Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- header('HTTP/1.1 200 OK');
- //
- // STEP 2 - create the response we need to send back to PayPal for them to confirm that it's legit
- //
- $resp = 'cmd=_notify-validate';
- foreach ($_POST as $parm => $var)
- {
- $var = urlencode(stripslashes($var));
- $resp .= "&$parm=$var";
- }
- // STEP 3 - Extract the data PayPal IPN has sent us, into local variables
- $item_name = $_POST['item_name'];
- $item_number = $_POST['item_number'];
- $payment_status = $_POST['payment_status'];
- $payment_amount = $_POST['mc_gross'];
- $payment_currency = $_POST['mc_currency'];
- $txn_id = $_POST['txn_id'];
- $receiver_email = $_POST['receiver_email'];
- $payer_email = $_POST['payer_email'];
- $record_id = $_POST['custom'];
- // Right.. we've pre-pended "cmd=_notify-validate" to the same data that PayPal sent us (I've just shown some of the data PayPal gives us. A complete list
- // is on their developer site. Now we need to send it back to PayPal via HTTP. To do that, we create a file with the right HTTP headers followed by
- // the data block we just createdand then send the whole bally lot back to PayPal using fsockopen
- // STEP 4 - Get the HTTP header into a variable and send back the data we received so that PayPal can confirm it's genuine
- $httphead = "POST /cgi-bin/webscr HTTP/1.0rn";
- $httphead .= "Content-Type: application/x-www-form-urlencodedrn";
- $httphead .= "Content-Length: " . strlen($resp) . "rnrn";
- // Now create a ="file handle" for writing to a URL to paypal.com on Port 443 (the IPN port)
- $errno ='';
- $errstr='';
- $fh = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
- // STEP 5 - Nearly done. Now send the data back to PayPal so it can tell us if the IPN notification was genuine
- if (!$fh) {
- // Uh oh. This means that we have not been able to get thru to the PayPal server. It's an HTTP failure
- //
- // You need to handle this here according to your preferred business logic. An email, a log message, a trip to the pub..
- }
- // Connection opened, so spit back the response and get PayPal's view whether it was an authentic notification
- else {
- fputs ($fh, $httphead . $resp);
- while (!feof($fh))
- {
- $readresp = fgets ($fh, 1024);
- if (strcmp ($readresp, "VERIFIED") == 0)
- {
- $servername = "my db ip";
- $username = "my db username";
- $password = "my db password";
- $dbname = "my database";
- // Create connection
- $conn = new mysqli($servername, $username, $password, $dbname);
- // Check connection
- if ($conn->connect_error) {
- die("Connection failed: " . $conn->connect_error);
- }
- //When the payment is made i want to update Premiumaccsess in members to YES (for the logged in user)
- //Im not sure if i should find out who is logged in by memberID or username
- $sql = "UPDATE members SET Premium_Accsess='YES' WHERE memberID=15";
- if ($conn->query($sql) === TRUE) {
- echo "Record updated successfully";
- } else {
- echo "Error updating record: " . $conn->error;
- }
- $conn->close();
- }
- else if (strcmp ($readresp, "INVALID") == 0)
- {
- // Man alive! A hacking attempt?
- }
- }
- fclose ($fh);
- }
- ?>
- <?php
- include('password.php');
- class User extends Password{
- private $_db;
- function __construct($db){
- parent::__construct();
- $this->_db = $db;
- }
- private function get_user_hash($username){
- try {
- $stmt = $this->_db->prepare('SELECT password, username, memberID, Premium_Accsess FROM members WHERE username = :username AND active="Yes" ');
- $stmt->execute(array('username' => $username));
- return $stmt->fetch();
- } catch(PDOException $e) {
- echo '<p class="bg-danger">'.$e->getMessage().'</p>';
- }
- }
- public function isValidUsername($username){
- if (strlen($username) < 3) return false;
- if (strlen($username) > 17) return false;
- if (!ctype_alnum($username)) return false;
- return true;
- }
- public function login($username,$password){
- if (!$this->isValidUsername($username)) return false;
- if (strlen($password) < 3) return false;
- $row = $this->get_user_hash($username);
- if($this->password_verify($password,$row['password']) == 1){
- $_SESSION['loggedin'] = true;
- $_SESSION['username'] = $row['username'];
- $_SESSION['memberID'] = $row['memberID'];
- return true;
- }
- }
- public function logout(){
- session_destroy();
- }
- public function is_logged_in(){
- if(isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true){
- return true;
- }
- }
- }
Add Comment
Please, Sign In to add comment