Whats wrong with this code????

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Clukey
Forum Commoner
Posts: 60
Joined: Fri Apr 21, 2006 9:05 pm

Whats wrong with this code????

Post by Clukey »

I am tring to make a script that sends me an email, inserts a recordset into a MySQL Database, and also into server variables then send them to another page that check if the information is the same, then updates the record and lets a person download a file. I'm not getting any errors, but the download doesn't start and there is no information in the database. Here is the code I am using. Thanks for the help.

Page 1 (sends an email, creates a inserts the information into the database, then creates session variables):

Code: Select all

<?php
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
echo "test";
// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);

// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$invoice_id = $_POST['invoice_id'];
$payment_status = $_POST['payment_status'];

if (!$fp) {

} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {


if ($payment_status == "Completed")
{

  $session_id = "";
  for ($i=0; $i<30; $i++) {
	$session_id .= chr(mt_rand(35, 126));
  }
  require_once("../folder1/connection.php");
  mysql_select_db($database_Payments, $Payments);
  $query_Recordset1 = "SELECT * FROM verify_payments ORDER BY id DESC";
  $Recordset1 = mysql_query($query_Recordset1, $Payments) or die(mysql_error());
  $row_Recordset1 = mysql_fetch_assoc($Recordset1);
  $totalRows_Recordset1 = mysql_num_rows($Recordset1);

  $insertSQL = sprintf("INSERT INTO verify_payments (id, name, txn_id, item_number, session_id, downed) VALUES (%s, %s, %s, %s, %s, %s)",
                       intval($row_Recordset1['id'])+1,
                       $payer_email,
                       $txn_id,
                       $item_number,
                       $session_id,
					   "1");

  mysql_select_db($database_Payments, $Payments);
  $Result1 = mysql_query($insertSQL, $Payments) or die(mysql_error());
  mysql_free_result($Recordset1);


  session_start();
  $_SESSION["item_number"] = $item_number;
  $_SESSION["session_id"] = $session_id;
  $_SESSION["txn_id"] = $txn_id;
  $_SESSION["name"] = $payer_email;
  $_SESSION["downned"] = "1";
  mail('email@domain.com', 'The '.$item_name.' has ordered!!', 'Payment was completed: \n\n' . $item_name . '\n' . $item_number . '\n' . $payment_status . '\n' . $payment_amount . '\n' . $payment_currency . '\n' . $txn_id . '\n' . $receiver_email . '\n' . $payer_email . '\n' . $invoice_id . '\n' . $payment_status, "From: Payment Form");
}

}
else if (strcmp ($res, "INVALID") == 0) {
  mail('email@domain.com', 'A '.$item_name.' order has failed ', 'Payment has failed: \n\n' . $item_name . '\n' . $item_number . '\n' . $payment_status . '\n' . $payment_amount . '\n' . $payment_currency . '\n' . $txn_id . '\n' . $receiver_email . '\n' . $payer_email . '\n' . $invoice_id . '\n' . $payment_status, "From: Payment Form");

}
}
fclose ($fp);
}
?>

Page 2 (compares the information in the database to the information in the server variables):

Code: Select all

require_once("folder/connection.php");
  mysql_select_db($database_Payments, $Payments);
  $query_Recordset1 = "SELECT * FROM verify_payments ORDER BY id DESC";
  $Recordset1 = mysql_query($query_Recordset1, $Payments) or die(mysql_error());
  $row_Recordset1 = mysql_fetch_assoc($Recordset1);
  $totalRows_Recordset1 = mysql_num_rows($Recordset1);

  $db_payer_email = $row_Recordset1['name'];
  $db_txn_id = $row_Recordset1['txn_id'];
  $db_item_number = $row_Recordset1['item_number'];
  $db_session_id = $row_Recordset1['session_id'];
  $db_downed = $row_Recordset1['downed'];

  $session_payer_email = $_SESSION["name"];
  $session_txn_id = $_SESSION["txn_id"];
  $session_item_number = $_SESSION["item_number"];
  $session_session_id = $_SESSION["session_id"];
  $session_downed = $_SESSION["downed"];
  
  if ($db_payer_email == $session_payer_email && $db_txn_id == $session_txn_id && $db_item_number == $session_item_number && $db_session_id == $session_session_id && $db_downed == $session_downed && $db_downed == "1") {
	$updateSQL = sprintf("UPDATE verify_payments SET downed=%s WHERE session_id=%s",
                       "0",
                       $db_session_id);

	mysql_select_db($database_Payments, $Payments);
	$Result1 = mysql_query($updateSQL, $Payments) or die(mysql_error());

	header(sprintf("Location: folder1/folder2/file.mxp"));
  }
session_unset();
mysql_free_result($Recordset1);

Thanks again.
User avatar
tecktalkcm0391
DevNet Resident
Posts: 1030
Joined: Fri May 26, 2006 9:25 am
Location: Florida

Post by tecktalkcm0391 »

i don't see why you have:

Code: Select all

$session_id = ""; 
  for ($i=0; $i<30; $i++) { 
        $session_id .= chr(mt_rand(35, 126)); 
  }
PHP Manual wrote:Predefined Constants
The constants below are defined by this extension, and will only be available when the extension has either been compiled into PHP or dynamically loaded at runtime.


SID (string)
Constant containing either the session name and session ID in the form of "name=ID" or empty string if session ID was set in an appropriate session cookie.
You can just ask for the SID and then it will give you the Id that it made.

I am also confused with:

Code: Select all

$insertSQL = sprintf("INSERT INTO verify_payments (id, name, txn_id, item_number, session_id, downed) VALUES (%s, %s, %s, %s, %s, %s)", 
                       intval($row_Recordset1['id'])+1, 
                       $payer_email, 
                       $txn_id, 
                       $item_number, 
                       $session_id, 
                                           "1");
put

Code: Select all

session_start();
at the top of your page, its just easier, but in order for you page to still work, (and also just to make it more flawless) do this:

Code: Select all

<?php
// PUT THIS AS YOUR FIRST LINE:
ob_start();
// IT MAKES A MEMORY BUFFER SO THAT IT DOESN'T SEND ANY HEADERS AND MESS UP YOUR CODE

// YOUR PAGE CODE

// PUT THIS AS YOUR VERY LAST LINE OF CODE TO MAKE A CLEAN END OF THE MEMORY BUFFER
ob_flush();
?>
If you:

Code: Select all

//GET RID OF THIS:
$session_id = ""; 
  for ($i=0; $i<30; $i++) { 
        $session_id .= chr(mt_rand(35, 126)); 
  } 


// CHANGE THIS:
  $_SESSION["session_id"] = $session_id; 
// TO THIS:
 $_SESSION["session_id"] = $SID;
// IT WILL SET THE SESSION_ID VARIABLE TO THE SID

Code: Select all

//  IF YOU ARE GOING TO USE THE SESSIONS TO SEND THE USER TO ANOTHER PAGE WHERE THEY WILL BE READ THEN WHY ARE YOU USING:
session_unset(); 
// THAT ERASES ALL OF THE SESSION DATA
NOTE: Everything in this message is not tested.
Clukey
Forum Commoner
Posts: 60
Joined: Fri Apr 21, 2006 9:05 pm

Post by Clukey »

Thanks for the help, here is what I have now. What I'm really having a problem with is the mysql_query, for some reason it isn't inserting the record.

Code: Select all

<?php 
ob_start();
// read the post from PayPal system and add 'cmd' 
$req = 'cmd=_notify-validate'; 

foreach ($_POST as $key => $value) { 
$value = urlencode(stripslashes($value)); 
$req .= "&$key=$value"; 
} 
echo "test"; 
// post back to PayPal system to validate 
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n"; 
$header .= "Content-Type: application/x-www-form-urlencoded\r\n"; 
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; 
$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30); 

// assign posted variables to local variables 
$item_name = $_POST['item_name']; 
$item_number = $_POST['item_number']; 
$payment_status = $_POST['payment_status']; 
$payment_amount = $_POST['mc_gross']; 
$payment_currency = $_POST['mc_currency']; 
$txn_id = $_POST['txn_id']; 
$receiver_email = $_POST['receiver_email']; 
$payer_email = $_POST['payer_email']; 
$invoice_id = $_POST['invoice_id']; 
$payment_status = $_POST['payment_status']; 

if (!$fp) { 

} else { 
fputs ($fp, $header . $req); 
while (!feof($fp)) { 
$res = fgets ($fp, 1024); 
if (strcmp ($res, "VERIFIED") == 0) { 


if ($payment_status == "Completed") 
{ 

  $session_id = $SID; 


  $connection = mysql_connect ("localhost", "username", "password") or die ('I cannot connect to the database because: ' . mysql_error());
  mysql_select_db ("database");
  mysql_query ("INSERT INTO verify_payments (id, name, txn_id, item_number, session_id, downed) VALUES ('0', '".$payer_email."', '".$txn_id."', '".$item_number."', '".$session_id."', '1')")


  session_start(); 
  $_SESSION["item_number"] = $item_number; 
  $_SESSION["session_id"] = $session_id; 
  $_SESSION["txn_id"] = $txn_id; 
  $_SESSION["name"] = $payer_email; 
  $_SESSION["downned"] = "1"; 
  mail('email@domain.com', 'The '.$item_name.' has ordered!!', 'Payment was completed: \n\n' . $item_name . '\n' . $item_number . '\n' . $payment_status . '\n' . $payment_amount . '\n' . $payment_currency . '\n' . $txn_id . '\n' . $receiver_email . '\n' . $payer_email . '\n' . $invoice_id . '\n' . $payment_status, "From: Payment Form"); 
} 

} 
else if (strcmp ($res, "INVALID") == 0) { 
  mail('email@domain.com', 'A '.$item_name.' order has failed ', 'Payment has failed: \n\n' . $item_name . '\n' . $item_number . '\n' . $payment_status . '\n' . $payment_amount . '\n' . $payment_currency . '\n' . $txn_id . '\n' . $receiver_email . '\n' . $payer_email . '\n' . $invoice_id . '\n' . $payment_status, "From: Payment Form"); 

} 
} 
fclose ($fp); 
}
ob_flush();
?>
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

firstly, you cannot define any output prior to using session_start();.. you should be getting the infamous headers already sent, and lose the output buffering functions..

mysql_query ("INSERT INTO verify_payments (id, name, txn_id, item_number, session_id, downed) VALUES ('0', '".$payer_email."', '".$txn_id."', '".$item_number."', '".$session_id."', '1')") or die(mysql_error());

add the bolded text to your query for a more insightful message as to why your query failed.
Clukey
Forum Commoner
Posts: 60
Joined: Fri Apr 21, 2006 9:05 pm

Post by Clukey »

Thanks, I figured out why my query wasn't working, I forgot to put a ; after the query line. My last question (hopefully :D ) is about the session variables. This code is executed by paypal when a user makes a purchase, paypal then goes to a redirection page and then sends the user back to my site, and unfortunately the session variables aren't showing up when I get back to my site. How can I get them to pass through the paypal page and stay till they get back to my site? Thanks.
Post Reply