Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // Ein paar Funktionen die ich so nutze in diesem Skript:
- function xss_clean($input, $filter = FILTER_SANITIZE_STRING) {
- $step1 = trim($input);
- $step2 = filter_var($step1, $filter);
- $step3 = htmlspecialchars($step2, ENT_QUOTES);
- $step4 = htmlentities($step3, ENT_QUOTES);
- $step5 = strip_tags($step4);
- return $step5;
- }
- function securedPost($varname, $default = "") {
- if(isset($_POST[$varname])) {
- $response = xss_clean($_POST[$varname]);
- } else {
- $response = $default;
- }
- return $response;
- }
- function jsonEcho($index, $message, $responseCode = 200) {
- if($index == 0) {
- $response["status"] = "error";
- $response["message"] = $message;
- http_response_code($responseCode);
- } elseif($index == 1) {
- $response["status"] = "success";
- $response["message"] = $message;
- http_response_code($responseCode);
- } elseif($index == 2) {
- $response["status"] = "warning";
- $response["message"] = $message;
- http_response_code($responseCode);
- }
- echo json_encode($response);
- }
- function send_email($to, $subject, $msg) {
- include ('conf/config.php');
- require_once ('conf/class.smtp.php');
- require_once ('conf/class.phpmailer.php');
- $mail = new PHPMailer();
- $mail->IsSMTP();
- $mail->IsHTML(true);
- $mail->Host = "smtp.strato.de";
- $mail->SMTPAuth = true;
- $mail->Username = $strato;
- $mail->Password = $stratos;
- $mail->From = $strato;
- $mail->FromName = "Shinji";
- $mail->AddAddress($to);
- $mail->Subject = $subject;
- $mail->Body = $msg;
- if(!$mail->Send())
- {
- //$mail->Send() liefert FALSE zurück: Es ist ein Fehler aufgetreten
- echo "Fehler: " . $mail->ErrorInfo;
- }
- }
- function outdatet() {
- //$headers = "From: Shinji <no-reply@minority-project.eu>\r\n";
- //$headers .= "Reply-To: no-reply@minority-project.eu\r\n";
- //$headers .= "X-Mailer: Shinji Mailer\r\n";
- //$headers .= "MIME-Version: 1.0\r\n";
- //$headers .= "Content-Type: text/html; charset=utf-8\r\n";
- //if(mail($to, $subject, $msg, $headers)) {
- // return true;
- //}
- //return false;
- }
- // GET PAYLOAD
- $dataInputRaw = @file_get_contents("php://input");
- $IP = $_SERVER['HTTP_CLIENT_IP']?:($_SERVER['HTTP_X_FORWARDED_FOR']?:$_SERVER['REMOTE_ADDR']);
- // PayPal IP
- // FETCH DATA (POST)
- $dataInput = explode("&", $dataInputRaw);
- if($IP == "173.0.81.1") {
- // VARIABLES
- $orderBlock = 1;
- $requestTime = time();
- $myPost = array();
- // VALIDATE DATA
- foreach($dataInput as $keyval) {
- $keyval = explode ("=", $keyval);
- if(count($keyval) == 2) {
- $myPost[$keyval[0]] = urldecode($keyval[1]);
- }
- }
- $request = "cmd=_notify-validate";
- if(function_exists("get_magic_quotes_gpc")) {
- $get_magic_quotes_exists = true;
- }
- foreach ($myPost as $key => $value) {
- if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
- $value = urlencode(stripslashes($value));
- } else {
- $value = urlencode($value);
- }
- $request .= "&$key=$value";
- }
- $ch = curl_init("https://www.paypal.com/cgi-bin/webscr");
- curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
- curl_setopt($ch, CURLOPT_POST, 1);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
- curl_setopt($ch, CURLOPT_POSTFIELDS, $request);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
- curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
- curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
- curl_setopt($ch, CURLOPT_HTTPHEADER, array("Connection: Close"));
- if(!($result = curl_exec($ch)) ) {
- curl_close($ch);
- send_email("shinji@minority-project.eu", ("PayPal: "), "Connection closed -> Will verify now!");
- $result = "VERIFIED";
- }
- curl_close($ch);
- if(strcmp($result,"VERIFIED") == 0) {
- // VALIDATE POST DATA
- $orderFirstName = securedPost("first_name","");
- $orderLastName = securedPost("last_name","");
- $orderItemName = securedPost("item_name","");
- $orderItemNumber = securedPost("item_number","");
- $orderPaymentStatus = strtoupper(securedPost("payment_status",""));
- $orderPaymentCurrency = securedPost("mc_currency",0);
- $orderPayerId = securedPost("payer_id","");
- $orderTxnId = securedPost("txn_id","");
- $orderPayerEmail = strtolower(securedPost("payer_email",""));
- $orderPayerBusinessName = securedPost("payer_business_name","");
- $orderResidenceCountry = securedPost("residence_country","");
- $orderPaymentDate = securedPost("payment_date","");
- $orderPayerStatus = securedPost("payer_status","");
- $orderParentTxnId = securedPost("parent_txn_id","");
- $orderReceiptId = securedPost("receipt_id","");
- $orderReasonCode = securedPost("reason_code","");
- if(isset($_POST["mc_gross"]) && xss_clean($_POST["mc_gross"]) != 0) {
- $orderPaymentAmount = doubleval(xss_clean($_POST["mc_gross"]));
- } elseif(isset($_POST["mc_gross1"])) {
- $orderPaymentAmount = doubleval(xss_clean($_POST["mc_gross1"]));
- } else {
- $orderPaymentAmount = 0;
- }
- $orderMcFee = doubleval(securedPost("mc_fee",0));
- $orderPaymentFee = doubleval(securedPost("payment_fee",0));
- $orderPaymentFee += $orderMcFee;
- // SEND EMAIL TO YOURSELF, so you know what's going on :)
- if($orderReasonCode == "") {
- send_email("shinji@minority-project.eu", ("PayPal: ".$orderPayerEmail." - ".$orderPaymentStatus." - ".$orderItemNumber), $dataInputRaw);
- } else {
- send_email("shinji@minority-project.eu", ("PayPal: ".$orderPayerEmail." - ".$orderPaymentStatus." (".$orderReasonCode.") - ".$orderItemNumber), $dataInputRaw);
- }
- if($orderPaymentStatus == "COMPLETED" || $orderPaymentStatus == "CANCELED_REVERSAL") {
- // Ich lasse CANCELED_REVERSAL fast immer gebannt, micht nervts dass die Affen einfach nen PayPal Fall aufmachen ohne mich vorher zu kontaktieren.
- // Wenn sie den dann verlieren haben sie Pech gehabt!
- // vielleicht hier eine Email an den Kunden senden, vonwegen -> Payment has been completed
- $orderBlock = 0;
- $msg = "";
- $msg .= "Dear customer,\n";
- $msg .= "you can now download the product\n";
- $msg .= "http://minority-project.eu/downloads/MP-Patcher.zip\n";
- $msg .= "\n";
- $msg .= "You need to use your PayPal email (THIS: ".$orderPayerEmail.") to login\n";
- $msg .= "\n\n";
- $msg .= "Thank you,\n";
- $msg .= "Shinji";
- send_email($orderPayerEmail, "Shinji Payment ".$orderPaymentStatus, $msg);
- }
- else
- {
- $msg = "";
- $msg .= "Dear customer,\n";
- $msg .= "your payment is ".$orderPaymentStatus.",\n";
- $msg .= "You will not be able to download the product until your payment is COMPLETED.\n";
- $msg .= "\n\n";
- $msg .= "Thank you,\n";
- $msg .= "Shinji";
- send_email($orderPayerEmail, "Shinji Payment ".$orderPaymentStatus, $msg);
- }
- try {
- include ('conf/config.php');
- $conn = new PDO("mysql:host=".$DB_HOST.";dbname=".$DB_NAME.";port=".$DB_PORT.";charset=utf8", $DB_USER, $DB_PW);
- $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- // Sucht an Hand von email ODER transaction id in deiner customers datenbank ob nen Kunde schon drin steht
- $stmt = $conn->prepare("SELECT id FROM gui_v2 WHERE mail = :orderPayerEmail");
- $stmt->bindParam(":orderPayerEmail", $orderPayerEmail);
- $stmt->execute();
- $result = $stmt->fetch(PDO::FETCH_ASSOC);
- // Kunde in DB Gefunden -> wird nur geupdated
- if(isset($result["id"])) {
- $databaseId = $result["id"];
- $stmt = $conn->prepare("UPDATE gui_v2 SET mail = :orderPayerEmail, black = 1, payed=NOW() WHERE id = :databaseId");
- $stmt->bindParam(":orderPayerEmail", $orderPayerEmail);
- $stmt->bindParam(":databaseId", $databaseId);
- $stmt->execute();
- } else {
- $orderNameFull = $orderFirstName." ".$orderLastName;if($orderPayerBusinessName != "") { $orderNameFull = ($orderNameFull." - ".$orderPayerBusinessName);}
- $orderAddedBy = "PayPal API";
- // Füge Kunden in customers Datenbank ein
- $stmt = $conn->prepare("
- INSERT INTO gui_v2
- (auth_code,mail,black, payed)
- VALUES
- ('',:orderPayerEmail, 1, NOW())
- ");
- $stmt->bindParam(":orderPayerEmail", $orderPayerEmail);
- $stmt->execute();
- // in meiner Datenbank hab ich dann noch 2 spalten, die eine die nen Timestamp ersetellt beim erstellen der Zeile / beim Eintragen und die andere Spalte "on update" nen Timestamp updated
- }
- // hier wird einfach (in seperater db und seperater table) alles was von PayPal reinkommt geloggt. Einfach um die Übersicht zu behalten bzw für die Kontoführung usw
- $stmt = $conn->prepare("INSERT INTO ipn_paypal
- (first_name, last_name, email, customer_id, `mod`, payment_status, txn_id, parent_txn_id, payer_id, receipt_id,`country`, `amount`, currency, order_date, added_date, state, payer_status, payment_fee, reason_code) VALUES
- (:orderFirstName,:orderLastName,:orderPayerEmail,:orderCustomerId,:orderItemNumber,:orderPaymentStatus,:orderTxnId,:orderParentTxnId,:orderPayerId,:orderReceiptId,:orderResidenceCountry,:orderPaymentAmount,:orderPaymentCurrency,,:orderPaymentDate,:requestTime,:orderState,:orderPayerStatus,:orderPaymentFee,:orderReasonCode)
- ");
- $stmt->bindParam(":orderFirstName", $orderFirstName);
- $stmt->bindParam(":orderLastName", $orderLastName);
- $stmt->bindParam(":orderPayerEmail", $orderPayerEmail);
- $stmt->bindParam(":orderCustomerId", $orderCustomerId);
- $stmt->bindParam(":orderItemNumber", $orderItemNumber);
- $stmt->bindParam(":orderPaymentStatus", $orderPaymentStatus);
- $stmt->bindParam(":orderTxnId", $orderTxnId);
- $stmt->bindParam(":orderParentTxnId", $orderParentTxnId);
- $stmt->bindParam(":orderPayerId", $orderPayerId);
- $stmt->bindParam(":orderReceiptId", $orderReceiptId);
- $stmt->bindParam(":orderResidenceCountry", $orderResidenceCountry);
- $stmt->bindParam(":orderPaymentAmount", $orderPaymentAmount);
- $stmt->bindParam(":orderPaymentCurrency", $orderPaymentCurrency);
- $stmt->bindParam(":orderPaymentDate", $orderPaymentDate);
- $stmt->bindParam(":requestTime", $requestTime);
- $stmt->bindParam(":orderState", $orderState);
- $stmt->bindParam(":orderPayerStatus", $orderPayerStatus);
- $stmt->bindParam(":orderPaymentFee", $orderPaymentFee);
- $stmt->bindParam(":orderReasonCode", $orderReasonCode);
- $stmt->execute();
- } catch(PDOException $e) {
- send_email("shinji@minority-project.eu", "PayPal: PDOException", $e->getMessage());
- }
- send_email("shinji@minority-project.eu", "PayPal: ACCEPTED!", "");
- jsonEcho(1,"Request was accepted.", 200);
- exit;
- } else {
- jsonEcho(0,"Request could not be verified.", 401);
- send_email("shinji@minority-project.eu", "PayPal: PDOException","PAYPAL: Request could not be verified.");
- exit;
- }
- } else {
- jsonEcho(0,"Request could not be verified.", 401);
- send_email("shinji@minority-project.eu", "PayPal: PDOException","PAYPAL: no whitelist");
- exit;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement