function cp_module_paypal_ipn()
{
if (isset($_GET['cp_module_paypal_ipn']) && $_GET['cp_module_paypal_ipn'] != '') {
if (get_option('cp_module_paypal_sandbox')) {
$host = 'www.sandbox.paypal.com';
} else {
$host = 'www.paypal.com';
}
// read the post from PayPal system and add 'cmd'
$req = 'cmd=' . urlencode('_notify-validate');
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&{$key}={$value}";
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://' . $host . '/cgi-bin/webscr');
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Host: ' . $host));
$res = curl_exec($ch);
curl_close($ch);
// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$custom = $_POST['custom'];
list($points, $uid) = explode('|', $custom);
if (strcmp($res, "VERIFIED") == 0) {
// check the payment_status is Completed
if ($payment_status != 'Completed') {
die;
}
// check that txn_id has not been previously processed
global $wpdb;
$results = $wpdb->get_results('SELECT * FROM `' . CP_DB . '` WHERE `type`=\'paypal\'');
foreach ($results as $result) {
$data = unserialize($result->data);
if ($data['txn_id'] == $txn_id) {
die;
}
}
// check that receiver_email is your Primary PayPal email
if ($receiver_email != trim(get_option('cp_module_paypal_account'))) {
die;
}
// check that payment_amount/payment_currency are correct
if ($payment_currency != get_option('cp_module_paypal_currency')) {
die;
}
if ((double) $payment_amount != (double) cp_module_paypal_round_up(get_option('cp_module_paypal_price') * (int) $points, 2)) {
die;
}
// process payment
cp_points('paypal', $uid, (int) $points, serialize(array('txn_id' => $txn_id, 'payer_email' => $payer_email, 'amt' => $payment_amount)));
} else {
if (strcmp($res, "INVALID") == 0) {
// invalid IPN
die;
}
}
exit;
}
}
function cp_module_paypal_ipn()
{
if ($_GET['cp_module_paypal_ipn'] != '') {
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&{$key}={$value}";
}
if (get_option('cp_module_paypal_sandbox')) {
$loc = 'ssl://www.sandbox.paypal.com';
} else {
$loc = 'ssl://www.paypal.com';
}
// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen($loc, 443, $errno, $errstr, 30);
// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$custom = $_POST['custom'];
list($points, $uid) = explode('|', $custom);
if (!$fp) {
// HTTP ERROR
} else {
fputs($fp, $header . $req);
while (!feof($fp)) {
$res = fgets($fp, 1024);
if (strcmp($res, "VERIFIED") == 0) {
// check the payment_status is Completed
if ($payment_status != 'Completed') {
die;
}
// check that txn_id has not been previously processed
global $wpdb;
$results = $wpdb->get_results('SELECT * FROM `' . CP_DB . '` WHERE `tyle`=\'paypal\'');
foreach ($results as $result) {
$data = $result->data;
if ($data['txn_id'] == $txn_id) {
die;
}
}
// check that receiver_email is your Primary PayPal email
if ($receiver_email != get_option('cp_module_paypal_account')) {
die;
}
// check that payment_amount/payment_currency are correct
if ($payment_currency != get_option('cp_module_paypal_currency')) {
die;
}
if ((double) $payment_amount != (double) cp_module_paypal_round_up(get_option('cp_module_paypal_price') * (int) $points, 2)) {
die;
}
// process payment
cp_points('paypal', $uid, (int) $points, serialize(array('txn_id' => $txn_id, 'payer_email' => $payer_email, 'amt' => $payment_amount)));
} else {
if (strcmp($res, "INVALID") == 0) {
// invalid paypal return
die;
}
}
}
fclose($fp);
}
exit;
}
}