function cp_module_paypal_ipn() { if (isset($_GET['cp_module_paypal_ipn']) && $_GET['cp_module_paypal_ipn'] != '') { if (get_option('cp_module_paypal_sandbox')) { $host = 'www.sandbox.paypal.com'; } else { $host = 'www.paypal.com'; } // read the post from PayPal system and add 'cmd' $req = 'cmd=' . urlencode('_notify-validate'); foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&{$key}={$value}"; } $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'https://' . $host . '/cgi-bin/webscr'); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $req); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($ch, CURLOPT_HTTPHEADER, array('Host: ' . $host)); $res = curl_exec($ch); curl_close($ch); // assign posted variables to local variables $item_name = $_POST['item_name']; $item_number = $_POST['item_number']; $payment_status = $_POST['payment_status']; $payment_amount = $_POST['mc_gross']; $payment_currency = $_POST['mc_currency']; $txn_id = $_POST['txn_id']; $receiver_email = $_POST['receiver_email']; $payer_email = $_POST['payer_email']; $custom = $_POST['custom']; list($points, $uid) = explode('|', $custom); if (strcmp($res, "VERIFIED") == 0) { // check the payment_status is Completed if ($payment_status != 'Completed') { die; } // check that txn_id has not been previously processed global $wpdb; $results = $wpdb->get_results('SELECT * FROM `' . CP_DB . '` WHERE `type`=\'paypal\''); foreach ($results as $result) { $data = unserialize($result->data); if ($data['txn_id'] == $txn_id) { die; } } // check that receiver_email is your Primary PayPal email if ($receiver_email != trim(get_option('cp_module_paypal_account'))) { die; } // check that payment_amount/payment_currency are correct if ($payment_currency != get_option('cp_module_paypal_currency')) { die; } if ((double) $payment_amount != (double) cp_module_paypal_round_up(get_option('cp_module_paypal_price') * (int) $points, 2)) { die; } // process payment cp_points('paypal', $uid, (int) $points, serialize(array('txn_id' => $txn_id, 'payer_email' => $payer_email, 'amt' => $payment_amount))); } else { if (strcmp($res, "INVALID") == 0) { // invalid IPN die; } } exit; } }
function cp_module_paypal_ipn() { if ($_GET['cp_module_paypal_ipn'] != '') { // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&{$key}={$value}"; } if (get_option('cp_module_paypal_sandbox')) { $loc = 'ssl://www.sandbox.paypal.com'; } else { $loc = 'ssl://www.paypal.com'; } // post back to PayPal system to validate $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen($loc, 443, $errno, $errstr, 30); // assign posted variables to local variables $item_name = $_POST['item_name']; $item_number = $_POST['item_number']; $payment_status = $_POST['payment_status']; $payment_amount = $_POST['mc_gross']; $payment_currency = $_POST['mc_currency']; $txn_id = $_POST['txn_id']; $receiver_email = $_POST['receiver_email']; $payer_email = $_POST['payer_email']; $custom = $_POST['custom']; list($points, $uid) = explode('|', $custom); if (!$fp) { // HTTP ERROR } else { fputs($fp, $header . $req); while (!feof($fp)) { $res = fgets($fp, 1024); if (strcmp($res, "VERIFIED") == 0) { // check the payment_status is Completed if ($payment_status != 'Completed') { die; } // check that txn_id has not been previously processed global $wpdb; $results = $wpdb->get_results('SELECT * FROM `' . CP_DB . '` WHERE `tyle`=\'paypal\''); foreach ($results as $result) { $data = $result->data; if ($data['txn_id'] == $txn_id) { die; } } // check that receiver_email is your Primary PayPal email if ($receiver_email != get_option('cp_module_paypal_account')) { die; } // check that payment_amount/payment_currency are correct if ($payment_currency != get_option('cp_module_paypal_currency')) { die; } if ((double) $payment_amount != (double) cp_module_paypal_round_up(get_option('cp_module_paypal_price') * (int) $points, 2)) { die; } // process payment cp_points('paypal', $uid, (int) $points, serialize(array('txn_id' => $txn_id, 'payer_email' => $payer_email, 'amt' => $payment_amount))); } else { if (strcmp($res, "INVALID") == 0) { // invalid paypal return die; } } } fclose($fp); } exit; } }