<?php require 'init.php'; //Paypal is notifying if (isset($_GET["token"]) && isset($_GET["PayerID"]) && isset($_SESSION['pp_cart']) && isset($_SESSION['pp_amount'])) { //Curl init $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, getConfigKey('paypal_testmode') ? 'https://api-3t.sandbox.paypal.com/nvp' : 'https://api-3t.paypal.com/nvp'); curl_setopt($ch, CURLOPT_VERBOSE, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POST, 1); //Mixing voodoo magic soup and send it to paypal... curl_setopt($ch, CURLOPT_POSTFIELDS, 'USER='******'paypal_user')) . '&PWD=' . urlencode(getConfigKey('paypal_password')) . '&SIGNATURE=' . urlencode(getConfigKey('paypal_signature')) . '&VERSION=76.0&METHOD=DoExpressCheckoutPayment&CURRENCYCODE=EUR&PAYMENTREQUEST_0_CURRENCYCODE=EUR&PAYMENTREQUEST_0_PAYMENTACTION=Sale&PAYERID=' . urlencode(getVar('PayerID')) . '&PAYMENTREQUEST_0_AMT=' . $_SESSION['pp_amount'] . '&TOKEN=' . urlencode(getVar('token'))); $httpResponse = curl_exec($ch); if (!$httpResponse) { render('error', array('error' => 'Request error')); } // Extract the response details. $httpResponseAr = explode("&", $httpResponse); $httpParsedResponseAr = array(); foreach ($httpResponseAr as $i => $value) { $tmpAr = explode("=", $value); if (sizeof($tmpAr) > 1) { $httpParsedResponseAr[$tmpAr[0]] = $tmpAr[1]; } } if (!sizeof($httpParsedResponseAr) || !array_key_exists('ACK', $httpParsedResponseAr)) { render('error', array('error' => 'Invalid response')); }
case 'signup': if (getVar('email')) { $addUser = $dbh->prepare("INSERT INTO users (username, password, email, firstname, lastname, address, postalcode, city, phone) VALUES (:username, :password, :email, :firstname, :lastname, :address, :postalcode, :city, :phone)"); $addUser->execute(array(':username' => getVar('username'), ':password' => passwordHash(getVar('password')), ':email' => getVar('email'), ':firstname' => getVar('firstname'), ':lastname' => getVar('lastname'), ':address' => getVar('address'), ':postalcode' => getVar('postalcode'), ':city' => getVar('city'), ':phone' => getVar('phone'))); renderHome('accountCreated', true); } else { render('user-signup'); } break; case 'reset': if (getVar('email')) { $userQuery = $dbh->prepare("SELECT id FROM users WHERE email = :email"); $userQuery->execute(array(':email' => getVar('email'))); if ($userQuery->rowCount()) { $newPass = genPassword(); mail(getVar('email'), 'Your new password on ' . getConfigKey('title'), 'Your new password is ' . $newPass); $resetQuery = $dbh->prepare("UPDATE users SET password = :password WHERE email = :email LIMIT 1"); $resetQuery->execute(array(':password' => passwordHash($newPass), ':email' => getVar('email'))); render('user-reset', array()); } else { render('error', array('error' => 'No account was found.')); } } else { render('user-reset'); } break; case 'login': $loginQuery = $dbh->prepare("SELECT id, firstname, lastname, username, email, address, city, postalcode, phone FROM users WHERE username = :username AND password = :password"); $loginQuery->execute(array(':username' => getVar('username'), ':password' => passwordHash(getVar('password')))); $user = $loginQuery->fetchAll()[0]; if ($loginQuery->rowCount()) {
// Extract the response details. $httpResponseAr = explode("&", $httpResponse); $httpParsedResponseAr = array(); foreach ($httpResponseAr as $i => $value) { $tmpAr = explode("=", $value); if (sizeof($tmpAr) > 1) { $httpParsedResponseAr[$tmpAr[0]] = $tmpAr[1]; } } if (!sizeof($httpParsedResponseAr) || !array_key_exists('ACK', $httpParsedResponseAr)) { render('error', array('error' => 'Invalid response')); } //Goto paypal or print error message if (strtoupper($httpParsedResponseAr["ACK"]) == 'SUCCESS' || strtoupper($httpParsedResponseAr["ACK"]) == 'SUCCESSWITHWARNING') { $_SESSION['pp_amount'] = $amount; $_SESSION['pp_cart'] = $cart_id; if (getConfigKey('paypal_testmode')) { header('Location: ' . 'https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=' . $httpParsedResponseAr["TOKEN"]); } else { header('Location: ' . 'https://www.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=' . $httpParsedResponseAr["TOKEN"]); } } else { if (TC_DEBUG) { echo '<div style="color:red"><b>Error : </b>' . urldecode($httpParsedResponseAr["L_LONGMESSAGE0"]) . '</div>'; echo '<pre>'; print_r($httpParsedResponseAr); echo '</pre>'; } else { render('error', array('error' => 'Paypal error')); } }