Digitalstack/ZnoteAAC
2
0
Fork 0
mirror of https://github.com/Znote/ZnoteAAC.git synced 2025-04-29 10:49:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

paypal IPN indentation fix

Browse Source
This commit is contained in:
Znote 2021-07-18 22:34:17 +02:00
parent df062b56fd
commit 6af276225f
1 changed files with 114 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

228
ipn.php
View File

@ -1,134 +1,134 @@
<?php <?php
if (gethostbyaddr($_SERVER['REMOTE_ADDR']) !== 'notify.paypal.com') { if (gethostbyaddr($_SERVER['REMOTE_ADDR']) !== 'notify.paypal.com') {
exit(); exit();
}
// Require the functions to connect to database and fetch config values
require 'config.php';
require 'engine/database/connect.php';
// Fetch and sanitize POST and GET values
function getValue($value) {
return (!empty($value)) ? sanitize($value) : false;
}
function sanitize($data) {
return htmlentities(strip_tags(mysql_znote_escape_string($data)));
}
function VerifyPaypalIPN(array $IPN = null){
if(empty($IPN)){
$IPN = $_POST;
} }
if(empty($IPN['verify_sign'])){
// Require the functions to connect to database and fetch config values return null;
require 'config.php';
require 'engine/database/connect.php';
// Fetch and sanitize POST and GET values
function getValue($value) {
return (!empty($value)) ? sanitize($value) : false;
} }
function sanitize($data) { $IPN['cmd'] = '_notify-validate';
return htmlentities(strip_tags(mysql_znote_escape_string($data))); $PaypalHost = (empty($IPN['test_ipn']) ? 'www' : 'www.sandbox').'.paypal.com';
$cURL = curl_init();
curl_setopt($cURL, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($cURL, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($cURL, CURLOPT_SSLVERSION, 6);
curl_setopt($cURL, CURLOPT_CAINFO, __DIR__ . '/engine/cert/cacert.pem');
curl_setopt($cURL, CURLOPT_URL, "https://{$PaypalHost}/cgi-bin/webscr");
curl_setopt($cURL, CURLOPT_ENCODING, 'gzip');
curl_setopt($cURL, CURLOPT_BINARYTRANSFER, true);
curl_setopt($cURL, CURLOPT_POST, true); // POST back
curl_setopt($cURL, CURLOPT_POSTFIELDS, $IPN); // the $IPN
curl_setopt($cURL, CURLOPT_HEADER, false);
curl_setopt($cURL, CURLOPT_RETURNTRANSFER, true);
curl_setopt($cURL, CURLOPT_FORBID_REUSE, true);
curl_setopt($cURL, CURLOPT_FRESH_CONNECT, true);
curl_setopt($cURL, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($cURL, CURLOPT_TIMEOUT, 60);
curl_setopt($cURL, CURLINFO_HEADER_OUT, true);
curl_setopt($cURL, CURLOPT_HTTPHEADER, array(
'Connection: close',
'Expect: ',
));
$Response = curl_exec($cURL);
$Status = (int)curl_getinfo($cURL, CURLINFO_HTTP_CODE);
curl_close($cURL);
if(empty($Response) or !preg_match('~^(VERIFIED|INVALID)$~i', $Response = trim($Response)) or !$Status){
return null;
} }
if(intval($Status / 100) != 2){
function VerifyPaypalIPN(array $IPN = null){ return false;
if(empty($IPN)){
$IPN = $_POST;
}
if(empty($IPN['verify_sign'])){
return null;
}
$IPN['cmd'] = '_notify-validate';
$PaypalHost = (empty($IPN['test_ipn']) ? 'www' : 'www.sandbox').'.paypal.com';
$cURL = curl_init();
curl_setopt($cURL, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($cURL, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($cURL, CURLOPT_SSLVERSION, 6);
curl_setopt($cURL, CURLOPT_CAINFO, __DIR__ . '/engine/cert/cacert.pem');
curl_setopt($cURL, CURLOPT_URL, "https://{$PaypalHost}/cgi-bin/webscr");
curl_setopt($cURL, CURLOPT_ENCODING, 'gzip');
curl_setopt($cURL, CURLOPT_BINARYTRANSFER, true);
curl_setopt($cURL, CURLOPT_POST, true); // POST back
curl_setopt($cURL, CURLOPT_POSTFIELDS, $IPN); // the $IPN
curl_setopt($cURL, CURLOPT_HEADER, false);
curl_setopt($cURL, CURLOPT_RETURNTRANSFER, true);
curl_setopt($cURL, CURLOPT_FORBID_REUSE, true);
curl_setopt($cURL, CURLOPT_FRESH_CONNECT, true);
curl_setopt($cURL, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($cURL, CURLOPT_TIMEOUT, 60);
curl_setopt($cURL, CURLINFO_HEADER_OUT, true);
curl_setopt($cURL, CURLOPT_HTTPHEADER, array(
'Connection: close',
'Expect: ',
));
$Response = curl_exec($cURL);
$Status = (int)curl_getinfo($cURL, CURLINFO_HTTP_CODE);
curl_close($cURL);
if(empty($Response) or !preg_match('~^(VERIFIED|INVALID)$~i', $Response = trim($Response)) or !$Status){
return null;
}
if(intval($Status / 100) != 2){
return false;
}
return !strcasecmp($Response, 'VERIFIED');
} }
return !strcasecmp($Response, 'VERIFIED');
}
// Fetch paypal configurations // Fetch paypal configurations
$paypal = $config['paypal']; $paypal = $config['paypal'];
$prices = $config['paypal_prices']; $prices = $config['paypal_prices'];
// Send an empty HTTP 204 OK response to acknowledge receipt of the notification // Send an empty HTTP 204 OK response to acknowledge receipt of the notification
http_response_code(204); http_response_code(204);
// Build the required acknowledgement message out of the notification just received // Build the required acknowledgement message out of the notification just received
$postdata = 'cmd=_notify-validate'; $postdata = 'cmd=_notify-validate';
if(!empty($_POST)){ if(!empty($_POST)){
$postdata.="&".http_build_query($_POST); $postdata.="&".http_build_query($_POST);
} }
// Assign payment notification values to local variables // Assign payment notification values to local variables
$item_name = $_POST['item_name']; $item_name = $_POST['item_name'];
$item_number = $_POST['item_number']; $item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status']; $payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross']; $payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency']; $payment_currency = $_POST['mc_currency'];
$txn_id = getValue($_POST['txn_id']); $txn_id = getValue($_POST['txn_id']);
$receiver_email = getValue($_POST['receiver_email']); $receiver_email = getValue($_POST['receiver_email']);
$payer_email = getValue($_POST['payer_email']); $payer_email = getValue($_POST['payer_email']);
$custom = (int)$_POST['custom']; $custom = (int)$_POST['custom'];
$connectedIp = $_SERVER['REMOTE_ADDR']; $connectedIp = $_SERVER['REMOTE_ADDR'];
mysql_insert("INSERT INTO `znote_paypal` VALUES ('0', '0', 'Connection from IP: $connectedIp', '0', '0', '0')"); mysql_insert("INSERT INTO `znote_paypal` VALUES ('0', '0', 'Connection from IP: $connectedIp', '0', '0', '0')");
$status = VerifyPaypalIPN(); $status = VerifyPaypalIPN();
if ($status) { if ($status) {
// Check that the payment_status is Completed // Check that the payment_status is Completed
if ($payment_status == 'Completed') { if ($payment_status == 'Completed') {
// Check that txn_id has not been previously processed // Check that txn_id has not been previously processed
$txn_id_check = mysql_select_single("SELECT `txn_id` FROM `znote_paypal` WHERE `txn_id`='$txn_id'"); $txn_id_check = mysql_select_single("SELECT `txn_id` FROM `znote_paypal` WHERE `txn_id`='$txn_id'");
if ($txn_id_check !== true) { if ($txn_id_check !== true) {
// Check that receiver_email is your Primary PayPal email // Check that receiver_email is your Primary PayPal email
if ($receiver_email == $paypal['email']) { if ($receiver_email == $paypal['email']) {
$status = true; $status = true;
$paidMoney = 0; $paidMoney = 0;
$paidPoints = 0; $paidPoints = 0;
foreach ($prices as $priceValue => $pointsValue) { foreach ($prices as $priceValue => $pointsValue) {
if ($priceValue == $payment_amount) { if ($priceValue == $payment_amount) {
$paidMoney = $priceValue; $paidMoney = $priceValue;
$paidPoints = $pointsValue; $paidPoints = $pointsValue;
}
} }
if ($paidMoney == 0) $status = false; // Wrong ammount of money
if ($payment_currency != $paypal['currency']) $status = false; // Wrong currency
// Verify that the user havent messed around with POST data
if ($status) {
// transaction log
mysql_insert("INSERT INTO `znote_paypal` VALUES ('0', '$txn_id', '$payer_email', '$custom', '".$paidMoney."', '".$paidPoints."')");
// Process payment
$data = mysql_select_single("SELECT `points` AS `old_points` FROM `znote_accounts` WHERE `account_id`='$custom';");
// Give points to user
$new_points = $data['old_points'] + $paidPoints;
mysql_update("UPDATE `znote_accounts` SET `points`='$new_points' WHERE `account_id`='$custom'");
}
} else {
$pmail = $paypal['email'];
mysql_insert("INSERT INTO `znote_paypal` VALUES ('0', '$txn_id', 'ERROR: Wrong mail. Received: $receiver_email, configured: $pmail', '0', '0', '0')");
} }
if ($paidMoney == 0) $status = false; // Wrong ammount of money
if ($payment_currency != $paypal['currency']) $status = false; // Wrong currency
// Verify that the user havent messed around with POST data
if ($status) {
// transaction log
mysql_insert("INSERT INTO `znote_paypal` VALUES ('0', '$txn_id', '$payer_email', '$custom', '".$paidMoney."', '".$paidPoints."')");
// Process payment
$data = mysql_select_single("SELECT `points` AS `old_points` FROM `znote_accounts` WHERE `account_id`='$custom';");
// Give points to user
$new_points = $data['old_points'] + $paidPoints;
mysql_update("UPDATE `znote_accounts` SET `points`='$new_points' WHERE `account_id`='$custom'");
}
} else {
$pmail = $paypal['email'];
mysql_insert("INSERT INTO `znote_paypal` VALUES ('0', '$txn_id', 'ERROR: Wrong mail. Received: $receiver_email, configured: $pmail', '0', '0', '0')");
} }
} }
} else {
// Something is wrong
mysql_insert("INSERT INTO `znote_paypal` VALUES ('0', '$txn_id', 'ERROR: Invalid data. $postdata', '0', '0', '0')");
} }
} else {
// Something is wrong
mysql_insert("INSERT INTO `znote_paypal` VALUES ('0', '$txn_id', 'ERROR: Invalid data. $postdata', '0', '0', '0')");
}
?> ?>