API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 24th, 2018
272
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.85 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. if (gethostbyaddr($_SERVER['REMOTE_ADDR']) !== 'notify.paypal.com') {
  3. exit();
  4. }
  5. // Require the functions to connect to database and fetch config values
  6. require 'config.php';
  7. require 'engine/database/connect.php';
  8.  
  9. // Fetch and sanitize POST and GET values
  10. function getValue($value) {
  11. return (!empty($value)) ? sanitize($value) : false;
  12. }
  13. function sanitize($data) {
  14. return htmlentities(strip_tags(mysql_znote_escape_string($data)));
  15. }
  16.  
  17. function VerifyPaypalIPN(array $IPN = null){
  18. if(empty($IPN)){
  19. $IPN = $_POST;
  20. }
  21. if(empty($IPN['verify_sign'])){
  22. return null;
  23. }
  24. $IPN['cmd'] = '_notify-validate';
  25. $PaypalHost = (empty($IPN['test_ipn']) ? 'www' : 'www.sandbox').'.paypal.com';
  26. $cURL = curl_init();
  27. curl_setopt($cURL, CURLOPT_SSL_VERIFYPEER, false);
  28. curl_setopt($cURL, CURLOPT_SSL_VERIFYHOST, false);
  29. curl_setopt($cURL, CURLOPT_URL, "https://{$PaypalHost}/cgi-bin/webscr");
  30. curl_setopt($cURL, CURLOPT_ENCODING, 'gzip');
  31. curl_setopt($cURL, CURLOPT_BINARYTRANSFER, true);
  32. curl_setopt($cURL, CURLOPT_POST, true); // POST back
  33. curl_setopt($cURL, CURLOPT_POSTFIELDS, $IPN); // the $IPN
  34. curl_setopt($cURL, CURLOPT_HEADER, false);
  35. curl_setopt($cURL, CURLOPT_RETURNTRANSFER, true);
  36. curl_setopt($cURL, CURLOPT_FORBID_REUSE, true);
  37. curl_setopt($cURL, CURLOPT_FRESH_CONNECT, true);
  38. curl_setopt($cURL, CURLOPT_CONNECTTIMEOUT, 30);
  39. curl_setopt($cURL, CURLOPT_TIMEOUT, 60);
  40. curl_setopt($cURL, CURLINFO_HEADER_OUT, true);
  41. curl_setopt($cURL, CURLOPT_HTTPHEADER, array(
  42. 'Connection: close',
  43. 'Expect: ',
  44. ));
  45. $Response = curl_exec($cURL);
  46. $Status = (int)curl_getinfo($cURL, CURLINFO_HTTP_CODE);
  47. curl_close($cURL);
  48. if(empty($Response) or !preg_match('~^(VERIFIED|INVALID)$~i', $Response = trim($Response)) or !$Status){
  49. return null;
  50. }
  51. if(intval($Status / 100) != 2){
  52. return false;
  53. }
  54. return !strcasecmp($Response, 'VERIFIED');
  55. }
  56. // Fetch paypal configurations
  57. $paypal = $config['paypal'];
  58. $prices = $config['paypal_prices'];
  59.  
  60. // Send an empty HTTP 200 OK response to acknowledge receipt of the notification
  61. header('HTTP/1.1 200 OK');
  62. // Build the required acknowledgement message out of the notification just received
  63. $req = 'cmd=_notify-validate';
  64. foreach ($_POST as $key => $value) {
  65. $value = urlencode(stripslashes($value));
  66. $req .= "&$key=$value";
  67. }
  68. $postdata = $req;
  69.  
  70. // Assign payment notification values to local variables
  71. $item_name = $_POST['item_name'];
  72. $item_number = $_POST['item_number'];
  73. $payment_status = $_POST['payment_status'];
  74. $payment_amount = $_POST['mc_gross'];
  75. $payment_currency = $_POST['mc_currency'];
  76. $txn_id = getValue($_POST['txn_id']);
  77. $receiver_email = getValue($_POST['receiver_email']);
  78. $payer_email = getValue($_POST['payer_email']);
  79. $custom = (int)$_POST['custom'];
  80. $connectedIp = $_SERVER['REMOTE_ADDR'];
  81. mysql_insert("INSERT INTO `znote_paypal` VALUES ('0', '$txn_id', 'Connection from IP: $connectedIp', '0', '0', '0')");
  82.  
  83. $status = VerifyPaypalIPN();
  84. if ($status) {
  85. // Check that the payment_status is Completed
  86. if ($payment_status == 'Completed') {
  87.  
  88. // Check that txn_id has not been previously processed
  89. $txn_id_check = mysql_select_single("SELECT `txn_id` FROM `znote_paypal` WHERE `txn_id`='$txn_id'");
  90. if ($txn_id_check !== false) {
  91. // Check that receiver_email is your Primary PayPal email
  92. if ($receiver_email == $paypal['email']) {
  93.  
  94. $status = true;
  95. $paidMoney = 0;
  96. $paidPoints = 0;
  97. foreach ($prices as $priceValue => $pointsValue) {
  98. if ($priceValue == $payment_amount) {
  99. $paidMoney = $priceValue;
  100. $paidPoints = $pointsValue;
  101. }
  102. }
  103. if ($paidMoney == 0) $status = false; // Wrong ammount of money
  104. if ($payment_currency != $paypal['currency']) $status = false; // Wrong currency
  105.  
  106. // Verify that the user havent messed around with POST data
  107. if ($status) {
  108. // transaction log
  109. mysql_insert("INSERT INTO `znote_paypal` VALUES ('0', '$txn_id', '$payer_email', '$custom', '".$paidMoney."', '".$paidPoints."')");
  110.  
  111. // Process payment
  112. $data = mysql_select_single("SELECT `points` AS `old_points` FROM `znote_accounts` WHERE `account_id`='$custom';");
  113. // Give points to user
  114. $new_points = $data['old_points'] + $paidPoints;
  115. mysql_update("UPDATE `znote_accounts` SET `points`='$new_points' WHERE `account_id`='$custom'");
  116. }
  117. } else {
  118. $pmail = $paypal['email'];
  119. mysql_insert("INSERT INTO `znote_paypal` VALUES ('0', '$txn_id', 'ERROR: Wrong mail. Received: $receiver_email, configured: $pmail', '0', '0', '0')");
  120. }
  121. }
  122. }
  123. } else {
  124. // Something is wrong
  125. mysql_insert("INSERT INTO `znote_paypal` VALUES ('0', '$txn_id', 'ERROR: Invalid data. $postdata', '0', '0', '0')");
  126. }
  127. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!