if ($ar["valid"] != "no" && $ar["valid"] != "pending") { die(logPay("Paiement already validated or pending in file " . __FILE__ . " line " . __LINE__)); } $q = "UPDATE {$pro_mysql_pay_table} SET paiement_type='{$paiement_type}',secpay_site='{$secpay_site}',valid='pending',pending_reason='{$reason}' WHERE id='" . mysql_real_escape_string($_POST['LMI_PAYMENT_NO']) . "'"; mysql_query($q) or die(logPay("Cannot query \"{$q}\" ! " . mysql_error() . " in file " . __FILE__ . " line " . __LINE__)); echo 'YES'; } //setPaiemntAsPending(mysql_real_escape_string($_POST['LMI_PAYMENT_NO']),mysql_real_escape_string('Payer: '.$_POST['LMI_PAYER_PURSE'].', wmid'.$_POST['LMI_PAYER_WM'])); } if (isset($_POST['LMI_HASH']) && $_POST['LMI_HASH']) { $q = "SELECT * FROM {$pro_mysql_pay_table} WHERE id='" . mysql_real_escape_string($_POST['LMI_PAYMENT_NO']) . "'"; $r = mysql_query($q) or die(logPay("Cannot query \"{$q}\" ! " . mysql_error() . " in file " . __FILE__ . " line " . __LINE__)); $n = mysql_num_rows($r); if ($n != 1) { die(logPay("Pay id {$pay_id} not found in file " . __FILE__ . " line " . __LINE__)); } $ar = mysql_fetch_array($r); $chkstring = $secpayconf_webmoney_wmz . $ar['refund_amount'] . $ar['id'] . $_POST['LMI_MODE'] . $_POST['LMI_SYS_INVS_NO'] . $_POST['LMI_SYS_TRANS_NO'] . $_POST['LMI_SYS_TRANS_DATE'] . $secpayconf_webmoney_license_key . $_POST['LMI_PAYER_PURSE'] . $_POST['LMI_PAYER_WM']; $md5sum = strtoupper(md5($chkstring)); $hash_check = $_POST['LMI_HASH'] == $md5sum; if ($_POST['LMI_PAYMENT_NO'] == $ar['id'] && $_POST['LMI_PAYEE_PURSE'] == $secpayconf_webmoney_wmz && $_POST['LMI_PAYMENT_AMOUNT'] == $ar['refund_amount'] && $_POST['LMI_MODE'] == $LMI_MODE && $hash_check) { $secpay_custom_id = "0"; $paiement_type = "online"; $secpay_site = "webmoney"; $reason = "wmz:" . $_POST['LMI_PAYER_PURSE'] . ", wmid:" . $_POST['LMI_PAYER_WM']; $total = mysql_real_escape_string($_POST['LMI_PAYMENT_AMOUNT']); $q = "UPDATE {$pro_mysql_pay_table} SET paiement_type='{$paiement_type}',\r\n\t\t\t\t\t\t\tsecpay_site='{$secpay_site}',paiement_cost='{$cost}',paiement_total='{$total}',\r\n\t\t\t\t\t\t\tvalid_date='" . date("Y-m-j") . "', valid_time='" . date("H:i:s") . "',\r\n\t\t\t\t\t\t\tsecpay_custom_id='{$secpay_custom_id}',valid='yes' WHERE id='" . mysql_real_escape_string($_POST['LMI_PAYMENT_NO']) . "'"; logPay($q); mysql_query($q) or die(logPay("Cannot query \"{$q}\" ! " . mysql_error() . " in file " . __FILE__ . " line " . __LINE__)); } }
// amount=20.84& // TxnRef=13& // TxnDate=20060504& // TxnTime=20%3A34%3A26& // PayMethod=credit& // txnStatus=succ&errorCode=0000& // no_shipping=1& // mid=616& // item_name=Test+product1& // curCode=USD& // submit_x=116&submit_y=17& // currency_code=USD& // NETS_signature=icbfv62esnlCGylZya91VL8xy+6unH0SuSqute3CaN0dr5KeBt7xVTC69Q1BSet2myyMoaJpr%2FrY%0D%0AGUhUFVIRnm34omisbiSRsdGiM2Yblv%2Fhlo%2Fjn3zN+3Vn0nNi9FxX3r2Q5fbPyzpJMdiF7syXrzxw%0D%0An%2FkoynkXagSoL2b6H7I%3D $pay_id = $_REQUEST["TxnRef"]; $status = $_REQUEST["txnStatus"]; $error_code = $_REQUEST["errorCode"]; $amount = $_REQUEST["amount"]; if ($status != "succ") { logPay("Status not success line " . __LINE__ . " file " . __FILE__ . "\n"); die; } if ($_SERVER["REMOTE_ADDR"] != "203.116.94.3" && $_SERVER["REMOTE_ADDR"] != "203.116.61.131" && $_SERVER["REMOTE_ADDR"] != "203.116.94.76" && $_SERVER["REMOTE_ADDR"] != "203.116.94.74" && $_SERVER["REMOTE_ADDR"] != "203.116.94.6") { logPay("Recieved notify from an unkonwn IP addr " . __LINE__ . " file " . __FILE__ . "\n"); $content = "Recieved notify from an unkonwn IP addr " . $_SERVER["REMOTE_ADDR"]; Mail($conf_webmaster_email_addr, "[DTC Robot]: Recieved notify from an unkonwn IP", $content); } $pay_fee = $amount * $secpayconf_enets_rate / 100; $amount_paid = $amount - $pay_fee; logPay("Payment success from enets: calling validate()\n"); // Todo: add more checkings to verify that the payment notify is originated by eNETS validatePaiement($pay_id, $amount_paid, "online", "enets", 0, $amount);
if ($_REQUEST["mc_currency"] != $secpayconf_currency_letters) { logPay("Currency is not {$secpayconf_currency_letters} !"); die("Incorrect currency!"); } if ($_REQUEST["payment_status"] != "Completed") { if ($_REQUEST["payment_status"] == "Pending") { setPaiemntAsPending(mysql_real_escape_string($item_number), mysql_real_escape_string($_REQUEST["pending_reason"])); } else { logPay("Status is not completed or pending !"); die("Status not completed or pending..."); } } else { logPay("Calling validate()"); // validatePaiement($item_number,$refund_amount,"online","paypal",$txn_id,$_POST["payment_gross"]); // This should work better: if ($secpayconf_paypal_validate_with == "total") { $refund_amount = $_REQUEST["mc_gross"] - $_REQUEST["mc_fee"]; } else { // Ensure amount tally according to cost before adding the paypal fees $refund_amount = $_REQUEST["mc_gross"]; } validatePaiement(mysql_real_escape_string($item_number), $refund_amount, "online", "paypal", mysql_real_escape_string($_REQUEST["txn_id"]), mysql_real_escape_string($_REQUEST["mc_gross"])); } } elseif (strcmp($res, "INVALID") == 0) { // log for manual investigation logPay("Recieved INVALID: sending mail to webmaster !!"); die("Invalid!"); } } fclose($fp); }
function validatePaiement($pay_id, $amount_paid, $paiement_type, $secpay_site = "none", $secpay_custom_id = "0", $total_payed = -1) { global $pro_mysql_pay_table; global $conf_webmaster_email_addr; global $pro_mysql_new_admin_table; global $secpayconf_maxmind_threshold; global $secpayconf_currency_letters; global $conf_message_subject_header; if (!isset($secpayconf_currency_letters)) { get_secpay_conf(); } $q = "SELECT * FROM {$pro_mysql_pay_table} WHERE id='{$pay_id}';"; logPay("Querying: {$q}"); $r = mysql_query($q) or die(logPay("Cannot query \"{$q}\" ! " . mysql_error() . " in file " . __FILE__ . " line " . __LINE__)); $n = mysql_num_rows($r); if ($n != 1) { die(logPay("Pay id {$pay_id} not found in file " . __FILE__ . " line " . __LINE__)); } $ar = mysql_fetch_array($r); if ($ar["valid"] != "no" && $ar["valid"] != "pending") { die(logPay("Paiement already validated in file " . __FILE__ . " line " . __LINE__)); } logPay("Ammount paid: {$amount_paid}"); // Ensure the amt paid is inclusive of tax $payable_amt = $ar["refund_amount"] + $ar["refund_amount"] * ($ar["vat_rate"] / 100); // Round the amount to the nearest 2 decimals $payable_amt = round($payable_amt, 2); if ($amount_paid < $payable_amt) { die(logPay("Amount paid on gateway lower than refund ammount file " . __FILE__ . " line " . __LINE__)); } if ($total_payed != -1) { $cost = $total_payed - $amount_paid; $total = $total_payed; } else { $cost = $amount_paid - $ar["refund_amount"]; $total = $amount_paid; } $new_account_array; if ($ar["new_account"] == "yes") { $q = "SELECT * FROM {$pro_mysql_new_admin_table} WHERE paiement_id='" . $ar["id"] . "';"; $r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error()); $new_account_array = mysql_fetch_array($r); } $maxmind_hash = unserialize($new_account_array["maxmind_output"]); $maxmind_score = $maxmind_hash["riskScore"]; if ($maxmind_score >= $secpayconf_maxmind_threshold) { $q = "UPDATE {$pro_mysql_pay_table} SET paiement_type='{$paiement_type}',\n\t\t\tsecpay_site='{$secpay_site}',paiement_cost='{$cost}',paiement_total='{$total}',\n\t\t\tvalid_date='" . date("Y-m-j") . "', valid_time='" . date("H:i:s") . "',\n\t\t\tsecpay_custom_id='{$secpay_custom_id}',valid='pending',pending_reason='MaxMind' WHERE id='{$pay_id}';"; } else { $q = "UPDATE {$pro_mysql_pay_table} SET paiement_type='{$paiement_type}',\n\t\tsecpay_site='{$secpay_site}',paiement_cost='{$cost}',paiement_total='{$total}',\n\t\tvalid_date='" . date("Y-m-j") . "', valid_time='" . date("H:i:s") . "',\n\t\tsecpay_custom_id='{$secpay_custom_id}',valid='yes' WHERE id='{$pay_id}';"; } logPay($q); mysql_query($q) or die(logPay("Cannot query \"{$q}\" ! " . mysql_error() . " in file " . __FILE__ . " line " . __LINE__)); $txt_userwaiting_account_activated_subject = "{$conf_message_subject_header} " . $amount_paid . " {$secpayconf_currency_letters} payment occured"; if ($ar["new_account"] == "yes") { $a = $new_account_array; $added_comments = "Login: "******"reqadm_login"] . "\nEmail: " . $a["email"] . "\nCompany: " . $a["comp_name"] . "\nCustomer: " . $a["first_name"] . ", " . $a["family_name"] . "\nCity: " . $a["city"] . "\nCountry: " . $a["country"] . ""; } else { $added_comments = ""; } $txt_mail = "Hello,\n\nThis is Domain Technologie Control panel robot.\nA " . $amount_paid . " {$secpayconf_currency_letters} payment has just occured.\n\nPayid: " . $pay_id . "\n{$added_comments}\n\nGPLHost:>_ Open-source hosting worldwide.\nhttp://www.gplhost.com\n"; $headers = "From: " . $conf_webmaster_email_addr; mail($conf_webmaster_email_addr, $txt_userwaiting_account_activated_subject, $txt_mail, $headers); }