Friday, 22 December 2017

1// Database variables
2$host "localhost"//database location
3$user ""//database username
4$pass ""//database password
5$db_name ""//database name
6 
7// PayPal settings
8$paypal_email 'user@domain.com';
9$return_url 'http://domain.com/payment-successful.html';
10$cancel_url 'http://domain.com/payment-cancelled.html';
11$notify_url 'http://domain.com/payments.php';
12 
13$item_name 'Test Item';
14$item_amount = 5.00;
15 
16// Include Functions
17include("functions.php");
18 
19// Check if paypal request or response
20if (!isset($_POST["txn_id"]) && !isset($_POST["txn_type"])){
21    $querystring '';
22     
23    // Firstly Append paypal account to querystring
24    $querystring .= "?business=".urlencode($paypal_email)."&";
25     
26    // Append amount& currency (£) to quersytring so it cannot be edited in html
27     
28    //The item name and amount can be brought in dynamically by querying the $_POST['item_number'] variable.
29    $querystring .= "item_name=".urlencode($item_name)."&";
30    $querystring .= "amount=".urlencode($item_amount)."&";
31     
32    //loop for posted values and append to querystring
33    foreach($_POST as $key => $value){
34        $value = urlencode(stripslashes($value));
35        $querystring .= "$key=$value&";
36    }
37     
38    // Append paypal return addresses
39    $querystring .= "return=".urlencode(stripslashes($return_url))."&";
40    $querystring .= "cancel_return=".urlencode(stripslashes($cancel_url))."&";
41    $querystring .= "notify_url=".urlencode($notify_url);
42     
43    // Append querystring with custom field
44    //$querystring .= "&custom=".USERID;
45     
46    // Redirect to paypal IPN
47    header('location:https://www.sandbox.paypal.com/cgi-bin/webscr'.$querystring);
48    exit();
49else {
50    //Database Connection
51    $link = mysql_connect($host$user$pass);
52    mysql_select_db($db_name);
53     
54    // Response from Paypal
55 
56    // read the post from PayPal system and add 'cmd'
57    $req 'cmd=_notify-validate';
58    foreach ($_POST as $key => $value) {
59        $value = urlencode(stripslashes($value));
60        $value = preg_replace('/(.*[^%^0^D])(%0A)(.*)/i','${1}%0D%0A${3}',$value);// IPN fix
61        $req .= "&$key=$value";
62    }
63     
64    // assign posted variables to local variables
65    $data['item_name']          = $_POST['item_name'];
66    $data['item_number']        = $_POST['item_number'];
67    $data['payment_status']     = $_POST['payment_status'];
68    $data['payment_amount']     = $_POST['mc_gross'];
69    $data['payment_currency']   = $_POST['mc_currency'];
70    $data['txn_id']             = $_POST['txn_id'];
71    $data['receiver_email']     = $_POST['receiver_email'];
72    $data['payer_email']        = $_POST['payer_email'];
73    $data['custom']             = $_POST['custom'];
74         
75    // post back to PayPal system to validate
76    $header "POST /cgi-bin/webscr HTTP/1.0\r\n";
77    $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
78    $header .= "Content-Length: " strlen($req) . "\r\n\r\n";
79     
80    $fp fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno$errstr, 30);
81     
82    if (!$fp) {
83        // HTTP ERROR
84         
85    else {
86        fputs($fp$header $req);
87        while (!feof($fp)) {
88            $res fgets ($fp, 1024);
89            if (strcmp($res"VERIFIED") == 0) {
90                 
91                // Used for debugging
92                // mail('user@domain.com', 'PAYPAL POST - VERIFIED RESPONSE', print_r($post, true));
93                         
94                // Validate payment (Check unique txnid & correct price)
95                $valid_txnid = check_txnid($data['txn_id']);
96                $valid_price = check_price($data['payment_amount'], $data['item_number']);
97                // PAYMENT VALIDATED & VERIFIED!
98                if ($valid_txnid && $valid_price) {
99                     
100                    $orderid = updatePayments($data);
101                     
102                    if ($orderid) {
103                        // Payment has been made & successfully inserted into the Database
104                    else {
105                        // Error inserting into DB
106                        // E-mail admin or alert user
107                        // mail('user@domain.com', 'PAYPAL POST - INSERT INTO DB WENT WRONG', print_r($data, true));
108                    }
109                else {
110                    // Payment made but data has been changed
111                    // E-mail admin or alert user
112                }
113             
114            else if (strcmp ($res"INVALID") == 0) {
115             
116                // PAYMENT INVALID & INVESTIGATE MANUALY!
117                // E-mail admin or alert user
118                 
119                // Used for debugging
120                //@mail("user@domain.com", "PAYPAL DEBUGGING", "Invalid Response
121data =
122<pre>".print_r($post, true)."</pre>
123 
124");
125            }
126        }
127    fclose ($fp);
128    }
129}
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)