Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require '../config.php';
- // STEP 1: Read POST data
- // reading posted data from directly from $_POST causes serialization
- // issues with array data in POST
- // reading raw POST data from input stream instead.
- $raw_post_data = file_get_contents('php://input');
- $raw_post_array = explode('&', $raw_post_data);
- $myPost = array();
- foreach ($raw_post_array as $keyval) {
- $keyval = explode ('=', $keyval);
- if (count($keyval) == 2)
- $myPost[$keyval[0]] = urldecode($keyval[1]);
- }
- // read the post from PayPal system and add 'cmd'
- $req = 'cmd=_notify-validate';
- if(function_exists('get_magic_quotes_gpc')) {
- $get_magic_quotes_exists = true;
- }
- foreach ($myPost as $key => $value) {
- if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
- $value = urlencode(stripslashes($value));
- } else {
- $value = urlencode($value);
- }
- $req .= "&$key=$value";
- }
- // STEP 2: Post IPN data back to paypal to validate
- $ch = curl_init('https://www.sandbox.paypal.com/cgi-bin/webscr');
- //$ch = curl_init('https://www.paypal.com/cgi-bin/webscr');
- curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
- curl_setopt($ch, CURLOPT_POST, 1);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
- curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
- curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
- curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
- curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
- // In wamp like environments that do not come bundled with root authority certificates,
- // please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
- // of the certificate as shown below.
- curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
- if( !($res = curl_exec($ch)) ) {
- error_log("Got " . curl_error($ch) . " when processing IPN data");
- curl_close($ch);
- exit;
- }
- curl_close($ch);
- // STEP 3: Inspect IPN validation result and act accordingly
- str_replace('\n', '', $res);
- //debug info
- $ps="not set";
- $txn="not set";
- $in="not set";
- $re="not set";
- $pa="not set";
- $pc="not set";
- $rc="not set";
- $rc2="not set";
- $debugkey="not set";
- $resdb="not set";
- //end of debug info
- if (strcmp ($res, "VERIFIED") == 0) {
- $resdb=$res;
- // check whether the payment_status is Completed
- // check that txn_id has not been previously processed
- // check that receiver_email is your Primary PayPal email
- // check that payment_amount/payment_currency are correct
- // process payment
- // assign posted variables to local variables
- $item_name = $_POST['item_name'];
- $item_number = $_POST['item_number'];
- $payment_status = $_POST['payment_status'];
- $payment_amount = $_POST['mc_gross'];
- $payment_currency = $_POST['mc_currency'];
- $txn_id = $_POST['txn_id'];
- $receiver_email = $_POST['receiver_email'];
- $payer_email = $_POST['payer_email'];
- $cpuid = $_POST['option_selection1'];
- $datetime = $_POST['payment_date'];
- $paidby = $_POST['custom'];
- //this query works fine.
- mysql_query("INSERT INTO `debug` (id, postdata, date) VALUES ('', '".json_encode($_POST)."', '".$_POST['payment_date']."')");
- if($payment_status=="Completed"){
- $ps=$payment_status;
- $txn_id_check = mysql_query("SELECT `tid` FROM `transactions` WHERE `tid` LIKE '".$txn_id."'");
- if(mysql_num_rows($txn_id_check) == false || mysql_num_rows($txn_id_check) == 0){
- $txn=mysql_num_rows($txn_id_check);
- if($item_number=="1"){
- $in=$item_number;
- if($receiver_email=='dr.gli_1350281693_biz@glitchware.tk'){
- $re=$receiver_email;
- if($payment_amount=='15.00' && $payment_currency=='USD'){
- $pa=$payment_amount;
- $pc=$payment_currency;
- //this query is not working, and it's not reporting any errors...
- mysql_query("INSERT INTO transactions (id, tid, amountpaid, pid, buyeremail, user, date) VALUES ('', '$txn_id', '$item_number', '$paidby', '$datetime')");
- //keygen(22);
- $valid=2;
- $newkey="nothing";
- while($valid > 0){
- $newkey=keygen(22);
- $resultkeycheck=mysql_query("SELECT `key` FROM `keys` WHERE `key` LIKE '$newkey'");
- $rc = "".mysql_num_rows($resultkeycheck)."|validkey=$valid";
- if(mysql_num_rows($resultkeycheck)==0 || mysql_num_rows($resultkeycheck) == false){
- $valid=0;
- $rc2=$valid;
- //this query is not working, and it's not reporting any errors...
- mysql_query("INSERT INTO `keys` (id, key, computerid, owner, pid) VALUES ('', '$newkey', '$cpuid', '$paidby', '$item_number')");
- }
- $debugkey=$newkey;
- }
- }
- }
- }
- }
- }
- } else if (strcmp ($res, "INVALID") == 0) {
- // log for manual investigation
- $item_name = $_POST['item_name'];
- $item_number = $_POST['item_number'];
- $payment_status = $_POST['payment_status'];
- $payment_amount = $_POST['mc_gross'];
- $payment_currency = $_POST['mc_currency'];
- $txn_id = $_POST['txn_id'];
- $receiver_email = $_POST['receiver_email'];
- $payer_email = $_POST['payer_email'];
- $cpuid = $_POST['option_selection1'];
- $cuser = $_POST['custom'];
- //i don't know if this query works or not...
- mysql_query("INSERT INTO `failedtransactions` (id, tid, email, user, pid) VALUES ('', '$txn_id', '$payer_email', '$cuser', '$item_number')");
- }
- function keygen($length=10){
- $key = '';
- list($usec, $sec) = explode(' ', microtime());
- mt_srand((float) $sec + ((float) $usec * 100000));
- $inputs = array_merge(range('z','a'),range(0,9),range('A','Z'));
- for($i=0; $i<$length; $i++)
- {
- $key .= $inputs{mt_rand(0,61)};
- }
- return $key;
- }
- $logdata="Res=$resdb|Payment Status=$ps|Transaction id Check=$txn|Item Number=$in|Reciever Email=$re|Payment Amount=$pa|Payment Currency=$pc|Result Check=$rc|Valid Key=$rc2|Generated Key=$debugkey";
- //this query works fine.
- mysql_query("INSERT INTO `debug2` (id, data) VALUES ('', '$logdata')");
- mysql_close();
- ?>
- Post values:
- mc_gross=15.00
- protection_eligibility=Ineligible
- payer_id=MT8TB8YUV9X6G
- tax=0.00
- payment_date= 03:10:33 Dec 17 2012 PST
- payment_status=Completed
- charset=windows-1252
- first_name=Nunya
- option_selection1=COMPUTERID
- mc_fee=0.74
- notify_version=3.7
- custom=DrGlitch
- payer_status=verified
- business=dr.gli_1350281693_biz@glitchware.tk
- quantity=1
- verify_sign=AFcWxV21C7fd0v3bYYYRCpSSRl31AP56-pfFemnm-uwtgYqEAheezyLC
- payer_email=devuse_1350281425_per@glitchware.tk
- option_name1=Computer ID:
- txn_id=9R718433UD6865159
- payment_type=instant
- btn_id=2668284
- last_name=Dayumbuisness
- receiver_email=dr.gli_1350281693_biz@glitchware.tk
- payment_fee=0.74
- shipping_discount=0.00
- insurance_amount=0.00
- receiver_id=VDA9HXGB87U2E
- txn_type=web_accept
- item_name=Test Item
- discount=0.00
- mc_currency=USD
- item_number=1
- residence_country=US
- test_ipn=1
- handling_amount=0.00
- shipping_method=Default
- transaction_subject=DrGlitch
- payment_gross=15.00
- shipping=0.00
- ipn_track_id=50c5dd4eb116d
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement