API tools faq
paste
Punkbastard

CoinPayments Secure IPN Handler - PHP

Punkbastard
May 6th, 2017
566
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.91 KB | None | 0 0
raw download clone embed print report
  1. /**
  2. * A simple but yet pretty advanced and secure IPN Handler for CoinPayments
  3. * Including features as cancel product when payment was reversed/refunded.
  4. *
  5. * Author: Punkbastard
  6. */
  7.  
  8. abstract class OrderStatus {
  9.     const PAYPAL_REVERSED = -2; // PayPal Refund or Reversal
  10.     const CANCELLED = -1; // Cancelled/Timed Out
  11.     const WAITING_FOR_FUNDS = 0; // Waiting for buyer funds
  12.     const CONFIRMED_COIN_RECEPTION = 1; // We have confirmed coin reception from the buyer
  13.     const QUEUED_FOR_NIGHTLY_PAYOUT = 2; // Queued for nightly payout (if payout mode is set to Nightly)
  14.     const PAYPAL_PENDING = 3; // PayPal pending (eChecks or other types of holds)
  15.     const PAYMENT_COMPLETE = 100; // Payment complete. Coins sent to payment address or 3rd party payment system reports the payment complete
  16. }
  17.  
  18. $MERCHANT_ID = ""; // Your public Merchant ID
  19. $IPN_SECRET = ""; // Your secret IPN key, setup in Coinpayments setttings.
  20.  
  21. $ORDER_CURRENCY = 'USD'; // Set to your preferred currency
  22. $ORDER_TOTAL = 10.00; // Set to your preferred amount
  23.  
  24. if (!isset($_POST['ipn_mode']) || $_POST['ipn_mode'] != 'hmac') {
  25.     die('IPN Mode is not HMAC');
  26. }
  27.  
  28. if (!isset($_SERVER['HTTP_HMAC']) || empty($_SERVER['HTTP_HMAC'])) {
  29.     die('No HMAC signature sent');
  30. }
  31.  
  32. $request = file_get_contents('php://input');
  33. if ($request === FALSE || empty($request)) {
  34.     die('Error reading POST data');
  35. }
  36.  
  37. if (!isset($_POST['merchant']) || $_POST['merchant'] != trim($MERCHANT_ID)) {
  38.     die('No or incorrect Merchant ID passed');
  39. }
  40.  
  41. $hmac = hash_hmac("sha512", $request, trim($IPN_SECRET));
  42. if ($hmac != $_SERVER['HTTP_HMAC']) {
  43.     die('HMAC signature does not match');
  44. }
  45.  
  46. $txn_id = $_POST['txn_id']; // The unique ID of the payment.
  47. $item_name = $_POST['item_name']; // The name of the item that was purchased.
  48. $item_number = $_POST['item_number']; // Passthru variable for own use. (Visible to buyer)
  49. $amount1 = floatval($_POST['amount1']); // The total amount of the payment in your original currency.
  50. $amount2 = floatval($_POST['amount2']); // The total amount of the payment in the buyer's selected coin.
  51. $currency1 = $_POST['currency1']; // The original currency submitted.
  52. $currency2 = $_POST['currency2']; // The coin the buyer chose to pay with.
  53. $status = intval($_POST['status']); // The status of the payment.
  54. $status_text = $_POST['status_text']; // A text string describing the status of the payment.
  55.  
  56. // Check the original currency to make sure the buyer didn't change it.
  57. if ($currency1 != $ORDER_CURRENCY) {
  58.     die('Original currency mismatch');
  59. }
  60.  
  61. // Check the amount against order total
  62. if ($amount1 < $ORDER_TOTAL) {
  63.     die('Amount is less than order total');
  64. }
  65.  
  66. if ($status >= OrderStatus::PAYMENT_COMPLETE || $status == OrderStatus::QUEUED_FOR_NIGHTLY_PAYOUT) {
  67.     // payment is complete or queued for nightly payout, ship product  
  68. } else if ($status == OrderStatus::PAYPAL_REVERSED) {
  69.     // paypal payment reversed or refunded, cancel shipping/product
  70. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!