<?php
mysql_connect("localhost", "root", "jeh35795") or die(mysql_error());
mysql_select_db("de4") or die(mysql_error());

// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
// post back to PayPal system to validate
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

//$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
$fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);  

if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
// PAYMENT VALIDATED & VERIFIED!  
if ($_POST['payment_status'] == 'Completed') {
//This is the array where we get the items
$item_number = array();
//Counter (must be on 1 from default or it will drop errors)
$x = 1;
//Adding every item to the $item_number array
while(isset($_POST["item_number$x"])){

$id = $_POST["item_number$x"];
$username =  $_POST["option_selection1_$x"];
for ($i= 1; $i<=$_POST["quantity$x"]; $i ++){
$sql = "INSERT INTO payments (id, username) VALUES(". mysql_escape_string($id) .", '". mysql_escape_string($username)."' ) ";
mysql_query($sql) or die(mysql_error());
}

$f = fopen("iphoutput.txt", "a+"); 
fwrite($f, $sql); 
fclose($f);

/* $qty = $_POST["quantity$x"];
 while($qty > 0){
  $item_number[$x] = $_POST["item_number$x"];
  $qty--;
 }*/
 $x++; 
}


//final entry
//mysql_query("INSERT INTO payments (id, username) VALUES(". mysql_escape_string($id) .", '". mysql_escape_string($username)."' ) ") or die(mysql_error());

}
}

else if (strcmp ($res, "INVALID") == 0) {
// PAYMENT INVALID & INVESTIGATE MANUALY!

}
}
fclose ($fp);
}
?>