paypal | Rex's Personal Site

&lt;?php
require_once(&#39;../includes/init_page_public.php&#39;);

//Error log
error_reporting(E_ALL);
set_error_handler(&#39;error_handler&#39;);
 
function error_handler($no, $msg, $filename, $line){
	$p = &#39;werror_log.txt&#39;;
	$handle = fopen($p, &#39;w+&#39;);

   	$err = &quot;File name: &quot; . $filename . &quot;&lt;br/&gt;&quot; . 
		&quot;Line: &quot; . $line . &quot;&lt;br/&gt;&quot; . 
		&quot;Message: &quot; . $msg . &quot;&lt;br/&gt;&quot;;
	//echo $err;
	fwrite($handle, $err . PHP_EOL);
    exit();
}

//Process log
$p = &#39;ipn_log.txt&#39;;
$handle = fopen($p, &#39;w+&#39;);
wlog(&#39;Log file created&#39;);

function wlog($msg){
	global $handle;
	fwrite($handle, $msg . PHP_EOL);
}


// Read the post from PayPal and add &#39;cmd&#39; 
$req = &#39;cmd=_notify-validate&#39;; 
$header = &#39;&#39;;

if(function_exists(&#39;get_magic_quotes_gpc&#39;)) 
{  
	$get_magic_quotes_exists = true; 
} 

$params = $_POST;
foreach ($params as $key =&gt; $value) 
// Handle escape characters, which depends on setting of magic quotes 
{  
	if($get_magic_quotes_exists == true &amp;&amp; get_magic_quotes_gpc() == 1){  
		$value = urlencode(stripslashes($value)); 
	} else { 
		$value = urlencode($value); 
	} 
	$req .= &quot;&amp;$key=$value&quot;;
} 
wlog($req); 

// Post back to PayPal to validate 
//$paypal = &#39;www.paypal.com&#39;;
$paypal = &#39;www.sandbox.paypal.com&#39;;

$header .= &quot;POST /cgi-bin/webscr HTTP/1.0\r\n&quot;; 
$header .= &quot;Host: &quot; . $paypal . &quot;\r\n&quot;;
$header .= &quot;Content-Type: application/x-www-form-urlencoded\r\n&quot;; 
$header .= &quot;Content-Length: &quot; . strlen($req) . &quot;\r\n\r\n&quot;; 
$fp = fsockopen (&#39;ssl://&#39; . $paypal, 443, $errno, $errstr, 30);
wlog($errstr);
 
// Process validation from PayPal 
// TODO: This sample does not test the HTTP response code. All 
// HTTP response codes must be handles or you should use an HTTP 
// library, such as cUrl 
 
if (!$fp) { // HTTP ERROR 
	wlog(&#39;Paypal IPN Listener - HTTP Error&#39;);
} else { 
	// NO HTTP ERROR 
	fputs ($fp, $header . $req); 
	wlog($errstr);

	while (!feof($fp)) { 
		$res = fgets ($fp, 1024); 
		wlog($res);

		if (strcmp ($res, &quot;VERIFIED&quot;) == 0 &amp;&amp; strcmp ($params["payment_status"], &quot;Completed&quot;) == 0) { 
			wlog(&quot;response verified&quot;);
			// TODO: 
			// Check the payment_status is Completed 
			// Check that txn_id has not been previously processed 
			// Check that receiver_email is your Primary PayPal email 
			// Check that payment_amount/payment_currency are correct 
			// Process payment 

			/* If &#39;VERIFIED&#39;, send an email of IPN variables and values to the 
			specified email address 
			foreach ($_POST as $key =&gt; $value){ 
				$emailtext .= $key . &quot; = &quot; .$value .&quot;\n\n&quot;; 
			} */


			//Check receiver email
			//if(strcmp ($params["receiver_email"], &quot;rex@wikirex.com&quot;) &lt;&gt; 0){
			//	wlog(&quot;Receiver email is not valid&quot;);
			//	break;
			//}

			//Check transaction id
			//if(strlen($err) == 0 &amp;&amp; txnExists($params["txn_id"]) == true){
			//	$err = &quot;Transaction ID: &quot; . $params["txn_id"] . &quot; exists already&quot;;
			//	break;
			//}

			//Check payment gross according to product ID
			//if($err == &quot;&quot; &amp;&amp; checkGross($productID, $_POST["mc_gross"], $_POST["mc_currency"], $_POST["exchange_rate"]) == false){
			//	$err = &quot;Payment gross amount is not equivalent to the setting of this product: &quot; . $_POST["txn_id"];
			//}

			$sql = &quot;INSERT INTO `orders` (`payment_vender`, `account_id`, `product_id`, 
`payment_status`, `product_name`, `receiver_id`, `receiver_email`, `transaction_id`, `transaction_type`, 
`invoice_number`, `item_name`, `item_number`, `quantity`, `charset`, `currency`, `exchange_rate`, `fee`, 
`gross`, `country`, `payer_email`, `payment_date`, `created_time`, `updated_time`) VALUES (&quot; . 
				$db-&gt;formatSQLInput(1) . &quot;, &quot; . 
				$db-&gt;formatSQLInput(0) . &quot;, &quot; . 
				$db-&gt;formatSQLInput(0) . &quot;, &quot; . 
				$db-&gt;formatSQLInput($params['payment_status']) . &quot;, &quot; . 
				$db-&gt;formatSQLInput(&#39;Test&#39;) . &quot;, &quot; . 
				$db-&gt;formatSQLInput($params['receiver_id']) . &quot;, &quot; . 
				$db-&gt;formatSQLInput($params['receiver_email']) . &quot;, &quot; . 
				$db-&gt;formatSQLInput($params['txn_id']) . &quot;, &quot; . 
				$db-&gt;formatSQLInput($params['txn_type']) . &quot;, &quot; . 
				$db-&gt;formatSQLInput($params['invoice']) . &quot;, &quot; . 
				$db-&gt;formatSQLInput($params['item_name']) . &quot;, &quot; . 
				$db-&gt;formatSQLInput($params['item_number']) . &quot;, &quot; . 
				$db-&gt;formatSQLInput($params['quantity']) . &quot;, &quot; . 
				$db-&gt;formatSQLInput($util-&gt;out($params, &#39;charset&#39;, &#39;UTF-8&#39;)) . &quot;, &quot; . 
				$db-&gt;formatSQLInput($util-&gt;out($params, &#39;mc_currency&#39;, &#39;USD&#39;)) . &quot;, &quot; . 
				$db-&gt;formatSQLInput($util-&gt;out($params, &#39;exchange_rate&#39;, &#39;&#39;)) . &quot;, &quot; . 
				$db-&gt;formatSQLInput($params['mc_fee']) . &quot;, &quot; . 
				$db-&gt;formatSQLInput($params['mc_gross']) . &quot;, &quot; . 
				$db-&gt;formatSQLInput($params['residence_country']) . &quot;, &quot; . 
				$db-&gt;formatSQLInput($params['payer_email']) . &quot;, &quot; . 
				$db-&gt;format_sql_date($params['payment_date']) . &quot;, &quot; . 
				$db-&gt;format_sql_date(NULL, true) . &quot;, &quot; . 
				$db-&gt;format_sql_date(NULL, true) . &quot; &quot; . 
				&quot;)&quot;;
			wlog($sql);

			$rs = $db-&gt;query($sql);
		} else if (strcmp ($res, &quot;INVALID&quot;) == 0) { 
			//If &#39;INVALID&#39;, send an email. TODO: Log for manual investigation. 
			$values = &#39;response: INVALID&#39;;
			wlog($values);
		}
	} 
}

fclose($fp);


if($err == &quot;&quot;){
	wlog(&quot;Store Listener - Completed&quot;, &quot;Transaction&quot;);
}else{
	wlog(&quot;Store Listener - Error&quot;);
}
?&gt;

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

<?php

require_once('../includes/init_page_public.php');

//Error log

error_reporting(E_ALL);

set_error_handler('error_handler');

function error_handler($no, $msg, $filename, $line){

$p = 'werror_log.txt';

$handle = fopen($p, 'w+');

$err = "File name: " . $filename . "<br/>" .

"Line: " . $line . "<br/>" .

"Message: " . $msg . "<br/>";

//echo $err;

fwrite($handle, $err . PHP_EOL);

exit();

}

//Process log

$p = 'ipn_log.txt';

$handle = fopen($p, 'w+');

wlog('Log file created');

function wlog($msg){

global $handle;

fwrite($handle, $msg . PHP_EOL);

}

// Read the post from PayPal and add 'cmd'

$req = 'cmd=_notify-validate';

$header = '';

if(function_exists('get_magic_quotes_gpc'))

{

$get_magic_quotes_exists = true;

}

$params = $_POST;

foreach ($params as $key => $value)

// Handle escape characters, which depends on setting of magic quotes

{

if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1){

$value = urlencode(stripslashes($value));

} else {

$value = urlencode($value);

}

$req .= "&$key=$value";

}

wlog($req);

// Post back to PayPal to validate

//$paypal = 'www.paypal.com';

$paypal = 'www.sandbox.paypal.com';

$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";

$header .= "Host: " . $paypal . "\r\n";

$header .= "Content-Type: application/x-www-form-urlencoded\r\n";

$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

$fp = fsockopen ('ssl://' . $paypal, 443, $errno, $errstr, 30);

wlog($errstr);

// Process validation from PayPal

// TODO: This sample does not test the HTTP response code. All

// HTTP response codes must be handles or you should use an HTTP

// library, such as cUrl

if (!$fp) { // HTTP ERROR

wlog('Paypal IPN Listener - HTTP Error');

} else {

// NO HTTP ERROR

fputs ($fp, $header . $req);

wlog($errstr);

while (!feof($fp)) {

$res = fgets ($fp, 1024);

wlog($res);

if (strcmp ($res, "VERIFIED") == 0 && strcmp ($params["payment_status"], "Completed") == 0) {

wlog("response verified");

// TODO:

// Check the payment_status is Completed

// Check that txn_id has not been previously processed

// Check that receiver_email is your Primary PayPal email

// Check that payment_amount/payment_currency are correct

// Process payment

/* If 'VERIFIED', send an email of IPN variables and values to the

specified email address

foreach ($_POST as $key => $value){

$emailtext .= $key . " = " .$value ."\n\n";

} */

//Check receiver email

//if(strcmp ($params["receiver_email"], "[email protected]") <> 0){

// wlog("Receiver email is not valid");

// break;

//}

//Check transaction id

//if(strlen($err) == 0 && txnExists($params["txn_id"]) == true){

// $err = "Transaction ID: " . $params["txn_id"] . " exists already";

// break;

//}

//Check payment gross according to product ID

//if($err == "" && checkGross($productID, $_POST["mc_gross"], $_POST["mc_currency"], $_POST["exchange_rate"]) == false){

// $err = "Payment gross amount is not equivalent to the setting of this product: " . $_POST["txn_id"];

//}

$sql = "INSERT INTO `orders` (`payment_vender`, `account_id`, `product_id`,

`payment_status`, `product_name`, `receiver_id`, `receiver_email`, `transaction_id`, `transaction_type`,

`invoice_number`, `item_name`, `item_number`, `quantity`, `charset`, `currency`, `exchange_rate`, `fee`,

`gross`, `country`, `payer_email`, `payment_date`, `created_time`, `updated_time`) VALUES (" .

$db->formatSQLInput(1) . ", " .

$db->formatSQLInput(0) . ", " .

$db->formatSQLInput($params['payment_status']) . ", " .

$db->formatSQLInput('Test') . ", " .

$db->formatSQLInput($params['receiver_id']) . ", " .

$db->formatSQLInput($params['receiver_email']) . ", " .

$db->formatSQLInput($params['txn_id']) . ", " .

$db->formatSQLInput($params['txn_type']) . ", " .

$db->formatSQLInput($params['invoice']) . ", " .

$db->formatSQLInput($params['item_name']) . ", " .

$db->formatSQLInput($params['item_number']) . ", " .

$db->formatSQLInput($params['quantity']) . ", " .

$db->formatSQLInput($util->out($params, 'charset', 'UTF-8')) . ", " .

$db->formatSQLInput($util->out($params, 'mc_currency', 'USD')) . ", " .

$db->formatSQLInput($util->out($params, 'exchange_rate', '')) . ", " .

$db->formatSQLInput($params['mc_fee']) . ", " .

$db->formatSQLInput($params['mc_gross']) . ", " .

$db->formatSQLInput($params['residence_country']) . ", " .

$db->formatSQLInput($params['payer_email']) . ", " .

$db->format_sql_date($params['payment_date']) . ", " .

$db->format_sql_date(NULL, true) . ", " .

$db->format_sql_date(NULL, true) . " " .

")";

wlog($sql);

$rs = $db->query($sql);

} else if (strcmp ($res, "INVALID") == 0) {

//If 'INVALID', send an email. TODO: Log for manual investigation.

$values = 'response: INVALID';

wlog($values);

}

fclose($fp);

if($err == ""){

wlog("Store Listener - Completed", "Transaction");

}else{

wlog("Store Listener - Error");

}

Reference:

Rex's Personal Site

This site is built on WordPress and contains personal notes, photos and videos

Category Archives: paypal

IPN Currency Issue

RESTful API Usage – PHP

IPN Listener