<?phpdefine("_VALID_PHP", true); if (isset($_POST['payment_status'])) {

1. <?php
2. define("_VALID_PHP", true);
3.  
4. if (isset($_POST['payment_status'])) {
5. include 'main.php';
6. set_time_limit(0);
7. function verifyTxnId($txn_id, $odb) {
8. $sql = $odb->prepare("SELECT COUNT(id) FROM `payments` WHERE tid = :tid LIMIT 1");
9. $sql -> execute(array(":tid" => $txn_id));
10. if ($sql -> fetchColumn(0) > 0)
11. return false;
12. else
13. return true;
14. }
15.  
16. $req = 'cmd=_notify-validate';
17.  
18. foreach ($_POST as $key => $value) {
19. $value = urlencode(stripslashes($value));
20. $req .= '&' . $key . '=' . $value;
21. }
22. $demo = false;
23. $url = 'www.paypal.com';
24.  
25. $header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
26. $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
27. $header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
28. $fp = fsockopen($url, 80, $errno, $errstr, 30);
29.  
30. $payment_status = $_POST['payment_status'];
31. $receiver_email = $_POST['business'];
32. list($membership_id, $user_id) = explode("_", $_POST['item_number']);
33. $mc_gross = $_POST['mc_gross'];
34. $txn_id = $_POST['txn_id'];
35.  
36. $getxn_id = verifyTxnId($txn_id, $odb);
37. $pricesql = $odb -> prepare("SELECT `price` FROM `plans` WHERE id = :id");
38. $pricesql -> execute(array(":id" => (int)$membership_id));
39. $price = $pricesql -> fetchColumn(0);
40.  
41. $pp_emailsql = $odb -> query("SELECT `email` FROM `gateway` LIMIT 1");
42. $pp_email = $pp_emailsql->fetchColumn(0);
43.  
44. if (!$fp) {
45. echo $errstr . ' (' . $errno . ')';
46. } else {
47. fputs($fp, $header . $req);
48.  
49. while (!feof($fp)) {
50. $res = fgets($fp, 1024);
51. if (strcmp($res, "VERIFIED") == 0) {
52. if (preg_match('/Completed/', $payment_status)) {
53. if ($receiver_email == $pp_email && $mc_gross == $price && $getxn_id == true) {
54. $usernamesql = $odb -> prepare("SELECT `username` FROM `users` WHERE `ID` = :id");
55. $usernamesql -> execute(array(":id" => (int)$user_id));
56. $username = $usernamesql -> fetchColumn(0);
57.  
58. $data = array(
59. ':tid' => $txn_id,
60. ':plan' => (int)$membership_id,
61. ':user' => (int)$user_id,
62. ':paid' => (float)$mc_gross,
63. );
64. $odb -> setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING );
65. $insertsql = $odb -> prepare("INSERT INTO `payments` VALUES(NULL, :paid, :plan, :user, :tid, UNIX_TIMESTAMP())");
66. $insertsql -> execute($data);
67.  
68. $getPlanInfo = $odb -> prepare("SELECT `unit`,`length` FROM `plans` WHERE `ID` = :plan");
69. $getPlanInfo -> execute(array(':plan' => (int)$membership_id));
70. $plan = $getPlanInfo -> fetch(PDO::FETCH_ASSOC);
71. $unit = $plan['unit'];
72. $length = $plan['length'];
73. $newExpire = strtotime("+{$length} {$unit}");
74. $updateSQL = $odb -> prepare("UPDATE `users` SET `expire` = :expire, `membership` = :plan WHERE `ID` = :id");
75. $updateSQL -> execute(array(':expire' => $newExpire, ':plan' => (int)$membership_id, ':id' => (int)$user_id));
76.  
77. function generateRandomString($length = 8) {
78. $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
79. $randomString = '';
80. for ($i = 0; $i < $length; $i++) {
81. $randomString .= $characters[rand(0, strlen($characters) - 1)];
82. }
83. return $randomString;
84. }
85.  
86. $password = generateRandomString();
87.  
88. $updateSQL = $odb -> prepare("UPDATE `users` SET `vpnpass` = :vpnpass WHERE `ID` = :id");
89. $updateSQL -> execute(array(':vpnpass' => $password, ':id' => (int)$user_id));
90.  
91. $GetServers = $odb -> query("SELECT * FROM `servers`");
92. while ($row = $GetServers -> fetch(PDO::FETCH_ASSOC)) {
93. $connection = ssh2_connect(''.$row['ip'].'', 22);
94. ssh2_auth_password($connection, 'root', ''.$row['pass'].'');
95. $cmd = ssh2_exec($connection, 'useradd '.$user_id.' -s /bin/false; echo -e "'.$password.'\n'.$password.'" | passwd '.$user_id.'');
96. }
97. }
98. }
99.  
100. }
101. }
102. fclose($fp);
103. }
104. }
105.  
106. ?>