Page 1 (sends an email, creates a inserts the information into the database, then creates session variables):
Code: Select all
<?php
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
echo "test";
// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);
// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$invoice_id = $_POST['invoice_id'];
$payment_status = $_POST['payment_status'];
if (!$fp) {
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
if ($payment_status == "Completed")
{
$session_id = "";
for ($i=0; $i<30; $i++) {
$session_id .= chr(mt_rand(35, 126));
}
require_once("../folder1/connection.php");
mysql_select_db($database_Payments, $Payments);
$query_Recordset1 = "SELECT * FROM verify_payments ORDER BY id DESC";
$Recordset1 = mysql_query($query_Recordset1, $Payments) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
$insertSQL = sprintf("INSERT INTO verify_payments (id, name, txn_id, item_number, session_id, downed) VALUES (%s, %s, %s, %s, %s, %s)",
intval($row_Recordset1['id'])+1,
$payer_email,
$txn_id,
$item_number,
$session_id,
"1");
mysql_select_db($database_Payments, $Payments);
$Result1 = mysql_query($insertSQL, $Payments) or die(mysql_error());
mysql_free_result($Recordset1);
session_start();
$_SESSION["item_number"] = $item_number;
$_SESSION["session_id"] = $session_id;
$_SESSION["txn_id"] = $txn_id;
$_SESSION["name"] = $payer_email;
$_SESSION["downned"] = "1";
mail('email@domain.com', 'The '.$item_name.' has ordered!!', 'Payment was completed: \n\n' . $item_name . '\n' . $item_number . '\n' . $payment_status . '\n' . $payment_amount . '\n' . $payment_currency . '\n' . $txn_id . '\n' . $receiver_email . '\n' . $payer_email . '\n' . $invoice_id . '\n' . $payment_status, "From: Payment Form");
}
}
else if (strcmp ($res, "INVALID") == 0) {
mail('email@domain.com', 'A '.$item_name.' order has failed ', 'Payment has failed: \n\n' . $item_name . '\n' . $item_number . '\n' . $payment_status . '\n' . $payment_amount . '\n' . $payment_currency . '\n' . $txn_id . '\n' . $receiver_email . '\n' . $payer_email . '\n' . $invoice_id . '\n' . $payment_status, "From: Payment Form");
}
}
fclose ($fp);
}
?>Page 2 (compares the information in the database to the information in the server variables):
Code: Select all
require_once("folder/connection.php");
mysql_select_db($database_Payments, $Payments);
$query_Recordset1 = "SELECT * FROM verify_payments ORDER BY id DESC";
$Recordset1 = mysql_query($query_Recordset1, $Payments) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
$db_payer_email = $row_Recordset1['name'];
$db_txn_id = $row_Recordset1['txn_id'];
$db_item_number = $row_Recordset1['item_number'];
$db_session_id = $row_Recordset1['session_id'];
$db_downed = $row_Recordset1['downed'];
$session_payer_email = $_SESSION["name"];
$session_txn_id = $_SESSION["txn_id"];
$session_item_number = $_SESSION["item_number"];
$session_session_id = $_SESSION["session_id"];
$session_downed = $_SESSION["downed"];
if ($db_payer_email == $session_payer_email && $db_txn_id == $session_txn_id && $db_item_number == $session_item_number && $db_session_id == $session_session_id && $db_downed == $session_downed && $db_downed == "1") {
$updateSQL = sprintf("UPDATE verify_payments SET downed=%s WHERE session_id=%s",
"0",
$db_session_id);
mysql_select_db($database_Payments, $Payments);
$Result1 = mysql_query($updateSQL, $Payments) or die(mysql_error());
header(sprintf("Location: folder1/folder2/file.mxp"));
}
session_unset();
mysql_free_result($Recordset1);Thanks again.