/** * make a purchase order * * @return null */ function ClassifiedAds_makePurchaseOrder() { if (!isset($_SESSION['userdata']['id'])) { $email = $_REQUEST['email']; if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { return array('error' => __('invalid email address')); } dbQuery('insert into user_accounts set email="' . addslashes($email) . '",' . 'name="' . addslashes($email) . '",active=1,date_created=now()'); $user_id = dbLastInsertId(); $dirname = USERBASE . '/f/userfiles/' . $user_id . '/classified-ads-upload'; mkdir($dirname, 0777, true); $olddirname = USERBASE . '/f/userfiles/' . $_SESSION['tmpUID'] . '/classified-ads-upload'; $dir = new DirectoryIterator($olddirname); foreach ($dir as $file) { if ($file->isDot()) { continue; } $fname = $file->getFilename(); rename($olddirname . '/' . $fname, $dirname . '/' . $fname); } } else { $user_id = $_SESSION['userdata']['id']; $dirname = USERBASE . '/f/userfiles/' . $user_id . '/classified-ads-upload'; } $type_id = (int) $_REQUEST['type_id']; $days = (int) $_REQUEST['days']; $phone = $_REQUEST['phone']; $location = $_REQUEST['location']; $cost = $_REQUEST['cost']; $title = $_REQUEST['title']; $description = $_REQUEST['description']; dbQuery('insert into classifiedads_purchase_orders set user_id=' . $user_id . ', type_id=' . $type_id . ', days=' . $days . ', title="' . addslashes($title) . '"' . ', phone="' . addslashes($phone) . '", location="' . addslashes($location) . '"' . ', cost="' . addslashes($cost) . '", category_id=' . (int) $_REQUEST['category_id'] . ', description="' . addslashes($description) . '"'); $ad_id = dbLastInsertId(); $dir = new DirectoryIterator($dirname); mkdir($dirname . '/' . $ad_id, 0777, true); foreach ($dir as $file) { if ($file->isDot() || $file->isDir()) { continue; } $fname = $file->getFilename(); rename($dirname . '/' . $fname, $dirname . '/' . $ad_id . '/' . $fname); } $id = dbLastInsertId(); if ($cost == 0) { ClassifiedAds_publish($id); } return array('id' => $id); }
} if ($req == 'cmd=_notify-validate') { die('please don\'t access this file directly'); } // post back to PayPal system to validate $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen('ssl://www.paypal.com', 443, $errno, $errstr, 30); if (!$fp) { mail('*****@*****.**', 'test', 'failed'); // HTTP ERROR } else { fputs($fp, $header . $req); while (!feof($fp)) { $res = fgets($fp, 1024); if (strcmp($res, "VERIFIED") == 0) { require $_SERVER['DOCUMENT_ROOT'] . '/ww.incs/basics.php'; $id = (int) $_POST['item_number']; if ($id < 1) { exit; } // create ad ClassifiedAds_publish($id); } else { if (strcmp($res, "INVALID") == 0) { } } } fclose($fp); }