Form Pagos Online

<form method="post" action="https://gateway.pagosonline.net/apps/gateway/index.html" id="pagosonline_form" name="pagosonline_form">
<input type="hidden" name="descripcion" value="{$p.gtitle|stripslashes}" />
<input type="hidden" name="valor" value="{$value[1]}" id='povalue'/>
<input type="hidden" name="usuarioId" value="{$login}" />
<input type="hidden" name="moneda" value="COP" />
<input name="lng" type="hidden" value="es">
<input name="iva" type="hidden" value="0.00">
<input name="baseDevolucionIva" type="hidden" value="0.00">
<input type="hidden" name="emailComprador" value="{$emailcomprador}" />
<input type="hidden" name="url_respuesta" value="{$baseurl}/thank_you?g={$eid}" /> <!--Url where user is returned-->
<input type="hidden" name="url_confirmacion" value="{$baseurl}/ipn_pagosonline.php" /> <!-- Url where REST answers -->
<input type="hidden" name="refVenta" value="{$timestamp}" />
<input type="hidden" name="firma" value="{$fingerprint}" />
<input type="hidden" name="extra1" value="{$control}"  />
<input type="hidden" name="prueba" value="0" />     
</form>

Ipn Res

<?
if(isset($_REQUEST) ){
  $plog  = "PagosOnline\n";
	$plog .= time()." \n";
	$plog .= var_export($_REQUEST, true);
	$plog .= "\n";
	$log = fopen('tmp.txt','a');
    fwrite($log,$plog);
    fclose($log);
}

include("include/config.php");


$paypal_email = $config['paypal_email'];
$error_email = $config['notify_email'];
$site_email = $config['site_email'];
$site_name = $config['site_name'];
$em_headers  = "From: ".$site_name." <".$site_email.">\n";		
$em_headers .= "Reply-To: ".$site_email."\n";
$em_headers .= "Return-Path: ".$site_email."\n";
$em_headers .= "Organization: ".$site_name."\n";
$em_headers .= "X-Priority: 3\n";


$amount      = $_POST['valor'];//$_POST['x_amount'];
$response    = $_POST['codigo_respuesta_pol'];

//explota y saca todo lo que va en la variable extra 1 de pagosonline.com
$control 	   = explode('#', $_POST['extra1']);
$payer_id      = !empty($control[0]) ? $control[0] : null;
$payment_date  = !empty($control[1]) ? $control[1] : null;
$prod_id       = !empty($control[2]) ? $control[2] : null;
$IID           = !empty($control[3]) ? $control[3] : null;
			

if ($response == 1){
    $user_id = $payer_id;//$custom;
    $PID = $prod_id;//$item_number;
    $currency = $config['currency'];
    //used to get price from post, but since we're allowing to add goodies the price of the transaction won't necesarily match
    //the one in the posts table
    //$query = "select price from posts where PID='".mysql_real_escape_string($PID)."'"; 
    $query = "select totalprice from order_items where IID='".mysql_real_escape_string($IID)."'"; 
    $executequery = $conn->execute($query);
    $price = $executequery->fields['totalprice'];
    if($price == ""){
        $price = $config['price'];
    }

    $gross = $price; //$price paid to pagos online// If i use the ammount pagosonline says
    //it will get messy, since pagosonline transacts in COP and we usually store everything in dollars.
    //$amount;  is the value returned by pagosonline
    if($user_id > 0){
        $query = "INSERT INTO orders SET USERID='".mysql_real_escape_string($user_id)."', 
            PID='".mysql_real_escape_string($PID)."', 
            time_added='".time()."', 
            status='0', 
            price='".mysql_real_escape_string($gross)."' , 
            IID = '$IID'"; 
        $executequery=$conn->execute($query);
        $order_id = mysql_insert_id();
        if($order_id > 0){
            $query = "INSERT INTO payments SET USERID='".mysql_real_escape_string($user_id)."', 
                OID='".mysql_real_escape_string($order_id)."', 
                time='".time()."', 
                price='".mysql_real_escape_string($gross)."', 
                t='1', PAYPAL='1'"; 
            $executequery=$conn->execute($query);
            $query = "UPDATE posts SET rev=rev+$gross WHERE PID='".mysql_real_escape_string($PID)."'"; 
            $executequery=$conn->execute($query);
        }
    }
}