yasyf · April 23, 2013 23:15
diff --git a/payment.php b/payment.php
 <?php
 // Database variables
 $host = "localhost"; //database location
 $user = ""; //database username
 $pass = ""; //database password
 $db_name = ""; //database name

 // PayPal settings
 $paypal_email = '';
 $return_url = '';
 $cancel_url = '';
 $notify_url = '';

 $item_name = '';
 $item_amount = 25.00;


 //Database Connection
 $link = mysql_connect($host, $user, $pass);
 mysql_select_db($db_name);

 // Check if paypal request or response
 if (!isset($_POST["txn_id"]) && !isset($_POST["txn_type"])){
 	// Request from step 3
 }else{

 	// Response from Paypal

 	// read the post from PayPal system and add 'cmd'
 	$req = 'cmd=_notify-validate';
 	foreach ($_POST as $key => $value) {
 		$value = urlencode(stripslashes($value));
 		$value = preg_replace('/(.*[^%^0^D])(%0A)(.*)/i','${1}%0D%0A${3}',$value);// IPN fix
 		$req .= "&$key=$value";
 	}

 	// assign posted variables to local variables
 	$data['item_name']			= $_POST['item_name'];
 	$data['item_number'] 		= $_POST['item_number'];
 	$data['payment_status'] 	= $_POST['payment_status'];
 	$data['payment_amount'] 	= $_POST['mc_gross'];
 	$data['payment_currency']	= $_POST['mc_currency'];
 	$data['txn_id']				= $_POST['txn_id'];
 	$data['receiver_email'] 	= $_POST['receiver_email'];
 	$data['payer_email'] 		= $_POST['payer_email'];
 	$data['payer_name'] 		= $_POST['first_name']." ".$_POST['last_name'];
 	$data['custom'] 			= $_POST['custom'];

 	// post back to PayPal system to validate
 	$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
 	$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
 	$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

 	$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);

 	if (!$fp) {
 	mail('[email protected]', 'Error With Purchase', $errno.$errstr);
 	} else {

 		fputs ($fp, $header . $req);
 		while (!feof($fp)) {
 			$res = fgets ($fp, 1024);
 			if (strcmp ($res, "VERIFIED") == 0) {

 				// Validate payment (Check unique txnid & correct price)
 				$valid_txnid = check_txnid($data['txn_id']);
 				$valid_price = check_price($data['payment_amount'], $data['item_number']);
 				// PAYMENT VALIDATED & VERIFIED!
 				if($valid_txnid && $valid_price){
 					$orderid = updatePayments($data);
 					if($orderid){
 						// Payment has been made & successfully inserted into the Database
 						
 						
 					}else{
 						// Error inserting into DB
 						// E-mail admin or alert user
 						
 					}
 				}else{
 					// Payment made but data has been changed
 					// E-mail admin or alert user
 				}

 			}else if (strcmp ($res, "INVALID") == 0) {
 				// PAYMENT INVALID & INVESTIGATE MANUALY!
 				// E-mail admin or alert user
 			}
 		}
 	fclose ($fp);
 	}
 }
 ?>
	<?php
	// Database variables
	$host = "localhost"; //database location
	$user = ""; //database username
	$pass = ""; //database password
	$db_name = ""; //database name

	// PayPal settings
	$paypal_email = '';
	$return_url = '';
	$cancel_url = '';
	$notify_url = '';

	$item_name = '';
	$item_amount = 25.00;


	//Database Connection
	$link = mysql_connect($host, $user, $pass);
	mysql_select_db($db_name);

	// Check if paypal request or response
	if (!isset($_POST["txn_id"]) && !isset($_POST["txn_type"])){
	// Request from step 3
	}else{

	// Response from Paypal

	// read the post from PayPal system and add 'cmd'
	$req = 'cmd=_notify-validate';
	foreach ($_POST as $key => $value) {
	$value = urlencode(stripslashes($value));
	$value = preg_replace('/(.[^%^0^D])(%0A)(.)/i','${1}%0D%0A${3}',$value);// IPN fix
	$req .= "&$key=$value";
	}

	// assign posted variables to local variables
	$data['item_name'] = $_POST['item_name'];
	$data['item_number'] = $_POST['item_number'];
	$data['payment_status'] = $_POST['payment_status'];
	$data['payment_amount'] = $_POST['mc_gross'];
	$data['payment_currency'] = $_POST['mc_currency'];
	$data['txn_id'] = $_POST['txn_id'];
	$data['receiver_email'] = $_POST['receiver_email'];
	$data['payer_email'] = $_POST['payer_email'];
	$data['payer_name'] = $_POST['first_name']." ".$_POST['last_name'];
	$data['custom'] = $_POST['custom'];

	// post back to PayPal system to validate
	$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
	$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
	$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

	$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);

	if (!$fp) {
	mail('[email protected]', 'Error With Purchase', $errno.$errstr);
	} else {

	fputs ($fp, $header . $req);
	while (!feof($fp)) {
	$res = fgets ($fp, 1024);
	if (strcmp ($res, "VERIFIED") == 0) {

	// Validate payment (Check unique txnid & correct price)
	$valid_txnid = check_txnid($data['txn_id']);
	$valid_price = check_price($data['payment_amount'], $data['item_number']);
	// PAYMENT VALIDATED & VERIFIED!
	if($valid_txnid && $valid_price){
	$orderid = updatePayments($data);
	if($orderid){
	// Payment has been made & successfully inserted into the Database


	}else{
	// Error inserting into DB
	// E-mail admin or alert user

	}
	}else{
	// Payment made but data has been changed
	// E-mail admin or alert user
	}

	}else if (strcmp ($res, "INVALID") == 0) {
	// PAYMENT INVALID & INVESTIGATE MANUALY!
	// E-mail admin or alert user
	}
	}
	fclose ($fp);
	}
	}
	?>