Пример #1
0
 function cp_module_paypal_ipn()
 {
     if (isset($_GET['cp_module_paypal_ipn']) && $_GET['cp_module_paypal_ipn'] != '') {
         if (get_option('cp_module_paypal_sandbox')) {
             $host = 'www.sandbox.paypal.com';
         } else {
             $host = 'www.paypal.com';
         }
         // read the post from PayPal system and add 'cmd'
         $req = 'cmd=' . urlencode('_notify-validate');
         foreach ($_POST as $key => $value) {
             $value = urlencode(stripslashes($value));
             $req .= "&{$key}={$value}";
         }
         $ch = curl_init();
         curl_setopt($ch, CURLOPT_URL, 'https://' . $host . '/cgi-bin/webscr');
         curl_setopt($ch, CURLOPT_HEADER, 0);
         curl_setopt($ch, CURLOPT_POST, 1);
         curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
         curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
         curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
         curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
         curl_setopt($ch, CURLOPT_HTTPHEADER, array('Host: ' . $host));
         $res = curl_exec($ch);
         curl_close($ch);
         // assign posted variables to local variables
         $item_name = $_POST['item_name'];
         $item_number = $_POST['item_number'];
         $payment_status = $_POST['payment_status'];
         $payment_amount = $_POST['mc_gross'];
         $payment_currency = $_POST['mc_currency'];
         $txn_id = $_POST['txn_id'];
         $receiver_email = $_POST['receiver_email'];
         $payer_email = $_POST['payer_email'];
         $custom = $_POST['custom'];
         list($points, $uid) = explode('|', $custom);
         if (strcmp($res, "VERIFIED") == 0) {
             // check the payment_status is Completed
             if ($payment_status != 'Completed') {
                 die;
             }
             // check that txn_id has not been previously processed
             global $wpdb;
             $results = $wpdb->get_results('SELECT * FROM `' . CP_DB . '` WHERE `type`=\'paypal\'');
             foreach ($results as $result) {
                 $data = unserialize($result->data);
                 if ($data['txn_id'] == $txn_id) {
                     die;
                 }
             }
             // check that receiver_email is your Primary PayPal email
             if ($receiver_email != trim(get_option('cp_module_paypal_account'))) {
                 die;
             }
             // check that payment_amount/payment_currency are correct
             if ($payment_currency != get_option('cp_module_paypal_currency')) {
                 die;
             }
             if ((double) $payment_amount != (double) cp_module_paypal_round_up(get_option('cp_module_paypal_price') * (int) $points, 2)) {
                 die;
             }
             // process payment
             cp_points('paypal', $uid, (int) $points, serialize(array('txn_id' => $txn_id, 'payer_email' => $payer_email, 'amt' => $payment_amount)));
         } else {
             if (strcmp($res, "INVALID") == 0) {
                 // invalid IPN
                 die;
             }
         }
         exit;
     }
 }
Пример #2
0
 function cp_module_paypal_ipn()
 {
     if ($_GET['cp_module_paypal_ipn'] != '') {
         // read the post from PayPal system and add 'cmd'
         $req = 'cmd=_notify-validate';
         foreach ($_POST as $key => $value) {
             $value = urlencode(stripslashes($value));
             $req .= "&{$key}={$value}";
         }
         if (get_option('cp_module_paypal_sandbox')) {
             $loc = 'ssl://www.sandbox.paypal.com';
         } else {
             $loc = 'ssl://www.paypal.com';
         }
         // post back to PayPal system to validate
         $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
         $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
         $header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
         $fp = fsockopen($loc, 443, $errno, $errstr, 30);
         // assign posted variables to local variables
         $item_name = $_POST['item_name'];
         $item_number = $_POST['item_number'];
         $payment_status = $_POST['payment_status'];
         $payment_amount = $_POST['mc_gross'];
         $payment_currency = $_POST['mc_currency'];
         $txn_id = $_POST['txn_id'];
         $receiver_email = $_POST['receiver_email'];
         $payer_email = $_POST['payer_email'];
         $custom = $_POST['custom'];
         list($points, $uid) = explode('|', $custom);
         if (!$fp) {
             // HTTP ERROR
         } else {
             fputs($fp, $header . $req);
             while (!feof($fp)) {
                 $res = fgets($fp, 1024);
                 if (strcmp($res, "VERIFIED") == 0) {
                     // check the payment_status is Completed
                     if ($payment_status != 'Completed') {
                         die;
                     }
                     // check that txn_id has not been previously processed
                     global $wpdb;
                     $results = $wpdb->get_results('SELECT * FROM `' . CP_DB . '` WHERE `tyle`=\'paypal\'');
                     foreach ($results as $result) {
                         $data = $result->data;
                         if ($data['txn_id'] == $txn_id) {
                             die;
                         }
                     }
                     // check that receiver_email is your Primary PayPal email
                     if ($receiver_email != get_option('cp_module_paypal_account')) {
                         die;
                     }
                     // check that payment_amount/payment_currency are correct
                     if ($payment_currency != get_option('cp_module_paypal_currency')) {
                         die;
                     }
                     if ((double) $payment_amount != (double) cp_module_paypal_round_up(get_option('cp_module_paypal_price') * (int) $points, 2)) {
                         die;
                     }
                     // process payment
                     cp_points('paypal', $uid, (int) $points, serialize(array('txn_id' => $txn_id, 'payer_email' => $payer_email, 'amt' => $payment_amount)));
                 } else {
                     if (strcmp($res, "INVALID") == 0) {
                         // invalid paypal return
                         die;
                     }
                 }
             }
             fclose($fp);
         }
         exit;
     }
 }