API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 13th, 2017
150
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.70 KB | None | 0 0
raw download clone embed print report
  1. <form id="signup" method="POST">
  2. <input type="text" name="firstname" class="form-control" placeholder="First Name *" required/>
  3. <input type="text" name="lastname" class="form-control" placeholder="Last Name *" required/>
  4. <input type="text" name="sailno" class="form-control" placeholder="Sail Number *" required/>
  5. <input type="text" name="boat" class="form-control" placeholder="Boat *" required/>
  6. <input type="email" name="email" class="form-control" placeholder="Email *" required/>
  7. <input type="text" name="phone" class="form-control" placeholder="Phone" />
  8. <input type="hidden" name="cmd" value="_notify-validate" />
  9. <input type="submit" name="submit" class="submit" />
  10. </form>
  11.  
  12. <?php
  13. // Database variables
  14. $servername = "localhost";
  15. $username = "un";
  16. $password = "pw";
  17. $dbname = "dbn";
  18.  
  19. // PayPal settings
  20. $paypal_email = 'email@email.com';
  21. $return_url = 'http://domain.co.uk/paypal/test.php';
  22. $cancel_url = 'http://domain.co.uk/paypal/payment-cancelled';
  23. $notify_url = 'http:/domain.co.uk/paypal/test.php';
  24.  
  25. $item_name = 'Item Name';
  26. $item_amount = 1.00;
  27. $invoice = $_POST['invoice'];
  28.  
  29. // Include Functions
  30. include("functions.php");
  31.  
  32. // Check if paypal request or response
  33. if (!isset($_POST["txn_id"]) && !isset($_POST["txn_type"])){
  34. $querystring = '';
  35.  
  36. // Firstly Append paypal account to querystring
  37. $querystring .= "?business=".urlencode($paypal_email)."&";
  38.  
  39. // Append amount& currency (£) to quersytring so it cannot be edited in html
  40.  
  41. //The item name and amount can be brought in dynamically by querying the $_POST['item_number'] variable.
  42. $querystring .= "item_name=".urlencode($item_name)."&";
  43. $querystring .= "amount=".urlencode($item_amount)."&";
  44. $querystring .= "invoice=".urlencode($invoice)."&";
  45.  
  46. //loop for posted values and append to querystring
  47. foreach($_POST as $key => $value){
  48. $value = urlencode(stripslashes($value));
  49. $querystring .= "$key=$value&";
  50. }
  51.  
  52. // Append paypal return addresses
  53. $querystring .= "return=".urlencode(stripslashes($return_url))."&";
  54. $querystring .= "cancel_return=".urlencode(stripslashes($cancel_url))."&";
  55. $querystring .= "notify_url=".urlencode($notify_url);
  56.  
  57. // Append querystring with custom field
  58. //$querystring .= "&custom=".USERID;
  59.  
  60. // Redirect to paypal IPN
  61. header('location:https://www.paypal.com/cgi-bin/webscr'.$querystring);
  62. exit();
  63. } else {
  64. //Database Connection
  65. $link = mysql_connect($servername, $username, $password);
  66. mysql_select_db($db_name);
  67.  
  68. // Response from Paypal
  69.  
  70. // read the post from PayPal system and add 'cmd'
  71. $req = 'cmd=_notify-validate';
  72. foreach ($_POST as $key => $value) {
  73. $value = urlencode(stripslashes($value));
  74. $value = preg_replace('/(.*[^%^0^D])(%0A)(.*)/i','${1}%0D%0A${3}',$value);// IPN fix
  75. $req .= "&$key=$value";
  76. }
  77.  
  78. // assign posted variables to local variables
  79. $data['item_name'] = $_POST['item_name'];
  80. $data['item_number'] = $_POST['item_number'];
  81. $data['payment_status'] = $_POST['payment_status'];
  82. $data['payment_amount'] = $_POST['mc_gross'];
  83. $data['payment_currency'] = $_POST['mc_currency'];
  84. $data['txn_id'] = $_POST['txn_id'];
  85. $data['receiver_email'] = $_POST['receiver_email'];
  86. $data['payer_email'] = $_POST['payer_email'];
  87. $data['custom'] = $_POST['custom'];
  88.  
  89. // post back to PayPal system to validate
  90. $header = "POST /cgi-bin/webscr HTTP/1.0rn";
  91. $header .= "Content-Type: application/x-www-form-urlencodedrn";
  92. $header .= "Content-Length: " . strlen($req) . "rnrn";
  93.  
  94. $fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
  95.  
  96. if (!$fp) {
  97. // HTTP ERROR
  98.  
  99. } else {
  100. fputs($fp, $header . $req);
  101. while (!feof($fp)) {
  102. $res = fgets ($fp, 1024);
  103. if (strcmp($res, "VERIFIED") == 0) {
  104.  
  105. // Used for debugging
  106. // mail('user@domain.com', 'PAYPAL POST - VERIFIED RESPONSE', print_r($post, true));
  107.  
  108. // Validate payment (Check unique txnid & correct price)
  109. $valid_txnid = check_txnid($data['txn_id']);
  110. $valid_price = check_price($data['payment_amount'], $data['item_number']);
  111. // PAYMENT VALIDATED & VERIFIED!
  112. if ($valid_txnid && $valid_price) {
  113.  
  114. $orderid = updatePayments($data);
  115.  
  116. if ($orderid) {
  117. // Payment has been made & successfully inserted into the Database
  118. mail("email@email.com","Success","Payment made successfully");
  119. echo "updated";
  120. } else {
  121. // Error inserting into DB
  122. // E-mail admin or alert user
  123. mail('email@email.com', 'PAYPAL POST - INSERT INTO DB WENT WRONG', print_r($data, true));
  124. }
  125. } else {
  126. // Payment made but data has been changed
  127. // E-mail admin or alert user
  128. }
  129.  
  130. } else if (strcmp ($res, "INVALID") == 0) {
  131.  
  132. // PAYMENT INVALID & INVESTIGATE MANUALY!
  133. // E-mail admin or alert user
  134.  
  135. // Used for debugging
  136. //@mail("user@domain.com", "PAYPAL DEBUGGING", "Invalid Response<br />data = <pre>".print_r($post, true)."</pre>");
  137. }
  138. }
  139. fclose ($fp);
  140. }
  141. }
  142. ?>
  143.  
  144. <?php
  145. // STEP 1: read POST data
  146. // Reading POSTed data directly from $_POST causes serialization issues with array data in the POST.
  147. // Instead, read raw POST data from the input stream.
  148. $raw_post_data = file_get_contents('php://input');
  149. $raw_post_array = explode('&', $raw_post_data);
  150. $myPost = array();
  151. foreach ($raw_post_array as $keyval) {
  152. $keyval = explode ('=', $keyval);
  153. if (count($keyval) == 2)
  154. $myPost[$keyval[0]] = urldecode($keyval[1]);
  155. }
  156. // read the IPN message sent from PayPal and prepend 'cmd=_notify-validate'
  157. $req = 'cmd=_notify-validate';
  158. if (function_exists('get_magic_quotes_gpc')) {
  159. $get_magic_quotes_exists = true;
  160. }
  161. foreach ($myPost as $key => $value) {
  162. if ($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
  163. $value = urlencode(stripslashes($value));
  164. } else {
  165. $value = urlencode($value);
  166. }
  167. $req .= "&$key=$value";
  168. }
  169.  
  170. // Step 2: POST IPN data back to PayPal to validate
  171. $ch = curl_init('https://www.paypal.com/cgi-bin/webscr');
  172. curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
  173. curl_setopt($ch, CURLOPT_POST, 1);
  174. curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
  175. curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
  176. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
  177. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
  178. curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
  179. curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
  180. // In wamp-like environments that do not come bundled with root authority certificates,
  181. // please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set
  182. // the directory path of the certificate as shown below:
  183. // curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
  184. if ( !($res = curl_exec($ch)) ) {
  185. // error_log("Got " . curl_error($ch) . " when processing IPN data");
  186. curl_close($ch);
  187. exit;
  188. }
  189. curl_close($ch);
  190.  
  191. // inspect IPN validation result and act accordingly
  192. if (strcmp ($res, "VERIFIED") == 0) {
  193. // The IPN is verified, process it
  194. } else if (strcmp ($res, "INVALID") == 0) {
  195. // IPN invalid, log for manual investigation
  196. }
  197.  
  198. // inspect IPN validation result and act accordingly
  199. if (strcmp ($res, "VERIFIED") == 0) {
  200. // The IPN is verified, process it:
  201. // check whether the payment_status is Completed
  202. // check that txn_id has not been previously processed
  203. // check that receiver_email is your Primary PayPal email
  204. // check that payment_amount/payment_currency are correct
  205. // process the notification
  206. // assign posted variables to local variables
  207. $item_name = $_POST['item_name'];
  208. $item_number = $_POST['item_number'];
  209. $payment_status = $_POST['payment_status'];
  210. $payment_amount = $_POST['mc_gross'];
  211. $payment_currency = $_POST['mc_currency'];
  212. $txn_id = $_POST['txn_id'];
  213. $receiver_email = $_POST['receiver_email'];
  214. $payer_email = $_POST['payer_email'];
  215. $invoice = $_POST['invoice'];
  216. // IPN message values depend upon the type of notification sent.
  217. // To loop through the &_POST array and print the NV pairs to the screen:
  218.  
  219. foreach($_POST as $key => $value) {
  220. echo $key . " = " . $value . "<br>";
  221.  
  222. }
  223. echo $res;
  224.  
  225. } else if (strcmp ($res, "INVALID") == 0) {
  226. // IPN invalid, log for manual investigation
  227. echo "Error! Paypal stated payment as: <b>" .$res ."<br />";
  228. }
  229. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!