Please check my paypal ipn code

tvshock Peon

Messages:: 102

Likes Received:: 0

Best Answers:: 0

Trophy Points:: 0

#1

hello

anybody please take a look this code. if it's has some code to add to make it more safe or has any error. please help me.

<?php

require_once('db_con.php');
$con = db_connect();
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}

$request = addslashes(urldecode($req));

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
//$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
$fp = fsockopen ('www.sandbox.paypal.com', 80, $errno, $errstr, 30);

// assign posted variables to local variables
$payment_status = addslashes($_POST['payment_status']);
$payment_amount = addslashes($_POST['mc_gross']);
$payment_currency = addslashes($_POST['mc_currency']);
$txn_id = addslashes($_POST['txn_id']);
$receiver_email = addslashes($_POST['receiver_email']);
$payer_email = addslashes($_POST['payer_email']);
$register_name = addslashes($_POST['custom']);
$num_cart_items = addslashes($_POST['num_cart_items']);

if (!$fp) {
//error
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
// check the payment_status is Completed
if($payment_status != "Completed") { fclose ($fp);die(""); }
// check that txn_id has not been previously processed
$check_txn = "select * from pay_store where txn_id = '$txn_id'";
$check_txn2 = $con->query($check_txn);
if($check_txn2->num_rows > 0){fclose ($fp);die("");}
// check that receiver_email is your Primary PayPal email
if($receiver_email != "hotsmu_1259798842_biz@gmail.com") { fclose ($fp);die(""); }
// process payment
// check payment currency
if($payment_currency != 'USD') { fclose ($fp);die(""); }

for($i=1;$i<=$num_cart_items;$i++){
$item_name = addslashes($_POST['item_name'.$i]);
$item_number = addslashes($_POST['item_number'.$i]);
$mc_gross = addslashes($_POST['mc_gross_'.$i]);
$item_name = str_replace('_',' ',$item_name);

// check that payment_amount/payment_currency are correct
$check_amount = "select * from orders where username = '$register_name' and order_id = '$item_number' and status = 0";
$check_amount2 = $con->query($check_amount);
if($check_amount2->num_rows > 0)
{
while($row = $check_amount2->fetch_assoc())
{
$price = $row['price'];
if($mc_gross != $price)
{
fclose ($fp);die("");
}
elseif($mc_gross == $price)
{
$confirm_user = "UPDATE orders SET status = 1 WHERE order_id = $item_number and price = $mc_gross and username = '$register_name'";
$confirm_user2 = $con->query($confirm_user);
}
}
}

$pay_item = "insert into pay_item values ('','$item_name','$item_number','$mc_gross','$register_name','$payer_email')";
$pay_item_2 = $con->query($pay_item);
}

$date = date("Y/m/d");
$pay_store = "insert into pay_store values ('$payer_email','$payment_amount','$payment_status','$txn_id','$date')";
$pay_store_2 = $con->query($pay_store);

}
else if (strcmp ($res, "INVALID") == 0) {

}
}
fclose ($fp);
}
?>
Click to expand...

tvshock, Dec 3, 2009 IP

kingsoflegend Well-Known Member

Messages:: 202

Likes Received:: 8

Best Answers:: 0

Trophy Points:: 108

#2

What's the purpose of the foreach right at the beginning?

kingsoflegend, Dec 3, 2009 IP

tvshock Peon

Messages:: 102

Likes Received:: 0

Best Answers:: 0

Trophy Points:: 0

#3

foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}

$request = addslashes(urldecode($req));

this code is to get all value that paypal sent to sent back to paypal.

tvshock, Dec 3, 2009 IP

Log in or Sign up

Please check my paypal ipn code

tvshock Peon

kingsoflegend Well-Known Member

tvshock Peon

Useful Searches