_check);
if($item_number=="1"){
$in=$item_number;
if($receiver_email=='dr.gli_1350281693_biz@glitchware.tk'){
$re=$receiver_email;
if($payment_amount=='15.00' && $payment_currency=='USD'){
$pa=$payment_amount;
$pc=$payment_currency;
//this query is not working, and it's not reporting any errors...
mysql_query("INSERT INTO transactions (id, tid, amountpaid, pid, buyeremail, user, date) VALUES ('', '$txn_id', '$item_number', '$paidby', '$datetime')");
//keygen(22);
$valid=2;
$newkey="nothing";
while($valid > 0){
$newkey=keygen(22);
$resultkeycheck=mysql_query("SELECT `key` FROM `keys` WHERE `key` LIKE '$newkey'");
$rc = "".mysql_num_rows($resultkeycheck)."|validkey=$valid";
if(mysql_num_rows($resultkeycheck)==0 || mysql_num_rows($resultkeycheck) == false){
$valid=0;
$rc2=$valid;
//this query is not working, and it's not reporting any errors...
mysql_query("INSERT INTO `keys` (id, key, computerid, owner, pid) VALUES ('', '$newkey', '$cpuid', '$paidby', '$item_number')");
}
$debugkey=$newkey;
}
}
}
}
}
}
} else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$cpuid = $_POST['option_selection1'];
$cuser = $_POST['custom'];
//i don't know if this query works or not...
mysql_query("INSERT INTO `failedtransactions` (id, tid, email, user, pid) VALUES ('', '$txn_id', '$payer_email', '$cuser', '$item_number')");
}
function keygen($length=10){
$key = '';
list($usec, $sec) = explode(' ', microtime());
mt_srand((float) $sec + ((float) $usec * 100000));
$inputs = array_merge(range('z','a'),range(0,9),range('A','Z'));
for($i=0; $i<$length; $i++)
{
$key .= $inputs{mt_rand(0,61)};
}
return $key;
}
$logdata="Res=$resdb|Payment Status=$ps|Transaction id Check=$txn|Item Number=$in|Reciever Email=$re|Payment Amount=$pa|Payment Currency=$pc|Result Check=$rc|Valid Key=$rc2|Generated Key=$debugkey";
//this query works fine.
mysql_query("INSERT INTO `debug2` (id, data) VALUES ('', '$logdata')");
mysql_close();
?>
Post values:
mc_gross=15.00
protection_eligibility=Ineligible
payer_id=MT8TB8YUV9X6G
tax=0.00
payment_date= 03:10:33 Dec 17 2012 PST
payment_status=Completed
charset=windows-1252
first_name=Nunya
option_selection1=COMPUTERID
mc_fee=0.74
notify_version=3.7
custom=DrGlitch
payer_status=verified
business=dr.gli_1350281693_biz@glitchware.tk
quantity=1
verify_sign=AFcWxV21C7fd0v3bYYYRCpSSRl31AP56-pfFemnm-uwtgYqEAheezyLC
payer_email=devuse_1350281425_per@glitchware.tk
option_name1=Computer ID:
txn_id=9R718433UD6865159
payment_type=instant
btn_id=2668284
last_name=Dayumbuisness
receiver_email=dr.gli_1350281693_biz@glitchware.tk
payment_fee=0.74
shipping_discount=0.00
insurance_amount=0.00
receiver_id=VDA9HXGB87U2E
txn_type=web_accept
item_name=Test Item
discount=0.00
mc_currency=USD
item_number=1
residence_country=US
test_ipn=1
handling_amount=0.00
shipping_method=Default
transaction_subject=DrGlitch
payment_gross=15.00
shipping=0.00
ipn_track_id=50c5dd4eb116d