escape($ticket_key); $efile_id = $conn->escape($file_id); $erandom = $conn->escape($random); $prefix = DB_PREFIX; $res = $conn->query("INSERT INTO ".$prefix."download_tickets(ticket_key,file_id,created,random) values($eticket_key,$efile_id,NOW(),$erandom)"); if ($res == false) { echo db_error(); return false; } $insert_id = $conn->get_var("SELECT LAST_INSERT_ID()"); $url = "http://misc.firestats.cc/paypal/download.php?id=$insert_id&rand=$random"; return $url; } ///////////////////////////////////////////////// /////////////Begin Script below.///////////////// ///////////////////////////////////////////////// // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $host = PAYPAL_HOST; $fp = fsockopen ("ssl://$host", 443, $errno, $errstr, 30); // assign posted variables to local variables $item_name = get('item_name'); $business = get('business'); $item_number = get('item_number'); $payment_status = get('payment_status'); $mc_gross = get('mc_gross'); $payment_currency = get('mc_currency'); $txn_id = get('txn_id'); $receiver_email = get('receiver_email'); $receiver_id = get('receiver_id'); $quantity = get('quantity'); $num_cart_items = get('num_cart_items'); $payment_date = get('payment_date'); $first_name = get('first_name'); $last_name = get('last_name'); $payment_type = get('payment_type'); $payment_status = get('payment_status'); $payment_gross = get('payment_gross'); $payment_fee = get('payment_fee'); $settle_amount = get('settle_amount'); $memo = get('memo'); $payer_email = get('payer_email'); $txn_type = get('txn_type'); $payer_status = get('payer_status'); $address_street = get('address_street'); $address_city = get('address_city'); $address_state = get('address_state'); $address_zip = get('address_zip'); $address_country = get('address_country'); $address_status = get('address_status'); $item_number = get('item_number'); $tax = get('tax'); $option_name1 = get('option_name1'); $option_selection1 = get('option_selection1'); $option_name2 = get('option_name2'); $option_selection2 = get('option_selection2'); $for_auction = get('for_auction'); $invoice = get('invoice'); $custom = get('custom'); $notify_version = get('notify_version'); $verify_sign = get('verify_sign'); $payer_business_name = get('payer_business_name'); $payer_id =get('payer_id'); $mc_currency = get('mc_currency'); $mc_fee = get('mc_fee'); $exchange_rate = get('exchange_rate'); $settle_currency = get('settle_currency'); $parent_txn_id = get('parent_txn_id'); $pending_reason = get('pending_reason'); $reason_code = get('reason_code'); // subscription specific vars $subscr_id = get('subscr_id'); $subscr_date = get('subscr_date'); $subscr_effective = get('subscr_effective'); $period1 = get('period1'); $period2 = get('period2'); $period3 = get('period3'); $amount1 = get('amount1'); $amount2 = get('amount2'); $amount3 = get('amount3'); $mc_amount1 = get('mc_amount1'); $mc_amount2 = get('mc_amount2'); $mc_amount3 = get('mcamount3'); $recurring = get('recurring'); $reattempt = get('reattempt'); $retry_at = get('retry_at'); $recur_times = get('recur_times'); $username = get('username'); $password = get('password'); //auction specific vars $for_auction = get('for_auction'); $auction_closing_date = get('auction_closing_date'); $auction_multi_item = get('auction_multi_item'); $auction_buyer_id = get('auction_buyer_id'); if (!$fp) { flog("http error"); // HTTP ERROR } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res, "VERIFIED") == 0) { //create MySQL connection $prefix = DB_PREFIX; $Connect = @mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) or paypal_die("Couldn't connect to MySQL:
" . mysql_error() . "
" . mysql_errno()); //select database $Db = @mysql_select_db(DB_NAME, $Connect) or paypal_die("Couldn't select database:
" . mysql_error(). "
" . mysql_errno()); $fecha = date("m")."/".date("d")."/".date("Y"); $fecha = date("Y").date("m").date("d"); //check if transaction ID has been processed before $checkquery = "select txnid from ".$prefix."paypal_payment_info where txnid='$txn_id' AND (paymenttype != 'echeck' OR (paymenttype = 'echeck' AND paymentstatus = '$payment_status'))"; $sihay = mysql_query($checkquery) or paypal_die("Duplicate txn id check query failed:
" . mysql_error() . "
" . mysql_errno()); $nm = mysql_num_rows($sihay); if ($nm == 0) { if ($txn_type == "cart") { $strQuery = "insert into ".$prefix."paypal_payment_info(paymentstatus,buyer_email,firstname,lastname,street,city,state,zipcode,country,mc_gross,mc_fee,memo,paymenttype,paymentdate,txnid,pendingreason,reasoncode,tax,datecreation) values ('".$payment_status."','".$payer_email."','".$first_name."','".$last_name."','".$address_street."','".$address_city."','".$address_state."','".$address_zip."','".$address_country."','".$mc_gross."','".$mc_fee."','".$memo."','".$payment_type."','".$payment_date."','".$txn_id."','".$pending_reason."','".$reason_code."','".$tax."','".$fecha."')"; $result = mysql_query($strQuery) or paypal_die("Cart - paypal_payment_info, Query failed:
" . mysql_error() . "
" . mysql_errno()); for ($i = 1; $i <= $num_cart_items; $i++) { $itemname = "item_name".$i; $itemnumber = "item_number".$i; $on0 = "option_name1_".$i; $os0 = "option_selection1_".$i; $on1 = "option_name2_".$i; $os1 = "option_selection2_".$i; $quantity = "quantity".$i; $struery = "insert into ".$prefix."paypal_cart_info(txnid,itemnumber,itemname,os0,on0,os1,on1,quantity,invoice,custom) values ('".$txn_id."','".get($itemnumber)."','".get($itemname)."','".get($on0)."','".get($os0)."','".get($on1)."','".get($os1)."','".get($quantity)."','".$invoice."','".$custom."')"; $result = mysql_query($struery) or paypal_die("Cart - paypal_cart_info, Query failed:
" . mysql_error() . "
" . mysql_errno()); } } else { $result = mysql_query("insert into ".$prefix."paypal_payment_info(paymentstatus,buyer_email,firstname,lastname,street,city,state,zipcode,country,mc_gross,mc_fee,itemnumber,itemname,os0,on0,os1,on1,quantity,memo,paymenttype,paymentdate,txnid,pendingreason,reasoncode,tax,datecreation) values ('".$payment_status."','".$payer_email."','".$first_name."','".$last_name."','".$address_street."','".$address_city."','".$address_state."','".$address_zip."','".$address_country."','".$mc_gross."','".$mc_fee."','".$item_number."','".$item_name."','".$option_name1."','".$option_selection1."','".$option_name2."','".$option_selection2."','".$quantity."','".$memo."','".$payment_type."','".$payment_date."','".$txn_id."','".$pending_reason."','".$reason_code."','".$tax."','".$fecha."')"); if (!$result) paypal_die("Default - paypal_payment_info, Query failed:
" . mysql_error() . "
" . mysql_errno()); } // send an email in any case // sendmail($notify_email, "VERIFIED IPN", "$res\n $req\n $strQuery\n $struery\n $strQuery2"); if ($payment_status == "Completed") { payment_completed($txn_id,$payer_id,$item_name,$payer_email, $first_name, $last_name, $mc_gross, $mc_fee, $item_number, $mc_currency); } } else { // send an email sendmail($notify_email, "VERIFIED DUPLICATED TRANSACTION", "$res\n txn_id=$txn_id\n"); } //subscription handling branch if ( $txn_type == "subscr_signup" || $txn_type == "subscr_payment" ) { // insert subscriber payment info into paypal_payment_info table $strQuery = "insert into ".$prefix."paypal_payment_info(paymentstatus,buyer_email,firstname,lastname,street,city,state,zipcode,country,mc_gross,mc_fee,memo,paymenttype,paymentdate,txnid,pendingreason,reasoncode,tax,datecreation) values ('".$payment_status."','".$payer_email."','".$first_name."','".$last_name."','".$address_street."','".$address_city."','".$address_state."','".$address_zip."','".$address_country."','".$mc_gross."','".$mc_fee."','".$memo."','".$payment_type."','".$payment_date."','".$txn_id."','".$pending_reason."','".$reason_code."','".$tax."','".$fecha."')"; $result = mysql_query($strQuery) or paypal_die("Subscription - paypal_payment_info, Query failed:
" . mysql_error() . "
" . mysql_errno()); // insert subscriber info into paypal_subscription_info table $strQuery2 = "insert into ".$prefix."paypal_subscription_info(subscr_id , sub_event, subscr_date ,subscr_effective,period1,period2, period3, amount1 ,amount2 ,amount3, mc_amount1, mc_amount2, mc_amount3, recurring, reattempt,retry_at, recur_times, username ,password, payment_txn_id, subscriber_emailaddress, datecreation) values ('".$subscr_id."', '".$txn_type."','".$subscr_date."','".$subscr_effective."','".$period1."','".$period2."','".$period3."','".$amount1."','".$amount2."','".$amount3."','".$mc_amount1."','".$mc_amount2."','".$mc_amount3."','".$recurring."','".$reattempt."','".$retry_at."','".$recur_times."','".$username."','".$password."', '".$txn_id."','".$payer_email."','".$fecha."')"; $result = mysql_query($strQuery2) or paypal_die("Subscription - paypal_subscription_info, Query failed:
" . mysql_error() . "
" . mysql_errno()); sendmail($notify_email, "VERIFIED IPN", "$res\n $req\n $strQuery\n $struery\n $strQuery2"); } } else if (strcmp ($res, "INVALID") == 0) // if the IPN POST was 'INVALID'...do this { // log for manual investigation $reqd = var_export($_POST,true); sendmail($notify_email, "INVALID IPN", "$res\n $req\n--\tPOST:\n$reqd"); } } fclose ($fp); } $output = ob_get_clean(); if ($output != '') { echo $output; flog("Error : $output"); } function get($key) { return isset($_POST[$key]) ? $_POST[$key] : ""; } ?>