Untitled

<?php
if ($_REQUEST['debug']) {
ini_set("display_errors", True);
error_reporting(E_ALL);
}
$mysql_host = 'localhost'; //Leave at localhost
$mysql_user = 'xxxx'; //DB User
$mysql_pass = 'xxxx'; //DB Pass
$mysql_db = 'xxxx'; //DB Name
$file = 'paypal.log'; //Paypal Log Name will be placed in the same location as your ipn.php file
$payer_email = $_REQUEST['payer_email'];
$ip = $_SERVER['REMOTE_ADDR'];
if($ip != "66.211.170.66" && $ip != "216.113.188.202" && $ip != "216.113.188.203" && $ip != "216.113.188.202") {
	print "Scammer...";
$hak = fopen("scammer.log", "a");
fwrite($hak, "$ip \r\n");
fclose($hak);
die(0);
}
$time = date("F j, Y, g:i a");
$paylist = array("5.00" => 7, "10.00" => 15, "20.00" => 32);

// connect db

$db = mysql_connect($mysql_host, $mysql_user, $mysql_pass);

$custom = stripslashes(ucwords(strtolower(trim($_REQUEST['custom']))));
$receiver_email = $_REQUEST['receiver_email'];
$payment_status = $_REQUEST['payment_status'];
$mc_gross = $_REQUEST['mc_gross'];
mysql_select_db($mysql_db, $db);
if ($_REQUEST['debug']){
print $payment_status . '\n';
print (isset($paylist[$mc_gross])) ? 1 : 0 . '\n';
print $receiver_email . '\n';
print $custom . '\n';
}
if ($payment_status == "Completed" && $receiver_email == "cj-account@hotmail.co.uk" && isset($paylist[$mc_gross])) {

$query = "SELECT premium_points FROM accounts WHERE accounts.name = '$custom'";

$result = mysql_query($query);

$prem = mysql_fetch_array($result);
$somecode = "'$time' '$custom' '$payer_email' '$mc_gross' '$ip'\r\n";

// figure out how much to give
$give = $paylist[$mc_gross];
$points = $prem['premium_points'] + $give;
// $points = mysql_query($prem)
$qry2 = "UPDATE accounts SET premium_points = '$points' WHERE accounts.name = '$custom'";
// Log Paypal Transaction
$hak = fopen($file, "a");
fwrite($hak, $somecode);
fclose($hak);

$result2 = mysql_query($qry2);
}
else
 {
 echo("Error.");
 }
?>