public function action_ipn() { //todo delete //paypal::validate_ipn(); $this->auto_render = FALSE; //START PAYPAL IPN //manual checks $id_order = Core::post('item_number'); $paypal_amount = Core::post('mc_gross'); $payer_id = Core::post('payer_id'); //retrieve info for the item in DB $order = new Model_Order(); $order = $order->where('id_order', '=', $id_order)->where('status', '=', Model_Order::STATUS_CREATED)->limit(1)->find(); if ($order->loaded()) { //same amount and same currency if (Core::post('payment_status') == 'Completed' and Core::post('mc_gross') == number_format($order->amount, 2, '.', '') and Core::post('mc_currency') == $order->currency and Core::post('receiver_email') == core::config('payment.paypal_account') || Core::post('business') == core::config('payment.paypal_account')) { //same price , currency and email no cheating ;) if (paypal::validate_ipn()) { $order->confirm_payment('paypal', Core::post('txn_id'), NULL, NULL, NULL, Core::post('mc_fee')); } else { Kohana::$log->add(Log::ERROR, 'A payment has been made but is flagged as INVALID'); $this->response->body('KO'); } } else { Kohana::$log->add(Log::ERROR, 'Attempt illegal actions with transaction'); $this->response->body('KO'); } } else { Kohana::$log->add(Log::ERROR, 'Order not loaded'); $this->response->body('KO'); } $this->response->body('OK'); }
public function action_ipn() { //todo delete //paypal::validate_ipn(); $this->auto_render = FALSE; //START PAYPAL IPN //manual checks $id_order = Core::post('item_number'); $paypal_amount = Core::post('mc_gross'); $payer_id = Core::post('payer_id'); //retrieve info for the item in DB $order = new Model_Order(); $order = $order->where('id_order', '=', $id_order)->where('status', '=', Model_Order::STATUS_CREATED)->limit(1)->find(); if ($order->loaded()) { // detect product to be processed if (is_numeric($order->id_product)) { $id_category = new Model_Category(); $id_category = $id_category->where('id_category', '=', $order->id_product)->limit(1)->find(); $product_id = $id_category->id_category; } else { $product_id = $order->id_product; } if (Core::post('mc_gross') == number_format($order->amount, 2, '.', '') && Core::post('mc_currency') == core::config('payment.paypal_currency') && (Core::post('receiver_email') == core::config('payment.paypal_account') || Core::post('business') == core::config('payment.paypal_account'))) { //same price , currency and email no cheating ;) if (paypal::validate_ipn()) { $order->confirm_payment($id_order, core::config('general.moderation')); } else { Kohana::$log->add(Log::ERROR, 'A payment has been made but is flagged as INVALID'); $this->response->body('KO'); } } else { Kohana::$log->add(Log::ERROR, 'Attempt illegal actions with transaction'); $this->response->body('KO'); } } else { Kohana::$log->add(Log::ERROR, 'Order not loaded'); $this->response->body('KO'); } $this->response->body('OK'); }