$value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header = ""; $header .= "POST /cgi-bin/webscr HTTP/1.1\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Host: www.paypal.com\r\n"; $header .= "Connection: close\r\n\r\n"; $fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30); // assign posted variables to local variables $item_name = httppost('item_name'); $item_number = httppost('item_number'); $payment_status = httppost('payment_status'); $payment_amount = httppost('mc_gross'); $payment_currency = httppost('mc_currency'); $txn_id = httppost('txn_id'); $receiver_email = httppost('receiver_email'); $payer_email = httppost('payer_email'); $payment_fee = httppost('mc_fee'); $response=''; if (!$fp) { // HTTP ERROR payment_error(E_ERROR,"Unable to open socket to verify payment",__FILE__,__LINE__); } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); $response .= $res; if (strcmp (trim($res), "VERIFIED") == 0) { // check the payment_status is Completed // check that txn_id has not been previously processed // check that receiver_email is your Primary PayPal email // check that payment_amount/payment_currency are correct // process payment if ($payment_status=="Completed" || $payment_status == 'Refunded'){ if ($payment_status == 'Refunded'){ //sanitize the data to look like a completed transaction $payment_amount = $mc_gross; $payment_fee = 0; $txn_type = 'refund'; } $sql = "SELECT * FROM " . db_prefix("paylog") . " WHERE txnid='{$txn_id}'"; $result = db_query($sql); if (db_num_rows($result)==1){ $emsg .= "Already logged this transaction ID ($txn_id)\n"; payment_error(E_ERROR,$emsg,__FILE__,__LINE__); } if (($receiver_email != "logd@mightye.org") && ($receiver_email != getsetting("paypalemail", ""))) { $emsg = "This payment isn't to me! It's to $receiver_email.\n"; payment_error(E_WARNING,$emsg,__FILE__,__LINE__); } writelog($response); }else{ payment_error(E_ERROR,"Payment Status isn't 'Completed' it's '$payment_status'",__FILE__,__LINE__); } } else if (strcmp (trim($res), "INVALID") == 0) { // log for manual investigation payment_error(E_ERROR,"Payment Status is 'INVALID'!\n\nPOST data:`n".serialize($_POST),__FILE__,__LINE__); } } fclose ($fp); } function writelog($response){ global $post; global $item_name, $item_number, $payment_status, $payment_amount; global $payment_currency, $txn_id, $receiver_email, $payer_email; global $payment_fee,$txn_type; $match = array(); preg_match("'([^:]*):([^/])*'",$item_number,$match); if ($match[1]>""){ $match[1] = addslashes($match[1]); $sql = "SELECT acctid FROM " . db_prefix("accounts") . " WHERE login='{$match[1]}'"; $result = db_query($sql); $row = db_fetch_assoc($result); $acctid = $row['acctid']; if ($acctid>0){ $donation = $payment_amount; // if it's a reversal, it'll only post back to us the amount // we received back, with out counting the fees, which we // receive under a different transaction, but get no // notification for. if ($txn_type =="reversal") $donation -= $payment_fee; $hookresult = modulehook("donation_adjustments",array("points"=>$donation*100,"amount"=>$donation,"acctid"=>$acctid,"messages"=>array())); $hookresult['points'] = round($hookresult['points']); $sql = "UPDATE " . db_prefix("accounts") . " SET donation = donation + '{$hookresult['points']}' WHERE acctid=$acctid"; $result = db_query($sql); debuglog("Received donator points for donating -- Credited Automatically",false,$acctid,"donation",$hookresult['points'],false); if (!is_array($hookresult['messages'])){ $hookresult['messages'] = array($hookresult['messages']); } foreach ($hookresult['messages'] as $id=>$message){ debuglog($message,false,$acctid,"donation",0,false); } if (db_affected_rows()>0) $processed = 1; modulehook("donation", array("id"=>$acctid, "amt"=>$donation*100, "manual"=>false)); } } $sql = " INSERT INTO " . db_prefix("paylog") . " ( info, response, txnid, amount, name, acctid, processed, filed, txfee, processdate )VALUES ( '".addslashes(serialize($post))."', '".addslashes($response)."', '$txn_id', '$payment_amount', '{$match[1]}', ".(int)$acctid.", ".(int)$processed.", 0, '$payment_fee', '".date("Y-m-d H:i:s")."' )"; db_query($sql); $err = db_error(); if ($err) { payment_error(E_ERROR,"SQL: $sql\nERR: $err", __FILE__,__LINE__); } } function payment_error($errno, $errstr, $errfile, $errline){ global $payment_errors; if (!is_int($errno) || (is_int($errno) && ($errno & error_reporting()))) { $payment_errors.="Error $errno: $errstr in $errfile on $errline\n"; } } $adminEmail = getsetting("gameadminemail", "postmaster@localhost.com"); if ($payment_errors>"") { $subj = translate_mail("Payment Error",0); // $payment_errors not translated ob_start(); echo "GET:
";
	reset($_GET);
	var_dump($_GET);
	echo "
POST:
";
	reset($_POST);
	var_dump($_POST);
	echo "
SERVER:
";
	reset($_SERVER);
	var_dump($_SERVER);
	echo "
"; $contents = ob_get_contents(); ob_end_clean(); $payment_errors .= "
".$contents; mail($adminEmail,$subj,$payment_errors."
","From: " . getsetting("gameadminemail", "postmaster@localhost.com")); } $output = ob_get_contents(); if ($output > ""){ if ($adminEmail == "") $adminEmail = "trash@mightye.org"; echo "GET:
";
	reset($_GET);
	var_dump($_GET);
	echo "
POST:
";
	reset($_POST);
	var_dump($_POST);
	echo "
SERVER:
";
	reset($_SERVER);
	var_dump($_SERVER);
	echo "
"; mail($adminEmail,"Serious LoGD Payment Problems on {$_SERVER['HTTP_HOST']}",ob_get_contents(),"Content-Type: text/html"); } ob_end_clean(); ?>