Sign in to follow this  
thefollower

[web] Help with paypal purchase script

Recommended Posts

Hey everyone, Really badly need help with this been trying to get it working for last week or two but i cannot seem to get it to work... so wondering if any one here can help me out.. I have a buy form on my site which is below:
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="custom" value="=$_SESSION['Current_User']">

<img alt="" border="0" src="https://www.paypal.com/en_GB/i/scr/pixel.gif" width="1" height="1">
<img alt="" border="0" src="https://www.paypal.com/en_GB/i/scr/pixel.gif" width="1" height="1">
<input type="hidden" name="encrypted" value=" huge encryption garbage here">
<input type="hidden" name="rm" value="2">
<input type="image" src="https://www.paypal.com/en_GB/i/btn/btn_buynow_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online.">


Now the next bit is the IPN script which is where it all goes wrong.... i have it checking if its verified or invalid but it comes out as neither and errors at the bottom of the page which is not making sense.. so kinda need help with this as its confusing.. In short its basically this:
<?php
if (strcmp ($res, "VERIFIED") == 0) {

// code here

}else if (strcmp ($res, "INVALID") == 0) {
log for manual investigation

// code here

}Else{

//code here
(THIS IS WHERE THE SCRIPT ENDS UP)
}
?>


Main script:
<?php
include("connect.php");

$Date = date("Y-m-d H:i:s",time());
$insert = mysql_query("INSERT INTO gamelogs (Log,LogTime)
VALUES('connect established','$Date')")
	Or die(mysql_error());


// ------------------------------------------------
// Read post from PayPal system and create reply
// starting with: 'cmd=_notify-validate'...
// then repeating all values sent - VALIDATION.
// ------------------------------------------------

$postvars = array();
while (list ($key, $value) = each ($HTTP_POST_VARS)) {
$postvars[] = $key;
}
$req = 'cmd=_notify-validate';
for ($var = 0; $var < count ($postvars); $var++) {
$postvar_key = $postvars[$var];
$postvar_value = $postvars[$var];
$req .= "&" . $postvar_key . "=" . urlencode ($postvar_value);
}

// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
// post back to PayPal system to validate
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);

// assign posted variables to local variables
$item_name = $_POST['item_name'];
$business = $_POST['business'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$mc_gross = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$receiver_id = $_POST['receiver_id'];
$quantity = $_POST['quantity'];
$payment_date = $_POST['payment_date'];
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$payment_type = $_POST['payment_type'];
$payment_status = $_POST['payment_status'];
$payment_gross = $_POST['payment_gross'];
$payment_fee = $_POST['payment_fee'];
$payer_email = $_POST['payer_email'];
$txn_type = $_POST['txn_type'];
$payer_status = $_POST['payer_status'];
$item_number = $_POST['item_number'];
$tax = $_POST['tax'];
$custom = $_POST['custom'];
$notify_version = $_POST['notify_version'];
$verify_sign = $_POST['verify_sign'];
$payer_id =$_POST['payer_id'];
$mc_currency = $_POST['mc_currency'];
$mc_fee = $_POST['mc_fee'];
$custom = $_POST['custom'];


// DB connect creds and email 
$notify_email =  "email@email.com"; 

if (!$fp) {
mail($notify_email, "HTTP error", "admin");
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
$fecha = date("m")."/".date("d")."/".date("Y");
$fecha = date("Y").date("m").date("d");

// check if transaction ID has been processed before
$checkquery = "select txnid from donatorlogs where txnid='".$txn_id."'";
$sihay = mysql_query($checkquery) or die("Duplicate txn id check query failed:<br>" . mysql_error() . "<br>" . mysql_errno());
$nm = mysql_num_rows($sihay);
if ($nm == 0){
mail($notify_email, "$txn_type txntype fromat", "admin");
if ($txn_type == "web_accept"){
$qry = mysql_query("INSERT into donatorlogs 
(
userid, invoice, receiver_email, item_name, item_number, quantity, 

payment_status, pending_reason, payment_date, payment_gross, payment_fee, 

txn_id, txn_type, first_name, last_name, address_street, address_city, 

address_state, address_zip, address_country, address_status, payer_email,

 payer_status, payment_type, notify_version , verify_sign 
)
VALUES
(
 \"$custom\", \"$invoice\", \"$receiver_email\", \"$item_name\",
 
\"$item_number\", \"$quantity\", \"$payment_status\", \"$pending_reason\", 

\"$payment_date\", \"$payment_gross\", \"$payment_fee\", \"$txn_id\",
 
\"$txn_type\", \"$first_name\", \"$last_name\", \"$address_street\", 

\"$address_city\", \"$address_state\", \"$address_zip \", \"$address_country\",

\"$address_status\", \"$payer_email\", \"$payer_status \", \"$payment_type\",
 
\"$notify_version\", \"$verify_sign\" 
) ")
Or die(mysql_error());


		$insert = mysql_query("INSERT INTO  eventslogs (Log,Date,UserID)
			VALUES ('Your donation has been logged into the 
database for reference if a problem ever arises please contact staff! DO NOT provide details of your donation
			to any staff member that is not in charge of donation issues!','$Date','$custom')")
		Or die(mysql_error());


if (strcmp ($payment_status, "Completed") == 0) {
$UPDATE = mysql_query("UPDATE userpacks SET Quantity=Quantity+$quantity WHERE UserID='$custom'");
If(mysql_affected_rows()>0){
		$insert = mysql_query("INSERT INTO  eventslogs (Log,Date,UserID)
			VALUES ('You have received your $quantity donator packs
 they have been added to your donator packs page','$Date','$custom')")
		Or die(mysql_error());
		}Else{
		$insert = mysql_query("INSERT INTO  eventslogs (Log,Date,UserID)
			VALUES ('You have failed to receive your $quantity 
donator packs contact admin!','$Date','$custom')")
		Or die(mysql_error());
		}
	}
}Else{
mail($notify_email, "$txn_type txntype format", "admin");
}
// send an email in any case
mail($notify_email, "VERIFIED IPN UserID $custom", "$res\n $req\n $qry\n");
}
else {
// send an email
mail($notify_email, "VERIFIED DUPLICATED TRANSACTION relating to UserID $custom", "$res\n $req \n $strQuery\n $struery\n  $strQuery2");
}
mail($notify_email, "VERIFIED IPN", "$res\n $req\n $strQuery\n $struery\n  $strQuery2");
}
// if the IPN POST was 'INVALID'...do this
else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
$Log = 'IPN POST was INVALID';
$INSERT = mysql_query("INSERT INTO gamelogs (Log,LogTime)
	VALUES ('$Log','$Date')")
Or die(mysql_error());
mail($notify_email, "INVALID IPN", "$res\n $req");
		}Else{
// log for manual investigation
$Log = 'IPN POST was NEITHER';
$INSERT = mysql_query("INSERT INTO gamelogs (Log,LogTime)
	VALUES ('$Log','$Date')")
Or die(mysql_error());
mail($notify_email, "Something Wrong", "$res\n $req");
		}
	}
}
fclose ($fp);
?>


hope you can help me out. [Edited by - thefollower on October 12, 2008 4:05:12 PM]

Share this post


Link to post
Share on other sites
Your code is really hard to read, but I'd guess $res is a long, URL-encoded text that you're trying to compare to the string "VERIFIED". Don't you need to break that up into a bunch of name-value pairs?

Share this post


Link to post
Share on other sites
Sorry i dunno how to make it formatted into the forum post in code tags to make it easy to read my apologise.


But i would guess you are correct but sadly I have no idea how to do that sorry... tis why i need help badly :(

Hope you can help me out here... would it be easier if I attatched my php script its neater to read that way ?

Share this post


Link to post
Share on other sites
Quote:
Original post by ID Merlin
Your code is really hard to read, but I'd guess $res is a long, URL-encoded text that you're trying to compare to the string "VERIFIED". Don't you need to break that up into a bunch of name-value pairs?


Sorry for my double post but just wondering if this section of my script at very start is what you mean :


$postvars = array();
while (list ($key, $value) = each ($HTTP_POST_VARS)) {
$postvars[] = $key;
}
$req = 'cmd=_notify-validate';
for ($var = 0; $var < count ($postvars); $var++) {
$postvar_key = $postvars[$var];
$postvar_value = $postvars[$var];
$req .= "&" . $postvar_key . "=" . urlencode ($postvar_value);
}

Share this post


Link to post
Share on other sites
Quote:
Original post by Sander
Quote:
Original post by thefollower
Sorry i dunno how to make it formatted into the forum post in code tags to make it easy to read my apologise.


See The FAQ about the "source" tags.


Thank you Sander though it doesn't have php as one of the options but i have put them in code tags none the less hope you will be able to help me out better :)

Apolgise for my ignorance on that ill remember it for future posts.

Share this post


Link to post
Share on other sites
The code where it reads the file should accumulate everything, then add

$vars = explode($res,"&");

$vars will be an array of name-value pairs, like "VERIFIED=1". The PayPal docs will tell you what you should expect to get back.

The simplest way to see what you're getting would be to echo $res after you read the file.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this