Hey everyone,
Really badly need help with this been trying to get it working for last week or two but i cannot seem to get it to work... so wondering if any one here can help me out..
I have a buy form on my site which is below:
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="custom" value="=$_SESSION['Current_User']">
<img alt="" border="0" src="https://www.paypal.com/en_GB/i/scr/pixel.gif" width="1" height="1">
<img alt="" border="0" src="https://www.paypal.com/en_GB/i/scr/pixel.gif" width="1" height="1">
<input type="hidden" name="encrypted" value=" huge encryption garbage here">
<input type="hidden" name="rm" value="2">
<input type="image" src="https://www.paypal.com/en_GB/i/btn/btn_buynow_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online.">
Now the next bit is the IPN script which is where it all goes wrong.... i have it checking if its verified or invalid but it comes out as neither and errors at the bottom of the page which is not making sense.. so kinda need help with this as its confusing..
In short its basically this:
<?php
if (strcmp ($res, "VERIFIED") == 0) {
// code here
}else if (strcmp ($res, "INVALID") == 0) {
log for manual investigation
// code here
}Else{
//code here
(THIS IS WHERE THE SCRIPT ENDS UP)
}
?>
Main script:
<?php
include("connect.php");
$Date = date("Y-m-d H:i:s",time());
$insert = mysql_query("INSERT INTO gamelogs (Log,LogTime)
VALUES('connect established','$Date')")
Or die(mysql_error());
// ------------------------------------------------
// Read post from PayPal system and create reply
// starting with: 'cmd=_notify-validate'...
// then repeating all values sent - VALIDATION.
// ------------------------------------------------
$postvars = array();
while (list ($key, $value) = each ($HTTP_POST_VARS)) {
$postvars[] = $key;
}
$req = 'cmd=_notify-validate';
for ($var = 0; $var < count ($postvars); $var++) {
$postvar_key = $postvars[$var];
$postvar_value = $postvars[$var];
$req .= "&" . $postvar_key . "=" . urlencode ($postvar_value);
}
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
// post back to PayPal system to validate
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
// assign posted variables to local variables
$item_name = $_POST['item_name'];
$business = $_POST['business'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$mc_gross = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$receiver_id = $_POST['receiver_id'];
$quantity = $_POST['quantity'];
$payment_date = $_POST['payment_date'];
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$payment_type = $_POST['payment_type'];
$payment_status = $_POST['payment_status'];
$payment_gross = $_POST['payment_gross'];
$payment_fee = $_POST['payment_fee'];
$payer_email = $_POST['payer_email'];
$txn_type = $_POST['txn_type'];
$payer_status = $_POST['payer_status'];
$item_number = $_POST['item_number'];
$tax = $_POST['tax'];
$custom = $_POST['custom'];
$notify_version = $_POST['notify_version'];
$verify_sign = $_POST['verify_sign'];
$payer_id =$_POST['payer_id'];
$mc_currency = $_POST['mc_currency'];
$mc_fee = $_POST['mc_fee'];
$custom = $_POST['custom'];
// DB connect creds and email
$notify_email = "email@email.com";
if (!$fp) {
mail($notify_email, "HTTP error", "admin");
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
$fecha = date("m")."/".date("d")."/".date("Y");
$fecha = date("Y").date("m").date("d");
// check if transaction ID has been processed before
$checkquery = "select txnid from donatorlogs where txnid='".$txn_id."'";
$sihay = mysql_query($checkquery) or die("Duplicate txn id check query failed:<br>" . mysql_error() . "<br>" . mysql_errno());
$nm = mysql_num_rows($sihay);
if ($nm == 0){
mail($notify_email, "$txn_type txntype fromat", "admin");
if ($txn_type == "web_accept"){
$qry = mysql_query("INSERT into donatorlogs
(
userid, invoice, receiver_email, item_name, item_number, quantity,
payment_status, pending_reason, payment_date, payment_gross, payment_fee,
txn_id, txn_type, first_name, last_name, address_street, address_city,
address_state, address_zip, address_country, address_status, payer_email,
payer_status, payment_type, notify_version , verify_sign
)
VALUES
(
\"$custom\", \"$invoice\", \"$receiver_email\", \"$item_name\",
\"$item_number\", \"$quantity\", \"$payment_status\", \"$pending_reason\",
\"$payment_date\", \"$payment_gross\", \"$payment_fee\", \"$txn_id\",
\"$txn_type\", \"$first_name\", \"$last_name\", \"$address_street\",
\"$address_city\", \"$address_state\", \"$address_zip \", \"$address_country\",
\"$address_status\", \"$payer_email\", \"$payer_status \", \"$payment_type\",
\"$notify_version\", \"$verify_sign\"
) ")
Or die(mysql_error());
$insert = mysql_query("INSERT INTO eventslogs (Log,Date,UserID)
VALUES ('Your donation has been logged into the
database for reference if a problem ever arises please contact staff! DO NOT provide details of your donation
to any staff member that is not in charge of donation issues!','$Date','$custom')")
Or die(mysql_error());
if (strcmp ($payment_status, "Completed") == 0) {
$UPDATE = mysql_query("UPDATE userpacks SET Quantity=Quantity+$quantity WHERE UserID='$custom'");
If(mysql_affected_rows()>0){
$insert = mysql_query("INSERT INTO eventslogs (Log,Date,UserID)
VALUES ('You have received your $quantity donator packs
they have been added to your donator packs page','$Date','$custom')")
Or die(mysql_error());
}Else{
$insert = mysql_query("INSERT INTO eventslogs (Log,Date,UserID)
VALUES ('You have failed to receive your $quantity
donator packs contact admin!','$Date','$custom')")
Or die(mysql_error());
}
}
}Else{
mail($notify_email, "$txn_type txntype format", "admin");
}
// send an email in any case
mail($notify_email, "VERIFIED IPN UserID $custom", "$res\n $req\n $qry\n");
}
else {
// send an email
mail($notify_email, "VERIFIED DUPLICATED TRANSACTION relating to UserID $custom", "$res\n $req \n $strQuery\n $struery\n $strQuery2");
}
mail($notify_email, "VERIFIED IPN", "$res\n $req\n $strQuery\n $struery\n $strQuery2");
}
// if the IPN POST was 'INVALID'...do this
else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
$Log = 'IPN POST was INVALID';
$INSERT = mysql_query("INSERT INTO gamelogs (Log,LogTime)
VALUES ('$Log','$Date')")
Or die(mysql_error());
mail($notify_email, "INVALID IPN", "$res\n $req");
}Else{
// log for manual investigation
$Log = 'IPN POST was NEITHER';
$INSERT = mysql_query("INSERT INTO gamelogs (Log,LogTime)
VALUES ('$Log','$Date')")
Or die(mysql_error());
mail($notify_email, "Something Wrong", "$res\n $req");
}
}
}
fclose ($fp);
?>
hope you can help me out.
[Edited by - thefollower on October 12, 2008 4:05:12 PM]