function getTotalStateDonations($state_name) { $sum = 0; if (isValidStateName($state_name)) { $link = mysql_connect($host, $user, $pass); mysql_select_db($db_name); $sql = "SELECT * FROM `rtn_state_donations` WHERE `state` = '" . $state_name . "'"; $result = mysql_query($sql, $link); if (!$result) { error_log(date('[Y-m-d H:i e] ') . "DB Error, could not query the database:" . mysql_error($link) . PHP_EOL, 3, FUNCTIONS_LOG_FILE); return $sum; } while ($row = mysql_fetch_assoc($result)) { $sum = $sum + $row['donation_amount']; } mysql_free_result($result); } return $sum; }
$item_number = $_POST['item_number']; $payment_status = $_POST['payment_status']; $payment_amount = $_POST['mc_gross']; $payment_currency = $_POST['mc_currency']; $txn_id = $_POST['txn_id']; $receiver_email = $_POST['receiver_email']; $payer_email = $_POST['payer_email']; error_log(date('[Y-m-d H:i e] ') . "Got item: name=" . $item_name . ",number=" . $item_number . ",payment_status=" . $payment_status . ",payment_amount=" . $payment_amount . ",payment_currency=" . $payment_currency . ",txn_id=" . $txn_id . ",receiver_email=" . $receiver_email . ",payer_email=" . $payer_email . PHP_EOL, 3, LOG_FILE); // extract state: $counting_string_pos = stripos($item_name, "counting towards"); if ($counting_string_pos === false) { error_log(date('[Y-m-d H:i e] ') . "Could not find 'counting towards' to parse out state name" . PHP_EOL, 3, LOG_FILE); } else { $state_name = substr($item_name, $counting_string_pos + 17); // sanitize / check $state_name! if (isValidStateName($state_name)) { error_log(date('[Y-m-d H:i e] ') . "Got valid state name:" . $state_name . PHP_EOL, 3, LOG_FILE); $db_data = array("state" => $state_name, "donation_amount" => $payment_amount); $updateReturnVal = updateStateDonations($db_data); error_log(date('[Y-m-d H:i e] ') . "Got return value from update:" . $updateReturnVal . PHP_EOL, 3, LOG_FILE); } else { error_log(date('[Y-m-d H:i e] ') . "Ignoring notify with bogus state name:" . $state_name . PHP_EOL, 3, LOG_FILE); } } if (DEBUG == true) { error_log(date('[Y-m-d H:i e] ') . "Verified IPN: {$req} " . PHP_EOL, 3, LOG_FILE); } } else { if (strcmp($res, "INVALID") == 0) { // log for manual investigation // Add business logic here which deals with invalid IPN messages