<?php// Database variables$host = "localhost"; //database location$user =

1. <?php
2. // Database variables
3. $host = "localhost"; //database location
4. $user = ""; //database username
5. $pass = ""; //database password
6. $db_name = ""; //database name
7.  
8. // PayPal settings
9. $paypal_email = 'pitruk99@gmail.com';
10. $return_url = 'http://www.bluemc.pl/sklep/paypal/payment-successful.html';
11. $cancel_url = 'http://www.bluemc.pl/sklep/paypal/payment-cancelled.html';
12. $notify_url = 'http://www.bluemc.pl/sklep/paypal/payments.php';
13.  
14. $item_name = 'Test Item';
15. $item_amount = 1;
16.  
17. // Include Functions
18. include("functions.php");
19.  
20. // Check if paypal request or response
21. if (!isset($_POST["txn_id"]) && !isset($_POST["txn_type"])){
22.     $querystring = '';
23.    
24.     // Firstly Append paypal account to querystring
25.     $querystring .= "?business=".urlencode($paypal_email)."&";
26.    
27.     // Append amount& currency (£) to quersytring so it cannot be edited in html
28.    
29.     //The item name and amount can be brought in dynamically by querying the $_POST['item_number'] variable.
30.     $querystring .= "item_name=".urlencode($item_name)."&";
31.     $querystring .= "amount=".urlencode($item_amount)."&";
32.     $querystring .= "currency_code=PLN&";
33.    
34.     //loop for posted values and append to querystring
35.     foreach($_POST as $key => $value){
36.         $value = urlencode(stripslashes($value));
37.         $querystring .= "$key=$value&";
38.     }
39.    
40.     // Append paypal return addresses
41.     $querystring .= "return=".urlencode(stripslashes($return_url))."&";
42.     $querystring .= "cancel_return=".urlencode(stripslashes($cancel_url))."&";
43.     $querystring .= "notify_url=".urlencode($notify_url);
44.    
45.     // Append querystring with custom field
46.     //$querystring .= "&custom=".USERID;
47.    
48.     // Redirect to paypal IPN
49.     header('location:https://www.paypal.com/cgi-bin/webscr'.$querystring);
50.     exit();
51. } else {
52.     //Database Connection
53.     $link = mysql_connect($host, $user, $pass);
54.     mysql_select_db($db_name);
55.    
56.     // Response from Paypal
57.  
58.     // read the post from PayPal system and add 'cmd'
59.     $req = 'cmd=_notify-validate';
60.     foreach ($_POST as $key => $value) {
61.         $value = urlencode(stripslashes($value));
62.         $value = preg_replace('/(.*[^%^0^D])(%0A)(.*)/i','${1}%0D%0A${3}',$value);// IPN fix
63.         $req .= "&$key=$value";
64.     }
65.    
66.     // assign posted variables to local variables
67.     $data['item_name']          = $_POST['item_name'];
68.     $data['item_number']        = $_POST['item_number'];
69.     $data['payment_status']     = $_POST['payment_status'];
70.     $data['payment_amount']     = $_POST['mc_gross'];
71.     $data['payment_currency']   = $_POST['mc_currency'];
72.     $data['txn_id']             = $_POST['txn_id'];
73.     $data['receiver_email']     = $_POST['receiver_email'];
74.     $data['payer_email']        = $_POST['payer_email'];
75.     $data['custom']             = $_POST['custom'];
76.        
77.     // post back to PayPal system to validate
78.     $header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
79.     $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
80.     $header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
81.    
82.     $fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
83.    
84.     if (!$fp) {
85.         // HTTP ERROR
86.        
87.     } else {
88.         fputs($fp, $header . $req);
89.         while (!feof($fp)) {
90.             $res = fgets ($fp, 1024);
91.             if (strcmp($res, "VERIFIED") == 0) {
92.                
93.                 // Used for debugging
94.                 // mail('user@domain.com', 'PAYPAL POST - VERIFIED RESPONSE', print_r($post, true));
95.                        
96.                 // Validate payment (Check unique txnid & correct price)
97.                 $valid_txnid = check_txnid($data['txn_id']);
98.                 $valid_price = check_price($data['payment_amount'], $data['item_number']);
99.                 // PAYMENT VALIDATED & VERIFIED!
100.                 if ($valid_txnid && $valid_price) {
101.                    
102.                     $orderid = updatePayments($data);
103.                    
104.                     if ($orderid) {
105.                         // Payment has been made & successfully inserted into the Database
106.                     } else {
107.                         // Error inserting into DB
108.                         // E-mail admin or alert user
109.                         // mail('user@domain.com', 'PAYPAL POST - INSERT INTO DB WENT WRONG', print_r($data, true));
110.                     }
111.                 } else {
112.                     // Payment made but data has been changed
113.                     // E-mail admin or alert user
114.                 }
115.            
116.             } else if (strcmp ($res, "INVALID") == 0) {
117.            
118.                 // PAYMENT INVALID & INVESTIGATE MANUALY!
119.                 // E-mail admin or alert user
120.                
121.                 // Used for debugging
122.                 //@mail("user@domain.com", "PAYPAL DEBUGGING", "Invalid Response<br />data = <pre>".print_r($post, true)."</pre>");
123.             }
124.         }
125.     fclose ($fp);
126.     }
127. }
128. ?>