PageRenderTime 27ms CodeModel.GetById 13ms RepoModel.GetById 0ms app.codeStats 0ms

/enrol/paypal/ipn.php

https://github.com/nadavkav/MoodleTAO
PHP | 232 lines | 138 code | 62 blank | 32 comment | 38 complexity | 0997165ee4ec814c1afdcd7bdb7c0ab5 MD5 | raw file
    

  1. <?php  // $Id$
    2. 

  2. 

  3. /**
    4. 

  4. * Listens for Instant Payment Notification from PayPal
    5. 

  5. *
    6. 

  6. * This script waits for Payment notification from PayPal,
    7. 

  7. * then double checks that data by sending it back to PayPal.
    8. 

  8. * If PayPal verifies this then it sets up the enrolment for that
    9. 

  9. *
    10. 

  10. * Set the $user->timeaccess course array
    11. 

  11. *
    12. 

  12. * @param    user  referenced object, must contain $user->id already set
    13. 

  13. */
    14. 

  14. 

  15. 

  16.     require("../../config.php");
    17. 

  17.     require("enrol.php");
    18. 

  18. 

  19. /// Keep out casual intruders
    20. 

  20.     if (empty($_POST) or !empty($_GET)) {
    21. 

  21.         error("Sorry, you can not use the script that way.");
    22. 

  22.     }
    23. 

  23. 

  24. /// Read all the data from PayPal and get it ready for later;
    25. 

  25. /// we expect only valid UTF-8 encoding, it is the responsibility
    26. 

  26. /// of user to set it up properly in PayPal business acount,
    27. 

  27. /// it is documented in docs wiki.
    28. 

  28. 

  29.     $req = 'cmd=_notify-validate';
    30. 

  30. 

  31.     $data = new object();
    32. 

  32. 

  33.     foreach ($_POST as $key => $value) {
    34. 

  34.         $value = stripslashes($value);
    35. 

  35.         $req .= "&$key=".urlencode($value);
    36. 

  36.         $data->$key = $value;
    37. 

  37.     }
    38. 

  38. 

  39.     $custom = explode('-', $data->custom);
    40. 

  40.     $data->userid           = (int)$custom[0];
    41. 

  41.     $data->courseid         = (int)$custom[1];
    42. 

  42.     $data->payment_gross    = $data->mc_gross;
    43. 

  43.     $data->payment_currency = $data->mc_currency;
    44. 

  44.     $data->timeupdated      = time();
    45. 

  45. 

  46. 

  47. /// get the user and course records
    48. 

  48. 

  49.     if (! $user = get_record("user", "id", $data->userid) ) {
    50. 

  50.         email_paypal_error_to_admin("Not a valid user id", $data);
    51. 

  51.         die;
    52. 

  52.     }
    53. 

  53. 

  54.     if (! $course = get_record("course", "id", $data->courseid) ) {
    55. 

  55.         email_paypal_error_to_admin("Not a valid course id", $data);
    56. 

  56.         die;
    57. 

  57.     }
    58. 

  58. 

  59.     if (! $context = get_context_instance(CONTEXT_COURSE, $course->id)) {
    60. 

  60.         email_paypal_error_to_admin("Not a valid context id", $data);
    61. 

  61.         die;
    62. 

  62.     }
    63. 

  63. 

  64. /// Open a connection back to PayPal to validate the data
    65. 

  65. 

  66.     $header = '';
    67. 

  67.     $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
    68. 

  68.     $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
    69. 

  69.     $header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
    70. 

  70.     $paypaladdr = empty($CFG->usepaypalsandbox) ? 'www.paypal.com' : 'www.sandbox.paypal.com';
    71. 

  71.     $fp = fsockopen ($paypaladdr, 80, $errno, $errstr, 30);
    72. 

  72. 

  73.     if (!$fp) {  /// Could not open a socket to PayPal - FAIL
    74. 

  74.         echo "<p>Error: could not access paypal.com</p>";
    75. 

  75.         email_paypal_error_to_admin("Could not access paypal.com to verify payment", $data);
    76. 

  76.         die;
    77. 

  77.     }
    78. 

  78. 

  79. /// Connection is OK, so now we post the data to validate it
    80. 

  80. 

  81.     fputs ($fp, $header.$req);
    82. 

  82. 

  83. /// Now read the response and check if everything is OK.
    84. 

  84. 

  85.     while (!feof($fp)) {
    86. 

  86.         $result = fgets($fp, 1024);
    87. 

  87.         if (strcmp($result, "VERIFIED") == 0) {          // VALID PAYMENT!
    88. 

  88. 

  89. 

  90.             // check the payment_status and payment_reason
    91. 

  91. 

  92.             // If status is not completed or pending then unenrol the student if already enrolled
    93. 

  93.             // and notify admin
    94. 

  94. 

  95.             if ($data->payment_status != "Completed" and $data->payment_status != "Pending") {
    96. 

  96.                 role_unassign(0, $data->userid, 0, $context->id);
    97. 

  97.                 email_paypal_error_to_admin("Status not completed or pending. User unenrolled from course", $data);
    98. 

  98.                 die;
    99. 

  99.             }
    100. 

  100. 

  101.             // If currency is incorrectly set then someone maybe trying to cheat the system 
    102. 

  102. 

  103.             if ($data->mc_currency != $course->currency) {
    104. 

  104.                 email_paypal_error_to_admin("Currency does not match course settings, received: ".addslashes($data->mc_currency), $data);
    105. 

  105.                 die;
    106. 

  106.             }
    107. 

  107. 

  108.             // If status is pending and reason is other than echeck then we are on hold until further notice
    109. 

  109.             // Email user to let them know. Email admin.
    110. 

  110. 

  111.             if ($data->payment_status == "Pending" and $data->pending_reason != "echeck") {
    112. 

  112.                 email_to_user($user, get_admin(), "Moodle: PayPal payment", "Your PayPal payment is pending.");
    113. 

  113.                 email_paypal_error_to_admin("Payment pending", $data);
    114. 

  114.                 die;
    115. 

  115.             }
    116. 

  116. 

  117.             // If our status is not completed or not pending on an echeck clearance then ignore and die
    118. 

  118.             // This check is redundant at present but may be useful if paypal extend the return codes in the future
    119. 

  119. 

  120.             if (! ( $data->payment_status == "Completed" or
    121. 

  121.                    ($data->payment_status == "Pending" and $data->pending_reason == "echeck") ) ) {
    122. 

  122.                 die;
    123. 

  123.             }
    124. 

  124. 

  125.             // At this point we only proceed with a status of completed or pending with a reason of echeck
    126. 

  126. 

  127. 

  128. 

  129.             if ($existing = get_record("enrol_paypal", "txn_id", addslashes($data->txn_id))) {   // Make sure this transaction doesn't exist already
    130. 

  130.                 email_paypal_error_to_admin("Transaction $data->txn_id is being repeated!", $data);
    131. 

  131.                 die;
    132. 

  132. 

  133.             }
    134. 

  134. 

  135.             if ($data->business != $CFG->enrol_paypalbusiness) {   // Check that the email is the one we want it to be
    136. 

  136.                 email_paypal_error_to_admin("Business email is $data->business (not $CFG->enrol_paypalbusiness)", $data);
    137. 

  137.                 die;
    138. 

  138. 

  139.             }
    140. 

  140. 

  141.             if (!$user = get_record('user', 'id', $data->userid)) {   // Check that user exists
    142. 

  142.                 email_paypal_error_to_admin("User $data->userid doesn't exist", $data);
    143. 

  143.                 die;
    144. 

  144.             }
    145. 

  145. 

  146.             if (!$course = get_record('course', 'id', $data->courseid)) { // Check that course exists
    147. 

  147.                 email_paypal_error_to_admin("Course $data->courseid doesn't exist", $data);;
    148. 

  148.                 die;
    149. 

  149.             }
    150. 

  150. 

  151.             // Check that amount paid is the correct amount
    152. 

  152.             if ( (float) $course->cost < 0 ) {
    153. 

  153.                 $cost = (float) $CFG->enrol_cost;
    154. 

  154.             } else {
    155. 

  155.                 $cost = (float) $course->cost;
    156. 

  156.             }
    157. 

  157. 

  158.             if ($data->payment_gross < $cost) {
    159. 

  159.                 $cost = format_float($cost, 2);
    160. 

  160.                 email_paypal_error_to_admin("Amount paid is not enough ($data->payment_gross < $cost))", $data);
    161. 

  161.                 die;
    162. 

  162. 

  163.             }
    164. 

  164. 

  165.             // ALL CLEAR !
    166. 

  166. 

  167.             if (!insert_record("enrol_paypal", addslashes_object($data))) {       // Insert a transaction record
    168. 

  168.                 email_paypal_error_to_admin("Error while trying to insert valid transaction", $data);
    169. 

  169.             }
    170. 

  170. 

  171.             if (!enrol_into_course($course, $user, 'paypal')) {
    172. 

  172.                 email_paypal_error_to_admin("Error while trying to enrol ".fullname($user)." in '$course->fullname'", $data);
    173. 

  173.                 die;
    174. 

  174.             } else {
    175. 

  175.                 $teacher = get_teacher($course->id);
    176. 

  176. 

  177.                 if (!empty($CFG->enrol_mailstudents)) {
    178. 

  178.                     $a->coursename = $course->fullname;
    179. 

  179.                     $a->profileurl = "$CFG->wwwroot/user/view.php?id=$user->id";
    180. 

  180.                     email_to_user($user, $teacher, get_string("enrolmentnew", '', $course->shortname),
    181. 

  181.                                   get_string('welcometocoursetext', '', $a));
    182. 

  182.                 }
    183. 

  183. 

  184.                 if (!empty($CFG->enrol_mailteachers)) {
    185. 

  185.                     $a->course = $course->fullname;
    186. 

  186.                     $a->user = fullname($user);
    187. 

  187.                     email_to_user($teacher, $user, get_string("enrolmentnew", '', $course->shortname),
    188. 

  188.                                   get_string('enrolmentnewuser', '', $a));
    189. 

  189.                 }
    190. 

  190. 

  191.                 if (!empty($CFG->enrol_mailadmins)) {
    192. 

  192.                     $a->course = $course->fullname;
    193. 

  193.                     $a->user = fullname($user);
    194. 

  194.                     $admins = get_admins();
    195. 

  195.                     foreach ($admins as $admin) {
    196. 

  196.                         email_to_user($admin, $user, get_string("enrolmentnew", '', $course->shortname),
    197. 

  197.                                       get_string('enrolmentnewuser', '', $a));
    198. 

  198.                     }
    199. 

  199.                 }
    200. 

  200. 

  201.             }
    202. 

  202. 

  203. 

  204.         } else if (strcmp ($result, "INVALID") == 0) { // ERROR
    205. 

  205.             insert_record("enrol_paypal", addslashes_object($data), false);
    206. 

  206.             email_paypal_error_to_admin("Received an invalid payment notification!! (Fake payment?)", $data);
    207. 

  207.         }
    208. 

  208.     }
    209. 

  209. 

  210.     fclose($fp);
    211. 

  211.     exit;
    212. 

  212. 

  213. 

  214. 

  215. /// FUNCTIONS //////////////////////////////////////////////////////////////////
    216. 

  216. 

  217. 

  218. function email_paypal_error_to_admin($subject, $data) {
    219. 

  219.     $admin = get_admin();
    220. 

  220.     $site = get_site();
    221. 

  221. 

  222.     $message = "$site->fullname:  Transaction failed.\n\n$subject\n\n";
    223. 

  223. 

  224.     foreach ($data as $key => $value) {
    225. 

  225.         $message .= "$key => $value\n";
    226. 

  226.     }
    227. 

  227. 

  228.     email_to_user($admin, $admin, "PAYPAL ERROR: ".$subject, $message);
    229. 

  229. 

  230. }
    231. 

  231. 

  232. ?>
    233. 

  233.