public function verifyPurchase($userId, $itemId, $transactions) { $transactionId = null; $transactions = json_decode(stripslashes($transactions)); for ($i = 0; $i < count($transactions); $i++) { if ($transactions[$i]->itemId == $itemId) { $transactionId = $transactions[$i]->transactionId; } } if ($transactionId) { $postDetails = array(USER => UID, PWD => PASSWORD, SIGNATURE => SIG, METHOD => "GetTransactionDetails", VERSION => VER, TRANSACTIONID => $transactionId); $arrPostVals = array_map(create_function('$key, $value', 'return $key."=".$value."&";'), array_keys($postDetails), array_values($postDetails)); $postVals = rtrim(implode($arrPostVals), "&"); $response = parseString(runCurl(URLBASE, $postVals)); $custom = explode("%2c", $response["CUSTOM"]); if (getUserId() == $custom[0] && $itemId == $custom[1]) { // ADDED LINE TO GET KS SESSION $ks = getSession($itemId, $userId); // ADD KS to ARRAY $returnObj = array(success => true, error => "", transactionId => $response["TRANSACTIONID"], orderTime => $response["ORDERTIME"], paymentStatus => $response["PAYMENTSTATUS"], itemId => $itemId, userId => $userId, ks => $ks); } } else { $returnObj = array(success => false, error => "Item not found in transaction history"); } echo json_encode($returnObj); }
header("Content-Type: application/json"); echo "[{data {error: '{$e}'}}]"; } } // function runCurl($params) { $postParams = ""; if (isset($params) && strlen($params) > 1) { $postParams = "-d '" . $params . "'"; } $runCmd = "curl -H 'content-type:application/json' {$postParams} " . $_GET['url']; error_log("run cmd: " . $runCmd . "\n\n"); $output = shell_exec($runCmd); error_log("exec ret: {$output}"); header("Content-Type: application/json"); echo "{$output}"; } // if (isset($_GET['url']) && isset($_GET['limit'])) { $tmpParams = isset($cursor) ? "?cursor=" . $cursor . "&limit=" . $_GET['limit'] : "?limit=" . $_GET['limit']; $tmpUrl = urldecode($_GET['url'] . $tmpParams); error_log("===> Fetching GET: {$tmpUrl} with limit: " . $_GET['limit']); getUrl($tmpUrl); } elseif (isset($_GET['url']) && !isset($postData)) { getUrl($_GET['url']); } else { error_log("=== postData: {$postData}"); runCurl($postData); // TODO: should be $_POST }
<?php include_once "../../config/config.php"; session_start(); $api_endpoint = 'https://pilot-payflowpro.paypal.com'; $returl_url = 'http://api.local/api/PayFlowEC/return.php'; $cancel_url = $returl_url; $process_amt = $_POST['amount']; $_SESSION['amount'] = $process_amt; // Send EC rerdirect to // https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=<EC-TOKEN> $api_request_params = array('TRXTYPE' => $_POST['trxtype'], 'ACTION' => $_POST['action'], 'AMT' => $_POST['amount'], 'CANCELURL' => $cancel_url, 'RETURNURL' => $returl_url, 'PARTNER' => $config['payFlow']['PARTNER'], 'PWD' => $config['payFlow']['PWD'], 'USER' => $config['payFlow']['USER'], 'VENDOR' => $config['payFlow']['VENDOR'], 'TENDER' => 'P'); $nvp = toNVP($api_request_params); $result = runCurl($api_endpoint, $nvp); $result_array = ppResponse($result); printVars($result_array); $ec_token = $result_array['TOKEN']; $output = "Total: \${$process_amt}<br/><br/>"; $output .= '<a href="https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout &token=' . urldecode($ec_token) . '" class="ec-submit">Click to Continue</a>'; echo $output;
<?php include_once "../../config/config.php"; $reference_amt = $_POST['newamount']; $api_endpoint = 'https://pilot-payflowpro.paypal.com'; $api_request_params = array('TRXTYPE' => 'S', 'USER' => $config['payFlow']['USER'], 'TENDER' => 'C', 'VENDOR' => $config['payFlow']['VENDOR'], 'PARTNER' => $config['payFlow']['PARTNER'], 'PWD' => $config['payFlow']['PWD'], 'ORIGID' => $_POST['pnref'], 'CURRENCY' => 'USD', 'AMT' => $reference_amt); $params = toNVP($api_request_params); $result = runCurl($api_endpoint, $params); $result_array = ppResponse($result); printVars($result_array);