public function verifyIPNRequest()
{
//The following function checks to see if the IPN request actually came from Paypal, or it is a hacker trying to bypass the payment
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&{$key}={$value}";
}
//post back to PayPal system to validate
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen("ssl://" . $this->hostName, 443, $errno, $errstr, 15);
$paypalIPN = new PaypalIPN();
if (!$fp) {
$paypalIPN->setMemo("HTTP ERROR. {$errstr} {$errno}. There was an issue processing your request. Please contact a system administrator.");
$result = false;
} else {
fputs($fp, $header . $req);
$res = "";
while (!feof($fp)) {
$res .= fgets($fp);
}
fclose($fp);
$pieces = preg_split("*\r\n\r\n*", $res);
$paypalIPN->setTransaction(@$_REQUEST["custom"]);
$paypalIPN->setTxnid(@$_REQUEST["txn_id"]);
$paypalIPN->setPaymentStatus(@$_REQUEST["payment_status"]);
if ($pieces[1] == "VERIFIED") {
$paypalIPN->setIsVerified(1);
$paypalIPN->setMemo("Verified");
$result = true;
} else {
$paypalIPN->setIsVerified(0);
$paypalIPN->setMemo("The IPN couldn't be verified. This could be a potential hack attempt");
$result = false;
}
}
$postString = "";
foreach ($_REQUEST as $key => $value) {
$postString .= "&{$key}={$value}";
}
$paypalIPN->setPostString($postString);
$paypalIPN->save();
return $result;
}
