204 lines
6.3 KiB
PHP
Executable File
204 lines
6.3 KiB
PHP
Executable File
<?php
|
|
// mail ready
|
|
// addnews ready
|
|
// translator ready
|
|
ob_start();
|
|
set_error_handler("payment_error");
|
|
define("ALLOW_ANONYMOUS",true);
|
|
require_once("common.php");
|
|
require_once("lib/http.php");
|
|
|
|
tlschema("payment");
|
|
|
|
// read the post from PayPal system and add 'cmd'
|
|
$req = 'cmd=_notify-validate';
|
|
|
|
$post = httpallpost();
|
|
reset($post);
|
|
foreach ($post as $key => $value) {
|
|
$value = urlencode(stripslashes($value));
|
|
$req .= "&$key=$value";
|
|
}
|
|
|
|
// post back to PayPal system to validate
|
|
$header = "";
|
|
$header .= "POST /cgi-bin/webscr HTTP/1.1\r\n";
|
|
$header .= "Content-Length: " . strlen($req) . "\r\n";
|
|
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
|
|
$header .= "Host: www.paypal.com\r\n";
|
|
$header .= "Connection: close\r\n\r\n";
|
|
$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
|
|
|
|
// assign posted variables to local variables
|
|
$item_name = httppost('item_name');
|
|
$item_number = httppost('item_number');
|
|
$payment_status = httppost('payment_status');
|
|
$payment_amount = httppost('mc_gross');
|
|
$payment_currency = httppost('mc_currency');
|
|
$txn_id = httppost('txn_id');
|
|
$receiver_email = httppost('receiver_email');
|
|
$payer_email = httppost('payer_email');
|
|
$payment_fee = httppost('mc_fee');
|
|
|
|
$response='';
|
|
if (!$fp) {
|
|
// HTTP ERROR
|
|
payment_error(E_ERROR,"Unable to open socket to verify payment",__FILE__,__LINE__);
|
|
} else {
|
|
fputs ($fp, $header . $req);
|
|
while (!feof($fp)) {
|
|
$res = fgets ($fp, 1024);
|
|
$response .= $res;
|
|
|
|
if (strcmp (trim($res), "VERIFIED") == 0) {
|
|
// check the payment_status is Completed
|
|
// check that txn_id has not been previously processed
|
|
// check that receiver_email is your Primary PayPal email
|
|
// check that payment_amount/payment_currency are correct
|
|
// process payment
|
|
if ($payment_status=="Completed" || $payment_status == 'Refunded'){
|
|
if ($payment_status == 'Refunded'){
|
|
//sanitize the data to look like a completed transaction
|
|
$payment_amount = $mc_gross;
|
|
$payment_fee = 0;
|
|
$txn_type = 'refund';
|
|
}
|
|
$sql = "SELECT * FROM " . db_prefix("paylog") . " WHERE txnid='{$txn_id}'";
|
|
$result = db_query($sql);
|
|
if (db_num_rows($result)==1){
|
|
$emsg .= "Already logged this transaction ID ($txn_id)\n";
|
|
payment_error(E_ERROR,$emsg,__FILE__,__LINE__);
|
|
}
|
|
if (($receiver_email != "logd@mightye.org") &&
|
|
($receiver_email != getsetting("paypalemail", ""))) {
|
|
$emsg = "This payment isn't to me! It's to $receiver_email.\n";
|
|
payment_error(E_WARNING,$emsg,__FILE__,__LINE__);
|
|
}
|
|
writelog($response);
|
|
|
|
}else{
|
|
payment_error(E_ERROR,"Payment Status isn't 'Completed' it's '$payment_status'",__FILE__,__LINE__);
|
|
}
|
|
}
|
|
else if (strcmp (trim($res), "INVALID") == 0) {
|
|
// log for manual investigation
|
|
payment_error(E_ERROR,"Payment Status is 'INVALID'!\n\nPOST data:`n".serialize($_POST),__FILE__,__LINE__);
|
|
}
|
|
}
|
|
fclose ($fp);
|
|
}
|
|
|
|
function writelog($response){
|
|
global $post;
|
|
global $item_name, $item_number, $payment_status, $payment_amount;
|
|
global $payment_currency, $txn_id, $receiver_email, $payer_email;
|
|
global $payment_fee,$txn_type;
|
|
$match = array();
|
|
preg_match("'([^:]*):([^/])*'",$item_number,$match);
|
|
if ($match[1]>""){
|
|
$match[1] = addslashes($match[1]);
|
|
$sql = "SELECT acctid FROM " . db_prefix("accounts") . " WHERE login='{$match[1]}'";
|
|
$result = db_query($sql);
|
|
$row = db_fetch_assoc($result);
|
|
$acctid = $row['acctid'];
|
|
if ($acctid>0){
|
|
$donation = $payment_amount;
|
|
// if it's a reversal, it'll only post back to us the amount
|
|
// we received back, with out counting the fees, which we
|
|
// receive under a different transaction, but get no
|
|
// notification for.
|
|
if ($txn_type =="reversal") $donation -= $payment_fee;
|
|
|
|
$hookresult = modulehook("donation_adjustments",array("points"=>$donation*100,"amount"=>$donation,"acctid"=>$acctid,"messages"=>array()));
|
|
$hookresult['points'] = round($hookresult['points']);
|
|
|
|
$sql = "UPDATE " . db_prefix("accounts") . " SET donation = donation + '{$hookresult['points']}' WHERE acctid=$acctid";
|
|
|
|
$result = db_query($sql);
|
|
debuglog("Received donator points for donating -- Credited Automatically",false,$acctid,"donation",$hookresult['points'],false);
|
|
if (!is_array($hookresult['messages'])){
|
|
$hookresult['messages'] = array($hookresult['messages']);
|
|
}
|
|
foreach ($hookresult['messages'] as $id=>$message){
|
|
debuglog($message,false,$acctid,"donation",0,false);
|
|
}
|
|
if (db_affected_rows()>0) $processed = 1;
|
|
modulehook("donation", array("id"=>$acctid, "amt"=>$donation*100, "manual"=>false));
|
|
}
|
|
}
|
|
$sql = "
|
|
INSERT INTO " . db_prefix("paylog") . " (
|
|
info,
|
|
response,
|
|
txnid,
|
|
amount,
|
|
name,
|
|
acctid,
|
|
processed,
|
|
filed,
|
|
txfee,
|
|
processdate
|
|
)VALUES (
|
|
'".addslashes(serialize($post))."',
|
|
'".addslashes($response)."',
|
|
'$txn_id',
|
|
'$payment_amount',
|
|
'{$match[1]}',
|
|
".(int)$acctid.",
|
|
".(int)$processed.",
|
|
0,
|
|
'$payment_fee',
|
|
'".date("Y-m-d H:i:s")."'
|
|
)";
|
|
db_query($sql);
|
|
$err = db_error();
|
|
if ($err) {
|
|
payment_error(E_ERROR,"SQL: $sql\nERR: $err", __FILE__,__LINE__);
|
|
}
|
|
}
|
|
|
|
function payment_error($errno, $errstr, $errfile, $errline){
|
|
global $payment_errors;
|
|
if (!is_int($errno) || (is_int($errno) && ($errno & error_reporting()))) {
|
|
$payment_errors.="Error $errno: $errstr in $errfile on $errline\n";
|
|
}
|
|
}
|
|
|
|
$adminEmail = getsetting("gameadminemail", "postmaster@localhost.com");
|
|
if ($payment_errors>"") {
|
|
$subj = translate_mail("Payment Error",0);
|
|
// $payment_errors not translated
|
|
ob_start();
|
|
echo "<b>GET:</b><pre>";
|
|
reset($_GET);
|
|
var_dump($_GET);
|
|
echo "</pre><b>POST:</b><pre>";
|
|
reset($_POST);
|
|
var_dump($_POST);
|
|
echo "</pre><b>SERVER:</b><pre>";
|
|
reset($_SERVER);
|
|
var_dump($_SERVER);
|
|
echo "</pre>";
|
|
$contents = ob_get_contents();
|
|
ob_end_clean();
|
|
$payment_errors .= "<hr>".$contents;
|
|
|
|
mail($adminEmail,$subj,$payment_errors."<hr>","From: " . getsetting("gameadminemail", "postmaster@localhost.com"));
|
|
}
|
|
$output = ob_get_contents();
|
|
if ($output > ""){
|
|
if ($adminEmail == "") $adminEmail = "trash@mightye.org";
|
|
echo "<b>GET:</b><pre>";
|
|
reset($_GET);
|
|
var_dump($_GET);
|
|
echo "</pre><b>POST:</b><pre>";
|
|
reset($_POST);
|
|
var_dump($_POST);
|
|
echo "</pre><b>SERVER:</b><pre>";
|
|
reset($_SERVER);
|
|
var_dump($_SERVER);
|
|
echo "</pre>";
|
|
mail($adminEmail,"Serious LoGD Payment Problems on {$_SERVER['HTTP_HOST']}",ob_get_contents(),"Content-Type: text/html");
|
|
}
|
|
ob_end_clean();
|
|
?>
|