IPN SCRIPT

1. <?php
2. // tell PHP to log errors to ipn_errors.log in this directory
3. ini_set('log_errors', true);
4. ini_set('error_log', dirname(__FILE__).'/ipn_errors.log');
5.  
6. $ipn_post_data = $_POST;
7.  
8. // For sandbox testing
9. //$pp_hostname = "https://www.sandbox.paypal.com/cgi-bin/webscr";
10.  
11. //live
12. $pp_hostname = "https://www.paypal.com/cgi-bin/webscr";
13.  
14. // Set up request to PayPal
15.  
16.  // Init cURL
17. $request = curl_init();
18.  
19. curl_setopt_array($request, array
20. (
21.     CURLOPT_URL => $pp_hostname,
22.     CURLOPT_POST => TRUE,
23.     CURLOPT_POSTFIELDS => http_build_query(array('cmd' => '_notify-validate') + $ipn_post_data),
24.     CURLOPT_RETURNTRANSFER => TRUE,
25.     CURLOPT_HEADER => FALSE,
26.     CURLOPT_SSL_VERIFYPEER => TRUE,
27.     //CURLOPT_CAINFO => 'cacert.pem',
28. ));
29.  
30. // Execute request and get response and status code
31. $response = curl_exec($request);
32. $status   = curl_getinfo($request, CURLINFO_HTTP_CODE);
33.        
34.         // Close connection
35.         curl_close($request);
36.  
37. if($status == 200 && $response == 'VERIFIED')
38. {  
39.     $errmsg = '';   // stores errors from fraud checks
40.     if(array_key_exists('charset', $ipn_data) && ($charset = $ipn_data['charset']))
41. {
42.     // Ignore if same as our default
43.     if($charset == 'utf-8')
44.         return;
45.  
46.     // Otherwise convert all the values
47.     foreach($ipn_data as $key => &$value)
48.     {
49.         $value = mb_convert_encoding($value, 'utf-8', $charset);
50.     }
51.  
52.     // And store the charset values for future reference
53.     $ipn_data['charset'] = 'utf-8';
54.     $ipn_data['charset_original'] = $charset;
55. }
56.     // 1. Make sure the payment status is "Completed"
57.     if ($ipn_post_data[payment_status] != 'Completed') {
58.         // simply ignore any IPN that is not completed
59.         exit(0);
60.     }
61.  
62.     // 2. Make sure seller email matches your primary account email.
63.     if ($ipn_post_data[receiver_email] != 'anna@energyshop.se') {
64.         $errmsg .= "'receiver_email' does not match: ";
65.         $errmsg .= $ipn_post_data[receiver_email]."\n";
66.     }
67.    
68.     // 4. Make sure the currency code matches
69.     if ($ipn_post_data[mc_currency] != 'SEK' && $ipn_post_data[mc_currency] != 'USD') {
70.         $errmsg .= "'mc_currency' does not match: ";
71.         $errmsg .= $ipn_post_data[mc_currency]."\n";
72.     }
73.  
74.     // 5. Ensure the transaction is not a duplicate.
75.     mysql_connect('energyshop.se.mysql', 'energyshop_se', 'dxymNrJd') or exit(0);
76.     mysql_select_db('energyshop_se') or exit(0);
77.  
78.     $txn_id = mysql_real_escape_string($ipn_post_data[txn_id]);
79.     $sql = "SELECT COUNT(*) FROM orders WHERE txn_id = '$txn_id'";
80.     $r = mysql_query($sql);
81.    
82.     if (!$r) {
83.         error_log(mysql_error());
84.         exit(0);
85.     }
86.    
87.     $exists = mysql_result($r, 0);
88.     mysql_free_result($r);
89.    
90.     if ($exists) {
91.         $errmsg .= "'txn_id' has already been processed: ".$ipn_post_data[txn_id]."\n";
92.     }
93.    
94.     if (!empty($errmsg)) {
95.    
96.         // manually investigate errors from the fraud checking
97.         $body = "IPN failed fraud checks: \n$errmsg\n\n";
98.         mail('anna@energyshop.se', 'IPN Fraud Warning', $body);
99.        
100.     } else {
101.    
102.     // add this order to a table of completed orders
103.     $payer_email = mysql_real_escape_string($ipn_post_data[payer_email]);
104.     $mc_gross = mysql_real_escape_string($ipn_post_data[mc_gross]);
105.     $sql = "INSERT INTO orders VALUES
106.            (NULL, '$txn_id', '$payer_email', $mc_gross)";
107.    
108.     if (!mysql_query($sql)) {
109.         error_log(mysql_error());
110.         exit(0);
111.     }
112.    
113.     // send user an email with a confirmation
114.    
115.     $array_keys = array_keys($ipn_post_data);
116.     $count = 1;
117.     $i = 1;
118.    
119.     foreach($array_keys as $element)
120.     {
121.         if (!strncmp('item_number', $element, strlen('item_number')))
122.             $count++;  
123.        
124.     }
125.         for($idx = 1; $idx < $count; $idx ++ & $i++)
126.         {  
127.             $name = mysql_real_escape_string($ipn_post_data[item_name . $i]);
128.         }
129.    
130.     $num = mysql_real_escape_string($ipn_post_data[num_cart_items]);
131.     $number = mysql_real_escape_string($ipn_post_data[item_number]);
132.     $amount = mysql_real_escape_string($ipn_post_data[mc_gross]);
133.     $firstname = mysql_real_escape_string($ipn_post_data[first_name]);
134.     $lastname = mysql_real_escape_string($ipn_post_data[last_name]);
135.     $to = filter_var($ipn_post_data[payer_email], FILTER_SANITIZE_EMAIL);
136.     $to2 = filter_var('anna@energyshop.se', FILTER_SANITIZE_EMAIL);
137.     $date = date('Y-m-d');
138.     $subject = "Tack för Ert köp! / Thank you for your order!";
139.     $subject2 = "(COPY) Tack för Ert köp! / Thank you for your order!";
140.     $headerFields = array(
141.     'Date: ' . date('r', $_SERVER['REQUEST_TIME']),
142.     "Subject: =?UTF-8?Q?".imap_8bit($subject)."?=",
143.     "From: {$to}",
144.     "MIME-Version: 1.0",
145.     "Content-Type: text/html;charset=utf-8"
146.     );
147.     $headerFields2 = array(
148.     'Date: ' . date('r', $_SERVER['REQUEST_TIME']),
149.     "Subject: =?UTF-8?Q?".imap_8bit($subject2)."?=",
150.     "From: {$to}",
151.     "MIME-Version: 1.0",
152.     "Content-Type: text/html;charset=utf-8"
153.     );
154.     $message = '<html><body>';
155.     $message .= "$firstname $lastname, $payer_email \r\n";
156.     $message .= '<br />';
157.     $message .= "Tack för din beställning från energyshop.se. $date";
158.     $message .= '<br>';
159.     $message .= "Vi hoppas att varorna motsvarar dina förväntningar! \r\n";
160.     $message .= '<br />';
161.     $message .= "Du köpte $num produkter för totalt $amount kronor.";
162.     $message .= '<br>';
163.     $message .= 'Varor:';
164.     $message .= "$name";
165.     $message .= '<br>';
166.     $message .= 'Moms är inkluderad i priset:';
167.     $message .= '<br>';
168.     $message .= "6% moms Böcker, 12% moms EnergyUnion, 25% moms på övriga sortimentet \r\n";
169.     $message .= '<br />';
170.     $message .= 'Har du köpt digitala varor, ska du direkt efter betalningen fått tillgång till en sida där du laddar ned din beställning.';
171.     $message .= '<br>';
172.     $message .= "Har du köpt fysiska varor, skickas de till dig så snart som möjligt med Posten, dock senast en vecka efter din beställning.\r\n";
173.     $message .= '<br />';
174.     $message .= 'Vi på energyshop.se önskar dig en trevlig dag.';
175.     $message .= '<br>';
176.     $message .= 'Välkommen tillbaka när du vill!';
177.     $message .= '</body></html>';
178.    
179.     $message2 = "$message";
180.     $message2 .= '<br />';
181.     $message2 .= '(NOTE: THIS IS A COPY)';
182.    
183.     mail($to, $subject, $message,  implode("\r\n", $headerFields));
184.     mail('anna@energyshop.se', $subject2, $message2,  implode("\r\n", $headerFields2));  
185.     }
186.    
187. } else {
188.     // manually investigate the invalid IPN
189.     mail('anna@energyshop.se', "Invalid IPN", "Something went wrong, check Live/Sandbox");
190. }
191. ?>