/** * Paypal IPN processing action.. * This action is the intake for a paypal_ipn callback performed by paypal itself. * This action will take the paypal callback, verify it (so trickery) and save the transaction into your database for later review * * @access public * @author Nick Baker */ public function process($id = null) { $debugging = Configure::read('debug') && !is_null($id); if ($debugging) { $ipn = $this->InstantPaymentNotification->findById($id); $raw = $ipn['InstantPaymentNotification']['raw']; } else { $raw = file_get_contents("php://input"); } if (!empty($raw)) { $data = $this->InstantPaymentNotification->parseRaw($raw); $data['valid'] = $this->InstantPaymentNotification->is_valid($raw); $data['ip'] = remote_ip(); $data['raw'] = $raw; $result = $data['valid'] ? 'Valid' : 'Invalid'; $notification = $this->InstantPaymentNotification->buildAssociationsFromIPN($data); if ($debugging) { $this->InstantPaymentNotification->id = $id; $notification['InstantPaymentNotification']['id'] = $id; } $this->InstantPaymentNotification->saveAll($notification); $this->__processTransaction($this->InstantPaymentNotification->id); } else { $result = 'empty'; } exit($result); }
/** * verifies POST data given by the paypal instant payment notification * @param array $data Most likely directly $_POST given by the controller. * @return boolean true | false depending on if data received is actually valid from paypal and not from some script monkey */ function isValid($data, $test = false) { if (env('SERVER_ADDR') === remote_ip() || preg_match('/paypal\\.com$/', gethostbyaddr(remote_ip()))) { $server = $test ? 'https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_notify-validate' : 'https://www.paypal.com/cgi-bin/webscr?cmd=_notify-validate'; $response = $this->Http->post($server, $data); if ($response == "VERIFIED") { return true; } if (!$response) { $this->log('HTTP Error in PaypalIpnSource::isValid while posting back to PayPal', 'debug'); } } else { $this->log('IPN Notification comes from unknown IP: ' . remote_ip(), 'debug'); } return false; }
/** * Paypal IPN processing action.. * This action is the intake for a paypal_ipn callback performed by paypal itself. * This action will take the paypal callback, verify it (so trickery) and save the transaction into your database for later review * * @access public * @author Nick Baker */ public function process($id = null) { $debugging = Configure::read('debug') && !is_null($id); if ($debugging) { if (is_numeric($id)) { $this->loadModel('Transaction'); $transaction = $this->Transaction->findById($id); } if (!empty($transaction)) { $ipn = $this->InstantPaymentNotification->findByPayKey($transaction['Transaction']['payment_id']); } else { $ipn = $this->InstantPaymentNotification->findByPayKey($id); } $raw = $ipn['InstantPaymentNotification']['raw']; } else { $raw = file_get_contents("php://input"); } if (!empty($raw)) { $data = $this->InstantPaymentNotification->parseRaw($raw); $data['valid'] = $this->InstantPaymentNotification->is_valid($raw); $data['ip'] = remote_ip(); $data['raw'] = $raw; $result = $data['valid'] ? 'Valid' : 'Invalid'; $notification = $data; //Buscamos si hai algún item xa gardado con ese instant_payment_notification_txn_id $findExisting = $this->InstantPaymentNotification->PaypalItem->find('first', array('conditions' => array('instant_payment_notification_txn_id' => $data['txn_id']), 'fields' => array('id'))); //Si existe algún item con ese instant_payment_notification_txn_id é porque //xa se gardou antes (seguramente por un pago pendiente ou algo así...), así evitamos duplicados if (empty($findExisting)) { $notification['PaypalItem'] = $this->InstantPaymentNotification->buildAssociationsFromIPN($data); } if ($debugging) { $this->InstantPaymentNotification->id = $id; $notification['InstantPaymentNotification']['id'] = $id; } $this->InstantPaymentNotification->saveAll($notification); $this->__processTransaction($this->InstantPaymentNotification->id); } else { $result = 'empty'; } exit($result); }
$query="SELECT chemin, name, value from applis where type='P' OR type='N' order by name"; $result=mysqli_query($GLOBALS["___mysqli_ston"], $query); if ($result) { while ( $r=mysqli_fetch_object($result) ) { if ( ($r->name == $use) ) { $urluse = "../Plugins/".$r->chemin."/"; } } } ((mysqli_free_result($result) || (is_object($result) && (get_class($result) == "mysqli_result"))) ? true : false); } if ( ! isset ($urluse) ) $urluse=$url_accueil; # # Detection de l'origine de la requete # list ($ip_client_prefix) = explode (".", remote_ip()); list ($ip_serv_prefix) = explode (".",getenv("SERVER_ADDR")); if ( $ip_client_prefix == $ip_serv_prefix) $source="lan"; else $source="wan"; # # Determination du groupe principal de l'utilisateur connecte # $group=people_get_group ($login); # # TimeStamp # $date=date("YmdHis"); # # Enregistrement dans la table statusages # $use=((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $use) : ((trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : "")); $query="INSERT INTO statusages VALUES ('$group', '$use', '$date', '$source','$login')";
?> <h3>Authentification</h3> <p>Afin de pouvoir rentrer dans votre espace perso LCS, vous devez fournir un identifiant et un mot de passe. En cas d'oubli, contactez <a href='mailto:<? echo "admin@$domain" ?>?subject=Mot de passe Intranet'>l'administrateur du système</a>.</p> <form name = "auth" action="auth.php" method="post" onsubmit = "encrypt(document.auth)" > <table border='0'> <tr> <td>Identifiant : </td> <td><input type="text" name="login" size="20" maxlength="30" autocomplete="off" /><br /></td> </tr> <tr> <td>Mot de passe : </td> <td> <input type= "password" value="" name="dummy" size="20" maxlength="30" autocomplete="off"/> <input type="hidden" name="string_auth" value=""/> <input type="hidden" name="time" value=""/> <input type="hidden" name="client_ip" value="<? echo remote_ip(); ?>"/> <input type="hidden" name="timestamp" value="<? echo time(); ?>"/> </td> </tr> <tr align="left"> <td> </td> <td><input type="submit" value="Valider"/><br /></td> </tr> </table> </form> <? // Affichage logo crypto crypto_nav(); // Affichage des erreurs switch ($error) { case "1" :