Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // Ein paar Funktionen die ich so nutze in diesem Skript:
- function xss_clean($input, $filter = FILTER_SANITIZE_STRING) {
- $step1 = trim($input);
- $step2 = filter_var($step1, $filter);
- $step3 = htmlspecialchars($step2, ENT_QUOTES);
- $step4 = htmlentities($step3, ENT_QUOTES);
- $step5 = strip_tags($step4);
- return $step5;
- }
- function securedPost($varname, $default = "") {
- if(isset($_POST[$varname])) {
- $response = xss_clean($_POST[$varname]);
- } else {
- $response = $default;
- }
- return $response;
- }
- function jsonEcho($index, $message, $responseCode = 200) {
- if($index == 0) {
- $response["status"] = "error";
- $response["message"] = $message;
- http_response_code($responseCode);
- } elseif($index == 1) {
- $response["status"] = "success";
- $response["message"] = $message;
- http_response_code($responseCode);
- } elseif($index == 2) {
- $response["status"] = "warning";
- $response["message"] = $message;
- http_response_code($responseCode);
- }
- echo json_encode($response);
- }
- function send_email($to, $subject, $msg) {
- include ('conf/config.php');
- require ('conf/class.smtp.php');
- require ('conf/class.phpmailer.php');
- $mail = new PHPMailer();
- $mail->IsSMTP();
- $mail->IsHTML(true);
- $mail->Host = "smtp.strato.de";
- $mail->SMTPAuth = true;
- $mail->Username = "$strato";
- $mail->Password = "$stratos";
- $mail->From = "$strato";
- $mail->FromName = "Shinji";
- $mail->AddAddress("$to");
- $mail->Subject = $subject;
- $mail->Body = $msg;
- if(!$mail->Send())
- {
- //$mail->Send() liefert FALSE zurück: Es ist ein Fehler aufgetreten
- echo "Fehler: " . $mail->ErrorInfo;
- exit;
- }
- exit;
- }
- function outdatet() {
- //$headers = "From: Shinji <no-reply@minority-project.eu>\r\n";
- //$headers .= "Reply-To: no-reply@minority-project.eu\r\n";
- //$headers .= "X-Mailer: Shinji Mailer\r\n";
- //$headers .= "MIME-Version: 1.0\r\n";
- //$headers .= "Content-Type: text/html; charset=utf-8\r\n";
- //if(mail($to, $subject, $msg, $headers)) {
- // return true;
- //}
- //return false;
- }
- // GET PAYLOAD
- $dataInputRaw = @file_get_contents("php://input");
- $IP = $_SERVER['HTTP_CLIENT_IP']?:($_SERVER['HTTP_X_FORWARDED_FOR']?:$_SERVER['REMOTE_ADDR']);
- send_email("shinji@minority-project.eu", "PayPal: PDOException", "PAYPAL: #".$IP."");
- // PayPal IP
- // FETCH DATA (POST)
- $dataInput = explode("&", $dataInputRaw);
- send_email("shinji@minority-project.eu", ("PayPal: "), "Whitelist paypal");
- // VARIABLES
- $orderBlock = 1;
- $requestTime = time();
- $myPost = array();
- // VALIDATE DATA
- foreach($dataInput as $keyval) {
- $keyval = explode ("=", $keyval);
- if(count($keyval) == 2) {
- $myPost[$keyval[0]] = urldecode($keyval[1]);
- }
- }
- $request = "cmd=_notify-validate";
- if(function_exists("get_magic_quotes_gpc")) {
- $get_magic_quotes_exists = true;
- }
- foreach ($myPost as $key => $value) {
- if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
- $value = urlencode(stripslashes($value));
- } else {
- $value = urlencode($value);
- }
- $request .= "&$key=$value";
- }
- $ch = curl_init("https://www.paypal.com/cgi-bin/webscr");
- curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
- curl_setopt($ch, CURLOPT_POST, 1);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
- curl_setopt($ch, CURLOPT_POSTFIELDS, $request);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
- curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
- curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
- curl_setopt($ch, CURLOPT_HTTPHEADER, array("Connection: Close"));
- if(!($result = curl_exec($ch)) ) {
- curl_close($ch);
- exit;
- }
- curl_close($ch);
- if(strcmp($result,"VERIFIED") == 0) {
- // VALIDATE POST DATA
- $orderFirstName = securedPost("first_name","");
- $orderLastName = securedPost("last_name","");
- $orderItemName = securedPost("item_name","");
- $orderItemNumber = securedPost("item_number","");
- $orderPaymentStatus = strtoupper(securedPost("payment_status",""));
- $orderPaymentCurrency = securedPost("mc_currency",0);
- $orderPayerId = securedPost("payer_id","");
- $orderTxnId = securedPost("txn_id","");
- $orderPayerEmail = strtolower(securedPost("payer_email",""));
- $orderPayerBusinessName = securedPost("payer_business_name","");
- $orderResidenceCountry = securedPost("residence_country","");
- $orderPaymentDate = securedPost("payment_date","");
- $orderPayerStatus = securedPost("payer_status","");
- $orderParentTxnId = securedPost("parent_txn_id","");
- $orderReceiptId = securedPost("receipt_id","");
- $orderReasonCode = securedPost("reason_code","");
- if(isset($_POST["mc_gross"]) && xss_clean($_POST["mc_gross"]) != 0) {
- $orderPaymentAmount = doubleval(xss_clean($_POST["mc_gross"]));
- } elseif(isset($_POST["mc_gross1"])) {
- $orderPaymentAmount = doubleval(xss_clean($_POST["mc_gross1"]));
- } else {
- $orderPaymentAmount = 0;
- }
- $orderMcFee = doubleval(securedPost("mc_fee",0));
- $orderPaymentFee = doubleval(securedPost("payment_fee",0));
- $orderPaymentFee += $orderMcFee;
- // SEND EMAIL TO YOURSELF, so you know what's going on :)
- if($orderReasonCode == "") {
- send_email("shinji@minority-project.eu", ("PayPal: ".$orderPayerEmail." - ".$orderPaymentStatus." - ".$orderItemNumber), $dataInputRaw);
- } else {
- send_email("shinji@minority-project.eu", ("PayPal: ".$orderPayerEmail." - ".$orderPaymentStatus." (".$orderReasonCode.") - ".$orderItemNumber), $dataInputRaw);
- }
- if($orderPaymentStatus == "COMPLETED" || $orderPaymentStatus == "CANCELED_REVERSAL") {
- // Ich lasse CANCELED_REVERSAL fast immer gebannt, micht nervts dass die Affen einfach nen PayPal Fall aufmachen ohne mich vorher zu kontaktieren.
- // Wenn sie den dann verlieren haben sie Pech gehabt!
- // vielleicht hier eine Email an den Kunden senden, vonwegen -> Payment has been completed
- $orderBlock = 0;
- $msg = "";
- $msg .= "Dear customer,\n";
- $msg .= "you can now download the product\n";
- $msg .= "http://minority-project.eu/downloads/MP-Patcher.zip\n";
- $msg .= "\n";
- $msg .= "You need to use your PayPal email (THIS: ".$orderPayerEmail.") to login\n";
- $msg .= "\n\n";
- $msg .= "Thank you,\n";
- $msg .= "Shinji";
- send_email($orderPayerEmail, "Shinji Payment ".$orderPaymentStatus, $msg);
- }
- else
- {
- $msg = "";
- $msg .= "Dear customer,\n";
- $msg .= "your payment is ".$orderPaymentStatus.",\n";
- $msg .= "You will not be able to download the product until your payment is COMPLETED.\n";
- $msg .= "\n\n";
- $msg .= "Thank you,\n";
- $msg .= "Shinji";
- send_email($orderPayerEmail, "Shinji Payment ".$orderPaymentStatus, $msg);
- }
- try {
- $DB_HOST = "127.0.0.1";
- $DB_USER = ":P";
- $DB_NAME = ":P";
- $DB_PORT = "3306";
- $DB_PW = ":P";
- $conn = new PDO("mysql:host=".$DB_HOST.";dbname=".$DB_NAME.";port=".$DB_PORT.";charset=utf8", $DB_USER, $DB_PW);
- $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- // Sucht an Hand von email ODER transaction id in deiner customers datenbank ob nen Kunde schon drin steht
- $stmt = $conn->prepare("SELECT id FROM gui_v2 WHERE (mail = '$orderPayerEmail' )");
- $stmt->execute();
- $result = $stmt->fetch(PDO::FETCH_ASSOC);
- // Kunde in DB Gefunden -> wird nur geupdated
- if(isset($result["id"])) {
- $databaseId = $result["id"];
- $stmt = $conn->prepare("UPDATE gui_v2 SET mail = '$orderPayerEmail', black = 1, payed=NOW() WHERE id = $databaseId");
- $stmt->execute();
- } else {
- $orderNameFull = $orderFirstName." ".$orderLastName;if($orderPayerBusinessName != "") { $orderNameFull = ($orderNameFull." - ".$orderPayerBusinessName);}
- $orderAddedBy = "PayPal API";
- // Füge Kunden in customers Datenbank ein
- $stmt = $conn->prepare("
- INSERT INTO gui_v2
- (mail,black)
- VALUES
- ('$orderPayerEmail', 1)
- ");
- $stmt->execute();
- // in meiner Datenbank hab ich dann noch 2 spalten, die eine die nen Timestamp ersetellt beim erstellen der Zeile / beim Eintragen und die andere Spalte "on update" nen Timestamp updated
- }
- // hier wird einfach (in seperater db und seperater table) alles was von PayPal reinkommt geloggt. Einfach um die Übersicht zu behalten bzw für die Kontoführung usw
- $stmt = $conn->prepare("INSERT INTO ipn_paypal (first_name, last_name, email, customer_id, `mod`, payment_status, txn_id, parent_txn_id, payer_id, receipt_id, `country`, `amount`, currency, order_date, added_date, state, payer_status, payment_fee, reason_code) VALUES
- ($orderFirstName, $orderLastName, $orderPayerEmail, $orderCustomerId, $orderItemNumber, $orderPaymentStatus, $orderTxnId,
- $orderParentTxnId, $orderPayerId, $orderReceiptId, $orderResidenceCountry, $orderPaymentAmount, $orderPaymentCurrency,
- $orderPaymentDate, $requestTime, $orderState, $orderPayerStatus, $orderPaymentFee, $orderReasonCode)");
- $stmt->execute();
- } catch(PDOException $e) {
- send_email("shinji@minority-project.eu", "PayPal: PDOException", $e->getMessage());
- }
- send_email("shinji@minority-project.eu", "PayPal: ACCEPTED!", "");
- jsonEcho(1,"Request was accepted.", 200);
- exit;
- } else {
- jsonEcho(0,"Request could not be verified.", 401);
- send_email("shinji@minority-project.eu", "PayPal: PDOException","PAYPAL: Request could not be verified.");
- exit;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement