Page 1 of 1

Whats wrong with this code????

Posted: Sat Jun 24, 2006 6:34 pm
by Clukey
I am tring to make a script that sends me an email, inserts a recordset into a MySQL Database, and also into server variables then send them to another page that check if the information is the same, then updates the record and lets a person download a file. I'm not getting any errors, but the download doesn't start and there is no information in the database. Here is the code I am using. Thanks for the help.

Page 1 (sends an email, creates a inserts the information into the database, then creates session variables):

Code: Select all

<?php
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
echo "test";
// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);

// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$invoice_id = $_POST['invoice_id'];
$payment_status = $_POST['payment_status'];

if (!$fp) {

} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {


if ($payment_status == "Completed")
{

  $session_id = "";
  for ($i=0; $i<30; $i++) {
	$session_id .= chr(mt_rand(35, 126));
  }
  require_once("../folder1/connection.php");
  mysql_select_db($database_Payments, $Payments);
  $query_Recordset1 = "SELECT * FROM verify_payments ORDER BY id DESC";
  $Recordset1 = mysql_query($query_Recordset1, $Payments) or die(mysql_error());
  $row_Recordset1 = mysql_fetch_assoc($Recordset1);
  $totalRows_Recordset1 = mysql_num_rows($Recordset1);

  $insertSQL = sprintf("INSERT INTO verify_payments (id, name, txn_id, item_number, session_id, downed) VALUES (%s, %s, %s, %s, %s, %s)",
                       intval($row_Recordset1['id'])+1,
                       $payer_email,
                       $txn_id,
                       $item_number,
                       $session_id,
					   "1");

  mysql_select_db($database_Payments, $Payments);
  $Result1 = mysql_query($insertSQL, $Payments) or die(mysql_error());
  mysql_free_result($Recordset1);


  session_start();
  $_SESSION["item_number"] = $item_number;
  $_SESSION["session_id"] = $session_id;
  $_SESSION["txn_id"] = $txn_id;
  $_SESSION["name"] = $payer_email;
  $_SESSION["downned"] = "1";
  mail('email@domain.com', 'The '.$item_name.' has ordered!!', 'Payment was completed: \n\n' . $item_name . '\n' . $item_number . '\n' . $payment_status . '\n' . $payment_amount . '\n' . $payment_currency . '\n' . $txn_id . '\n' . $receiver_email . '\n' . $payer_email . '\n' . $invoice_id . '\n' . $payment_status, "From: Payment Form");
}

}
else if (strcmp ($res, "INVALID") == 0) {
  mail('email@domain.com', 'A '.$item_name.' order has failed ', 'Payment has failed: \n\n' . $item_name . '\n' . $item_number . '\n' . $payment_status . '\n' . $payment_amount . '\n' . $payment_currency . '\n' . $txn_id . '\n' . $receiver_email . '\n' . $payer_email . '\n' . $invoice_id . '\n' . $payment_status, "From: Payment Form");

}
}
fclose ($fp);
}
?>

Page 2 (compares the information in the database to the information in the server variables):

Code: Select all

require_once("folder/connection.php");
  mysql_select_db($database_Payments, $Payments);
  $query_Recordset1 = "SELECT * FROM verify_payments ORDER BY id DESC";
  $Recordset1 = mysql_query($query_Recordset1, $Payments) or die(mysql_error());
  $row_Recordset1 = mysql_fetch_assoc($Recordset1);
  $totalRows_Recordset1 = mysql_num_rows($Recordset1);

  $db_payer_email = $row_Recordset1['name'];
  $db_txn_id = $row_Recordset1['txn_id'];
  $db_item_number = $row_Recordset1['item_number'];
  $db_session_id = $row_Recordset1['session_id'];
  $db_downed = $row_Recordset1['downed'];

  $session_payer_email = $_SESSION["name"];
  $session_txn_id = $_SESSION["txn_id"];
  $session_item_number = $_SESSION["item_number"];
  $session_session_id = $_SESSION["session_id"];
  $session_downed = $_SESSION["downed"];
  
  if ($db_payer_email == $session_payer_email && $db_txn_id == $session_txn_id && $db_item_number == $session_item_number && $db_session_id == $session_session_id && $db_downed == $session_downed && $db_downed == "1") {
	$updateSQL = sprintf("UPDATE verify_payments SET downed=%s WHERE session_id=%s",
                       "0",
                       $db_session_id);

	mysql_select_db($database_Payments, $Payments);
	$Result1 = mysql_query($updateSQL, $Payments) or die(mysql_error());

	header(sprintf("Location: folder1/folder2/file.mxp"));
  }
session_unset();
mysql_free_result($Recordset1);

Thanks again.

Posted: Sun Jun 25, 2006 12:15 am
by tecktalkcm0391
i don't see why you have:

Code: Select all

$session_id = ""; 
  for ($i=0; $i<30; $i++) { 
        $session_id .= chr(mt_rand(35, 126)); 
  }
PHP Manual wrote:Predefined Constants
The constants below are defined by this extension, and will only be available when the extension has either been compiled into PHP or dynamically loaded at runtime.


SID (string)
Constant containing either the session name and session ID in the form of "name=ID" or empty string if session ID was set in an appropriate session cookie.
You can just ask for the SID and then it will give you the Id that it made.

I am also confused with:

Code: Select all

$insertSQL = sprintf("INSERT INTO verify_payments (id, name, txn_id, item_number, session_id, downed) VALUES (%s, %s, %s, %s, %s, %s)", 
                       intval($row_Recordset1['id'])+1, 
                       $payer_email, 
                       $txn_id, 
                       $item_number, 
                       $session_id, 
                                           "1");
put

Code: Select all

session_start();
at the top of your page, its just easier, but in order for you page to still work, (and also just to make it more flawless) do this:

Code: Select all

<?php
// PUT THIS AS YOUR FIRST LINE:
ob_start();
// IT MAKES A MEMORY BUFFER SO THAT IT DOESN'T SEND ANY HEADERS AND MESS UP YOUR CODE

// YOUR PAGE CODE

// PUT THIS AS YOUR VERY LAST LINE OF CODE TO MAKE A CLEAN END OF THE MEMORY BUFFER
ob_flush();
?>
If you:

Code: Select all

//GET RID OF THIS:
$session_id = ""; 
  for ($i=0; $i<30; $i++) { 
        $session_id .= chr(mt_rand(35, 126)); 
  } 


// CHANGE THIS:
  $_SESSION["session_id"] = $session_id; 
// TO THIS:
 $_SESSION["session_id"] = $SID;
// IT WILL SET THE SESSION_ID VARIABLE TO THE SID

Code: Select all

//  IF YOU ARE GOING TO USE THE SESSIONS TO SEND THE USER TO ANOTHER PAGE WHERE THEY WILL BE READ THEN WHY ARE YOU USING:
session_unset(); 
// THAT ERASES ALL OF THE SESSION DATA
NOTE: Everything in this message is not tested.

Posted: Sun Jun 25, 2006 12:36 am
by Clukey
Thanks for the help, here is what I have now. What I'm really having a problem with is the mysql_query, for some reason it isn't inserting the record.

Code: Select all

<?php 
ob_start();
// read the post from PayPal system and add 'cmd' 
$req = 'cmd=_notify-validate'; 

foreach ($_POST as $key => $value) { 
$value = urlencode(stripslashes($value)); 
$req .= "&$key=$value"; 
} 
echo "test"; 
// post back to PayPal system to validate 
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n"; 
$header .= "Content-Type: application/x-www-form-urlencoded\r\n"; 
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; 
$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30); 

// assign posted variables to local variables 
$item_name = $_POST['item_name']; 
$item_number = $_POST['item_number']; 
$payment_status = $_POST['payment_status']; 
$payment_amount = $_POST['mc_gross']; 
$payment_currency = $_POST['mc_currency']; 
$txn_id = $_POST['txn_id']; 
$receiver_email = $_POST['receiver_email']; 
$payer_email = $_POST['payer_email']; 
$invoice_id = $_POST['invoice_id']; 
$payment_status = $_POST['payment_status']; 

if (!$fp) { 

} else { 
fputs ($fp, $header . $req); 
while (!feof($fp)) { 
$res = fgets ($fp, 1024); 
if (strcmp ($res, "VERIFIED") == 0) { 


if ($payment_status == "Completed") 
{ 

  $session_id = $SID; 


  $connection = mysql_connect ("localhost", "username", "password") or die ('I cannot connect to the database because: ' . mysql_error());
  mysql_select_db ("database");
  mysql_query ("INSERT INTO verify_payments (id, name, txn_id, item_number, session_id, downed) VALUES ('0', '".$payer_email."', '".$txn_id."', '".$item_number."', '".$session_id."', '1')")


  session_start(); 
  $_SESSION["item_number"] = $item_number; 
  $_SESSION["session_id"] = $session_id; 
  $_SESSION["txn_id"] = $txn_id; 
  $_SESSION["name"] = $payer_email; 
  $_SESSION["downned"] = "1"; 
  mail('email@domain.com', 'The '.$item_name.' has ordered!!', 'Payment was completed: \n\n' . $item_name . '\n' . $item_number . '\n' . $payment_status . '\n' . $payment_amount . '\n' . $payment_currency . '\n' . $txn_id . '\n' . $receiver_email . '\n' . $payer_email . '\n' . $invoice_id . '\n' . $payment_status, "From: Payment Form"); 
} 

} 
else if (strcmp ($res, "INVALID") == 0) { 
  mail('email@domain.com', 'A '.$item_name.' order has failed ', 'Payment has failed: \n\n' . $item_name . '\n' . $item_number . '\n' . $payment_status . '\n' . $payment_amount . '\n' . $payment_currency . '\n' . $txn_id . '\n' . $receiver_email . '\n' . $payer_email . '\n' . $invoice_id . '\n' . $payment_status, "From: Payment Form"); 

} 
} 
fclose ($fp); 
}
ob_flush();
?>

Posted: Sun Jun 25, 2006 2:29 am
by John Cartwright
firstly, you cannot define any output prior to using session_start();.. you should be getting the infamous headers already sent, and lose the output buffering functions..

mysql_query ("INSERT INTO verify_payments (id, name, txn_id, item_number, session_id, downed) VALUES ('0', '".$payer_email."', '".$txn_id."', '".$item_number."', '".$session_id."', '1')") or die(mysql_error());

add the bolded text to your query for a more insightful message as to why your query failed.

Posted: Sun Jun 25, 2006 11:48 am
by Clukey
Thanks, I figured out why my query wasn't working, I forgot to put a ; after the query line. My last question (hopefully :D ) is about the session variables. This code is executed by paypal when a user makes a purchase, paypal then goes to a redirection page and then sends the user back to my site, and unfortunately the session variables aren't showing up when I get back to my site. How can I get them to pass through the paypal page and stay till they get back to my site? Thanks.