-
Notifications
You must be signed in to change notification settings - Fork 8
/
ipn_wp.php
127 lines (119 loc) · 4.08 KB
/
ipn_wp.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
<?php
declare(strict_types=1);
/**
* MCCodes v2 by Dabomstew & ColdBlooded
*
* Repository: https://github.com/davemacaulay/mccodesv2
* License: MIT License
*/
global $db, $set;
require_once('globals_nonauth.php');
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value)
{
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
// post back to PayPal system to validate
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= 'Content-Length: ' . strlen($req) . "\r\n\r\n";
$fp = fsockopen('www.paypal.com', 80, $errno, $errstr, 30);
// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
if ($fp) {
fputs($fp, $header . $req);
while (!feof($fp)) {
$res = fgets($fp, 1024);
if (strcmp($res, 'VERIFIED') == 0) {
$txn_db = $db->escape(stripslashes($txn_id));
// check the payment_status is Completed
if ($payment_status != 'Completed') {
fclose($fp);
die('');
}
$dp_check =
$db->query(
"SELECT COUNT(`dpID`)
FROM `dps_accepted`
WHERE `dpTXN` = '{$txn_db}'");
if ($db->fetch_single($dp_check) > 0) {
$db->free_result($dp_check);
fclose($fp);
die('');
}
$db->free_result($dp_check);
$wp_check =
$db->query(
"SELECT COUNT(`dpID`)
FROM `willps_accepted`
WHERE `dpTXN` = '{$txn_db}'");
if ($db->fetch_single($wp_check) > 0) {
$db->free_result($wp_check);
fclose($fp);
die('');
}
$db->free_result($wp_check);
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
if ($receiver_email != $set['paypal']) {
fclose($fp);
die('');
}
// check that payment_amount/payment_currency are correct
if ($payment_currency != 'USD') {
fclose($fp);
die('');
}
// parse for pack
$packr = explode('|', $item_name);
if (str_replace('www.', '', $packr[0])
!= str_replace('www.', '', $_SERVER['HTTP_HOST'])) {
fclose($fp);
die('');
}
if ($packr[1] != 'WP') {
fclose($fp);
die('');
}
$pack = $packr[2];
if ($pack != 1 and $pack != 5) {
fclose($fp);
die('');
}
if (($pack == 1) && $payment_amount != '1.00') {
fclose($fp);
die('');
}
if ($pack == 5 && $payment_amount != '4.50') {
fclose($fp);
die('');
}
// grab IDs
$buyer = abs((int)$packr[3]);
$for = $buyer;
// all seems to be in order, credit it.
if ($pack == 1) {
item_add($for, $set['willp_item'], 1);
} elseif ($pack == 5) {
item_add($for, $set['willp_item'], 5);
}
// process payment
event_add($for,
"Your \${$payment_amount} worth of Will Potions ($pack) has been successfully credited.");
$db->query(
"INSERT INTO `willps_accepted`
VALUES(NULL, {$buyer}, {$for}, '$pack', " . time()
. ", '$txn_db')");
}
}
fclose($fp);
}