API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 8th, 2017
563
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.19 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. // Ein paar Funktionen die ich so nutze in diesem Skript:
  4. function xss_clean($input, $filter = FILTER_SANITIZE_STRING) {
  5. $step1 = trim($input);
  6. $step2 = filter_var($step1, $filter);
  7. $step3 = htmlspecialchars($step2, ENT_QUOTES);
  8. $step4 = htmlentities($step3, ENT_QUOTES);
  9. $step5 = strip_tags($step4);
  10. return $step5;
  11. }
  12. function securedPost($varname, $default = "") {
  13. if(isset($_POST[$varname])) {
  14. $response = xss_clean($_POST[$varname]);
  15. } else {
  16. $response = $default;
  17. }
  18. return $response;
  19. }
  20. function jsonEcho($index, $message, $responseCode = 200) {
  21. if($index == 0) {
  22. $response["status"] = "error";
  23. $response["message"] = $message;
  24. http_response_code($responseCode);
  25. } elseif($index == 1) {
  26. $response["status"] = "success";
  27. $response["message"] = $message;
  28. http_response_code($responseCode);
  29. } elseif($index == 2) {
  30. $response["status"] = "warning";
  31. $response["message"] = $message;
  32. http_response_code($responseCode);
  33. }
  34. echo json_encode($response);
  35. }
  36. function send_email($to, $subject, $msg) {
  37. include ('conf/config.php');
  38. require_once ('conf/class.smtp.php');
  39. require_once ('conf/class.phpmailer.php');
  40.  
  41. $mail = new PHPMailer();
  42. $mail->IsSMTP();
  43. $mail->IsHTML(true);
  44.  
  45. $mail->Host = "smtp.strato.de";
  46. $mail->SMTPAuth = true;
  47.  
  48. $mail->Username = $strato;
  49. $mail->Password = $stratos;
  50.  
  51. $mail->From = $strato;
  52. $mail->FromName = "Shinji";
  53. $mail->AddAddress($to);
  54.  
  55. $mail->Subject = $subject;
  56.  
  57. $mail->Body = $msg;
  58. if(!$mail->Send())
  59. {
  60. //$mail->Send() liefert FALSE zurück: Es ist ein Fehler aufgetreten
  61. echo "Fehler: " . $mail->ErrorInfo;
  62. }
  63. }
  64.  
  65. function outdatet() {
  66. //$headers = "From: Shinji <no-reply@minority-project.eu>\r\n";
  67. //$headers .= "Reply-To: no-reply@minority-project.eu\r\n";
  68. //$headers .= "X-Mailer: Shinji Mailer\r\n";
  69. //$headers .= "MIME-Version: 1.0\r\n";
  70. //$headers .= "Content-Type: text/html; charset=utf-8\r\n";
  71. //if(mail($to, $subject, $msg, $headers)) {
  72. // return true;
  73. //}
  74. //return false;
  75. }
  76.  
  77. // GET PAYLOAD
  78.  
  79. $dataInputRaw = @file_get_contents("php://input");
  80. $IP = $_SERVER['HTTP_CLIENT_IP']?:($_SERVER['HTTP_X_FORWARDE‌​D_FOR']?:$_SERVER['REMOTE_ADDR']);
  81.  
  82. // PayPal IP
  83.  
  84. // FETCH DATA (POST)
  85. $dataInput = explode("&", $dataInputRaw);
  86.  
  87. if($IP == "173.0.81.1") {
  88.  
  89. // VARIABLES
  90. $orderBlock = 1;
  91. $requestTime = time();
  92. $myPost = array();
  93.  
  94. // VALIDATE DATA
  95. foreach($dataInput as $keyval) {
  96. $keyval = explode ("=", $keyval);
  97. if(count($keyval) == 2) {
  98. $myPost[$keyval[0]] = urldecode($keyval[1]);
  99. }
  100. }
  101. $request = "cmd=_notify-validate";
  102. if(function_exists("get_magic_quotes_gpc")) {
  103. $get_magic_quotes_exists = true;
  104. }
  105. foreach ($myPost as $key => $value) {
  106. if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
  107. $value = urlencode(stripslashes($value));
  108. } else {
  109. $value = urlencode($value);
  110. }
  111. $request .= "&$key=$value";
  112. }
  113.  
  114. $ch = curl_init("https://www.paypal.com/cgi-bin/webscr");
  115. curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
  116. curl_setopt($ch, CURLOPT_POST, 1);
  117. curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
  118. curl_setopt($ch, CURLOPT_POSTFIELDS, $request);
  119. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
  120. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
  121. curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
  122. curl_setopt($ch, CURLOPT_HTTPHEADER, array("Connection: Close"));
  123. if(!($result = curl_exec($ch)) ) {
  124. curl_close($ch);
  125. send_email("shinji@minority-project.eu", ("PayPal: "), "Connection closed -> Will verify now!");
  126. $result = "VERIFIED";
  127. }
  128. curl_close($ch);
  129.  
  130. if(strcmp($result,"VERIFIED") == 0) {
  131. // VALIDATE POST DATA
  132. $orderFirstName = securedPost("first_name","");
  133. $orderLastName = securedPost("last_name","");
  134. $orderItemName = securedPost("item_name","");
  135. $orderItemNumber = securedPost("item_number","");
  136. $orderPaymentStatus = strtoupper(securedPost("payment_status",""));
  137. $orderPaymentCurrency = securedPost("mc_currency",0);
  138. $orderPayerId = securedPost("payer_id","");
  139. $orderTxnId = securedPost("txn_id","");
  140. $orderPayerEmail = strtolower(securedPost("payer_email",""));
  141. $orderPayerBusinessName = securedPost("payer_business_name","");
  142. $orderResidenceCountry = securedPost("residence_country","");
  143. $orderPaymentDate = securedPost("payment_date","");
  144. $orderPayerStatus = securedPost("payer_status","");
  145. $orderParentTxnId = securedPost("parent_txn_id","");
  146. $orderReceiptId = securedPost("receipt_id","");
  147. $orderReasonCode = securedPost("reason_code","");
  148.  
  149. if(isset($_POST["mc_gross"]) && xss_clean($_POST["mc_gross"]) != 0) {
  150. $orderPaymentAmount = doubleval(xss_clean($_POST["mc_gross"]));
  151. } elseif(isset($_POST["mc_gross1"])) {
  152. $orderPaymentAmount = doubleval(xss_clean($_POST["mc_gross1"]));
  153. } else {
  154. $orderPaymentAmount = 0;
  155. }
  156.  
  157. $orderMcFee = doubleval(securedPost("mc_fee",0));
  158. $orderPaymentFee = doubleval(securedPost("payment_fee",0));
  159. $orderPaymentFee += $orderMcFee;
  160.  
  161.  
  162.  
  163. // SEND EMAIL TO YOURSELF, so you know what's going on :)
  164. if($orderReasonCode == "") {
  165. send_email("shinji@minority-project.eu", ("PayPal: ".$orderPayerEmail." - ".$orderPaymentStatus." - ".$orderItemNumber), $dataInputRaw);
  166. } else {
  167. send_email("shinji@minority-project.eu", ("PayPal: ".$orderPayerEmail." - ".$orderPaymentStatus." (".$orderReasonCode.") - ".$orderItemNumber), $dataInputRaw);
  168. }
  169.  
  170.  
  171. if($orderPaymentStatus == "COMPLETED" || $orderPaymentStatus == "CANCELED_REVERSAL") {
  172. // Ich lasse CANCELED_REVERSAL fast immer gebannt, micht nervts dass die Affen einfach nen PayPal Fall aufmachen ohne mich vorher zu kontaktieren.
  173. // Wenn sie den dann verlieren haben sie Pech gehabt!
  174. // vielleicht hier eine Email an den Kunden senden, vonwegen -> Payment has been completed
  175. $orderBlock = 0;
  176.  
  177. $msg = "";
  178. $msg .= "Dear customer,\n";
  179. $msg .= "you can now download the product\n";
  180. $msg .= "http://minority-project.eu/downloads/MP-Patcher.zip\n";
  181. $msg .= "\n";
  182. $msg .= "You need to use your PayPal email (THIS: ".$orderPayerEmail.") to login\n";
  183. $msg .= "\n\n";
  184. $msg .= "Thank you,\n";
  185. $msg .= "Shinji";
  186. send_email($orderPayerEmail, "Shinji Payment ".$orderPaymentStatus, $msg);
  187. }
  188. else
  189. {
  190. $msg = "";
  191. $msg .= "Dear customer,\n";
  192. $msg .= "your payment is ".$orderPaymentStatus.",\n";
  193. $msg .= "You will not be able to download the product until your payment is COMPLETED.\n";
  194. $msg .= "\n\n";
  195. $msg .= "Thank you,\n";
  196. $msg .= "Shinji";
  197. send_email($orderPayerEmail, "Shinji Payment ".$orderPaymentStatus, $msg);
  198. }
  199.  
  200.  
  201. try {
  202. include ('conf/config.php');
  203.  
  204.  
  205. $conn = new PDO("mysql:host=".$DB_HOST.";dbname=".$DB_NAME.";port=".$DB_PORT.";charset=utf8", $DB_USER, $DB_PW);
  206. $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  207.  
  208.  
  209. // Sucht an Hand von email ODER transaction id in deiner customers datenbank ob nen Kunde schon drin steht
  210. $stmt = $conn->prepare("SELECT id FROM gui_v2 WHERE mail = :orderPayerEmail");
  211. $stmt->bindParam(":orderPayerEmail", $orderPayerEmail);
  212. $stmt->execute();
  213. $result = $stmt->fetch(PDO::FETCH_ASSOC);
  214.  
  215. // Kunde in DB Gefunden -> wird nur geupdated
  216. if(isset($result["id"])) {
  217. $databaseId = $result["id"];
  218. $stmt = $conn->prepare("UPDATE gui_v2 SET mail = :orderPayerEmail, black = 1, payed=NOW() WHERE id = :databaseId");
  219. $stmt->bindParam(":orderPayerEmail", $orderPayerEmail);
  220. $stmt->bindParam(":databaseId", $databaseId);
  221. $stmt->execute();
  222. } else {
  223. $orderNameFull = $orderFirstName." ".$orderLastName;if($orderPayerBusinessName != "") { $orderNameFull = ($orderNameFull." - ".$orderPayerBusinessName);}
  224. $orderAddedBy = "PayPal API";
  225.  
  226. // Füge Kunden in customers Datenbank ein
  227. $stmt = $conn->prepare("
  228. INSERT INTO gui_v2
  229. (auth_code,mail,black, payed)
  230. VALUES
  231. ('',:orderPayerEmail, 1, NOW())
  232. ");
  233. $stmt->bindParam(":orderPayerEmail", $orderPayerEmail);
  234. $stmt->execute();
  235.  
  236. // in meiner Datenbank hab ich dann noch 2 spalten, die eine die nen Timestamp ersetellt beim erstellen der Zeile / beim Eintragen und die andere Spalte "on update" nen Timestamp updated
  237. }
  238.  
  239. // hier wird einfach (in seperater db und seperater table) alles was von PayPal reinkommt geloggt. Einfach um die Übersicht zu behalten bzw für die Kontoführung usw
  240. $stmt = $conn->prepare("INSERT INTO ipn_paypal
  241. (first_name, last_name, email, customer_id, `mod`, payment_status, txn_id, parent_txn_id, payer_id, receipt_id,`country`, `amount`, currency, order_date, added_date, state, payer_status, payment_fee, reason_code) VALUES
  242. (:orderFirstName,:orderLastName,:orderPayerEmail,:orderCustomerId,:orderItemNumber,:orderPaymentStatus,:orderTxnId,:orderParentTxnId,:orderPayerId,:orderReceiptId,:orderResidenceCountry,:orderPaymentAmount,:orderPaymentCurrency,,:orderPaymentDate,:requestTime,:orderState,:orderPayerStatus,:orderPaymentFee,:orderReasonCode)
  243. ");
  244. $stmt->bindParam(":orderFirstName", $orderFirstName);
  245. $stmt->bindParam(":orderLastName", $orderLastName);
  246. $stmt->bindParam(":orderPayerEmail", $orderPayerEmail);
  247. $stmt->bindParam(":orderCustomerId", $orderCustomerId);
  248. $stmt->bindParam(":orderItemNumber", $orderItemNumber);
  249. $stmt->bindParam(":orderPaymentStatus", $orderPaymentStatus);
  250. $stmt->bindParam(":orderTxnId", $orderTxnId);
  251. $stmt->bindParam(":orderParentTxnId", $orderParentTxnId);
  252. $stmt->bindParam(":orderPayerId", $orderPayerId);
  253. $stmt->bindParam(":orderReceiptId", $orderReceiptId);
  254. $stmt->bindParam(":orderResidenceCountry", $orderResidenceCountry);
  255. $stmt->bindParam(":orderPaymentAmount", $orderPaymentAmount);
  256. $stmt->bindParam(":orderPaymentCurrency", $orderPaymentCurrency);
  257. $stmt->bindParam(":orderPaymentDate", $orderPaymentDate);
  258. $stmt->bindParam(":requestTime", $requestTime);
  259. $stmt->bindParam(":orderState", $orderState);
  260. $stmt->bindParam(":orderPayerStatus", $orderPayerStatus);
  261. $stmt->bindParam(":orderPaymentFee", $orderPaymentFee);
  262. $stmt->bindParam(":orderReasonCode", $orderReasonCode);
  263. $stmt->execute();
  264.  
  265. } catch(PDOException $e) {
  266. send_email("shinji@minority-project.eu", "PayPal: PDOException", $e->getMessage());
  267. }
  268.  
  269. send_email("shinji@minority-project.eu", "PayPal: ACCEPTED!", "");
  270. jsonEcho(1,"Request was accepted.", 200);
  271. exit;
  272. } else {
  273. jsonEcho(0,"Request could not be verified.", 401);
  274. send_email("shinji@minority-project.eu", "PayPal: PDOException","PAYPAL: Request could not be verified.");
  275. exit;
  276. }
  277. } else {
  278. jsonEcho(0,"Request could not be verified.", 401);
  279. send_email("shinji@minority-project.eu", "PayPal: PDOException","PAYPAL: no whitelist");
  280. exit;
  281. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!