API tools faq
paste
Guest User

Untitled

a guest
Dec 8th, 2017
103
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.71 KB | None | 0 0
raw download clone embed print report
  1. header('HTTP/1.1 200 OK');
  2.  
  3. //
  4. // STEP 2 - create the response we need to send back to PayPal for them to confirm that it's legit
  5. //
  6.  
  7. $resp = 'cmd=_notify-validate';
  8. foreach ($_POST as $parm => $var)
  9. {
  10. $var = urlencode(stripslashes($var));
  11. $resp .= "&$parm=$var";
  12. }
  13.  
  14. // STEP 3 - Extract the data PayPal IPN has sent us, into local variables
  15.  
  16. $item_name = $_POST['item_name'];
  17. $item_number = $_POST['item_number'];
  18. $payment_status = $_POST['payment_status'];
  19. $payment_amount = $_POST['mc_gross'];
  20. $payment_currency = $_POST['mc_currency'];
  21. $txn_id = $_POST['txn_id'];
  22. $receiver_email = $_POST['receiver_email'];
  23. $payer_email = $_POST['payer_email'];
  24. $record_id = $_POST['custom'];
  25.  
  26.  
  27. // Right.. we've pre-pended "cmd=_notify-validate" to the same data that PayPal sent us (I've just shown some of the data PayPal gives us. A complete list
  28. // is on their developer site. Now we need to send it back to PayPal via HTTP. To do that, we create a file with the right HTTP headers followed by
  29. // the data block we just createdand then send the whole bally lot back to PayPal using fsockopen
  30.  
  31.  
  32. // STEP 4 - Get the HTTP header into a variable and send back the data we received so that PayPal can confirm it's genuine
  33.  
  34. $httphead = "POST /cgi-bin/webscr HTTP/1.0rn";
  35. $httphead .= "Content-Type: application/x-www-form-urlencodedrn";
  36. $httphead .= "Content-Length: " . strlen($resp) . "rnrn";
  37.  
  38. // Now create a ="file handle" for writing to a URL to paypal.com on Port 443 (the IPN port)
  39.  
  40. $errno ='';
  41. $errstr='';
  42.  
  43. $fh = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
  44.  
  45. // STEP 5 - Nearly done. Now send the data back to PayPal so it can tell us if the IPN notification was genuine
  46.  
  47. if (!$fh) {
  48.  
  49. // Uh oh. This means that we have not been able to get thru to the PayPal server. It's an HTTP failure
  50. //
  51. // You need to handle this here according to your preferred business logic. An email, a log message, a trip to the pub..
  52. }
  53.  
  54. // Connection opened, so spit back the response and get PayPal's view whether it was an authentic notification
  55.  
  56. else {
  57. fputs ($fh, $httphead . $resp);
  58. while (!feof($fh))
  59. {
  60. $readresp = fgets ($fh, 1024);
  61. if (strcmp ($readresp, "VERIFIED") == 0)
  62. {
  63.  
  64.  
  65.  
  66. $servername = "my db ip";
  67. $username = "my db username";
  68. $password = "my db password";
  69. $dbname = "my database";
  70.  
  71. // Create connection
  72. $conn = new mysqli($servername, $username, $password, $dbname);
  73. // Check connection
  74. if ($conn->connect_error) {
  75. die("Connection failed: " . $conn->connect_error);
  76. }
  77.  
  78.  
  79. //When the payment is made i want to update Premiumaccsess in members to YES (for the logged in user)
  80. //Im not sure if i should find out who is logged in by memberID or username
  81. $sql = "UPDATE members SET Premium_Accsess='YES' WHERE memberID=15";
  82.  
  83.  
  84.  
  85. if ($conn->query($sql) === TRUE) {
  86. echo "Record updated successfully";
  87. } else {
  88. echo "Error updating record: " . $conn->error;
  89. }
  90.  
  91. $conn->close();
  92.  
  93.  
  94.  
  95.  
  96. }
  97.  
  98. else if (strcmp ($readresp, "INVALID") == 0)
  99. {
  100.  
  101. // Man alive! A hacking attempt?
  102.  
  103. }
  104. }
  105. fclose ($fh);
  106. }
  107.  
  108.  
  109. ?>
  110.  
  111. <?php
  112. include('password.php');
  113. class User extends Password{
  114.  
  115. private $_db;
  116.  
  117. function __construct($db){
  118. parent::__construct();
  119.  
  120. $this->_db = $db;
  121. }
  122.  
  123. private function get_user_hash($username){
  124.  
  125. try {
  126. $stmt = $this->_db->prepare('SELECT password, username, memberID, Premium_Accsess FROM members WHERE username = :username AND active="Yes" ');
  127. $stmt->execute(array('username' => $username));
  128.  
  129. return $stmt->fetch();
  130.  
  131. } catch(PDOException $e) {
  132. echo '<p class="bg-danger">'.$e->getMessage().'</p>';
  133. }
  134. }
  135.  
  136. public function isValidUsername($username){
  137. if (strlen($username) < 3) return false;
  138. if (strlen($username) > 17) return false;
  139. if (!ctype_alnum($username)) return false;
  140. return true;
  141. }
  142.  
  143. public function login($username,$password){
  144. if (!$this->isValidUsername($username)) return false;
  145. if (strlen($password) < 3) return false;
  146.  
  147. $row = $this->get_user_hash($username);
  148.  
  149. if($this->password_verify($password,$row['password']) == 1){
  150.  
  151. $_SESSION['loggedin'] = true;
  152. $_SESSION['username'] = $row['username'];
  153. $_SESSION['memberID'] = $row['memberID'];
  154. return true;
  155. }
  156. }
  157.  
  158. public function logout(){
  159. session_destroy();
  160. }
  161.  
  162. public function is_logged_in(){
  163. if(isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true){
  164. return true;
  165. }
  166. }
  167.  
  168. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!