API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 17th, 2012
50
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 6.91 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. require '../config.php';
  3. // STEP 1: Read POST data
  4.  
  5. // reading posted data from directly from $_POST causes serialization
  6. // issues with array data in POST
  7. // reading raw POST data from input stream instead.
  8. $raw_post_data = file_get_contents('php://input');
  9. $raw_post_array = explode('&', $raw_post_data);
  10. $myPost = array();
  11. foreach ($raw_post_array as $keyval) {
  12.   $keyval = explode ('=', $keyval);
  13.   if (count($keyval) == 2)
  14.      $myPost[$keyval[0]] = urldecode($keyval[1]);
  15. }
  16. // read the post from PayPal system and add 'cmd'
  17. $req = 'cmd=_notify-validate';
  18. if(function_exists('get_magic_quotes_gpc')) {
  19.    $get_magic_quotes_exists = true;
  20. }
  21. foreach ($myPost as $key => $value) {        
  22.    if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
  23.         $value = urlencode(stripslashes($value));
  24.    } else {
  25.         $value = urlencode($value);
  26.    }
  27.    $req .= "&$key=$value";
  28. }
  29.  
  30.  
  31. // STEP 2: Post IPN data back to paypal to validate
  32.  
  33. $ch = curl_init('https://www.sandbox.paypal.com/cgi-bin/webscr');
  34. //$ch = curl_init('https://www.paypal.com/cgi-bin/webscr');
  35. curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
  36. curl_setopt($ch, CURLOPT_POST, 1);
  37. curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
  38. curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
  39. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
  40. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
  41. curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
  42. curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
  43.  
  44. // In wamp like environments that do not come bundled with root authority certificates,
  45. // please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
  46. // of the certificate as shown below.
  47. curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
  48. if( !($res = curl_exec($ch)) ) {
  49.     error_log("Got " . curl_error($ch) . " when processing IPN data");
  50.     curl_close($ch);
  51.     exit;
  52. }
  53. curl_close($ch);
  54.  
  55.  
  56. // STEP 3: Inspect IPN validation result and act accordingly
  57. str_replace('\n', '', $res);
  58. //debug info
  59. $ps="not set";
  60. $txn="not set";
  61. $in="not set";
  62. $re="not set";
  63. $pa="not set";
  64. $pc="not set";
  65. $rc="not set";
  66. $rc2="not set";
  67. $debugkey="not set";
  68. $resdb="not set";
  69. //end of debug info
  70. if (strcmp ($res, "VERIFIED") == 0) {
  71.     $resdb=$res;
  72.     // check whether the payment_status is Completed
  73.     // check that txn_id has not been previously processed
  74.     // check that receiver_email is your Primary PayPal email
  75.     // check that payment_amount/payment_currency are correct
  76.     // process payment
  77.     // assign posted variables to local variables
  78.     $item_name = $_POST['item_name'];
  79.     $item_number = $_POST['item_number'];
  80.     $payment_status = $_POST['payment_status'];
  81.     $payment_amount = $_POST['mc_gross'];
  82.     $payment_currency = $_POST['mc_currency'];
  83.     $txn_id = $_POST['txn_id'];
  84.     $receiver_email = $_POST['receiver_email'];
  85.     $payer_email = $_POST['payer_email'];
  86.     $cpuid = $_POST['option_selection1'];
  87.     $datetime = $_POST['payment_date'];
  88.     $paidby = $_POST['custom'];
  89.     //this query works fine.
  90.     mysql_query("INSERT INTO `debug` (id, postdata, date) VALUES ('', '".json_encode($_POST)."', '".$_POST['payment_date']."')");
  91.  
  92.  
  93.  
  94.     if($payment_status=="Completed"){
  95.         $ps=$payment_status;
  96.         $txn_id_check = mysql_query("SELECT `tid` FROM `transactions` WHERE `tid` LIKE '".$txn_id."'");
  97.         if(mysql_num_rows($txn_id_check) == false || mysql_num_rows($txn_id_check) == 0){
  98.             $txn=mysql_num_rows($txn_id_check);
  99.             if($item_number=="1"){
  100.                 $in=$item_number;
  101.                 if($receiver_email=='dr.gli_1350281693_biz@glitchware.tk'){
  102.                     $re=$receiver_email;
  103.                     if($payment_amount=='15.00' && $payment_currency=='USD'){
  104.                         $pa=$payment_amount;
  105.                         $pc=$payment_currency;
  106.                         //this query is not working, and it's not reporting any errors...
  107.                         mysql_query("INSERT INTO transactions (id, tid, amountpaid, pid, buyeremail, user, date) VALUES ('', '$txn_id', '$item_number', '$paidby',  '$datetime')");
  108.                         //keygen(22);
  109.                         $valid=2;
  110.                         $newkey="nothing";
  111.                         while($valid > 0){
  112.                             $newkey=keygen(22);
  113.                             $resultkeycheck=mysql_query("SELECT `key` FROM `keys` WHERE `key` LIKE '$newkey'");
  114.                             $rc = "".mysql_num_rows($resultkeycheck)."|validkey=$valid";
  115.                             if(mysql_num_rows($resultkeycheck)==0 || mysql_num_rows($resultkeycheck) == false){
  116.                                 $valid=0;
  117.                                 $rc2=$valid;
  118.                                 //this query is not working, and it's not reporting any errors...
  119.                                 mysql_query("INSERT INTO `keys` (id, key, computerid, owner, pid) VALUES ('', '$newkey', '$cpuid', '$paidby', '$item_number')");
  120.                             }
  121.                         $debugkey=$newkey;
  122.                         }
  123.                     }
  124.                 }
  125.             }
  126.         }
  127.     }
  128. } else if (strcmp ($res, "INVALID") == 0) {
  129.     // log for manual investigation
  130.     $item_name = $_POST['item_name'];
  131.     $item_number = $_POST['item_number'];
  132.     $payment_status = $_POST['payment_status'];
  133.     $payment_amount = $_POST['mc_gross'];
  134.     $payment_currency = $_POST['mc_currency'];
  135.     $txn_id = $_POST['txn_id'];
  136.     $receiver_email = $_POST['receiver_email'];
  137.     $payer_email = $_POST['payer_email'];
  138.     $cpuid = $_POST['option_selection1'];
  139.     $cuser = $_POST['custom'];
  140.     //i don't know if this query works or not...
  141.     mysql_query("INSERT INTO `failedtransactions` (id, tid, email, user, pid) VALUES ('', '$txn_id', '$payer_email', '$cuser', '$item_number')");
  142. }
  143.  
  144. function keygen($length=10){
  145.  
  146.         $key = '';
  147.         list($usec, $sec) = explode(' ', microtime());
  148.         mt_srand((float) $sec + ((float) $usec * 100000));
  149.        
  150.         $inputs = array_merge(range('z','a'),range(0,9),range('A','Z'));
  151.    
  152.         for($i=0; $i<$length; $i++)
  153.         {
  154.             $key .= $inputs{mt_rand(0,61)};
  155.         }
  156.         return $key;
  157. }
  158. $logdata="Res=$resdb|Payment Status=$ps|Transaction id Check=$txn|Item Number=$in|Reciever Email=$re|Payment Amount=$pa|Payment Currency=$pc|Result Check=$rc|Valid Key=$rc2|Generated Key=$debugkey";
  159. //this query works fine.
  160. mysql_query("INSERT INTO `debug2` (id, data) VALUES ('', '$logdata')");
  161. mysql_close();
  162. ?>
  163.  
  164.  
  165. Post values:
  166. mc_gross=15.00
  167. protection_eligibility=Ineligible
  168. payer_id=MT8TB8YUV9X6G
  169. tax=0.00
  170. payment_date= 03:10:33 Dec 17 2012 PST
  171. payment_status=Completed
  172. charset=windows-1252
  173. first_name=Nunya
  174. option_selection1=COMPUTERID
  175. mc_fee=0.74
  176. notify_version=3.7
  177. custom=DrGlitch
  178. payer_status=verified
  179. business=dr.gli_1350281693_biz@glitchware.tk
  180. quantity=1
  181. verify_sign=AFcWxV21C7fd0v3bYYYRCpSSRl31AP56-pfFemnm-uwtgYqEAheezyLC
  182. payer_email=devuse_1350281425_per@glitchware.tk
  183. option_name1=Computer ID:
  184. txn_id=9R718433UD6865159
  185. payment_type=instant
  186. btn_id=2668284
  187. last_name=Dayumbuisness
  188. receiver_email=dr.gli_1350281693_biz@glitchware.tk
  189. payment_fee=0.74
  190. shipping_discount=0.00
  191. insurance_amount=0.00
  192. receiver_id=VDA9HXGB87U2E
  193. txn_type=web_accept
  194. item_name=Test Item
  195. discount=0.00
  196. mc_currency=USD
  197. item_number=1
  198. residence_country=US
  199. test_ipn=1
  200. handling_amount=0.00
  201. shipping_method=Default
  202. transaction_subject=DrGlitch
  203. payment_gross=15.00
  204. shipping=0.00
  205. ipn_track_id=50c5dd4eb116d
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!