paypalipn.php

1. <?php
2.  
3. error_reporting(0);
4. ini_set('error_reporting', 0);
5. ini_set('display_errors', 0);
6. ini_set('display_startup_errors', 0);
7. ini_set('default_charset', 'UTF-8');
8. date_default_timezone_set('America/Sao_Paulo');
9. header('HTTP/1.1 200 OK');
10.  
11. function saveLog($text, $dump=0) {
12. $xpldName = explode('.', basename( __FILE__ ));
13. $secretName = explode('_', $xpldName[0]);
14. $f = fopen("logs/".$secretName[0]."_".date('m-Y')."__".md5($secretName[1]).".txt","a+");
15. $t = date('d/m/Y H:i').": ".$text.($dump==1 ? " - Dump: ".strtr(print_r($_POST, true), array(' ' => ' ')) : "")."\r\n";
16. fwrite($f, $t, strlen($t));
17. fclose($f);
18. }
19.  
20. function vCode($content) {
21. return addslashes(htmlentities(trim($content), ENT_QUOTES, 'ISO-8859-1'));
22. }
23.  
24. if(
25. empty($_POST['txn_id']) ||
26. empty($_POST['payment_status']) ||
27. empty($_POST['mc_gross']) ||
28. empty($_POST['custom']) ||
29. empty($_POST['mc_currency']) ||
30. empty($_POST['payer_email'])
31. ) {
32. saveLog("RAW POSTs incompletos! #1", 1);
33. exit;
34. }
35.  
36. if(empty($_POST['receiver_email']) && empty($_POST['business'])) {
37. saveLog("RAW POSTs incompletos! #2", 1);
38. exit;
39. }
40.  
41. /*
42. $req = 'cmd=_notify-validate';
43.  
44. foreach ($_POST as $key => $value) {
45. $value = urlencode(stripslashes($value));
46. $req .= "&$key=$value";
47. }
48.  
49. $header = "POST /cgi-bin/webscr HTTP/1.1\r\n";
50.  
51. $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
52. $header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
53.  
54. if($PayPal['testando'] == 1) {
55. $header .= "Host: www.sandbox.paypal.com:443\r\n";
56. $fp = fsockopen('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);
57. } else {
58. $header .= "Host: www.paypal.com:443\r\n";
59. $fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
60. }
61.  
62. fputs($fp, $header . $req);
63.  
64. $countWhile = 0;
65.  
66. while(!feof($fp)) {
67.  
68. $countWhile += 1;
69.  
70. $res = fgets($fp, 1024);
71.  
72. if(strcmp($res, "VERIFIED") != 0) {
73. saveLog("Transação inválida! #1", 1);
74. exit;
75. }
76.  
77. fclose ($fp);
78.  
79. }
80.  
81. if($countWhile == 0) {
82. saveLog("Transação inválida! #2", 1);
83. exit;
84. }
85.  
86. */
87. /*
88. $raw_post_data = file_get_contents('php://input');
89. $raw_post_array = explode('&', $raw_post_data);
90. $myPost = array();
91. foreach ($raw_post_array as $keyval) {
92. $keyval = explode ('=', $keyval);
93. if (count($keyval) == 2)
94. $myPost[$keyval[0]] = urldecode($keyval[1]);
95. }
96.  
97. $req = 'cmd=_notify-validate';
98. if (function_exists('get_magic_quotes_gpc')) {
99. $get_magic_quotes_exists = true;
100. }
101.  
102. foreach ($myPost as $key => $value) {
103. if ($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
104. $value = urlencode(stripslashes($value));
105. } else {
106. $value = urlencode($value);
107. }
108. $req .= "&$key=$value";
109. }
110.  
111.  
112. if($PayPal['testando'] == 1) {
113. $cURL_page = 'https://www.sandbox.paypal.com/cgi-bin/webscr';
114. } else {
115. $cURL_page = 'https://www.paypal.com/cgi-bin/webscr';
116. }
117.  
118. $ch = curl_init($cURL_page);
119. curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
120. curl_setopt($ch, CURLOPT_POST, 1);
121. curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
122. curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
123. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
124. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
125. curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
126. curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
127.  
128. if ( !($res = curl_exec($ch)) ) {
129. saveLog("Processo encerrado por falha no cURL!", 1);
130. curl_close($ch);
131. exit;
132. }
133. curl_close($ch);
134.  
135. if(strcmp($res, "VERIFIED") != 0) {
136. saveLog("Transação inválida!", 1);
137. exit;
138. }
139. */
140.  
141. if(file_exists('../private/configs.php')) {
142. require('../private/configs.php');
143. } else {
144. saveLog("Require configs!", 0);
145. }
146.  
147. if(file_exists('../../private/configs.php') && (!isset($host) || !isset($dbnm) || !isset($user) || !isset($pass))) {
148. require('../../private/configs.php');
149. }
150.  
151. $tid = vCode($_POST['txn_id']);
152. $status = vCode($_POST['payment_status']);
153. $ref = vCode($_POST['custom']);
154. $curr = vCode($_POST['mc_currency']);
155. $email = !empty($_POST['receiver_email']) ? vCode($_POST['receiver_email']) : '';
156. $email2 = !empty($_POST['business']) ? vCode($_POST['business']) : '';
157. $payer_email = vCode($_POST['payer_email']);
158. $price = vCode($_POST['mc_gross']);
159.  
160. if(empty($tid) || empty($status) || empty($price) || empty($ref) || empty($curr) || empty($payer_email)) {
161. saveLog("Algum dos parâmetros importantes está vazio! #1", 1);
162. exit;
163. }
164.  
165. if(empty($email) && empty($email2)) {
166. saveLog("Algum dos parâmetros importantes está vazio! #2", 1);
167. exit;
168. }
169.  
170. if(file_exists('../private/classes/DB.php')) {
171. require('../private/classes/DB.php');
172. } else {
173. require('../../private/classes/DB.php');
174. }
175.  
176. new DB($conMethod, $host, $user, $pass, $dbnm, $port);
177.  
178. $d = DB::Executa("SELECT TOP 1 * FROM site_donations WHERE protocolo = '".$ref."'", "SITE");
179. if(count($d) == 0) {
180. saveLog("Protocolo inexistente!", 1);
181. exit;
182. }
183.  
184. $account = trim($d[0]['account']);
185. $coinsEntregar = intval(trim($d[0]['quant_coins']) + trim($d[0]['coins_bonus']));
186. $coinsEntregues = intval(trim($d[0]['coins_entregues']));
187. $personagem = trim($d[0]['personagem']);
188. $valor = trim($d[0]['valor']);
189. $currentStatus = intval(trim($d[0]['status']));
190. $mpgto = strtolower(trim($d[0]['metodo_pgto']));
191.  
192. /*
193. Canceled_Reversal: A reversal has been canceled. For example, you won a dispute with the customer, and the funds for the transaction that was reversed have been returned to you.
194. Completed: The payment has been completed, and the funds have been added successfully to your account balance.
195. Created: A German ELV payment is made using Express Checkout.
196. Denied: The payment was denied. This happens only if the payment was previously pending because of one of the reasons listed for the pending_reason variable or the Fraud_Management_Filters_x variable.
197. Expired: This authorization has expired and cannot be captured.
198. Failed: The payment has failed. This happens only if the payment was made from your customer's bank account.
199. Pending: The payment is pending. See pending_reason for more information.
200. Refunded: You refunded the payment.
201. Reversed: A payment was reversed due to a chargeback or other type of reversal. The funds have been removed from your account balance and returned to the buyer. The reason for the reversal is specified in the ReasonCode element.
202. Processed: A payment has been accepted.
203. Voided: This authorization has been voided.
204. */
205.  
206. $status = strtolower($status);
207. switch($status) {
208. case 'canceled_reversal': $finalStatus = 3; break; // Pago
209. case 'completed': $finalStatus = 3; break; // Pago
210. case 'processed': $finalStatus = 3; break; // Pago
211. default: $finalStatus = 1; break; // Pendente
212. }
213.  
214. if($currentStatus == 4 && $finalStatus == 3) {
215. $finalStatus = 4;
216. }
217.  
218. if($currentStatus == 2 && $finalStatus != 3) {
219. $finalStatus = 2;
220. }
221.  
222. $updateOrder = DB::Executa("UPDATE site_donations SET ultima_alteracao = '".time()."', transaction_code = '".$tid."', status = '".$finalStatus."', status_real = '".$status."' WHERE protocolo = '".$ref."'", "SITE");
223. if(!$updateOrder) {
224. saveLog("Não foi possível atualizar o status da transação! #1", 1);
225. exit;
226. }
227.  
228. if($autoDelivery != 1) {
229. saveLog("Transação recebida e processada com sucesso! #1", 1);
230. exit;
231. }
232.  
233. if($coinsEntregues != $coinsEntregar && $finalStatus == 3) {
234.  
235. if($PayPal['testando'] != 1) {
236.  
237. if(number_format($price, 2, '.', '') < number_format($valor, 2, '.', '')) {
238. saveLog("O valor pago é inferior ao valor registrado!", 1);
239. exit;
240. }
241.  
242. if($mpgto == 'paypal_brl') {
243. $moeda = 'BRL';
244. } else if($mpgto == 'paypal_usd' || $mpgto == 'paypal') {
245. $moeda = 'USD';
246. } else {
247. $moeda = 'EUR';
248. }
249.  
250. if($curr != $moeda) {
251. saveLog("O pagamento foi efetuado numa moeda diferente da que foi registrada inicialmente na transação!", 1);
252. exit;
253. }
254.  
255. if($email != $PayPal['business_email'] && $email2 != $PayPal['business_email']) {
256. saveLog("O pagamento foi efetuado para uma conta que não é equivalente a que está na configuração!", 1);
257. exit;
258. }
259.  
260. }
261.  
262. $updateOrder = DB::Executa("UPDATE site_donations SET coins_entregues = '".$coinsEntregar."', status = '4' WHERE protocolo = '".$ref."'", "SITE");
263. if(!$updateOrder) {
264. saveLog("Não foi possível atualizar o status da transação! #2", 1);
265. exit;
266. }
267.  
268. $checkExists = DB::Executa("SELECT TOP 1 * FROM site_balance WHERE account = '".$account."'", "SITE");
269. if(count($checkExists) > 0) {
270. $addBalance = DB::Executa("UPDATE site_balance SET saldo = (saldo+".$coinsEntregar.") WHERE account = '".$account."'", "SITE");
271. } else {
272. $addBalance = DB::Executa("INSERT INTO site_balance (account, saldo) VALUES ('".$account."', '".$coinsEntregar."')", "SITE");
273. }
274.  
275. if($addBalance) {
276. saveLog("Transação recebida e saldo entregue com sucesso!", 1);
277. exit;
278. } else {
279. saveLog("Não foi possível concluir e entregar o saldo da transação!", 1);
280. exit;
281. }
282.  
283. }
284.  
285. saveLog("Transação recebida e processada com sucesso! #2", 1);