get_secpay_conf(); // Concatenate the strings and check for the md5sig $concat_str = $_REQUEST["merchant_id"] . $_REQUEST["transaction_id"] . strtoupper(md5($secpayconf_moneybookers_secret_word)) . $_REQUEST["mb_amount"] . $_REQUEST["mb_currency"] . $_REQUEST["status"]; if (strtoupper(md5($concat_str)) != $_REQUEST["md5sig"]) { die("md5sum not validated!"); } if ($secpayconf_moneybookers_sandbox == "yes") { // This is test sandbox site $moneybookers_host = "www.moneybookers.com"; $moneybookers_cgi = "/app/payment.pl"; $ze_moneybookers_email = $secpayconf_moneybookers_sandbox_email; } else { // This is production website $moneybookers_host = "www.moneybookers.com"; $moneybookers_cgi = "/app/payment.pl"; $ze_moneybookers_email = $secpayconf_moneybookers_email; } if ($_REQUEST["pay_to_email"] != $ze_moneybookers_email) { die("This is not our business moneybookers email!"); } if ($_REQUEST["mb_currency"] != $secpayconf_currency_letters) { die("Incorrect currency!"); } $item_number = mysql_real_escape_string($_REQUEST["transaction_id"]); $amount = mysql_real_escape_string($_REQUEST["mb_amount"]); if ($_REQUEST["mb_status"] != "0") { setPaiemntAsPending($item_number, mysql_real_escape_string("moneybookers")); } if ($_REQUEST["mb_status"] != "2") { validatePaiement($item_number, $amount, "online", "moneybookers", mysql_real_escape_string($_REQUEST["mb_transaction_id"])); }
// check that txn_id has not been previously processed // check that receiver_email is your Primary PayPal email // check that payment_amount/payment_currency are correct // process payment if ($_REQUEST["business"] != $secpayconf_paypal_email) { logPay("db:" . $secpayconf_paypal_email . "/request:" . $_REQUEST["business"]); logPay("Business paypal email do not match !"); die("This is not our business paypal email!"); } if ($_REQUEST["mc_currency"] != $secpayconf_currency_letters) { logPay("Currency is not {$secpayconf_currency_letters} !"); die("Incorrect currency!"); } if ($_REQUEST["payment_status"] != "Completed") { if ($_REQUEST["payment_status"] == "Pending") { setPaiemntAsPending(mysql_real_escape_string($item_number), mysql_real_escape_string($_REQUEST["pending_reason"])); } else { logPay("Status is not completed or pending !"); die("Status not completed or pending..."); } } else { logPay("Calling validate()"); // validatePaiement($item_number,$refund_amount,"online","paypal",$txn_id,$_POST["payment_gross"]); // This should work better: if ($secpayconf_paypal_validate_with == "total") { $refund_amount = $_REQUEST["mc_gross"] - $_REQUEST["mc_fee"]; } else { // Ensure amount tally according to cost before adding the paypal fees $refund_amount = $_REQUEST["mc_gross"]; } validatePaiement(mysql_real_escape_string($item_number), $refund_amount, "online", "paypal", mysql_real_escape_string($_REQUEST["txn_id"]), mysql_real_escape_string($_REQUEST["mc_gross"]));