Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <form id="signup" method="POST">
- <input type="text" name="firstname" class="form-control" placeholder="First Name *" required/>
- <input type="text" name="lastname" class="form-control" placeholder="Last Name *" required/>
- <input type="text" name="sailno" class="form-control" placeholder="Sail Number *" required/>
- <input type="text" name="boat" class="form-control" placeholder="Boat *" required/>
- <input type="email" name="email" class="form-control" placeholder="Email *" required/>
- <input type="text" name="phone" class="form-control" placeholder="Phone" />
- <input type="hidden" name="cmd" value="_notify-validate" />
- <input type="submit" name="submit" class="submit" />
- </form>
- <?php
- // Database variables
- $servername = "localhost";
- $username = "un";
- $password = "pw";
- $dbname = "dbn";
- // PayPal settings
- $paypal_email = 'email@email.com';
- $return_url = 'http://domain.co.uk/paypal/test.php';
- $cancel_url = 'http://domain.co.uk/paypal/payment-cancelled';
- $notify_url = 'http:/domain.co.uk/paypal/test.php';
- $item_name = 'Item Name';
- $item_amount = 1.00;
- $invoice = $_POST['invoice'];
- // Include Functions
- include("functions.php");
- // Check if paypal request or response
- if (!isset($_POST["txn_id"]) && !isset($_POST["txn_type"])){
- $querystring = '';
- // Firstly Append paypal account to querystring
- $querystring .= "?business=".urlencode($paypal_email)."&";
- // Append amount& currency (£) to quersytring so it cannot be edited in html
- //The item name and amount can be brought in dynamically by querying the $_POST['item_number'] variable.
- $querystring .= "item_name=".urlencode($item_name)."&";
- $querystring .= "amount=".urlencode($item_amount)."&";
- $querystring .= "invoice=".urlencode($invoice)."&";
- //loop for posted values and append to querystring
- foreach($_POST as $key => $value){
- $value = urlencode(stripslashes($value));
- $querystring .= "$key=$value&";
- }
- // Append paypal return addresses
- $querystring .= "return=".urlencode(stripslashes($return_url))."&";
- $querystring .= "cancel_return=".urlencode(stripslashes($cancel_url))."&";
- $querystring .= "notify_url=".urlencode($notify_url);
- // Append querystring with custom field
- //$querystring .= "&custom=".USERID;
- // Redirect to paypal IPN
- header('location:https://www.paypal.com/cgi-bin/webscr'.$querystring);
- exit();
- } else {
- //Database Connection
- $link = mysql_connect($servername, $username, $password);
- mysql_select_db($db_name);
- // Response from Paypal
- // read the post from PayPal system and add 'cmd'
- $req = 'cmd=_notify-validate';
- foreach ($_POST as $key => $value) {
- $value = urlencode(stripslashes($value));
- $value = preg_replace('/(.*[^%^0^D])(%0A)(.*)/i','${1}%0D%0A${3}',$value);// IPN fix
- $req .= "&$key=$value";
- }
- // assign posted variables to local variables
- $data['item_name'] = $_POST['item_name'];
- $data['item_number'] = $_POST['item_number'];
- $data['payment_status'] = $_POST['payment_status'];
- $data['payment_amount'] = $_POST['mc_gross'];
- $data['payment_currency'] = $_POST['mc_currency'];
- $data['txn_id'] = $_POST['txn_id'];
- $data['receiver_email'] = $_POST['receiver_email'];
- $data['payer_email'] = $_POST['payer_email'];
- $data['custom'] = $_POST['custom'];
- // post back to PayPal system to validate
- $header = "POST /cgi-bin/webscr HTTP/1.0rn";
- $header .= "Content-Type: application/x-www-form-urlencodedrn";
- $header .= "Content-Length: " . strlen($req) . "rnrn";
- $fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
- if (!$fp) {
- // HTTP ERROR
- } else {
- fputs($fp, $header . $req);
- while (!feof($fp)) {
- $res = fgets ($fp, 1024);
- if (strcmp($res, "VERIFIED") == 0) {
- // Used for debugging
- // mail('user@domain.com', 'PAYPAL POST - VERIFIED RESPONSE', print_r($post, true));
- // Validate payment (Check unique txnid & correct price)
- $valid_txnid = check_txnid($data['txn_id']);
- $valid_price = check_price($data['payment_amount'], $data['item_number']);
- // PAYMENT VALIDATED & VERIFIED!
- if ($valid_txnid && $valid_price) {
- $orderid = updatePayments($data);
- if ($orderid) {
- // Payment has been made & successfully inserted into the Database
- mail("email@email.com","Success","Payment made successfully");
- echo "updated";
- } else {
- // Error inserting into DB
- // E-mail admin or alert user
- mail('email@email.com', 'PAYPAL POST - INSERT INTO DB WENT WRONG', print_r($data, true));
- }
- } else {
- // Payment made but data has been changed
- // E-mail admin or alert user
- }
- } else if (strcmp ($res, "INVALID") == 0) {
- // PAYMENT INVALID & INVESTIGATE MANUALY!
- // E-mail admin or alert user
- // Used for debugging
- //@mail("user@domain.com", "PAYPAL DEBUGGING", "Invalid Response<br />data = <pre>".print_r($post, true)."</pre>");
- }
- }
- fclose ($fp);
- }
- }
- ?>
- <?php
- // STEP 1: read POST data
- // Reading POSTed data directly from $_POST causes serialization issues with array data in the POST.
- // Instead, read raw POST data from the input stream.
- $raw_post_data = file_get_contents('php://input');
- $raw_post_array = explode('&', $raw_post_data);
- $myPost = array();
- foreach ($raw_post_array as $keyval) {
- $keyval = explode ('=', $keyval);
- if (count($keyval) == 2)
- $myPost[$keyval[0]] = urldecode($keyval[1]);
- }
- // read the IPN message sent from PayPal and prepend 'cmd=_notify-validate'
- $req = 'cmd=_notify-validate';
- if (function_exists('get_magic_quotes_gpc')) {
- $get_magic_quotes_exists = true;
- }
- foreach ($myPost as $key => $value) {
- if ($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
- $value = urlencode(stripslashes($value));
- } else {
- $value = urlencode($value);
- }
- $req .= "&$key=$value";
- }
- // Step 2: POST IPN data back to PayPal to validate
- $ch = curl_init('https://www.paypal.com/cgi-bin/webscr');
- curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
- curl_setopt($ch, CURLOPT_POST, 1);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
- curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
- curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
- curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
- curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
- // In wamp-like environments that do not come bundled with root authority certificates,
- // please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set
- // the directory path of the certificate as shown below:
- // curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
- if ( !($res = curl_exec($ch)) ) {
- // error_log("Got " . curl_error($ch) . " when processing IPN data");
- curl_close($ch);
- exit;
- }
- curl_close($ch);
- // inspect IPN validation result and act accordingly
- if (strcmp ($res, "VERIFIED") == 0) {
- // The IPN is verified, process it
- } else if (strcmp ($res, "INVALID") == 0) {
- // IPN invalid, log for manual investigation
- }
- // inspect IPN validation result and act accordingly
- if (strcmp ($res, "VERIFIED") == 0) {
- // The IPN is verified, process it:
- // check whether the payment_status is Completed
- // check that txn_id has not been previously processed
- // check that receiver_email is your Primary PayPal email
- // check that payment_amount/payment_currency are correct
- // process the notification
- // assign posted variables to local variables
- $item_name = $_POST['item_name'];
- $item_number = $_POST['item_number'];
- $payment_status = $_POST['payment_status'];
- $payment_amount = $_POST['mc_gross'];
- $payment_currency = $_POST['mc_currency'];
- $txn_id = $_POST['txn_id'];
- $receiver_email = $_POST['receiver_email'];
- $payer_email = $_POST['payer_email'];
- $invoice = $_POST['invoice'];
- // IPN message values depend upon the type of notification sent.
- // To loop through the &_POST array and print the NV pairs to the screen:
- foreach($_POST as $key => $value) {
- echo $key . " = " . $value . "<br>";
- }
- echo $res;
- } else if (strcmp ($res, "INVALID") == 0) {
- // IPN invalid, log for manual investigation
- echo "Error! Paypal stated payment as: <b>" .$res ."<br />";
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement