PageRenderTime 72ms CodeModel.GetById 20ms RepoModel.GetById 2ms app.codeStats 0ms

/builder2/elements/pix_mail/paypal_ipn.php

https://gitlab.com/PhaseHosting/whmcs-customisations
PHP | 187 lines | 145 code | 17 blank | 25 comment | 20 complexity | dc65a8258de3712ba5d6ef0b756b911d MD5 | raw file
    

  1. <?php
    2. 

  2. // FLATPACK - Paypal forms ipn emails notifications
    3. 

  3. // By PixFort
    4. 

  4. // http://pixfort.com
    5. 

  5. // Copyright PixFort 2016
    6. 

  6. 

  7. // CONFIG: Enable debug mode. This means we'll log requests into 'ipn.log' in the same directory.
    8. 

  8. // Especially useful if you encounter network errors or other intermittent problems with IPN (validation).
    9. 

  9. // Set this to 0 once you go live or don't require logging.
    10. 

  10. define("DEBUG", 1);
    11. 

  11. 

  12. // Set to 0 once you're ready to go live
    13. 

  13. define("USE_SANDBOX", 1);
    14. 

  14. 

  15. 

  16. define("LOG_FILE", "./ipn.log");
    17. 

  17. 

  18. include("config.php");
    19. 

  19. 

  20. $subject = "FLATPACK PayPal Form Notification";
    21. 

  21. 

  22. // Read POST data
    23. 

  23. // reading posted data directly from $_POST causes serialization
    24. 

  24. // issues with array data in POST. Reading raw POST data from input stream instead.
    25. 

  25. $raw_post_data = file_get_contents('php://input');
    26. 

  26. $raw_post_array = explode('&', $raw_post_data);
    27. 

  27. $myPost = array();
    28. 

  28. foreach ($raw_post_array as $keyval) {
    29. 

  29. 	$keyval = explode ('=', $keyval);
    30. 

  30. 	if (count($keyval) == 2)
    31. 

  31. 		$myPost[$keyval[0]] = urldecode($keyval[1]);
    32. 

  32. }
    33. 

  33. // read the post from PayPal system and add 'cmd'
    34. 

  34. $req = 'cmd=_notify-validate';
    35. 

  35. if(function_exists('get_magic_quotes_gpc')) {
    36. 

  36. 	$get_magic_quotes_exists = true;
    37. 

  37. }
    38. 

  38. foreach ($myPost as $key => $value) {
    39. 

  39. 	if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
    40. 

  40. 		$value = urlencode(stripslashes($value));
    41. 

  41. 	} else {
    42. 

  42. 		$value = urlencode($value);
    43. 

  43. 	}
    44. 

  44. 	$req .= "&$key=$value";
    45. 

  45. }
    46. 

  46. 

  47. // Post IPN data back to PayPal to validate the IPN data is genuine
    48. 

  48. // Without this step anyone can fake IPN data
    49. 

  49. 

  50. if(USE_SANDBOX == true) {
    51. 

  51. 	$paypal_url = "https://www.sandbox.paypal.com/cgi-bin/webscr";
    52. 

  52. } else {
    53. 

  53. 	$paypal_url = "https://www.paypal.com/cgi-bin/webscr";
    54. 

  54. }
    55. 

  55. 

  56. $ch = curl_init($paypal_url);
    57. 

  57. if ($ch == FALSE) {
    58. 

  58. 	return FALSE;
    59. 

  59. }
    60. 

  60. 

  61. curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
    62. 

  62. curl_setopt($ch, CURLOPT_POST, 1);
    63. 

  63. curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
    64. 

  64. curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
    65. 

  65. // curl_setopt($ch, CURLOPT_SSLVERSION, 4);
    66. 

  66. // curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, "TLSv1");
    67. 

  67. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
    68. 

  68. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
    69. 

  69. curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
    70. 

  70. 

  71. if(DEBUG == true) {
    72. 

  72. 	curl_setopt($ch, CURLOPT_HEADER, 1);
    73. 

  73. 	curl_setopt($ch, CURLINFO_HEADER_OUT, 1);
    74. 

  74. }
    75. 

  75. 

  76. // CONFIG: Optional proxy configuration
    77. 

  77. //curl_setopt($ch, CURLOPT_PROXY, $proxy);
    78. 

  78. //curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
    79. 

  79. 

  80. // Set TCP timeout to 30 seconds
    81. 

  81. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
    82. 

  82. curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
    83. 

  83. 

  84. // CONFIG: Please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
    85. 

  85. // of the certificate as shown below. Ensure the file is readable by the webserver.
    86. 

  86. // This is mandatory for some environments.
    87. 

  87. 

  88. //$cert = __DIR__ . "./cacert.pem";
    89. 

  89. //curl_setopt($ch, CURLOPT_CAINFO, $cert);
    90. 

  90. 

  91. $res = curl_exec($ch);
    92. 

  92. error_log(date('[Y-m-d H:i e] '). "HTTP request of validation request:". curl_getinfo($ch, CURLINFO_HEADER_OUT) ." for IPN payload: $req" . PHP_EOL, 3, LOG_FILE);
    93. 

  93. error_log(date('[Y-m-d H:i e] '). "HTTP response of validation request: $res" . PHP_EOL, 3, LOG_FILE);
    94. 

  94. if (curl_errno($ch) != 0) // cURL error
    95. 

  95. 	{
    96. 

  96. 	if(DEBUG == true) {	
    97. 

  97. 		error_log(date('[Y-m-d H:i e] '). "Can't connect to PayPal to validate IPN message: " . curl_error($ch) . PHP_EOL, 3, LOG_FILE);
    98. 

  98. 	}
    99. 

  99. 	curl_close($ch);
    100. 

  100. 	exit;
    101. 

  101. 

  102. } else {
    103. 

  103. 		// Log the entire HTTP response if debug is switched on.
    104. 

  104. 		if(DEBUG == true) {
    105. 

  105. 			error_log(date('[Y-m-d H:i e] '). "HTTP request of validation request:". curl_getinfo($ch, CURLINFO_HEADER_OUT) ." for IPN payload: $req" . PHP_EOL, 3, LOG_FILE);
    106. 

  106. 			error_log(date('[Y-m-d H:i e] '). "HTTP response of validation request: $res" . PHP_EOL, 3, LOG_FILE);
    107. 

  107. 		}
    108. 

  108. 		curl_close($ch);
    109. 

  109. }
    110. 

  110. 

  111. // Inspect IPN validation result and act accordingly
    112. 

  112. 

  113. // Split response headers and payload, a better way for strcmp
    114. 

  114. $tokens = explode("\r\n\r\n", trim($res));
    115. 

  115. $res = trim(end($tokens));
    116. 

  116. 

  117. if (strcmp ($res, "VERIFIED") == 0) {
    118. 

  118. 	// check whether the payment_status is Completed
    119. 

  119. 	// check that txn_id has not been previously processed
    120. 

  120. 	// check that receiver_email is your PayPal email
    121. 

  121. 	// check that payment_amount/payment_currency are correct
    122. 

  122. 	// process payment and mark item as paid.
    123. 

  123. 

  124. 	// assign posted variables to local variables
    125. 

  125. 	$item_name = $_POST['item_name'];
    126. 

  126. 	$item_number = $_POST['item_number'];
    127. 

  127. 	$payment_status = $_POST['payment_status'];
    128. 

  128. 	$payment_amount = $_POST['mc_gross'];
    129. 

  129. 	$payment_currency = $_POST['mc_currency'];
    130. 

  130. 	$txn_id = $_POST['txn_id'];
    131. 

  131. 	$receiver_email = $_POST['receiver_email'];
    132. 

  132. 	$payer_email = $_POST['payer_email'];
    133. 

  133. 	$payer_fname = $_POST['first_name'];
    134. 

  134. 	$payer_lname = $_POST['last_name'];
    135. 

  135. 

  136. 

  137. 	if($receiver_email){$to_Email=$receiver_email;}
    138. 

  138. 	$msg_header = "Thank you for your purchase.<br>";
    139. 

  139. 	$final_msg = "Item Name : " . $item_name . "<br>";
    140. 

  140. 	$final_msg .= "Item Number : " . $item_number . "<br>";
    141. 

  141. 	$final_msg .= "Payment status : " . $payment_status . "<br>";
    142. 

  142. 	$final_msg .= "Payment amount : " . $payment_amount . "<br>";
    143. 

  143. 	$final_msg .= "Payment currency : " . $payment_currency . "<br>";
    144. 

  144. 	$final_msg .= "txn_id : " . $txn_id . "<br>";
    145. 

  145. 	$final_msg .= "Receiver email : " . $receiver_email . "<br>";
    146. 

  146. 	$final_msg .= "Payer email : " . $payer_email . "<br>";
    147. 

  147. 	$final_msg .= "Payer First Name : " . $payer_fname . "<br>";
    148. 

  148. 	$final_msg .= "Payer First Name : " . $payer_lname . "<br>";
    149. 

  149. 	$final_msg .= "<br>---------------------------------------------------<br>";
    150. 

  150. 	$msg_footer = "Paypal Payment Form by PixFort<br>";
    151. 

  151. 	$msg_footer .= "Envato: http://themeforest.net/user/pixfort<br>";
    152. 

  152. 	$msg_footer .= "Website: http://pixfort.com<br>";
    153. 

  153. 

  154. 	$headers = 'From: '.$to_Email.'' . "\r\n" .
    155. 

  155. 	'Reply-To: '.$to_Email.'' . "\r\n" .
    156. 

  156. 	'X-Mailer: PHP/' . phpversion().'' . "\r\n" .
    157. 

  157. 	"Content-Type: text/html;charset=utf-8";
    158. 

  158. 	
    159. 

  159. 	$seller_msg = $final_msg . $msg_footer;
    160. 

  160. 	$buyer_msg = $msg_header . $final_msg;
    161. 

  161. 	// send mail
    162. 

  162. 	$sentMail1 = @mail($to_Email, $subject, $seller_msg, $headers);
    163. 

  163. 	$sentMail2 = @mail($payer_email, $subject, $buyer_msg, $headers);
    164. 

  164. 

  165. 	if(!$sentMail1) {
    166. 

  166. 		error_log(date('[Y-m-d H:i e] '). "PixFort Notification sentMail1 send failed". PHP_EOL, 3, LOG_FILE);
    167. 

  167. 	}else{
    168. 

  168. 		error_log(date('[Y-m-d H:i e] '). "PixFort Notification sentMail1 sent successfully". PHP_EOL, 3, LOG_FILE);
    169. 

  169. 	}
    170. 

  170. 	if(!$sentMail2) {
    171. 

  171. 		error_log(date('[Y-m-d H:i e] '). "PixFort Notification sentMail2 send failed". PHP_EOL, 3, LOG_FILE);
    172. 

  172. 	}else{
    173. 

  173. 		error_log(date('[Y-m-d H:i e] '). "PixFort Notification sentMail2 sent successfully". PHP_EOL, 3, LOG_FILE);
    174. 

  174. 	}
    175. 

  175. 	
    176. 

  176. 	if(DEBUG == true) {
    177. 

  177. 		error_log(date('[Y-m-d H:i e] '). "Verified IPN: $req ". PHP_EOL, 3, LOG_FILE);
    178. 

  178. 	}
    179. 

  179. } else if (strcmp ($res, "INVALID") == 0) {
    180. 

  180. 	// log for manual investigation
    181. 

  181. 	// Add business logic here which deals with invalid IPN messages
    182. 

  182. 	if(DEBUG == true) {
    183. 

  183. 		error_log(date('[Y-m-d H:i e] '). "Invalid IPN: $req" . PHP_EOL, 3, LOG_FILE);
    184. 

  184. 	}
    185. 

  185. }
    186. 

  186. 

  187. ?>
    188. 

  188.