require_once(__DIR__.'/'.'inc/wfpl/format.php');
function paypal_ipn_main() {
- // read the post from PayPal system and add 'cmd'
- $req = 'cmd=_notify-validate';
- $log = 'Received IPN:';
+ // read the post from PayPal system and add 'cmd'
+ $req = 'cmd=_notify-validate';
+ $log = 'Received IPN:';
- foreach ($_POST as $key => $value) {
- $log .= "\n$key: $value";
- $value = urlencode($value);
- $req .= "&$key=$value";
- }
+ foreach ($_POST as $key => $value) {
+ $log .= "\n$key: $value";
+ $value = urlencode($value);
+ $req .= "&$key=$value";
+ }
- // assign posted variables to local variables
- $item_name = isset($_POST['item_name']) ? $_POST['item_name'] : '';
- $item_number = isset($_POST['item_number']) ? $_POST['item_number'] : '';
- $payment_status = isset($_POST['payment_status']) ? $_POST['payment_status'] : '';
- $mc_gross = isset($_POST['mc_gross']) ? $_POST['mc_gross'] : '';
- $mc_currency = isset($_POST['mc_currency']) ? $_POST['mc_currency'] : '';
- $txn_id = isset($_POST['txn_id']) ? $_POST['txn_id'] : '';
- $receiver_email = isset($_POST['receiver_email']) ? $_POST['receiver_email'] : '';
- $payer_email = isset($_POST['payer_email']) ? $_POST['payer_email'] : '';
- $custom = isset($_POST['custom']) ? $_POST['custom'] : '';
- $txn_type = isset($_POST['txn_type']) ? $_POST['txn_type'] : '';
- $subscr_id = isset($_POST['subscr_id']) ? $_POST['subscr_id'] : '';
- $needs_review = 1;
+ // assign posted variables to local variables
+ $item_name = isset($_POST['item_name']) ? $_POST['item_name'] : '';
+ $item_number = isset($_POST['item_number']) ? $_POST['item_number'] : '';
+ $payment_status = isset($_POST['payment_status']) ? $_POST['payment_status'] : '';
+ $mc_gross = isset($_POST['mc_gross']) ? $_POST['mc_gross'] : '';
+ $mc_currency = isset($_POST['mc_currency']) ? $_POST['mc_currency'] : '';
+ $txn_id = isset($_POST['txn_id']) ? $_POST['txn_id'] : '';
+ $receiver_email = isset($_POST['receiver_email']) ? $_POST['receiver_email'] : '';
+ $payer_email = isset($_POST['payer_email']) ? $_POST['payer_email'] : '';
+ $custom = isset($_POST['custom']) ? $_POST['custom'] : '';
+ $txn_type = isset($_POST['txn_type']) ? $_POST['txn_type'] : '';
+ $subscr_id = isset($_POST['subscr_id']) ? $_POST['subscr_id'] : '';
+ $needs_review = 1;
- $status = 'unknown';
+ $status = 'unknown';
- $ch = curl_init($GLOBALS['paypal_site'] . '/cgi-bin/webscr');
- if ($ch == false) {
- $status = 'curl_init failed';
- } else {
- curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
- curl_setopt($ch, CURLOPT_POST, 1);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
- curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
- curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
- curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
- curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
- curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
- $res = curl_exec($ch);
- $curl_errno = curl_errno($ch);
- curl_close($ch);
- if ($curl_errno != 0) {
- $status = 'curl fail: ' . $curl_errno;
- } else {
- // Split response headers and payload, a better way for strcmp
- $tokens = explode("\r\n\r\n", trim($res));
- $res = trim(end($tokens));
- $res_word = trim($tokens[count($tokens) - 1]);
- if ($res_word === 'VERIFIED') {
- $status = 'verified';
- } elseif ($res_word === 'INVALID') {
- $status = 'invalid';
- } else {
- $log .= "\n\nCan't figure out PayPal verify reply:\n" . $res;
- }
- }
- }
+ $ch = curl_init($GLOBALS['paypal_site'] . '/cgi-bin/webscr');
+ if ($ch == false) {
+ $status = 'curl_init failed';
+ } else {
+ curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
+ curl_setopt($ch, CURLOPT_POST, 1);
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
+ curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
+ curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
+ curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
+ curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
+ $res = curl_exec($ch);
+ $curl_errno = curl_errno($ch);
+ curl_close($ch);
+ if ($curl_errno != 0) {
+ $status = 'curl fail: ' . $curl_errno;
+ } else {
+ // Split response headers and payload, a better way for strcmp
+ $tokens = explode("\r\n\r\n", trim($res));
+ $res = trim(end($tokens));
+ $res_word = trim($tokens[count($tokens) - 1]);
+ if ($res_word === 'VERIFIED') {
+ $status = 'verified';
+ } elseif ($res_word === 'INVALID') {
+ $status = 'invalid';
+ } else {
+ $log .= "\n\nCan't figure out PayPal verify reply:\n" . $res;
+ }
+ }
+ }
- $row = [
- 'txn_id' => $txn_id,
- 'status' => $status,
- 'custom' => $custom,
- 'item_name' => $item_name,
- 'item_number' => $item_number,
- 'needs_review' => $needs_review,
- 'payment_status' => $payment_status,
- 'mc_gross' => $mc_gross,
- 'mc_currency' => $mc_currency,
- 'receiver_email' => $receiver_email,
- 'payer_email' => $payer_email,
- 'log' => $log,
- 'txn_type' => $txn_type,
- 'subscr_id' => $subscr_id,
- 'user_id' => $user_id,
- 'ipn_at' => time()
- ];
+ $row = [
+ 'txn_id' => $txn_id,
+ 'status' => $status,
+ 'custom' => $custom,
+ 'item_name' => $item_name,
+ 'item_number' => $item_number,
+ 'needs_review' => $needs_review,
+ 'payment_status' => $payment_status,
+ 'mc_gross' => $mc_gross,
+ 'mc_currency' => $mc_currency,
+ 'receiver_email' => $receiver_email,
+ 'payer_email' => $payer_email,
+ 'log' => $log,
+ 'txn_type' => $txn_type,
+ 'subscr_id' => $subscr_id,
+ 'user_id' => $user_id,
+ 'ipn_at' => time()
+ ];
- db_insert_assoc('paypal_ipn', $row);
- $row['id'] = $ipn_id = db_auto_id();
+ db_insert_assoc('paypal_ipn', $row);
+ $row['id'] = $ipn_id = db_auto_id();
- if($status !== 'verified') { # it's really from PayPal
- paypal_ipn_main_debug("status is not \"verified\" but is \"$status\"");
- } elseif ($txn_type !== 'subscr_payment' && $txn_type !== 'web_accept') {
- if ($txn_type !== 'subscr_signup' && $txn_type !== 'subscr_cancel' && $txn_type !== 'subscr_eot') {
- # subscr_cancel is sent when they cancel. After that:
- # subscr_eot is sent when their next payment would have been
- paypal_ipn_main_debug("txn_type is not \"subscr_payment\", \"subscr_signup\", \"subscr_cancel\", \"subscr_eot\" or \"web_accept\" but is \"$txn_type\"");
- }
- } elseif ($payment_status !== 'Completed') { # payment has completed
- if ($payment_status !== 'Pending') {
- paypal_ipn_main_debug("payment_status is not \"Completed\" or \"Pending\", but is \"$payment_status\"");
- }
- } elseif ($receiver_email !== $GLOBALS['paypal_email']) {
- paypal_ipn_main_debug("payment isn't to us ($GLOBALS[paypal_email]) but to \"$receiver_email\"");
- } elseif ($mc_currency !== 'USD') {
- paypal_ipn_main_debug("Currency isn't \"USD\" but is \"$mc_currency\"");
- } else {
- $custom_words = explode(' ', $custom);
- if (!isset($GLOBALS['payment_handlers'][$custom_words[0]])) {
- paypal_ipn_main_debug("\$custom's first word isn't in GLOBALS[payment_handlers]. \$custom: \"$custom\"");
- } else {
- # FIXME add parameter with everything from paypal
- $ret = file_run($GLOBALS['payment_handlers'][$custom_words[0]], $custom_words, $mc_gross, $row);
- if ($ret and is_array($ret) and isset($ret['success']) and $ret['success']) {
- $update = ['processed' => '1'];
- if (isset($ret['for_table_id']) and isset($ret['for_row_id'])) {
- $tid = format_int_0((string)$ret['for_table_id']);
- $rid = format_int_0((string)$ret['for_row_id']);
- if ((int)$tid > 0 and (int)$rid > 0) {
- $update['for_table_id'] = $tid;
- $update['for_row_id'] = $rid;
- }
- }
- db_update_assoc('paypal_ipn', $update);
- } else {
- paypal_ipn_main_debug($user, $old_date, $was_expired);
- }
- }
- }
+ if($status !== 'verified') { # it's really from PayPal
+ paypal_ipn_main_debug("status is not \"verified\" but is \"$status\"");
+ } elseif ($txn_type !== 'subscr_payment' && $txn_type !== 'web_accept') {
+ if ($txn_type !== 'subscr_signup' && $txn_type !== 'subscr_cancel' && $txn_type !== 'subscr_eot') {
+ # subscr_cancel is sent when they cancel. After that:
+ # subscr_eot is sent when their next payment would have been
+ paypal_ipn_main_debug("txn_type is not \"subscr_payment\", \"subscr_signup\", \"subscr_cancel\", \"subscr_eot\" or \"web_accept\" but is \"$txn_type\"");
+ }
+ } elseif ($payment_status !== 'Completed') { # payment has completed
+ if ($payment_status !== 'Pending') {
+ paypal_ipn_main_debug("payment_status is not \"Completed\" or \"Pending\", but is \"$payment_status\"");
+ }
+ } elseif ($receiver_email !== $GLOBALS['paypal_email']) {
+ paypal_ipn_main_debug("payment isn't to us ($GLOBALS[paypal_email]) but to \"$receiver_email\"");
+ } elseif ($mc_currency !== 'USD') {
+ paypal_ipn_main_debug("Currency isn't \"USD\" but is \"$mc_currency\"");
+ } else {
+ $custom_words = explode(' ', $custom);
+ if (!isset($GLOBALS['payment_handlers'][$custom_words[0]])) {
+ paypal_ipn_main_debug("\$custom's first word isn't in GLOBALS[payment_handlers]. \$custom: \"$custom\"");
+ } else {
+ $ret = file_run($GLOBALS['payment_handlers'][$custom_words[0]], $custom_words, $mc_gross, $row);
+ if ($ret and is_array($ret) and isset($ret['success']) and $ret['success']) {
+ $update = ['processed' => '1'];
+ if (isset($ret['for_table_id']) and isset($ret['for_row_id'])) {
+ $tid = format_int_0((string)$ret['for_table_id']);
+ $rid = format_int_0((string)$ret['for_row_id']);
+ if ((int)$tid > 0 and (int)$rid > 0) {
+ $update['for_table_id'] = $tid;
+ $update['for_row_id'] = $rid;
+ }
+ }
+ db_update_assoc('paypal_ipn', $update);
+ } else {
+ paypal_ipn_main_debug($user, $old_date, $was_expired);
+ }
+ }
+ }
}
function paypal_ipn_main_debug($message) {
- $message = this_host() . ' paypal payment failure ' . $_POST['ipn_track_id'] . "\n\n" . $message;
- $message .= "\n\nDump of all info received:\n";
- foreach ($_POST as $key => $value) {
- $message .= "\t$key: $value\n";
- }
- $template_vars = ['details' => $message];
- email_with_template(null, 'backend_debug', $template_vars);
+ $message = this_host() . ' paypal payment failure ' . $_POST['ipn_track_id'] . "\n\n" . $message;
+ $message .= "\n\nDump of all info received:\n";
+ foreach ($_POST as $key => $value) {
+ $message .= "\t$key: $value\n";
+ }
+ $template_vars = ['details' => $message];
+ email_with_template(null, 'backend_debug', $template_vars);
}
# this file is accessed directly from the paypal IPN system