|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 |
<?php require_once('../includes/init_page_public.php'); //Error log error_reporting(E_ALL); set_error_handler('error_handler'); function error_handler($no, $msg, $filename, $line){ $p = 'werror_log.txt'; $handle = fopen($p, 'w+'); $err = "File name: " . $filename . "<br/>" . "Line: " . $line . "<br/>" . "Message: " . $msg . "<br/>"; //echo $err; fwrite($handle, $err . PHP_EOL); exit(); } //Process log $p = 'ipn_log.txt'; $handle = fopen($p, 'w+'); wlog('Log file created'); function wlog($msg){ global $handle; fwrite($handle, $msg . PHP_EOL); } // Read the post from PayPal and add 'cmd' $req = 'cmd=_notify-validate'; $header = ''; if(function_exists('get_magic_quotes_gpc')) { $get_magic_quotes_exists = true; } $params = $_POST; foreach ($params as $key => $value) // Handle escape characters, which depends on setting of magic quotes { if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1){ $value = urlencode(stripslashes($value)); } else { $value = urlencode($value); } $req .= "&$key=$value"; } wlog($req); // Post back to PayPal to validate //$paypal = 'www.paypal.com'; $paypal = 'www.sandbox.paypal.com'; $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Host: " . $paypal . "\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen ('ssl://' . $paypal, 443, $errno, $errstr, 30); wlog($errstr); // Process validation from PayPal // TODO: This sample does not test the HTTP response code. All // HTTP response codes must be handles or you should use an HTTP // library, such as cUrl if (!$fp) { // HTTP ERROR wlog('Paypal IPN Listener - HTTP Error'); } else { // NO HTTP ERROR fputs ($fp, $header . $req); wlog($errstr); while (!feof($fp)) { $res = fgets ($fp, 1024); wlog($res); if (strcmp ($res, "VERIFIED") == 0 && strcmp ($params["payment_status"], "Completed") == 0) { wlog("response verified"); // TODO: // Check the payment_status is Completed // Check that txn_id has not been previously processed // Check that receiver_email is your Primary PayPal email // Check that payment_amount/payment_currency are correct // Process payment /* If 'VERIFIED', send an email of IPN variables and values to the specified email address foreach ($_POST as $key => $value){ $emailtext .= $key . " = " .$value ."\n\n"; } */ //Check receiver email //if(strcmp ($params["receiver_email"], "[email protected]") <> 0){ // wlog("Receiver email is not valid"); // break; //} //Check transaction id //if(strlen($err) == 0 && txnExists($params["txn_id"]) == true){ // $err = "Transaction ID: " . $params["txn_id"] . " exists already"; // break; //} //Check payment gross according to product ID //if($err == "" && checkGross($productID, $_POST["mc_gross"], $_POST["mc_currency"], $_POST["exchange_rate"]) == false){ // $err = "Payment gross amount is not equivalent to the setting of this product: " . $_POST["txn_id"]; //} $sql = "INSERT INTO `orders` (`payment_vender`, `account_id`, `product_id`, `payment_status`, `product_name`, `receiver_id`, `receiver_email`, `transaction_id`, `transaction_type`, `invoice_number`, `item_name`, `item_number`, `quantity`, `charset`, `currency`, `exchange_rate`, `fee`, `gross`, `country`, `payer_email`, `payment_date`, `created_time`, `updated_time`) VALUES (" . $db->formatSQLInput(1) . ", " . $db->formatSQLInput(0) . ", " . $db->formatSQLInput(0) . ", " . $db->formatSQLInput($params['payment_status']) . ", " . $db->formatSQLInput('Test') . ", " . $db->formatSQLInput($params['receiver_id']) . ", " . $db->formatSQLInput($params['receiver_email']) . ", " . $db->formatSQLInput($params['txn_id']) . ", " . $db->formatSQLInput($params['txn_type']) . ", " . $db->formatSQLInput($params['invoice']) . ", " . $db->formatSQLInput($params['item_name']) . ", " . $db->formatSQLInput($params['item_number']) . ", " . $db->formatSQLInput($params['quantity']) . ", " . $db->formatSQLInput($util->out($params, 'charset', 'UTF-8')) . ", " . $db->formatSQLInput($util->out($params, 'mc_currency', 'USD')) . ", " . $db->formatSQLInput($util->out($params, 'exchange_rate', '')) . ", " . $db->formatSQLInput($params['mc_fee']) . ", " . $db->formatSQLInput($params['mc_gross']) . ", " . $db->formatSQLInput($params['residence_country']) . ", " . $db->formatSQLInput($params['payer_email']) . ", " . $db->format_sql_date($params['payment_date']) . ", " . $db->format_sql_date(NULL, true) . ", " . $db->format_sql_date(NULL, true) . " " . ")"; wlog($sql); $rs = $db->query($sql); } else if (strcmp ($res, "INVALID") == 0) { //If 'INVALID', send an email. TODO: Log for manual investigation. $values = 'response: INVALID'; wlog($values); } } } fclose($fp); if($err == ""){ wlog("Store Listener - Completed", "Transaction"); }else{ wlog("Store Listener - Error"); } ?> |
Reference: