PageRenderTime 40ms CodeModel.GetById 15ms RepoModel.GetById 0ms app.codeStats 0ms

/validate.php

https://github.com/nlstart/easyshop
PHP | 153 lines | 107 code | 7 blank | 39 comment | 40 complexity | 45092fcd95fdd8756d993f00f4004de6 MD5 | raw file
  1. <?php
  2. /*
  3. +------------------------------------------------------------------------------+
  4. | EasyShop - an easy e107 web shop | adapted by nlstart
  5. | formerly known as
  6. | jbShop - by Jesse Burns aka jburns131 aka Jakle
  7. | Plugin Support Site: e107.webstartinternet.com
  8. |
  9. | For the e107 website system visit http://e107.org
  10. |
  11. | Released under the terms and conditions of the
  12. | GNU General Public License (http://gnu.org).
  13. | Code addition by KVN to support nlstart
  14. | Aug 2008 :- IPN API and basic Stock Tracking functions
  15. +------------------------------------------------------------------------------+
  16. */
  17. // class2.php is the heart of e107, always include it first to give access to e107 constants and variables
  18. require_once('../../class2.php');
  19. // Include auth.php rather than header.php ensures an admin user is logged in
  20. require_once(HEADERF);
  21. require_once('includes/config.php');
  22. // Get language file (assume that the English language file is always present)
  23. include_lan(e_PLUGIN.'easyshop/languages/'.e_LANGUAGE.'.php');
  24. // Read the post from PayPal system and add 'cmd'
  25. $req = 'cmd=_notify-validate';
  26. require_once('includes/ipn_functions.php');
  27. require_once('easyshop_class.php');
  28. foreach ($_POST as $key => $value) {
  29. $value = urlencode(stripslashes($value));
  30. $req .= "&$key=$value";
  31. }
  32. $log = fopen("ipn.log", "a");
  33. fwrite($log, "\n\nipn - " . gmstrftime ("%b %d %Y %H:%M:%S", time()));
  34. // Retrieve the sandbox setting from the shop preferences
  35. $sql = new db;
  36. $sql -> db_Select(DB_TABLE_SHOP_PREFERENCES, "*", "store_id=1");
  37. if ($row = $sql-> db_Fetch()) {
  38. $sandbox = $row['sandbox'];
  39. $paypal_primary_email = $row['paypal_primary_email'];
  40. }
  41. if ($sandbox == 2) {
  42. $actionDomain = "www.sandbox.paypal.com";
  43. } else {
  44. $actionDomain = "www.paypal.com";
  45. }
  46. // Post back to PayPal system to validate
  47. $header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
  48. $header .= "Host: ".$actionDomain."\r\n";
  49. $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
  50. $header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
  51. $fp = fsockopen ('ssl://'.$actionDomain, "443", $errno, $errstr, 30);
  52. if (!$fp) {
  53. // HTTP ERROR: Failed to open connection
  54. fwrite($log, "\n".EASYSHOP_VAL_01."\n ".EASYSHOP_VAL_02.":". $errno .", ".EASYSHOP_VAL_03.":". $errstr);
  55. } else {
  56. fputs ($fp, $header . $req);
  57. fwrite($log, "\n ".EASYSHOP_VAL_04); // Written POST to paypal
  58. while (!feof($fp))
  59. {
  60. $res = fgets ($fp, 1024);
  61. if (strcmp ($res, "VERIFIED") == 0)
  62. {
  63. fwrite($log, "\n ".EASYSHOP_VAL_05); // Paypal response VERIFIED
  64. // Loop through the $_POST array and store all vars to arrays $fielddata and $itemdata.
  65. $sql = new db;
  66. $sql2 = new db;
  67. $fielddata = array();
  68. $itemdata = array();
  69. foreach($_POST as $key => $value){ // Arrange fields and items into seperate arrays
  70. $value = $tp -> toDB($value);
  71. if (ereg( "[0-9]{1,3}$",$key)) { // Any item with one or more digits is an item
  72. $itemdata[$key] = $value; // not sure how handling2 will be received !!
  73. } else { // Else it's a generic field for the transaction
  74. $fielddata[$key] = $value;
  75. }
  76. }
  77. // Check if the payment_status is Completed
  78. if ($fielddata['payment_status'] == "Completed"){
  79. // Check if txn_id has not been previously processed
  80. $needle = $fielddata['txn_id']; // Assign needle to $needle for pre PHP 4.2
  81. $stored_trans = transaction("all", $itemdata, $fielddata, "ES_processing"); // Get all transactions (limit to 3 day window in future?)
  82. if (!in_array($needle,$stored_trans )){
  83. // Check if receiver_email is your Primary PayPal e-mail
  84. $this_trans = transaction($fielddata['custom'],null,null, "ES_processing"); // Get the specific transaction
  85. if ($fielddata['receiver_email'] == $this_trans['receiver_email'] || $fielddata['business'] == $this_trans['receiver_email'] ||
  86. $fielddata['receiver_email'] == $paypal_primary_email || $fielddata['business'] == $paypal_primary_email ||
  87. $this_trans['receiver_email'] == $paypal_primary_email || $this_trans['business'] == $paypal_primary_email){
  88. // Check if totals and currency used are as expected
  89. if(($this_trans['mc_gross'] == $fielddata['mc_gross']) && ($this_trans['mc_currency'] == $fielddata['mc_currency'])) {
  90. transaction("update", $itemdata, $fielddata, "ES_processing");
  91. $stock_updated = update_stock($fielddata['txn_id'], $fielddata['custom']);
  92. !$stock_updated? fwrite($log, "\n ".EASYSHOP_VAL_06.":".$fielddata['custom']."\n \n") : fwrite($log, "\n ".EASYSHOP_VAL_07." \n \n"); // Message: Stock update failed with session id OR Stock updated successfully
  93. } else { // Totals or currency doesn't match - user intervention required - update monitor - send admin email?
  94. $fielddata['payment_status'] = "EScheck_totals_".$fielddata['payment_status'];
  95. transaction("FORCE_NEW", $itemdata, $fielddata);
  96. fwrite($log, "\n ".EASYSHOP_VAL_08.":".$fielddata['mc_gross']."\n \n"); // mc_gross doesn't match rxd mc_gross
  97. // Totals or currency doesn't match - user intervention required - update monitor - send admin email?
  98. }
  99. } else {
  100. // Receiver e-mail doesn't match - could be fraudulent - update monitor - send admin email?
  101. $fielddata['payment_status'] = "EScheck_rxemail_".$fielddata['payment_status'];
  102. transaction("FORCE_NEW", $itemdata, $fielddata);
  103. if ( $fielddata['receiver_email'] == "") {
  104. // Local Entry has already been Completed or doesn't exist
  105. // This could be a fraudalent entry or more likely 'a double hit' on the confirm order button!
  106. // Customer may need a refund/Credit Card chargeback!
  107. fwrite($log, "\n ".EASYSHOP_VAL_09." \n
  108. ".EASYSHOP_VAL_10."\n
  109. ".EASYSHOP_VAL_11."\n \n");
  110. } else {
  111. fwrite($log, "\n ".EASYSHOP_VAL_12.": this_transreceiver: ".$this_trans['receiver_email']." fielddata_receiver:".$fielddata['receiver_email']."\n \n
  112. \n ".EASYSHOP_VAL_12.": this_business: ".$this_trans['business']." fielddata_business:".$fielddata['business']."\n \n
  113. \n ".EASYSHOP_VAL_12.": paypal_primary_email: ".$paypal_primary_email."\n \n"); // Business Email mismatched rxd email // Receiver Email mismatched rxd email
  114. }
  115. }
  116. } else {
  117. // This is a duplicate txn_id - possibly fraudulent - update monitor - send admin email?
  118. $fielddata['payment_status'] = "EScheck_dupltxn_".$fielddata['payment_status'];
  119. transaction("FORCE_NEW", $itemdata, $fielddata );
  120. fwrite($log, "\n ".EASYSHOP_VAL_13."\n \n"); // Duplicate txn_id!
  121. }
  122. } else {
  123. // Store transaction and update store monitor of incomplete transaction - send admin an email also?
  124. $fielddata['payment_status'] = "EScheck_".$fielddata['payment_status'];
  125. if(transaction("update", $itemdata, $fielddata, "ES_processing")){
  126. fwrite($log, "\n ".EASYSHOP_VAL_14.":".$fielddata['payment_status']."\n \n"); // Payment status not 'Completed' status
  127. } else {
  128. transaction("FORCE_NEW", $itemdata, $fielddata);
  129. // Payment status not 'Completed' status
  130. // LOCAL ENTRY NOT PRESENT!
  131. fwrite($log, "\n ".EASYSHOP_VAL_14.":".$fielddata['payment_status']."\n
  132. ".EASYSHOP_VAL_15."\n \n");
  133. }
  134. }
  135. // if logfile is enabled... user must make sure it's secure a future option perhaps
  136. // fwrite($log, "\n".(print_r($fielddata, true))."\n".(print_r($itemdata, true)));
  137. } else if (strcmp ($res, "INVALID") == 0) {
  138. // Paypal response 'INVALID'; log for manual investigation
  139. fwrite($log, "\n ".EASYSHOP_VAL_16."\n \n");
  140. }
  141. }
  142. fclose ($fp);
  143. }
  144. fclose($log);
  145. require_once(FOOTERF);
  146. ?>