'; print_r($_GET); echo '
'; print_r($_POST); exit; // */ /** * load includes * @var string $includes_dir location of database connection details and global functions * @var string $template_dir location of template specific functions (and user connection details if different permissions supported) */ $data_dir = $_SERVER['DOCUMENT_ROOT'].'/admin/scripts-includes/'; $template_dir = $_SERVER['DOCUMENT_ROOT'].'/resources/template/'; require_once $data_dir.'universal.php'; require_once $template_dir.'functions.php'; /* * start the session (after includes so objects stored in $_SESSION are created properly) */ // session_start(); //no session needed /* * send reply to paypal for verification * this section pretty much copied and pasted from Paypal sample */ $ssl = 'ssl://www.paypal.com'; //live if(PAYPAL_TEST_MODE){ $ssl = 'ssl://www.sandbox.paypal.com'; //testing } // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; $emailtext .= $key . " = " .$value ."\n"; //for error reporting } // post back to PayPal system to validate $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen ($ssl, 443, $errno, $errstr, 30); $connID = connect_to_db(); $subject = '['.SITE_FROM_NAME.'] Paypal IPN Script error'; //send_email($emailtext,$subject,SITE_ADMIN_ADDRESS); if (!$fp) { // HTTP ERROR $emailtext = " $errno $errstr /n/n"; //log_error("Process-paypal-IPN-listener: unable to connect to Paypal \n\n".$emailtext,3); send_email($emailtext,$subject,SITE_ADMIN_ADDRESS); } else { /* * @var bool $process flag, set to true if VERIFIED or INVALID, otherwise log an error */ $process = false; fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res, "VERIFIED") == 0) { $process = true; /* * starting WN code */ /* * validate */ // Check the payment_status is Completed // Check that txn_id has not been previously processed // Check that receiver_email is your Primary PayPal email // Check that payment_amount/payment_currency are correct $validate_email = PAYPAL_ACCOUNT_EMAIL; //live if(PAYPAL_TEST_MODE){ $validate_email = 'programmer@activatedesign.co.nz'; // development/testing } //$validate_email = 'progra_1193784050_biz@activatedesign.co.nz'; // sandbox development/testing // assign posted variables to local variables $payment_status = $_POST['payment_status']; $payment_amount = $_POST['mc_gross']; $payment_currency = $_POST['mc_currency']; $txn_id = $_POST['txn_id']; $reference = $_POST['invoice']; $receiver_email = $_POST['receiver_email']; // $payer_email = $_POST['payer_email']; //can't be sure that their paypal address is the same one they signed up to PWP with $order_id = clean_plain_data($_POST['custom']); $cart = new cart; $cart->recreate_from_order($order_id); if(!$cart->reference) { $emailtext = "Process-paypal-IPN-listener: No matching order $order_id $receiver_email $validate_email $payment_currency $payment_amount \n\n $emailtext"; send_email($emailtext,$subject,SITE_ADMIN_ADDRESS); } elseif(!PAYPAL_TEST_MODE && !($receiver_email==$validate_email && $payment_amount==$cart->order_total() && $payment_currency=='NZD' )) { //log_error("Process-paypal-IPN-listener: request failed validation $receiver_email $validate_email $payment_currency $payment_amount ".ENTRY_FEE." \n\n".$emailtext,3); $emailtext = "Process-paypal-IPN-listener: request failed validation $order_id $receiver_email $validate_email $payment_currency $payment_amount \n\n $emailtext"; send_email($emailtext,$subject,SITE_ADMIN_ADDRESS); } elseif(!($payment_status == 'Completed' || $payment_status == 'Pending')) //assume pending will complete and leave it to admin to fix if there are issues { //log_error("Process-paypal-IPN-listener: unusual payment status \n\n".$emailtext,3); $emailtext = "Process-paypal-IPN-listener: unusual payment status $order_id $payment_status \n\n $emailtext"; send_email($emailtext,$subject,SITE_ADMIN_ADDRESS); } elseif(select_one('orders','paid','order_id',$order_id)) { //do nothing } else { /** * process payment */ //update database mysql_query("update orders set paid = '1', payment_ref = '$txn_id' where order_id = '$order_id'"); mysql_query("delete from order_temp where order_id = '$order_id'"); if($reference != $cart->reference) { /** * probably a hack * display a message in case it's just an expired session * @todo notify admin? */ $emailtext = "Process-paypal-IPN-listener: INVALID reference $reference {$cart->reference} \n\n $emailtext"; send_email($emailtext,$subject,SITE_ADMIN_ADDRESS); exit; } else { //send email/s $email_address = SITE_FROM_ADDRESS; //$email_address = 'matt@activatedesign.co.nz.co.nz'; //testing //$email_address = 'programmer@activatedesign.co.nz.'; //development //clean potential html entities foreach($cart->customer as $k => $v) { $cart->customer[$k] = html_entity_decode($v,ENT_QUOTES); } //to admin $subject = 'Payment confirmed for order '.$reference.' from '.SITE_FROM_NAME; $headers = "From: $email_address" . "\n" . "Reply-To: $email_address" . "\n" . "Return-Path: $email_address" . "\n" . 'X-Mailer: PHP/' . phpversion(); mail($email_address, $subject, $cart->customer['email_text'], $headers); //to customer $subject = 'Thank you for your payment to '.SITE_FROM_NAME; $mailbody = 'Dear '.$cart->customer['first_name'].', Thank you for your payment. We are now processing your order. '.$cart->customer['email_text'].' - The '.SITE_FROM_NAME.' team'; mail($cart->customer['email'], $subject, $mailbody, $headers); } } } elseif (strcmp ($res, "INVALID") == 0) { $process = true; //log_error("Process-paypal-IPN-listener: INVALID request \n\n".$emailtext,3); $emailtext = "Process-paypal-IPN-listener: INVALID request \n\n $emailtext"; send_email($emailtext,$subject,SITE_ADMIN_ADDRESS); } //end if/else(VALID) }// end if/else($fp) fclose ($fp); if(!$process) { $email_text .= "$res \n\n"; //log_error("Process-paypal-IPN-listener: verification returned neither VERIFIED or INVALID \n\n".$emailtext,3); $emailtext = "Process-paypal-IPN-listener: verification returned neither VERIFIED or INVALID \n\n $emailtext"; send_email($emailtext,$subject,SITE_ADMIN_ADDRESS); } } exit; ?>