API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 19th, 2017
639
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.30 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. // Ein paar Funktionen die ich so nutze in diesem Skript:
  4. function xss_clean($input, $filter = FILTER_SANITIZE_STRING) {
  5. $step1 = trim($input);
  6. $step2 = filter_var($step1, $filter);
  7. $step3 = htmlspecialchars($step2, ENT_QUOTES);
  8. $step4 = htmlentities($step3, ENT_QUOTES);
  9. $step5 = strip_tags($step4);
  10. return $step5;
  11. }
  12. function securedPost($varname, $default = "") {
  13. if(isset($_POST[$varname])) {
  14. $response = xss_clean($_POST[$varname]);
  15. } else {
  16. $response = $default;
  17. }
  18. return $response;
  19. }
  20. function jsonEcho($index, $message, $responseCode = 200) {
  21. if($index == 0) {
  22. $response["status"] = "error";
  23. $response["message"] = $message;
  24. http_response_code($responseCode);
  25. } elseif($index == 1) {
  26. $response["status"] = "success";
  27. $response["message"] = $message;
  28. http_response_code($responseCode);
  29. } elseif($index == 2) {
  30. $response["status"] = "warning";
  31. $response["message"] = $message;
  32. http_response_code($responseCode);
  33. }
  34. echo json_encode($response);
  35. }
  36. function send_email($to, $subject, $msg) {
  37. include ('conf/config.php');
  38. require ('conf/class.smtp.php');
  39. require ('conf/class.phpmailer.php');
  40.  
  41. $mail = new PHPMailer();
  42. $mail->IsSMTP();
  43. $mail->IsHTML(true);
  44.  
  45. $mail->Host = "smtp.strato.de";
  46. $mail->SMTPAuth = true;
  47.  
  48. $mail->Username = "$strato";
  49. $mail->Password = "$stratos";
  50.  
  51. $mail->From = "$strato";
  52. $mail->FromName = "Shinji";
  53. $mail->AddAddress("$to");
  54.  
  55. $mail->Subject = $subject;
  56.  
  57. $mail->Body = $msg;
  58. if(!$mail->Send())
  59. {
  60. //$mail->Send() liefert FALSE zurück: Es ist ein Fehler aufgetreten
  61. echo "Fehler: " . $mail->ErrorInfo;
  62. exit;
  63. }
  64. exit;
  65. }
  66.  
  67. function outdatet() {
  68. //$headers = "From: Shinji <no-reply@minority-project.eu>\r\n";
  69. //$headers .= "Reply-To: no-reply@minority-project.eu\r\n";
  70. //$headers .= "X-Mailer: Shinji Mailer\r\n";
  71. //$headers .= "MIME-Version: 1.0\r\n";
  72. //$headers .= "Content-Type: text/html; charset=utf-8\r\n";
  73. //if(mail($to, $subject, $msg, $headers)) {
  74. // return true;
  75. //}
  76. //return false;
  77. }
  78.  
  79. // GET PAYLOAD
  80. $dataInputRaw = @file_get_contents("php://input");
  81. $IP = $_SERVER['HTTP_CLIENT_IP']?:($_SERVER['HTTP_X_FORWARDE‌​D_FOR']?:$_SERVER['REMOTE_ADDR']);
  82. send_email("shinji@minority-project.eu", "PayPal: PDOException", "PAYPAL: #".$IP."");
  83. // PayPal IP
  84.  
  85. // FETCH DATA (POST)
  86. $dataInput = explode("&", $dataInputRaw);
  87.  
  88. send_email("shinji@minority-project.eu", ("PayPal: "), "Whitelist paypal");
  89. // VARIABLES
  90. $orderBlock = 1;
  91. $requestTime = time();
  92. $myPost = array();
  93.  
  94. // VALIDATE DATA
  95. foreach($dataInput as $keyval) {
  96. $keyval = explode ("=", $keyval);
  97. if(count($keyval) == 2) {
  98. $myPost[$keyval[0]] = urldecode($keyval[1]);
  99. }
  100. }
  101. $request = "cmd=_notify-validate";
  102. if(function_exists("get_magic_quotes_gpc")) {
  103. $get_magic_quotes_exists = true;
  104. }
  105. foreach ($myPost as $key => $value) {
  106. if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
  107. $value = urlencode(stripslashes($value));
  108. } else {
  109. $value = urlencode($value);
  110. }
  111. $request .= "&$key=$value";
  112. }
  113.  
  114. $ch = curl_init("https://www.paypal.com/cgi-bin/webscr");
  115. curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
  116. curl_setopt($ch, CURLOPT_POST, 1);
  117. curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
  118. curl_setopt($ch, CURLOPT_POSTFIELDS, $request);
  119. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
  120. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
  121. curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
  122. curl_setopt($ch, CURLOPT_HTTPHEADER, array("Connection: Close"));
  123. if(!($result = curl_exec($ch)) ) {
  124. curl_close($ch);
  125. exit;
  126. }
  127. curl_close($ch);
  128.  
  129. if(strcmp($result,"VERIFIED") == 0) {
  130. // VALIDATE POST DATA
  131. $orderFirstName = securedPost("first_name","");
  132. $orderLastName = securedPost("last_name","");
  133. $orderItemName = securedPost("item_name","");
  134. $orderItemNumber = securedPost("item_number","");
  135. $orderPaymentStatus = strtoupper(securedPost("payment_status",""));
  136. $orderPaymentCurrency = securedPost("mc_currency",0);
  137. $orderPayerId = securedPost("payer_id","");
  138. $orderTxnId = securedPost("txn_id","");
  139. $orderPayerEmail = strtolower(securedPost("payer_email",""));
  140. $orderPayerBusinessName = securedPost("payer_business_name","");
  141. $orderResidenceCountry = securedPost("residence_country","");
  142. $orderPaymentDate = securedPost("payment_date","");
  143. $orderPayerStatus = securedPost("payer_status","");
  144. $orderParentTxnId = securedPost("parent_txn_id","");
  145. $orderReceiptId = securedPost("receipt_id","");
  146. $orderReasonCode = securedPost("reason_code","");
  147.  
  148. if(isset($_POST["mc_gross"]) && xss_clean($_POST["mc_gross"]) != 0) {
  149. $orderPaymentAmount = doubleval(xss_clean($_POST["mc_gross"]));
  150. } elseif(isset($_POST["mc_gross1"])) {
  151. $orderPaymentAmount = doubleval(xss_clean($_POST["mc_gross1"]));
  152. } else {
  153. $orderPaymentAmount = 0;
  154. }
  155.  
  156. $orderMcFee = doubleval(securedPost("mc_fee",0));
  157. $orderPaymentFee = doubleval(securedPost("payment_fee",0));
  158. $orderPaymentFee += $orderMcFee;
  159.  
  160.  
  161.  
  162. // SEND EMAIL TO YOURSELF, so you know what's going on :)
  163. if($orderReasonCode == "") {
  164. send_email("shinji@minority-project.eu", ("PayPal: ".$orderPayerEmail." - ".$orderPaymentStatus." - ".$orderItemNumber), $dataInputRaw);
  165. } else {
  166. send_email("shinji@minority-project.eu", ("PayPal: ".$orderPayerEmail." - ".$orderPaymentStatus." (".$orderReasonCode.") - ".$orderItemNumber), $dataInputRaw);
  167. }
  168.  
  169.  
  170. if($orderPaymentStatus == "COMPLETED" || $orderPaymentStatus == "CANCELED_REVERSAL") {
  171. // Ich lasse CANCELED_REVERSAL fast immer gebannt, micht nervts dass die Affen einfach nen PayPal Fall aufmachen ohne mich vorher zu kontaktieren.
  172. // Wenn sie den dann verlieren haben sie Pech gehabt!
  173. // vielleicht hier eine Email an den Kunden senden, vonwegen -> Payment has been completed
  174. $orderBlock = 0;
  175.  
  176. $msg = "";
  177. $msg .= "Dear customer,\n";
  178. $msg .= "you can now download the product\n";
  179. $msg .= "http://minority-project.eu/downloads/MP-Patcher.zip\n";
  180. $msg .= "\n";
  181. $msg .= "You need to use your PayPal email (THIS: ".$orderPayerEmail.") to login\n";
  182. $msg .= "\n\n";
  183. $msg .= "Thank you,\n";
  184. $msg .= "Shinji";
  185. send_email($orderPayerEmail, "Shinji Payment ".$orderPaymentStatus, $msg);
  186. }
  187. else
  188. {
  189. $msg = "";
  190. $msg .= "Dear customer,\n";
  191. $msg .= "your payment is ".$orderPaymentStatus.",\n";
  192. $msg .= "You will not be able to download the product until your payment is COMPLETED.\n";
  193. $msg .= "\n\n";
  194. $msg .= "Thank you,\n";
  195. $msg .= "Shinji";
  196. send_email($orderPayerEmail, "Shinji Payment ".$orderPaymentStatus, $msg);
  197. }
  198.  
  199.  
  200. try {
  201. $DB_HOST = "127.0.0.1";
  202. $DB_USER = ":P";
  203. $DB_NAME = ":P";
  204. $DB_PORT = "3306";
  205. $DB_PW = ":P";
  206.  
  207.  
  208. $conn = new PDO("mysql:host=".$DB_HOST.";dbname=".$DB_NAME.";port=".$DB_PORT.";charset=utf8", $DB_USER, $DB_PW);
  209. $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  210.  
  211.  
  212. // Sucht an Hand von email ODER transaction id in deiner customers datenbank ob nen Kunde schon drin steht
  213. $stmt = $conn->prepare("SELECT id FROM gui_v2 WHERE (mail = '$orderPayerEmail' )");
  214. $stmt->execute();
  215. $result = $stmt->fetch(PDO::FETCH_ASSOC);
  216.  
  217. // Kunde in DB Gefunden -> wird nur geupdated
  218. if(isset($result["id"])) {
  219. $databaseId = $result["id"];
  220. $stmt = $conn->prepare("UPDATE gui_v2 SET mail = '$orderPayerEmail', black = 1, payed=NOW() WHERE id = $databaseId");
  221. $stmt->execute();
  222. } else {
  223. $orderNameFull = $orderFirstName." ".$orderLastName;if($orderPayerBusinessName != "") { $orderNameFull = ($orderNameFull." - ".$orderPayerBusinessName);}
  224. $orderAddedBy = "PayPal API";
  225.  
  226. // Füge Kunden in customers Datenbank ein
  227. $stmt = $conn->prepare("
  228. INSERT INTO gui_v2
  229. (mail,black)
  230. VALUES
  231. ('$orderPayerEmail', 1)
  232. ");
  233. $stmt->execute();
  234.  
  235. // in meiner Datenbank hab ich dann noch 2 spalten, die eine die nen Timestamp ersetellt beim erstellen der Zeile / beim Eintragen und die andere Spalte "on update" nen Timestamp updated
  236. }
  237.  
  238. // hier wird einfach (in seperater db und seperater table) alles was von PayPal reinkommt geloggt. Einfach um die Übersicht zu behalten bzw für die Kontoführung usw
  239. $stmt = $conn->prepare("INSERT INTO ipn_paypal (first_name, last_name, email, customer_id, `mod`, payment_status, txn_id, parent_txn_id, payer_id, receipt_id, `country`, `amount`, currency, order_date, added_date, state, payer_status, payment_fee, reason_code) VALUES
  240. ($orderFirstName, $orderLastName, $orderPayerEmail, $orderCustomerId, $orderItemNumber, $orderPaymentStatus, $orderTxnId,
  241. $orderParentTxnId, $orderPayerId, $orderReceiptId, $orderResidenceCountry, $orderPaymentAmount, $orderPaymentCurrency,
  242. $orderPaymentDate, $requestTime, $orderState, $orderPayerStatus, $orderPaymentFee, $orderReasonCode)");
  243.  
  244. $stmt->execute();
  245.  
  246. } catch(PDOException $e) {
  247. send_email("shinji@minority-project.eu", "PayPal: PDOException", $e->getMessage());
  248. }
  249.  
  250. send_email("shinji@minority-project.eu", "PayPal: ACCEPTED!", "");
  251. jsonEcho(1,"Request was accepted.", 200);
  252. exit;
  253. } else {
  254. jsonEcho(0,"Request could not be verified.", 401);
  255. send_email("shinji@minority-project.eu", "PayPal: PDOException","PAYPAL: Request could not be verified.");
  256. exit;
  257. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!