$value) { if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) { $value = urlencode(stripslashes($value)); } else { $value = urlencode($value); } $req .= "&$key=$value"; } // STEP 2: Post IPN data back to paypal to validate $ch = curl_init('https://www.sandbox.paypal.com/cgi-bin/webscr'); //$ch = curl_init('https://www.paypal.com/cgi-bin/webscr'); curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_POSTFIELDS, $req); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($ch, CURLOPT_FORBID_REUSE, 1); curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close')); // In wamp like environments that do not come bundled with root authority certificates, // please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path // of the certificate as shown below. curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem'); if( !($res = curl_exec($ch)) ) { error_log("Got " . curl_error($ch) . " when processing IPN data"); curl_close($ch); exit; } curl_close($ch); // STEP 3: Inspect IPN validation result and act accordingly str_replace('\n', '', $res); //debug info $ps="not set"; $txn="not set"; $in="not set"; $re="not set"; $pa="not set"; $pc="not set"; $rc="not set"; $rc2="not set"; $debugkey="not set"; $resdb="not set"; //end of debug info if (strcmp ($res, "VERIFIED") == 0) { $resdb=$res; // check whether the payment_status is Completed // check that txn_id has not been previously processed // check that receiver_email is your Primary PayPal email // check that payment_amount/payment_currency are correct // process payment // assign posted variables to local variables $item_name = $_POST['item_name']; $item_number = $_POST['item_number']; $payment_status = $_POST['payment_status']; $payment_amount = $_POST['mc_gross']; $payment_currency = $_POST['mc_currency']; $txn_id = $_POST['txn_id']; $receiver_email = $_POST['receiver_email']; $payer_email = $_POST['payer_email']; $cpuid = $_POST['option_selection1']; $datetime = $_POST['payment_date']; $paidby = $_POST['custom']; //this query works fine. mysql_query("INSERT INTO `debug` (id, postdata, date) VALUES ('', '".json_encode($_POST)."', '".$_POST['payment_date']."')"); if($payment_status=="Completed"){ $ps=$payment_status; $txn_id_check = mysql_query("SELECT `tid` FROM `transactions` WHERE `tid` LIKE '".$txn_id."'"); if(mysql_num_rows($txn_id_check) == false || mysql_num_rows($txn_id_check) == 0){ $txn=mysql_num_rows($txn_id_check); if($item_number=="1"){ $in=$item_number; if($receiver_email=='dr.gli_1350281693_biz@glitchware.tk'){ $re=$receiver_email; if($payment_amount=='15.00' && $payment_currency=='USD'){ $pa=$payment_amount; $pc=$payment_currency; //this query is not working, and it's not reporting any errors... mysql_query("INSERT INTO transactions (id, tid, amountpaid, pid, buyeremail, user, date) VALUES ('', '$txn_id', '$item_number', '$paidby', '$datetime')"); //keygen(22); $valid=2; $newkey="nothing"; while($valid > 0){ $newkey=keygen(22); $resultkeycheck=mysql_query("SELECT `key` FROM `keys` WHERE `key` LIKE '$newkey'"); $rc = "".mysql_num_rows($resultkeycheck)."|validkey=$valid"; if(mysql_num_rows($resultkeycheck)==0 || mysql_num_rows($resultkeycheck) == false){ $valid=0; $rc2=$valid; //this query is not working, and it's not reporting any errors... mysql_query("INSERT INTO `keys` (id, key, computerid, owner, pid) VALUES ('', '$newkey', '$cpuid', '$paidby', '$item_number')"); } $debugkey=$newkey; } } } } } } } else if (strcmp ($res, "INVALID") == 0) { // log for manual investigation $item_name = $_POST['item_name']; $item_number = $_POST['item_number']; $payment_status = $_POST['payment_status']; $payment_amount = $_POST['mc_gross']; $payment_currency = $_POST['mc_currency']; $txn_id = $_POST['txn_id']; $receiver_email = $_POST['receiver_email']; $payer_email = $_POST['payer_email']; $cpuid = $_POST['option_selection1']; $cuser = $_POST['custom']; //i don't know if this query works or not... mysql_query("INSERT INTO `failedtransactions` (id, tid, email, user, pid) VALUES ('', '$txn_id', '$payer_email', '$cuser', '$item_number')"); } function keygen($length=10){ $key = ''; list($usec, $sec) = explode(' ', microtime()); mt_srand((float) $sec + ((float) $usec * 100000)); $inputs = array_merge(range('z','a'),range(0,9),range('A','Z')); for($i=0; $i<$length; $i++) { $key .= $inputs{mt_rand(0,61)}; } return $key; } $logdata="Res=$resdb|Payment Status=$ps|Transaction id Check=$txn|Item Number=$in|Reciever Email=$re|Payment Amount=$pa|Payment Currency=$pc|Result Check=$rc|Valid Key=$rc2|Generated Key=$debugkey"; //this query works fine. mysql_query("INSERT INTO `debug2` (id, data) VALUES ('', '$logdata')"); mysql_close(); ?> Post values: mc_gross=15.00 protection_eligibility=Ineligible payer_id=MT8TB8YUV9X6G tax=0.00 payment_date= 03:10:33 Dec 17 2012 PST payment_status=Completed charset=windows-1252 first_name=Nunya option_selection1=COMPUTERID mc_fee=0.74 notify_version=3.7 custom=DrGlitch payer_status=verified business=dr.gli_1350281693_biz@glitchware.tk quantity=1 verify_sign=AFcWxV21C7fd0v3bYYYRCpSSRl31AP56-pfFemnm-uwtgYqEAheezyLC payer_email=devuse_1350281425_per@glitchware.tk option_name1=Computer ID: txn_id=9R718433UD6865159 payment_type=instant btn_id=2668284 last_name=Dayumbuisness receiver_email=dr.gli_1350281693_biz@glitchware.tk payment_fee=0.74 shipping_discount=0.00 insurance_amount=0.00 receiver_id=VDA9HXGB87U2E txn_type=web_accept item_name=Test Item discount=0.00 mc_currency=USD item_number=1 residence_country=US test_ipn=1 handling_amount=0.00 shipping_method=Default transaction_subject=DrGlitch payment_gross=15.00 shipping=0.00 ipn_track_id=50c5dd4eb116d