Pastebin launched a little side project called HostCabi.net, check it out ;-)Don't like ads? PRO users don't see any ads ;-)
Guest

Untitled

By: a guest on Dec 17th, 2012  |  syntax: PHP  |  size: 6.91 KB  |  hits: 38  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. <?php
  2. require '../config.php';
  3. // STEP 1: Read POST data
  4.  
  5. // reading posted data from directly from $_POST causes serialization
  6. // issues with array data in POST
  7. // reading raw POST data from input stream instead.
  8. $raw_post_data = file_get_contents('php://input');
  9. $raw_post_array = explode('&', $raw_post_data);
  10. $myPost = array();
  11. foreach ($raw_post_array as $keyval) {
  12.   $keyval = explode ('=', $keyval);
  13.   if (count($keyval) == 2)
  14.      $myPost[$keyval[0]] = urldecode($keyval[1]);
  15. }
  16. // read the post from PayPal system and add 'cmd'
  17. $req = 'cmd=_notify-validate';
  18. if(function_exists('get_magic_quotes_gpc')) {
  19.    $get_magic_quotes_exists = true;
  20. }
  21. foreach ($myPost as $key => $value) {        
  22.    if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
  23.         $value = urlencode(stripslashes($value));
  24.    } else {
  25.         $value = urlencode($value);
  26.    }
  27.    $req .= "&$key=$value";
  28. }
  29.  
  30.  
  31. // STEP 2: Post IPN data back to paypal to validate
  32.  
  33. $ch = curl_init('https://www.sandbox.paypal.com/cgi-bin/webscr');
  34. //$ch = curl_init('https://www.paypal.com/cgi-bin/webscr');
  35. curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
  36. curl_setopt($ch, CURLOPT_POST, 1);
  37. curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
  38. curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
  39. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
  40. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
  41. curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
  42. curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
  43.  
  44. // In wamp like environments that do not come bundled with root authority certificates,
  45. // please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
  46. // of the certificate as shown below.
  47. curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
  48. if( !($res = curl_exec($ch)) ) {
  49.     error_log("Got " . curl_error($ch) . " when processing IPN data");
  50.     curl_close($ch);
  51.     exit;
  52. }
  53. curl_close($ch);
  54.  
  55.  
  56. // STEP 3: Inspect IPN validation result and act accordingly
  57. str_replace('\n', '', $res);
  58. //debug info
  59. $ps="not set";
  60. $txn="not set";
  61. $in="not set";
  62. $re="not set";
  63. $pa="not set";
  64. $pc="not set";
  65. $rc="not set";
  66. $rc2="not set";
  67. $debugkey="not set";
  68. $resdb="not set";
  69. //end of debug info
  70. if (strcmp ($res, "VERIFIED") == 0) {
  71.         $resdb=$res;
  72.     // check whether the payment_status is Completed
  73.     // check that txn_id has not been previously processed
  74.     // check that receiver_email is your Primary PayPal email
  75.     // check that payment_amount/payment_currency are correct
  76.     // process payment
  77.     // assign posted variables to local variables
  78.         $item_name = $_POST['item_name'];
  79.         $item_number = $_POST['item_number'];
  80.         $payment_status = $_POST['payment_status'];
  81.         $payment_amount = $_POST['mc_gross'];
  82.         $payment_currency = $_POST['mc_currency'];
  83.         $txn_id = $_POST['txn_id'];
  84.         $receiver_email = $_POST['receiver_email'];
  85.         $payer_email = $_POST['payer_email'];
  86.         $cpuid = $_POST['option_selection1'];
  87.         $datetime = $_POST['payment_date'];
  88.         $paidby = $_POST['custom'];
  89.         //this query works fine.
  90.         mysql_query("INSERT INTO `debug` (id, postdata, date) VALUES ('', '".json_encode($_POST)."', '".$_POST['payment_date']."')");
  91.  
  92.  
  93.  
  94.         if($payment_status=="Completed"){
  95.                 $ps=$payment_status;
  96.                 $txn_id_check = mysql_query("SELECT `tid` FROM `transactions` WHERE `tid` LIKE '".$txn_id."'");
  97.                 if(mysql_num_rows($txn_id_check) == false || mysql_num_rows($txn_id_check) == 0){
  98.                         $txn=mysql_num_rows($txn_id_check);
  99.                         if($item_number=="1"){
  100.                                 $in=$item_number;
  101.                                 if($receiver_email=='dr.gli_1350281693_biz@glitchware.tk'){
  102.                                         $re=$receiver_email;
  103.                                         if($payment_amount=='15.00' && $payment_currency=='USD'){
  104.                                                 $pa=$payment_amount;
  105.                                                 $pc=$payment_currency;
  106.                                                 //this query is not working, and it's not reporting any errors...
  107.                                                 mysql_query("INSERT INTO transactions (id, tid, amountpaid, pid, buyeremail, user, date) VALUES ('', '$txn_id', '$item_number', '$paidby',  '$datetime')");
  108.                                                 //keygen(22);
  109.                                                 $valid=2;
  110.                                                 $newkey="nothing";
  111.                                                 while($valid > 0){
  112.                                                         $newkey=keygen(22);
  113.                                                         $resultkeycheck=mysql_query("SELECT `key` FROM `keys` WHERE `key` LIKE '$newkey'");
  114.                                                         $rc = "".mysql_num_rows($resultkeycheck)."|validkey=$valid";
  115.                                                         if(mysql_num_rows($resultkeycheck)==0 || mysql_num_rows($resultkeycheck) == false){
  116.                                                                 $valid=0;
  117.                                                                 $rc2=$valid;
  118.                                                                 //this query is not working, and it's not reporting any errors...
  119.                                                                 mysql_query("INSERT INTO `keys` (id, key, computerid, owner, pid) VALUES ('', '$newkey', '$cpuid', '$paidby', '$item_number')");
  120.                                                         }
  121.                                                 $debugkey=$newkey;
  122.                                                 }
  123.                                         }
  124.                                 }
  125.                         }
  126.                 }
  127.         }
  128. } else if (strcmp ($res, "INVALID") == 0) {
  129.     // log for manual investigation
  130.         $item_name = $_POST['item_name'];
  131.     $item_number = $_POST['item_number'];
  132.     $payment_status = $_POST['payment_status'];
  133.     $payment_amount = $_POST['mc_gross'];
  134.     $payment_currency = $_POST['mc_currency'];
  135.     $txn_id = $_POST['txn_id'];
  136.     $receiver_email = $_POST['receiver_email'];
  137.     $payer_email = $_POST['payer_email'];
  138.         $cpuid = $_POST['option_selection1'];
  139.         $cuser = $_POST['custom'];
  140.         //i don't know if this query works or not...
  141.         mysql_query("INSERT INTO `failedtransactions` (id, tid, email, user, pid) VALUES ('', '$txn_id', '$payer_email', '$cuser', '$item_number')");
  142. }
  143.  
  144. function keygen($length=10){
  145.  
  146.                 $key = '';
  147.                 list($usec, $sec) = explode(' ', microtime());
  148.                 mt_srand((float) $sec + ((float) $usec * 100000));
  149.                
  150.                 $inputs = array_merge(range('z','a'),range(0,9),range('A','Z'));
  151.        
  152.                 for($i=0; $i<$length; $i++)
  153.                 {
  154.                         $key .= $inputs{mt_rand(0,61)};
  155.                 }
  156.                 return $key;
  157. }
  158. $logdata="Res=$resdb|Payment Status=$ps|Transaction id Check=$txn|Item Number=$in|Reciever Email=$re|Payment Amount=$pa|Payment Currency=$pc|Result Check=$rc|Valid Key=$rc2|Generated Key=$debugkey";
  159. //this query works fine.
  160. mysql_query("INSERT INTO `debug2` (id, data) VALUES ('', '$logdata')");
  161. mysql_close();
  162. ?>
  163.  
  164.  
  165. Post values:
  166. mc_gross=15.00
  167. protection_eligibility=Ineligible
  168. payer_id=MT8TB8YUV9X6G
  169. tax=0.00
  170. payment_date= 03:10:33 Dec 17 2012 PST
  171. payment_status=Completed
  172. charset=windows-1252
  173. first_name=Nunya
  174. option_selection1=COMPUTERID
  175. mc_fee=0.74
  176. notify_version=3.7
  177. custom=DrGlitch
  178. payer_status=verified
  179. business=dr.gli_1350281693_biz@glitchware.tk
  180. quantity=1
  181. verify_sign=AFcWxV21C7fd0v3bYYYRCpSSRl31AP56-pfFemnm-uwtgYqEAheezyLC
  182. payer_email=devuse_1350281425_per@glitchware.tk
  183. option_name1=Computer ID:
  184. txn_id=9R718433UD6865159
  185. payment_type=instant
  186. btn_id=2668284
  187. last_name=Dayumbuisness
  188. receiver_email=dr.gli_1350281693_biz@glitchware.tk
  189. payment_fee=0.74
  190. shipping_discount=0.00
  191. insurance_amount=0.00
  192. receiver_id=VDA9HXGB87U2E
  193. txn_type=web_accept
  194. item_name=Test Item
  195. discount=0.00
  196. mc_currency=USD
  197. item_number=1
  198. residence_country=US
  199. test_ipn=1
  200. handling_amount=0.00
  201. shipping_method=Default
  202. transaction_subject=DrGlitch
  203. payment_gross=15.00
  204. shipping=0.00
  205. ipn_track_id=50c5dd4eb116d