if ($_REQUEST["mc_currency"] != $secpayconf_currency_letters) {
logPay("Currency is not {$secpayconf_currency_letters} !");
die("Incorrect currency!");
}
if ($_REQUEST["payment_status"] != "Completed") {
if ($_REQUEST["payment_status"] == "Pending") {
setPaiemntAsPending(mysql_real_escape_string($item_number), mysql_real_escape_string($_REQUEST["pending_reason"]));
} else {
logPay("Status is not completed or pending !");
die("Status not completed or pending...");
}
} else {
logPay("Calling validate()");
// validatePaiement($item_number,$refund_amount,"online","paypal",$txn_id,$_POST["payment_gross"]);
// This should work better:
if ($secpayconf_paypal_validate_with == "total") {
$refund_amount = $_REQUEST["mc_gross"] - $_REQUEST["mc_fee"];
} else {
// Ensure amount tally according to cost before adding the paypal fees
$refund_amount = $_REQUEST["mc_gross"];
}
validatePaiement(mysql_real_escape_string($item_number), $refund_amount, "online", "paypal", mysql_real_escape_string($_REQUEST["txn_id"]), mysql_real_escape_string($_REQUEST["mc_gross"]));
}
} elseif (strcmp($res, "INVALID") == 0) {
// log for manual investigation
logPay("Recieved INVALID: sending mail to webmaster !!");
die("Invalid!");
}
}
fclose($fp);
}
get_secpay_conf();
// Concatenate the strings and check for the md5sig
$concat_str = $_REQUEST["merchant_id"] . $_REQUEST["transaction_id"] . strtoupper(md5($secpayconf_moneybookers_secret_word)) . $_REQUEST["mb_amount"] . $_REQUEST["mb_currency"] . $_REQUEST["status"];
if (strtoupper(md5($concat_str)) != $_REQUEST["md5sig"]) {
die("md5sum not validated!");
}
if ($secpayconf_moneybookers_sandbox == "yes") {
// This is test sandbox site
$moneybookers_host = "www.moneybookers.com";
$moneybookers_cgi = "/app/payment.pl";
$ze_moneybookers_email = $secpayconf_moneybookers_sandbox_email;
} else {
// This is production website
$moneybookers_host = "www.moneybookers.com";
$moneybookers_cgi = "/app/payment.pl";
$ze_moneybookers_email = $secpayconf_moneybookers_email;
}
if ($_REQUEST["pay_to_email"] != $ze_moneybookers_email) {
die("This is not our business moneybookers email!");
}
if ($_REQUEST["mb_currency"] != $secpayconf_currency_letters) {
die("Incorrect currency!");
}
$item_number = mysql_real_escape_string($_REQUEST["transaction_id"]);
$amount = mysql_real_escape_string($_REQUEST["mb_amount"]);
if ($_REQUEST["mb_status"] != "0") {
setPaiemntAsPending($item_number, mysql_real_escape_string("moneybookers"));
}
if ($_REQUEST["mb_status"] != "2") {
validatePaiement($item_number, $amount, "online", "moneybookers", mysql_real_escape_string($_REQUEST["mb_transaction_id"]));
}
// TxnRef=13&
// TxnDate=20060504&
// TxnTime=20%3A34%3A26&
// PayMethod=credit&
// txnStatus=succ&errorCode=0000&
// no_shipping=1&
// mid=616&
// item_name=Test+product1&
// curCode=USD&
// submit_x=116&submit_y=17&
// currency_code=USD&
// NETS_signature=icbfv62esnlCGylZya91VL8xy+6unH0SuSqute3CaN0dr5KeBt7xVTC69Q1BSet2myyMoaJpr%2FrY%0D%0AGUhUFVIRnm34omisbiSRsdGiM2Yblv%2Fhlo%2Fjn3zN+3Vn0nNi9FxX3r2Q5fbPyzpJMdiF7syXrzxw%0D%0An%2FkoynkXagSoL2b6H7I%3D
$pay_id = $_REQUEST["TxnRef"];
$status = $_REQUEST["txnStatus"];
$error_code = $_REQUEST["errorCode"];
$amount = $_REQUEST["amount"];
if ($status != "succ") {
logPay("Status not success line " . __LINE__ . " file " . __FILE__ . "\n");
die;
}
if ($_SERVER["REMOTE_ADDR"] != "203.116.94.3" && $_SERVER["REMOTE_ADDR"] != "203.116.61.131" && $_SERVER["REMOTE_ADDR"] != "203.116.94.76" && $_SERVER["REMOTE_ADDR"] != "203.116.94.74" && $_SERVER["REMOTE_ADDR"] != "203.116.94.6") {
logPay("Recieved notify from an unkonwn IP addr " . __LINE__ . " file " . __FILE__ . "\n");
$content = "Recieved notify from an unkonwn IP addr " . $_SERVER["REMOTE_ADDR"];
Mail($conf_webmaster_email_addr, "[DTC Robot]: Recieved notify from an unkonwn IP", $content);
}
$pay_fee = $amount * $secpayconf_enets_rate / 100;
$amount_paid = $amount - $pay_fee;
logPay("Payment success from enets: calling validate()\n");
// Todo: add more checkings to verify that the payment notify is originated by eNETS
validatePaiement($pay_id, $amount_paid, "online", "enets", 0, $amount);