public function verifyIPNRequest() { //The following function checks to see if the IPN request actually came from Paypal, or it is a hacker trying to bypass the payment $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&{$key}={$value}"; } //post back to PayPal system to validate $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen("ssl://" . $this->hostName, 443, $errno, $errstr, 15); $paypalIPN = new PaypalIPN(); if (!$fp) { $paypalIPN->setMemo("HTTP ERROR. {$errstr} {$errno}. There was an issue processing your request. Please contact a system administrator."); $result = false; } else { fputs($fp, $header . $req); $res = ""; while (!feof($fp)) { $res .= fgets($fp); } fclose($fp); $pieces = preg_split("*\r\n\r\n*", $res); $paypalIPN->setTransaction(@$_REQUEST["custom"]); $paypalIPN->setTxnid(@$_REQUEST["txn_id"]); $paypalIPN->setPaymentStatus(@$_REQUEST["payment_status"]); if ($pieces[1] == "VERIFIED") { $paypalIPN->setIsVerified(1); $paypalIPN->setMemo("Verified"); $result = true; } else { $paypalIPN->setIsVerified(0); $paypalIPN->setMemo("The IPN couldn't be verified. This could be a potential hack attempt"); $result = false; } } $postString = ""; foreach ($_REQUEST as $key => $value) { $postString .= "&{$key}={$value}"; } $paypalIPN->setPostString($postString); $paypalIPN->save(); return $result; }