SHARE
TWEET

Untitled

a guest Jun 8th, 2017 527 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2.    
  3. // Ein paar Funktionen die ich so nutze in diesem Skript:
  4. function xss_clean($input, $filter = FILTER_SANITIZE_STRING) {
  5.     $step1 = trim($input);
  6.     $step2 = filter_var($step1, $filter);
  7.     $step3 = htmlspecialchars($step2, ENT_QUOTES);
  8.     $step4 = htmlentities($step3, ENT_QUOTES);
  9.     $step5 = strip_tags($step4);
  10.     return $step5;
  11. }
  12. function securedPost($varname, $default = "") {
  13.     if(isset($_POST[$varname])) {
  14.         $response = xss_clean($_POST[$varname]);
  15.     } else {
  16.         $response = $default;
  17.     }
  18.     return $response;
  19. }
  20. function jsonEcho($index, $message, $responseCode = 200) {
  21.     if($index == 0) {
  22.         $response["status"] = "error";
  23.         $response["message"] = $message;
  24.         http_response_code($responseCode);
  25.     } elseif($index == 1) {
  26.         $response["status"] = "success";
  27.         $response["message"] = $message;
  28.         http_response_code($responseCode);
  29.     } elseif($index == 2) {
  30.         $response["status"] = "warning";
  31.         $response["message"] = $message;
  32.         http_response_code($responseCode);
  33.     }
  34.     echo json_encode($response);
  35. }
  36. function send_email($to, $subject, $msg) {
  37.     include ('conf/config.php');
  38.     require_once ('conf/class.smtp.php');
  39.     require_once ('conf/class.phpmailer.php');
  40.    
  41.     $mail = new PHPMailer();
  42.     $mail->IsSMTP();
  43.     $mail->IsHTML(true);
  44.        
  45.     $mail->Host = "smtp.strato.de";
  46.     $mail->SMTPAuth = true;    
  47.                
  48.     $mail->Username = $strato;  
  49.     $mail->Password = $stratos;
  50.                
  51.     $mail->From = $strato;      
  52.     $mail->FromName = "Shinji";
  53.     $mail->AddAddress($to);      
  54.    
  55.     $mail->Subject = $subject;
  56.                    
  57.     $mail->Body = $msg;
  58.     if(!$mail->Send())
  59.     {
  60.                  //$mail->Send() liefert FALSE zurück: Es ist ein Fehler aufgetreten          
  61.         echo "Fehler: " . $mail->ErrorInfo;      
  62.     }    
  63. }
  64.  
  65. function outdatet() {  
  66.     //$headers =    "From: Shinji <no-reply@minority-project.eu>\r\n";
  67.     //$headers .= "Reply-To: no-reply@minority-project.eu\r\n";
  68.     //$headers .= "X-Mailer: Shinji Mailer\r\n";
  69.     //$headers .= "MIME-Version: 1.0\r\n";
  70.     //$headers .= "Content-Type: text/html; charset=utf-8\r\n";
  71.     //if(mail($to, $subject, $msg, $headers)) {
  72.     //  return true;
  73.     //}
  74.     //return false;
  75. }
  76.  
  77. // GET PAYLOAD
  78.  
  79. $dataInputRaw = @file_get_contents("php://input");
  80. $IP = $_SERVER['HTTP_CLIENT_IP']?:($_SERVER['HTTP_X_FORWARDE‌​D_FOR']?:$_SERVER['REMOTE_ADDR']);
  81.  
  82. // PayPal IP
  83.  
  84.     // FETCH DATA (POST)
  85.     $dataInput = explode("&", $dataInputRaw);
  86.    
  87.  if($IP == "173.0.81.1") {
  88.  
  89.    // VARIABLES
  90.     $orderBlock = 1;
  91.     $requestTime = time();
  92.     $myPost = array();
  93.  
  94.     // VALIDATE DATA
  95.     foreach($dataInput as $keyval) {
  96.         $keyval = explode ("=", $keyval);
  97.         if(count($keyval) == 2) {
  98.             $myPost[$keyval[0]] = urldecode($keyval[1]);
  99.         }
  100.     }
  101.     $request = "cmd=_notify-validate";
  102.     if(function_exists("get_magic_quotes_gpc")) {
  103.         $get_magic_quotes_exists = true;
  104.     }
  105.     foreach ($myPost as $key => $value) {
  106.        if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
  107.             $value = urlencode(stripslashes($value));
  108.        } else {
  109.             $value = urlencode($value);
  110.        }
  111.        $request .= "&$key=$value";
  112.     }
  113.  
  114.     $ch = curl_init("https://www.paypal.com/cgi-bin/webscr");
  115.     curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
  116.     curl_setopt($ch, CURLOPT_POST, 1);
  117.     curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
  118.     curl_setopt($ch, CURLOPT_POSTFIELDS, $request);
  119.     curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
  120.     curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
  121.     curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
  122.     curl_setopt($ch, CURLOPT_HTTPHEADER, array("Connection: Close"));
  123.     if(!($result = curl_exec($ch)) ) {
  124.         curl_close($ch);
  125.         send_email("shinji@minority-project.eu", ("PayPal: "), "Connection closed -> Will verify now!");
  126.         $result = "VERIFIED";
  127.     }
  128.     curl_close($ch);
  129.  
  130.     if(strcmp($result,"VERIFIED") == 0) {
  131.         // VALIDATE POST DATA
  132.         $orderFirstName = securedPost("first_name","");
  133.         $orderLastName = securedPost("last_name","");
  134.         $orderItemName = securedPost("item_name","");
  135.         $orderItemNumber = securedPost("item_number","");
  136.         $orderPaymentStatus = strtoupper(securedPost("payment_status",""));
  137.         $orderPaymentCurrency = securedPost("mc_currency",0);
  138.         $orderPayerId = securedPost("payer_id","");
  139.         $orderTxnId = securedPost("txn_id","");
  140.         $orderPayerEmail = strtolower(securedPost("payer_email",""));
  141.         $orderPayerBusinessName = securedPost("payer_business_name","");
  142.         $orderResidenceCountry = securedPost("residence_country","");
  143.         $orderPaymentDate = securedPost("payment_date","");
  144.         $orderPayerStatus = securedPost("payer_status","");
  145.         $orderParentTxnId = securedPost("parent_txn_id","");
  146.         $orderReceiptId = securedPost("receipt_id","");
  147.         $orderReasonCode = securedPost("reason_code","");
  148.  
  149.         if(isset($_POST["mc_gross"]) && xss_clean($_POST["mc_gross"]) != 0) {
  150.             $orderPaymentAmount = doubleval(xss_clean($_POST["mc_gross"]));
  151.         } elseif(isset($_POST["mc_gross1"])) {
  152.             $orderPaymentAmount = doubleval(xss_clean($_POST["mc_gross1"]));
  153.         } else {
  154.             $orderPaymentAmount = 0;
  155.         }
  156.  
  157.         $orderMcFee = doubleval(securedPost("mc_fee",0));
  158.         $orderPaymentFee = doubleval(securedPost("payment_fee",0));
  159.         $orderPaymentFee += $orderMcFee;
  160.  
  161.  
  162.  
  163.         // SEND EMAIL TO YOURSELF, so you know what's going on :)
  164.         if($orderReasonCode == "") {
  165.             send_email("shinji@minority-project.eu", ("PayPal: ".$orderPayerEmail." - ".$orderPaymentStatus." - ".$orderItemNumber), $dataInputRaw);
  166.         } else {
  167.             send_email("shinji@minority-project.eu", ("PayPal: ".$orderPayerEmail." - ".$orderPaymentStatus." (".$orderReasonCode.") - ".$orderItemNumber), $dataInputRaw);
  168.         }
  169.  
  170.  
  171.         if($orderPaymentStatus == "COMPLETED" || $orderPaymentStatus == "CANCELED_REVERSAL") {
  172.             // Ich lasse CANCELED_REVERSAL fast immer gebannt, micht nervts dass die Affen einfach nen PayPal Fall aufmachen ohne mich vorher zu kontaktieren.
  173.             // Wenn sie den dann verlieren haben sie Pech gehabt!
  174.             // vielleicht hier eine Email an den Kunden senden, vonwegen -> Payment has been completed
  175.             $orderBlock = 0;
  176.            
  177.             $msg = "";
  178.             $msg .= "Dear customer,\n";
  179.             $msg .= "you can now download the product\n";
  180.             $msg .= "http://minority-project.eu/downloads/MP-Patcher.zip\n";
  181.             $msg .= "\n";
  182.             $msg .= "You need to use your PayPal email (THIS: ".$orderPayerEmail.") to login\n";
  183.             $msg .= "\n\n";
  184.             $msg .= "Thank you,\n";
  185.             $msg .= "Shinji";
  186.             send_email($orderPayerEmail, "Shinji Payment ".$orderPaymentStatus, $msg);
  187.         }
  188.         else
  189.         {
  190.             $msg = "";
  191.             $msg .= "Dear customer,\n";
  192.             $msg .= "your payment is ".$orderPaymentStatus.",\n";
  193.             $msg .= "You will not be able to download the product until your payment is COMPLETED.\n";
  194.             $msg .= "\n\n";
  195.             $msg .= "Thank you,\n";
  196.             $msg .= "Shinji";
  197.             send_email($orderPayerEmail, "Shinji Payment ".$orderPaymentStatus, $msg);
  198.         }
  199.  
  200.  
  201.         try {
  202.             include ('conf/config.php');
  203.  
  204.  
  205.             $conn = new PDO("mysql:host=".$DB_HOST.";dbname=".$DB_NAME.";port=".$DB_PORT.";charset=utf8", $DB_USER, $DB_PW);
  206.             $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  207.  
  208.  
  209.             // Sucht an Hand von email ODER transaction id in deiner customers datenbank ob nen Kunde schon drin steht
  210.             $stmt = $conn->prepare("SELECT id FROM gui_v2 WHERE mail = :orderPayerEmail");        
  211.             $stmt->bindParam(":orderPayerEmail", $orderPayerEmail);
  212.             $stmt->execute();
  213.             $result = $stmt->fetch(PDO::FETCH_ASSOC);
  214.  
  215.             // Kunde in DB Gefunden -> wird nur geupdated
  216.             if(isset($result["id"])) {
  217.                 $databaseId = $result["id"];
  218.                 $stmt = $conn->prepare("UPDATE gui_v2 SET mail = :orderPayerEmail, black = 1, payed=NOW() WHERE id = :databaseId");            
  219.                 $stmt->bindParam(":orderPayerEmail", $orderPayerEmail);
  220.                 $stmt->bindParam(":databaseId", $databaseId);
  221.                 $stmt->execute();
  222.             } else {
  223.                 $orderNameFull = $orderFirstName." ".$orderLastName;if($orderPayerBusinessName != "") { $orderNameFull = ($orderNameFull." - ".$orderPayerBusinessName);}
  224.                 $orderAddedBy = "PayPal API";
  225.  
  226.                 // Füge Kunden in customers Datenbank ein
  227.                 $stmt = $conn->prepare("
  228.                 INSERT INTO gui_v2
  229.                     (auth_code,mail,black, payed)
  230.                 VALUES
  231.                     ('',:orderPayerEmail, 1, NOW())
  232.                 ");
  233.                 $stmt->bindParam(":orderPayerEmail", $orderPayerEmail);
  234.                 $stmt->execute();
  235.                
  236.                 // in meiner Datenbank hab ich dann noch 2 spalten, die eine die nen Timestamp ersetellt beim erstellen der Zeile / beim Eintragen und die andere Spalte "on update" nen Timestamp updated
  237.             }
  238.  
  239.             // hier wird einfach (in seperater db und seperater table) alles was von PayPal reinkommt geloggt. Einfach um die Übersicht zu behalten bzw für die Kontoführung usw
  240.             $stmt = $conn->prepare("INSERT INTO ipn_paypal
  241.                 (first_name, last_name, email, customer_id, `mod`, payment_status, txn_id, parent_txn_id, payer_id, receipt_id,`country`, `amount`, currency, order_date, added_date, state, payer_status, payment_fee, reason_code) VALUES
  242.                 (:orderFirstName,:orderLastName,:orderPayerEmail,:orderCustomerId,:orderItemNumber,:orderPaymentStatus,:orderTxnId,:orderParentTxnId,:orderPayerId,:orderReceiptId,:orderResidenceCountry,:orderPaymentAmount,:orderPaymentCurrency,,:orderPaymentDate,:requestTime,:orderState,:orderPayerStatus,:orderPaymentFee,:orderReasonCode)
  243.             ");
  244.             $stmt->bindParam(":orderFirstName", $orderFirstName);
  245.             $stmt->bindParam(":orderLastName", $orderLastName);
  246.             $stmt->bindParam(":orderPayerEmail", $orderPayerEmail);
  247.             $stmt->bindParam(":orderCustomerId", $orderCustomerId);
  248.             $stmt->bindParam(":orderItemNumber", $orderItemNumber);
  249.             $stmt->bindParam(":orderPaymentStatus", $orderPaymentStatus);
  250.             $stmt->bindParam(":orderTxnId", $orderTxnId);
  251.             $stmt->bindParam(":orderParentTxnId", $orderParentTxnId);
  252.             $stmt->bindParam(":orderPayerId", $orderPayerId);
  253.             $stmt->bindParam(":orderReceiptId", $orderReceiptId);
  254.             $stmt->bindParam(":orderResidenceCountry", $orderResidenceCountry);
  255.             $stmt->bindParam(":orderPaymentAmount", $orderPaymentAmount);
  256.             $stmt->bindParam(":orderPaymentCurrency", $orderPaymentCurrency);
  257.            $stmt->bindParam(":orderPaymentDate", $orderPaymentDate);
  258.             $stmt->bindParam(":requestTime", $requestTime);
  259.             $stmt->bindParam(":orderState", $orderState);
  260.             $stmt->bindParam(":orderPayerStatus", $orderPayerStatus);
  261.             $stmt->bindParam(":orderPaymentFee", $orderPaymentFee);
  262.             $stmt->bindParam(":orderReasonCode", $orderReasonCode);
  263.             $stmt->execute();
  264.  
  265.         } catch(PDOException $e) {
  266.             send_email("shinji@minority-project.eu", "PayPal: PDOException", $e->getMessage());
  267.         }
  268.  
  269.         send_email("shinji@minority-project.eu", "PayPal: ACCEPTED!", "");
  270.         jsonEcho(1,"Request was accepted.", 200);
  271.         exit;
  272.     } else {
  273.         jsonEcho(0,"Request could not be verified.", 401);
  274.         send_email("shinji@minority-project.eu", "PayPal: PDOException","PAYPAL: Request could not be verified.");
  275.         exit;
  276.     }
  277.  } else {
  278.       jsonEcho(0,"Request could not be verified.", 401);
  279.         send_email("shinji@minority-project.eu", "PayPal: PDOException","PAYPAL: no whitelist");
  280.         exit;
  281. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top