function postback($VAR) { # needed for return $ret['invoice_id'] = $VAR['option1']; $ret['transaction_id'] = $VAR['order_id']; $ret['amount'] = $VAR['amount']; $ret['currency'] = DEFAULT_CURRENCY; # get the processor details: $db =& DB(); $q = "SELECT id,active,plugin_data FROM " . AGILE_DB_PREFIX . "checkout WHERE\n\t\t\t site_id \t\t= " . $db->qstr(DEFAULT_SITE) . " AND\n\t\t\t checkout_plugin\t= " . $db->qstr($this->name); $rs = $db->Execute($q); while (!$rs->EOF) { $ret['checkout_id'] = $rs->fields["id"]; $do = true; $this->cfg = unserialize($rs->fields["plugin_data"]); if ($do) { include_once PATH_MODULES . 'checkout/checkout.inc.php'; $checkout = new checkout(); $checkout->postback($ret); echo '<SCRIPT LANGUAGE="JavaScript"> window.location="' . $this->success_url . $ret['invoice_id'] . '"; </script>'; return true; } $rs->MoveNext(); } echo '<SCRIPT LANGUAGE="JavaScript"> window.location="' . $this->decline_url . $ret['invoice_id'] . '"; </script>'; }
function postback($VAR) { # needed for return $ret['invoice_id'] = $VAR['merchant_product_id']; $ret['transaction_id'] = $VAR['order_number']; $ret['amount'] = $VAR['total']; $ret['status'] = true; $ret['currency'] = DEFAULT_CURRENCY; # needed for verification $order_number = $VAR['merchant_product_id']; // invoice_id $order_id = $VAR['order_number']; // transaction id $amount = $VAR['total']; // total # get the processor details: $db =& DB(); $q = "SELECT id,active,plugin_data FROM " . AGILE_DB_PREFIX . "checkout WHERE\n\t\t\t site_id \t\t= " . $db->qstr(DEFAULT_SITE) . " AND\n\t\t\t checkout_plugin\t= " . $db->qstr($this->name); $rs = $db->Execute($q); while (!$rs->EOF) { $ret['checkout_id'] = $rs->fields["id"]; $do = true; $this->cfg = unserialize($rs->fields["plugin_data"]); # Get the 2checkout settings $sid = $this->cfg['id']; // store id $secret_word = $this->cfg['secret']; // secret word # Test for demo mode if ($VAR['demo'] == "Y" && $this->cfg['mode'] != "Y") { $do = $false; } elseif ($VAR['demo'] == "Y") { $oid = '1'; } else { $oid = $order_id; } # If the secret word is set, validate it against what is posted if (!empty($secret_word)) { $hash_remote = strtoupper($VAR['key']); $string = $secret_word . $sid . $oid . $amount; $hash_local = strtoupper(md5($string)); if ($hash_local != $hash_remote) { $do = false; } } # Validate agains the posted 2checkout id: if ($sid != $VAR['sid']) { $do = false; } if ($do) { include_once PATH_MODULES . 'checkout/checkout.inc.php'; $checkout = new checkout(); $checkout->postback($ret); echo '<SCRIPT LANGUAGE="JavaScript"> window.location="?_page=invoice:thankyou&_next_page=invoice:user_view&id=' . $ret['invoice_id'] . '"; </script>'; return true; } $rs->MoveNext(); } echo '<SCRIPT LANGUAGE="JavaScript"> window.location="' . $this->decline_url . $ret['invoice_id'] . '"; </script>'; }
function postback($VAR) { # needed for return $ret['invoice_id'] = $VAR['invoice']; $ret['transaction_id'] = $VAR['PAYMENT_BATCH_NUM']; $ret['amount'] = $VAR['PAYMENT_AMOUNT']; $ret['currency'] = FALSE; $ret['status'] = true; # get the processor details: $db =& DB(); $q = "SELECT id,active,plugin_data FROM " . AGILE_DB_PREFIX . "checkout WHERE\n\t\t\t site_id \t\t= " . $db->qstr(DEFAULT_SITE) . " AND\n\t\t\t checkout_plugin\t= " . $db->qstr($this->name); $rs = $db->Execute($q); while (!$rs->EOF) { $ret['checkout_id'] = $rs->fields["id"]; $do = true; $this->cfg = unserialize($rs->fields["plugin_data"]); # Create & validate the Hash String if (!empty($this->cfg['secret'])) { $con_str = $VAR['PAYMENT_ID']; $con_str .= ':' . $VAR['PAYEE_ACCOUNT']; $con_str .= ':' . $VAR['PAYMENT_AMOUNT']; $con_str .= ':' . $VAR['PAYMENT_UNITS']; $con_str .= ':' . $VAR['PAYMENT_METAL_ID']; $con_str .= ':' . $VAR['PAYMENT_BATCH_NUM']; $con_str .= ':' . $VAR['PAYER_ACCOUNT']; $con_str .= ':' . strtoupper(md5($this->cfg['secret'])); $con_str .= ':' . $VAR['ACTUAL_PAYMENT_OUNCES']; $con_str .= ':' . $VAR['USD_PER_OUNCE']; $con_str .= ':' . $VAR['FEEWEIGHT']; $con_str .= ':' . $VAR['TIMESTAMPGMT']; $str = strtoupper(md5($con_str)); if ($str != $VAR['V2_HASH']) { $do = false; } } # Get the currency: for ($i = 0; $i < count($this->support_cur); $i++) { if ($VAR['PAYMENT_UNITS'] = $this->support_arr[$i]) { $ret['currency'] = $this->support_cur[$i]; } } # Validate against the posted payee: if ($VAR['PAYEE_ACCOUNT'] != $this->cfg['account']) { $do = false; } if ($do) { include_once PATH_MODULES . 'checkout/checkout.inc.php'; $checkout = new checkout(); $checkout->postback($ret); echo '<SCRIPT LANGUAGE="JavaScript"> window.location="' . $this->success_url . $ret['invoice_id'] . '"; </script>'; return true; } $rs->MoveNext(); } echo '<SCRIPT LANGUAGE="JavaScript"> window.location="' . $this->decline_url . $ret['invoice_id'] . '"; </script>'; }
function postback($VAR) { # needed for return $ret['invoice_id'] = $VAR['transaction_id']; $ret['transaction_id'] = $VAR['mb_transaction_id']; $ret['amount'] = $VAR['mb_amount']; $ret['currency'] = $VAR['mb_currency']; $ret['status'] = true; $ret['subscription_id'] = $VAR['transaction_id']; # get the processor details: $db =& DB(); $q = "SELECT id,active,plugin_data FROM " . AGILE_DB_PREFIX . "checkout WHERE\n\t\t\t site_id \t\t= " . $db->qstr(DEFAULT_SITE) . " AND\n\t\t\t checkout_plugin\t= " . $db->qstr($this->name); $rs = $db->Execute($q); while (!$rs->EOF) { $ret['checkout_id'] = $rs->fields["id"]; $do = true; $this->cfg = unserialize($rs->fields["plugin_data"]); # If the secret word is set, validate it against what is posted if (!empty($this->cfg['secret'])) { $hash = $VAR['merchant_id']; $hash .= $VAR['transaction_id']; $hash .= strtoupper(md5($this->cfg['secret'])); $hash .= $VAR['mb_amount']; $hash .= $VAR['mb_currency']; $hash .= $VAR['status']; $hash = strtoupper(md5($hash)); if ($hash != strtoupper($VAR['md5sig'])) { $do = false; } } # Validate against the posted seller: if ($this->cfg['account'] != $VAR['pay_to_email']) { $do = false; } if ($do) { include_once PATH_MODULES . 'checkout/checkout.inc.php'; $checkout = new checkout(); $checkout->postback($ret); echo '<SCRIPT LANGUAGE="JavaScript"> window.location="' . $this->success_url . $ret['invoice_id'] . '"; </script>'; return true; } $rs->MoveNext(); } echo '<SCRIPT LANGUAGE="JavaScript"> window.location="' . $this->decline_url . $ret['invoice_id'] . '"; </script>'; }
function postback($VAR) { # needed for return $ret['invoice_id'] = $VAR['order_id']; $ret['transaction_id'] = $VAR['transaction_id']; $ret['amount'] = $VAR['amount']; $ret['currency'] = DEFAULT_CURRENCY; # get the processor details: $db =& DB(); $q = "SELECT id,active,plugin_data FROM " . AGILE_DB_PREFIX . "checkout WHERE\n\t\t\t site_id \t\t= " . $db->qstr(DEFAULT_SITE) . " AND\n\t\t\t checkout_plugin\t= " . $db->qstr($this->name); $rs = $db->Execute($q); while (!$rs->EOF) { $ret['checkout_id'] = $rs->fields["id"]; $do = true; $this->cfg = unserialize($rs->fields["plugin_data"]); # Validate agains the posted 2checkout id: if ($this->cfg['email'] != $VAR['to_email']) { $do = false; } # Contact the nochex server for validation if ($do) { $this->host = 'www.nochex.com'; $this->url = '/nochex.dll/apc/apc'; while (list($key, $value) = each($VAR)) { $vars[] = array($key, $value); } # POST the variables back to NOCHEX: include_once PATH_CORE . 'ssl.inc.php'; $n = new CORE_ssl(); $response = $n->connect($this->host, $this->url, $vars, true, 1); if (empty($response) || eregi("DECLINED", $response)) { $do = false; } elseif (eregi("AUTHORISED", $response)) { $do = true; } else { $do = false; } } if ($do) { include_once PATH_MODULES . 'checkout/checkout.inc.php'; $checkout = new checkout(); $checkout->postback($ret); echo '<SCRIPT LANGUAGE="JavaScript"> window.location="' . $this->success_url . '&id=' . $ret['invoice_id'] . '"; </script>'; return true; } $rs->MoveNext(); } echo '<SCRIPT LANGUAGE="JavaScript"> window.location="' . $this->decline_url . '&id=' . $ret['invoice_id'] . '"; </script>'; }
function postback() { # read the post from PayPal system and add 'cmd' global $_POST; $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&{$key}={$value}"; } # post back to PayPal system to validate $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen('www.paypal.com', 80, $errno, $errstr, 30); # needed for validation $this->status = $_POST['payment_status']; # needed for return $ret['invoice_id'] = $_POST['invoice']; $ret['transaction_id'] = $_POST['txn_id']; $ret['amount'] = $_POST['mc_gross']; $ret['currency'] = $_POST['mc_currency']; $do = true; # validate vars if ($fp) { fputs($fp, $header . $req); while (!feof($fp)) { $res = fgets($fp, 1024); if (strcmp($res, "VERIFIED") == 0) { # check the payment_status is Completed if ($this->status == 'Completed' || $this->status == 'Canceled_Reversal') { $ret['status'] = true; } else { $ret['status'] = false; } # get the processor details: $db =& DB(); $q = "SELECT id,active,plugin_data FROM " . AGILE_DB_PREFIX . "checkout WHERE\n\t\t\t\t\t\t site_id \t\t= " . $db->qstr(DEFAULT_SITE) . " AND\n\t\t\t\t\t\t checkout_plugin\t= " . $db->qstr($this->name); $rs = $db->Execute($q); while (!$rs->EOF) { $ret['checkout_id'] = $rs->fields["id"]; $this->cfg = unserialize($rs->fields["plugin_data"]); if ($_POST['receiver_email'] == $this->cfg['email']) { include_once PATH_MODULES . 'checkout/checkout.inc.php'; $checkout = new checkout(); $checkout->postback($ret); return; } $rs->MoveNext(); } } } fclose($fp); } }
function postback($VAR) { # needed for return $ret['invoice_id'] = $VAR['OMI_MERCHANT_REF_NO']; $ret['transaction_id'] = $VAR['OMI_TXN_ID']; $ret['amount'] = $VAR['OMI_CURRENCY_AMT']; $ret['currency'] = FALSE; $ret['status'] = true; # get the processor details: $db =& DB(); $q = "SELECT id,active,plugin_data FROM " . AGILE_DB_PREFIX . "checkout WHERE\n\t\t\t site_id \t\t= " . $db->qstr(DEFAULT_SITE) . " AND\n\t\t\t checkout_plugin\t= " . $db->qstr($this->name); $rs = $db->Execute($q); while (!$rs->EOF) { $ret['checkout_id'] = $rs->fields["id"]; $do = true; $this->cfg = unserialize($rs->fields["plugin_data"]); # Test for test mode if ($this->cfg['mode'] == 1 && $VAR['OMI_MODE'] != "LIVE") { $do = false; } # Create & validate the Hash String if (!empty($this->cfg['secret'])) { $con_str = $VAR['OMI_MERCHANT_REF_NO']; $con_str .= '?' . $VAR['OMI_MODE']; $con_str .= '?' . $VAR['OMI_MERCHANT_HLD_NO']; $con_str .= '?' . $VAR['OMI_PAYER_HLD_NO']; $con_str .= '?' . $VAR['OMI_CURRENCY_CODE']; $con_str .= '?' . $VAR['OMI_CURRENCY_AMT']; $con_str .= '?' . $VAR['OMI_GOLDGRAM_AMT']; $con_str .= '?' . $VAR['OMI_TXN_ID']; $con_str .= '?' . $VAR['OMI_TXN_DATETIME']; $con_str .= '?' . $VAR['OMI_MERCHANT_STRG_FEE']; $con_str .= '?' . $this->cfg['secret']; $str = strtoupper(md5($con_str)); if ($str != $VAR['OMI_HASH']) { $do = false; } } # Get the currency: for ($i = 0; $i < count($this->support_cur); $i++) { if ($VAR['OMI_CURRENCY_CODE'] = $this->support_arr[$i]) { $ret['currency'] = $this->support_cur[$i]; } } # Validate against the posted payee: if ($VAR['OMI_MERCHANT_HLD_NO'] != $this->cfg['account']) { $do = false; } if ($do) { include_once PATH_MODULES . 'checkout/checkout.inc.php'; $checkout = new checkout(); $checkout->postback($ret); echo '<SCRIPT LANGUAGE="JavaScript"> window.location="' . $this->success_url . $ret['invoice_id'] . '"; </script>'; return true; } $rs->MoveNext(); } echo '<SCRIPT LANGUAGE="JavaScript"> window.location="' . $this->decline_url . $ret['invoice_id'] . '"; </script>'; }
function postback() { # read the post from PayPal system and add 'cmd' global $_POST, $C_debug; # Log paypal postback: foreach ($_POST as $key => $value) { @($debug .= "\r\n{$key}={$value}"); } $C_debug->error('PAYPAL_RECUR:' . $_POST['txn_type'], 'Invoice: ' . $_POST['invoice'], "{$debug}"); # Assemble postback string $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&{$key}={$value}"; } # post back to PayPal system to validate $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $domain = 'www.paypal.com'; #$domain = 'www.sandbox.paypal.com'; $fp = fsockopen($domain, 80, $errno, $errstr, 30); # needed for validation $ret['invoice_id'] = $_POST['invoice']; $ret['transaction_id'] = $_POST['txn_id']; $ret['currency'] = $_POST['mc_currency']; $ret['subscription_id'] = $_POST['subscr_id']; if (!empty($_POST['mc_gross'])) { $ret['amount'] = $_POST['mc_gross']; } else { $ret['amount'] = $_POST['payment_gross']; } # validate $do = true; $force = true; // force approved reply if (!$fp) { # HTTP ERROR: $C_debug->error('PAYPAL_RECURRING.php', 'postback()', "Unable to connect to domain {$domain}"); } else { fputs($fp, $header . $req); while (!feof($fp)) { $res = fgets($fp, 1024); if (!$force && strcmp($res, "INVALID") == 0) { # Log for manual investigation: $C_debug->error('PAYPAL_RECURRING.php', 'postback()', "Postback for Invoice {$ret['invoice_id']} is INVALID, PayPal subscription id {$ret['subscription_id']}"); header("HTTP/1.0 404 Not Found"); return false; } else { if ($force || strcmp($res, "VERIFIED") == 0) { # get the payment status $ret['status'] = true; switch ($_POST['txn_type']) { case "subscr_cancel": $ret['status'] = false; break; case "subscr_failed": $ret['status'] = false; break; case "subscr_eot": $ret['status'] = false; break; } if ($ret['status'] != false) { switch ($_POST['payment_status']) { case "Canceled_Reversal": $ret['status'] = true; break; case "Completed": $ret['status'] = true; break; case "Denied": $ret['status'] = false; break; case "Failed": $ret['status'] = false; break; case "Pending": $ret['status'] = false; break; case "Refunded": $ret['status'] = false; break; case "Reversed": $ret['status'] = false; break; } } # get the processor details: $db =& DB(); $q = "SELECT id,active,plugin_data FROM " . AGILE_DB_PREFIX . "checkout WHERE\n\t\t\t\t\t\t site_id \t\t= " . $db->qstr(DEFAULT_SITE) . " AND\n\t\t\t\t\t\t checkout_plugin\t= " . $db->qstr($this->name); $rs = $db->Execute($q); while (!$rs->EOF) { $ret['checkout_id'] = $rs->fields["id"]; $this->cfg = unserialize($rs->fields["plugin_data"]); if ($_POST['business'] == $this->cfg['email']) { include_once PATH_MODULES . 'checkout/checkout.inc.php'; $checkout = new checkout(); $checkout->postback($ret); header("HTTP/1.1 200 OK"); header("Status: 200 OK"); fclose($fp); return; } $rs->MoveNext(); } } } } fclose($fp); } header("HTTP/1.0 404 Not Found"); }
function postback($VAR) { # needed for return $ret['invoice_id'] = $VAR['PAYMENT_ID']; $ret['transaction_id'] = $VAR['TRANSACTION_NUMBER']; $ret['amount'] = $VAR['PAYMENT_AMOUNT']; $ret['currency'] = $VAR['CURRENCY_CODE']; $ret['status'] = true; # get the processor details: $db =& DB(); $q = "SELECT id,active,plugin_data FROM " . AGILE_DB_PREFIX . "checkout WHERE\n\t\t\t site_id \t\t= " . $db->qstr(DEFAULT_SITE) . " AND\n\t\t\t checkout_plugin\t= " . $db->qstr($this->name); $rs = $db->Execute($q); while (!$rs->EOF) { $ret['checkout_id'] = $rs->fields["id"]; $do = true; $this->cfg = unserialize($rs->fields["plugin_data"]); # Create & validate the Hash String $con_str = $VAR['PAYMENT_UNITS']; $con_str .= '|' . $VAR['PAYMENT_AMOUNT']; $con_str .= '|' . $VAR['PAYEE_ACCOUNT']; $con_str .= '|' . $VAR['DATE_TIME_GMT']; $con_str .= '|' . $this->cfg['secret']; $str = strtoupper(md5($con_str)); if (!empty($this->cfg['secret']) && $str != $VAR['HASH_KEY']) { $do = false; } # Validate agains the posted payee: if ($VAR['PAYEE_ACCOUNT'] != $this->cfg['account']) { $do = false; } if ($do) { include_once PATH_MODULES . 'checkout/checkout.inc.php'; $checkout = new checkout(); $checkout->postback($ret); echo '<SCRIPT LANGUAGE="JavaScript"> window.location="' . $this->success_url . $ret['invoice_id'] . '"; </script>'; return true; } $rs->MoveNext(); } echo '<SCRIPT LANGUAGE="JavaScript"> window.location="' . $this->decline_url . $ret['invoice_id'] . '"; </script>'; }
function postback($VAR) { # needed for return $ret['invoice_id'] = $VAR['ref']; $ret['transaction_id'] = $VAR['transactionID']; $ret['amount'] = $VAR['paymentAmount']; $ret['status'] = true; $ret['currency'] = $VAR['currency']; # get the processor details: $db =& DB(); $q = "SELECT id,active,plugin_data FROM " . AGILE_DB_PREFIX . "checkout WHERE\n\t\t\t site_id \t\t= " . $db->qstr(DEFAULT_SITE) . " AND\n\t\t\t checkout_plugin\t= " . $db->qstr($this->name); $rs = $db->Execute($q); while (!$rs->EOF) { $ret['checkout_id'] = $rs->fields["id"]; $do = true; $this->cfg = unserialize($rs->fields["plugin_data"]); # Test for response code /* if($VAR['responseCode'] != "PP") $do = false; */ if ($do) { include_once PATH_MODULES . 'checkout/checkout.inc.php'; $checkout = new checkout(); $checkout->postback($ret); echo '<SCRIPT LANGUAGE="JavaScript"> window.location="' . URL . '?_page=invoice:thankyou&_next_page=invoice:user_view&id=' . $ret['invoice_id'] . '"; </script>'; return true; } $rs->MoveNext(); } echo '<SCRIPT LANGUAGE="JavaScript"> window.location="' . URL . '?_page=checkout:checkout"; </script>'; }
function postback($VAR) { # needed for return $ret['invoice_id'] = $VAR['MERCHANT_TRANID']; $ret['transaction_id'] = $VAR['TRANSACTIONID']; $ret['amount'] = $VAR['AMOUNT']; $ret['currency'] = $VAR['CURRENCYCODE']; if ($VAR['TXN_STATUS'] == 'Y') { $ret['status'] = true; } else { $ret['status'] = false; } # get the processor details: $db =& DB(); $q = "SELECT id,active,plugin_data FROM " . AGILE_DB_PREFIX . "checkout WHERE\n\t\t\t site_id \t\t= " . $db->qstr(DEFAULT_SITE) . " AND\n\t\t\t checkout_plugin\t= " . $db->qstr($this->name); $rs = $db->Execute($q); while (!$rs->EOF) { $ret['checkout_id'] = $rs->fields["id"]; $this->cfg = unserialize($rs->fields["plugin_data"]); if ($ret['status']) { include_once PATH_MODULES . 'checkout/checkout.inc.php'; $checkout = new checkout(); $checkout->postback($ret); echo '<SCRIPT LANGUAGE="JavaScript"> window.location="' . SSL_URL . '?_page=invoice:thankyou&_next_page=invoice:user_view&id=' . $ret['invoice_id'] . '"; </script>'; return true; } $rs->MoveNext(); } echo '<SCRIPT LANGUAGE="JavaScript"> window.location="' . SSL_URL . '?_page=invoice:thankyou&_next_page=invoice:user_view&id=' . $ret['invoice_id'] . '"; </script>'; }
function postback($VAR) { # needed for return $ret['invoice_id'] = $VAR['custom']; $ret['transaction_id'] = $VAR['confirmation']; $ret['amount'] = $VAR['total']; if ($VAR['func'] == "PURCHASE") { // PURCHASE, REVERSAL, CANCELLATION $ret['status'] = true; } else { $ret['status'] = false; } $ret['currency'] = DEFAULT_CURRENCY; # needed for verification $order_number = $VAR['x_trans_id']; // invoice_id $order_id = $VAR['x_invoice_num']; // transaction id $amount = $VAR['total']; // total # get the processor details: $db =& DB(); $q = "SELECT id,active,plugin_data FROM " . AGILE_DB_PREFIX . "checkout WHERE\n\t\t\t site_id \t\t= " . $db->qstr(DEFAULT_SITE) . " AND\n\t\t\t checkout_plugin\t= " . $db->qstr($this->name); $rs = $db->Execute($q); while (!$rs->EOF) { $ret['checkout_id'] = $rs->fields["id"]; $do = true; $this->cfg = unserialize($rs->fields["plugin_data"]); # check the account number if ($VAR['pwd'] != $this->cfg['ipn_pass']) { return false; } # check the seller account if ($VAR['account_no'] != $this->cfg['id']) { return false; } # update if ($do) { include_once PATH_MODULES . 'checkout/checkout.inc.php'; $checkout = new checkout(); $checkout->postback($ret); echo '<SCRIPT LANGUAGE="JavaScript"> window.location="' . $this->success_url . $ret['invoice_id'] . '"; </script>'; return true; } $rs->MoveNext(); } echo '<SCRIPT LANGUAGE="JavaScript"> window.location="' . $this->decline_url . $ret['invoice_id'] . '"; </script>'; }
function postback($VAR) { # needed for return $ret['invoice_id'] = $VAR['transaction_ref']; $ret['transaction_id'] = $VAR['transaction_id']; $ret['amount'] = $VAR['amount']; $ret['currency'] = DEFAULT_CURRENCY; # get the processor details: $db =& DB(); $q = "SELECT id,active,plugin_data FROM " . AGILE_DB_PREFIX . "checkout WHERE\n\t\t\t site_id \t\t= " . $db->qstr(DEFAULT_SITE) . " AND\n\t\t\t checkout_plugin\t= " . $db->qstr($this->name); $rs = $db->Execute($q); while (!$rs->EOF) { $ret['checkout_id'] = $rs->fields["id"]; $do = true; $this->cfg = unserialize($rs->fields["plugin_data"]); # If the secret word is set, validate it against what is posted if (!empty($this->cfg['secret'])) { if ($this->cfg['secret'] != $VAR['secret_code']) { $do = false; } } # Validate agains the posted payee: if ($VAR['vendor_email'] != $this->cfg['email']) { $do = false; } # Set the status // SUCCESS, CANCEL, REFUND, CHARGEBACK, or ERROR if ($VAR['status'] == 'SUCCESS') { $ret['status'] = true; } else { $ret['status'] = false; } if ($do) { include_once PATH_MODULES . 'checkout/checkout.inc.php'; $checkout = new checkout(); $checkout->postback($ret); echo '<SCRIPT LANGUAGE="JavaScript"> window.location="' . $this->success_url . $ret['invoice_id'] . '"; </script>'; return true; } $rs->MoveNext(); } echo '<SCRIPT LANGUAGE="JavaScript"> window.location="' . $this->decline_url . $ret['invoice_id'] . '"; </script>'; }