Paypal IPN

D

driveflexfuel

New Member
Messages
159
Reaction score
0
Points
0
I found the following code that i love using but i want to add in some coding.

I need to verify the product name, price, and id if anyone can help I would greatly appreciate it.

I am going to create a seperate file for each product.

Code: 
<?php
//------------------------------------------------------------------
// Open log file (in append mode) and write the current time into it.
// Open the DB Connection. Open the actual database.
//-------------------------------------------------------------------
$log = fopen("ipn.log", "a");
fwrite($log, "\n\nipn - " . gmstrftime ("%b %d %Y %H:%M:%S", time()) . "\n");
$db = mysql_connect("localhost", "yourname", "yourpassword");
mysql_select_db("yourdb",$db);

//------------------------------------------------
// Read post from PayPal system and create reply
// starting with: 'cmd=_notify-validate'...
// then repeating all values sent - VALIDATION.
//------------------------------------------------
$postvars = array();
while (list ($key, $value) = each ($HTTP_POST_VARS)) {
$postvars[] = $key;
}
$req = 'cmd=_notify-validate';
for ($var = 0; $var < count ($postvars); $var++) {
$postvar_key = $postvars[$var];
$postvar_value = $$postvars[$var];
$req .= "&" . $postvar_key . "=" . urlencode ($postvar_value);
}

//--------------------------------------------
// Create message to post back to PayPal...
// Open a socket to the PayPal server...
//--------------------------------------------
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen ($req) . "\r\n\r\n";
$fp = fsockopen ("www.paypal.com", 80, $errno, $errstr, 30);

//---------------------------------------------
fwrite($log, "Vals: ". $invoice." ". $receiver_email." ". $item_name." ". $item_ number." ". $quantity." ". $payment_status." ". $pending_reason." ".$payment_dat e." ". $payment_gross." ". $payment_fee." ". $txn_id." ". $txn_type." ". $first_ name." ". $last_name." ". $address_street." ". $address_city." ". $address_state . " ".$address_zip." ". $address_country." ". $address_status." ". $payer_email. " ". $payer_status." ". $payment_type." ". $notify_version." ". $verify_sign. "\ n"); 

//----------------------------------------------------------------------
// Check HTTP connection made to PayPal OK, If not, print an error msg
//----------------------------------------------------------------------
if (!$fp) {
echo "$errstr ($errno)";
fwrite($log, "Failed to open HTTP connection!");
$res = "FAILED";
}

//--------------------------------------------------------
// If connected OK, write the posted values back, then...
//--------------------------------------------------------
else {
fputs ($fp, $header . $req);
//-------------------------------------------
// ...read the results of the verification...
// If VERIFIED = continue to process the TX...
//-------------------------------------------
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {

//----------------------------------------------------------------------
// If the payment_status=Completed... Get the password for the product
// from the DB and email it to the customer.
//----------------------------------------------------------------------
if (strcmp ($payment_status, "Completed") == 0) {
$qry = "SELECT password FROM products WHERE pid = \"$item_number\" ";
$result = mysql_query($qry,$db);
while ($myrow = mysql_fetch_row($result)) { $passwd = $myrow[0]; }

$message .= "Dear Customer,\n Thankyou for your order.\n\nThe password for the item you ordered is: $row[0]\n\nIf you have any problems, please contact us: \n\nsales\@yourdomain.com";

mail($payer_email, "Your Book Password...", $message, "From: ipn@yourdomain.com\nReply-To: sales@yourdomain.com");
}

//----------------------------------------------------------------------
// If the payment_status is NOT Completed... You'll have to send the
// password later, by hand, when the funds clear...
//----------------------------------------------------------------------
else {
$message .= "Dear Customer,\n Thankyou for your order.\n\nThe password for the item you ordered will be sent to you when the funds have cleared.\n\nThankyou \n\nsales\@yourdomain.com";

mail($payer_email, "Your Book Password...", $message, "From: ipn@yourdomain.com\nReply-To: sales@yourdomain.com");

mail($receiver_email, "Incomplete PayPal TX...", "An incomplete transaction requires your attention.");
}

//----------------------------------------------------------------
// ..If UNVerified - It's 'Suspicious' and needs investigating!
// Send an email to yourself so you investigate it.
//----------------------------------------------------------------
else {
mail($payer_email, "An Error Occurred...", "Dear Customer,\n an error occurred while PayPal was processing your order. It will be investigated by a human at the earliest opportunity.\n\nWe apologise for any inconvenience.", "From: ipn@yourdomain.com\nReply-To: sales@yourdomain.com");

mail($receiver_email, "Invalid PayPal TX...", "An invalid transaction requires your attention.");

}
}
}

//--------------------------------------
// Insert Transaction details into DB.
//--------------------------------------
$qry = "INSERT into psales (
invoice, receiver_email, item_name, item_number, quantity, payment_status, pending_reason, payment_date, payment_gross, payment_fee, txn_id, txn_type, first_nam e, last_name, address_street, address_city, address_state, address_zip, address_country, address_status, payer_email, payer_status, payment_type, notify_version , verify_sign )
VALUES
( \"$invoice\", \"$receiver_email\", \"$item_name\", \"$item_number\", \"$quanti ty\", \"$payment_status\", \"$pending_reason\", \"$payment_date\", \"$payment_gr oss\", \"$payment_fee\", \"$txn_id\", \"$txn_type\", \"$first_name\", \"$last_na me\", \"$address_street\", \"$address_city\", \"$address_state\", \"$address_zip \", \"$address_country\", \"$address_status\", \"$payer_email\", \"$payer_status \", \"$payment_type\", \"$notify_version\", \"$verify_sign\" ) ";

$result = mysql_query($qry,$db);

//-------------------------------------------
// Close PayPal Connection, Log File and DB.
//-------------------------------------------
fclose ($fp);
fclose ($log);
mysql_close($db);
?>
 
Last edited:
garrettroyce

garrettroyce

Community Support
Community Support
Messages
5,609
Reaction score
250
Points
63
$fp = fsockopen ("www.paypal.com", 80, $errno, $errstr, 30);

this will not work. PHP v2 forbids the use of fsockopen as it is a big security risk. There should be another way to do this. You might want to find a different script instead of patching this one. I find it's better to find a script made to do what you want to do, instead of fixing a similar script. Especially one like Paypal, which must be secure in every single possible way.
 
xav0989

xav0989

Community Public Relation
Community Support
Messages
4,467
Reaction score
95
Points
0
I believe you can use cURL
 
D

driveflexfuel

New Member
Messages
159
Reaction score
0
Points
0
I have a paid account with upgraded php you are saying I cannot use

$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);

I am guessing you guys have not used Paypal IPN because this is the way paypal wants you to connect.
 
garrettroyce

garrettroyce

Community Support
Community Support
Messages
5,609
Reaction score
250
Points
63
I'm unsure about php version for paid accounts. fsockopen will definitely not work for the free servers. Hopefully someone experienced with the paid server will know about this.
 
You must log in or register to reply here.
Top