/** * Handle IPN's. The function may produce output, which would be returned to the Payment Gateway. The function may do transaction verification. * * @return array A long tuple of collected data. */ function handle_transaction() { if (file_exists(get_file_base() . '/data_custom/ecommerce.log') && is_writable_wrap(get_file_base() . '/data_custom/ecommerce.log')) { $myfile = fopen(get_file_base() . '/data_custom/ecommerce.log', 'at'); fwrite($myfile, serialize($_POST) . chr(10)); fclose($myfile); } // assign posted variables to local variables $purchase_id = post_param_integer('custom', '-1'); $txn_type = post_param('txn_type', NULL); if ($txn_type == 'cart') { require_lang('shopping'); $item_name = do_lang('CART_ORDER', $purchase_id); } else { $item_name = substr(post_param('txn_type', ''), 0, 6) == 'subscr' ? '' : post_param('item_name', ''); } $payment_status = post_param('payment_status', ''); // May be blank for subscription $reason_code = post_param('reason_code', ''); $pending_reason = post_param('pending_reason', ''); $memo = post_param('memo', ''); $mc_gross = post_param('mc_gross', ''); // May be blank for subscription $tax = post_param('tax', ''); if ($tax != '' && intval($tax) > 0 && $mc_gross != '') { $mc_gross = float_to_raw_string(floatval($mc_gross) - floatval($tax)); } $mc_currency = post_param('mc_currency', ''); // May be blank for subscription $txn_id = post_param('txn_id', ''); // May be blank for subscription $parent_txn_id = post_param('parent_txn_id', '-1'); $receiver_email = post_param('receiver_email'); // post back to PayPal system to validate if (!ecommerce_test_mode()) { require_code('files'); $pure_post = isset($GLOBALS['PURE_POST']) ? $GLOBALS['PURE_POST'] : $_POST; $x = 0; $res = mixed(); do { $res = http_download_file('http://' . (ecommerce_test_mode() ? 'www.sandbox.paypal.com' : 'www.paypal.com') . '/cgi-bin/webscr', NULL, false, false, 'ocPortal', $pure_post + array('cmd' => '_notify-validate')); $x++; } while (is_null($res) && $x < 3); if (is_null($res)) { my_exit(do_lang('IPN_SOCKET_ERROR')); } if (!(strcmp($res, 'VERIFIED') == 0)) { if (post_param('txn_type', '') == 'send_money') { exit('Unexpected'); } // PayPal has been seen to mess up on send_money transactions, making the IPN unverifiable my_exit(do_lang('IPN_UNVERIFIED') . ' - ' . $res . ' - ' . flatten_slashed_array($pure_post), strpos($res, '<html') !== false); } } $txn_type = str_replace('-', '_', post_param('txn_type')); if ($txn_type == 'subscr-modify') { $payment_status = 'SModified'; $txn_id = post_param('subscr_id') . '-m'; } elseif ($txn_type == 'subscr_signup') { $payment_status = 'Completed'; $mc_gross = post_param('mc_amount3'); if (post_param_integer('recurring') != 1) { my_exit(do_lang('IPN_SUB_RECURRING_WRONG')); } $txn_id = post_param('subscr_id'); } elseif ($txn_type == 'subscr_eot' || $txn_type == 'recurring_payment_suspended_due_to_max_failed_payment') { $payment_status = 'SCancelled'; $txn_id = post_param('subscr_id') . '-c'; } elseif ($txn_type == 'subscr_payment' || $txn_type == 'subscr_failed' || $txn_type == 'subscr_cancel') { exit; } $primary_paypal_email = get_value('primary_paypal_email'); if (!is_null($primary_paypal_email)) { if ($receiver_email != $primary_paypal_email) { my_exit(do_lang('IPN_EMAIL_ERROR')); } } else { if ($receiver_email != $this->_get_payment_address()) { my_exit(do_lang('IPN_EMAIL_ERROR')); } } if (addon_installed('shopping')) { $this->store_shipping_address($purchase_id); } return array($purchase_id, $item_name, $payment_status, $reason_code, $pending_reason, $memo, $mc_gross, $mc_currency, $txn_id, $parent_txn_id); }
/** * Turn an array into a humanely readable string. * * @param array Array to convert * @return string A humanely readable version of the array. */ function flatten_slashed_array($array) { $ret = ''; foreach ($array as $key => $val) { if (is_array($val)) { $val = flatten_slashed_array($val); } if (get_magic_quotes_gpc()) { $val = stripslashes($val); } $ret .= '<param>' . (is_integer($key) ? strval($key) : $key) . '=' . $val . '</param>' . "\n"; // $key may be integer, due to recursion line for list fields, above } return $ret; }
/** * Log statistics for the page view. * * @param string The string to the page file * @param integer The time taken for page loading in milliseconds */ function log_stats($string, $pg_time) { if (!addon_installed('stats')) { return; } if (get_option('site_closed') == '1' && get_option('no_stats_when_closed', true) === '1') { return; } if (get_option('super_logging') == '1' || get_param('track', NULL) !== NULL) { $get = substr(flatten_slashed_array($_GET), 0, 255); $post2 = $_POST; unset($post2['password']); unset($post2['password_confirm']); unset($post2['decrypt']); $post = flatten_slashed_array($post2); } else { $get = ''; $post = ''; } $page = $string; $ip = get_ip_address(); $member = get_member(); if (is_guest($member)) { $member = -get_session_id(); } $time = time(); $referer = substr(ocp_srv('HTTP_REFERER'), 0, 255); $browser = substr(get_browser_string(), 0, 255); $os = substr(get_os_string(), 0, 255); if ($os === NULL) { $os = ''; } if (get_option('no_bot_stats', true) === '1' && (strpos(strtolower($browser), 'http:') !== false || strpos(strtolower($browser), 'bot') !== false || get_bot_type() !== NULL)) { return; } $GLOBALS['SITE_DB']->query_insert('stats', array('access_denied_counter' => 0, 'browser' => $browser, 'operating_system' => $os, 'the_page' => $page, 'ip' => $ip, 'the_user' => $member, 'date_and_time' => $time, 'referer' => $referer, 'get' => $get, 'post' => $post, 'milliseconds' => intval($pg_time * 1000)), false, true); if (mt_rand(0, 1000) == 1) { $GLOBALS['SITE_DB']->query('DELETE FROM ' . get_table_prefix() . 'stats WHERE date_and_time<' . strval(time() - 60 * 60 * 24 * intval(get_option('stats_store_time')))); } global $SITE_INFO; if (isset($SITE_INFO['throttle_bandwidth_views_per_meg'])) { set_value('page_views', strval(intval(get_value('page_views')) + 1)); } }