-
Posts
827 -
Joined
-
Last visited
-
Days Won
9
Posts posted by fastsol
-
-
I know of the tutorial you watched as I was a long time member on that forum too. The code Alex uses is very outdated for paypal, hence the new stuff I linked to. Here is a reworked version using your code and the new paypal stuff.
I also added some security. Plus a couple lines of code to build a string of data for the posted vars to be inserted into the db. You'll need to add a column in your db `log` table to hold this info and set it as text type. This will allow you to see everything that paypal is sending and their according names and values. I commented the areas in the code below.<?php //reading raw POST data from input stream. reading pot data from $_POST may cause serialization issues since POST data may contain arrays $raw_post_data = file_get_contents('php://input'); $raw_post_array = explode('&', $raw_post_data); $myPost = array(); foreach ($raw_post_array as $keyval) { $keyval = explode ('=', $keyval); if (count($keyval) == 2) $myPost[$keyval[0]] = urldecode($keyval[1]); } // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; if(function_exists('get_magic_quotes_gpc')) { $get_magic_quotes_exits = true; } foreach ($myPost as $key => $value) { if($get_magic_quotes_exits == true && get_magic_quotes_gpc() == 1) { $value = urlencode(stripslashes($value)); } else { $value = urlencode($value); } $req .= "&$key=$value"; } $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'https://www.paypal.com/cgi-bin/webscr'); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_POSTFIELDS, $req); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($ch, CURLOPT_HTTPHEADER, array('Host: www.paypal.com')); // In wamp like environment where the root authority certificate doesn't comes in the bundle, you need // to download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path // of the certificate as shown below. // curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem'); $res = curl_exec($ch); curl_close($ch); if (strcmp ($res, "VERIFIED") == 0) { // check the payment_status is Completed // check that txn_id has not been previously processed // check that receiver_email is your Primary PayPal email // check that payment_amount/payment_currency are correct // process payment // Assign posted variables to local variables $item_name = mysql_real_escape_string($_POST['item_name']); $item_number = mysql_real_escape_string($_POST['item_number']); $payment_status = mysql_real_escape_string($_POST['payment_status']); $payment_amount = mysql_real_escape_string($_POST['mc_gross']); $payment_currency = mysql_real_escape_string($_POST['mc_currency']); $txn_id = mysql_real_escape_string($_POST['txn_id']); $receiver_email = mysql_real_escape_string($_POST['receiver_email']); $payer_email = mysql_real_escape_string($_POST['payer_email']); $user_id = (int)$_POST['custom']; // Our user's ID set to int assuming it's supposed to be a number. if ($payment_status == 'Completed') { // Builds a string to insert into the db so you can see everything that has come across from paypal. // Pairs are separated by commas and paired key-to-value with a / forward slash foreach($_POST as $k => $v) { $valu.= $k.' / '.$v.', '; } $txn_id_check = mysql_query("SELECT `txn_id` FROM `log` WHERE `txn_id` = '".$txn_id."'"); if (mysql_num_rows($txn_id_check) !=1) { if ($receiver_email == 'MYEMAIL@gmail.com') { if ($payment_amount == '0.01' && $payment_currency == 'EUR') { // add txn_id to database // Add a column to hold the $valu var info $log_query = mysql_query("INSERT INTO `log` VALUES ('','".$txn_id."','".$payer_email."', '".$valu."') "); // update premium to 1 $update_premium = mysql_query("UPDATE `users` SET `vip` = 1 WHERE `user_id` = '".$user_id."'"); } } } } } else if (strcmp ($res, "INVALID") == 0) { // log for manual investigation //$db->query("INSERT INTO `".PURCHASES."` SET `test` = 'not valid response'"); } ?>
-
Just do some basic diagnostics then, first you need to sanitize the value of your post. According to your select menu it's an integer but I assume that is just an example, so you need to use mysql_real_escape_string() and then add mysql_error() after the query to see why the query is failing.
$ea_name = mysql_real_escape_string($_POST['ea_name']); $myData = mysql_query($sql); echo mysql_error();
-
The code you are using to talk with paypal is outdated. I ran into the same problem initially. Here is a link to the current code straight from paypal https://developer.paypal.com/webapps/developer/docs/classic/ipn/ht_ipn/ and a link to the current pdf documentation https://www.paypalobjects.com/webstatic/en_US/developer/docs/pdf/ipnguide.pdf
Do you have a sandbox account to test with at paypal? If not you will want to sign up for that so you can do live testing of your script. Make sure to add "sandbox." to the form action in front of the paypal.com and also in the ipn page on this line
$ch = curl_init('https://www.sandbox.paypal.com/cgi-bin/webscr');
Then once it's all working you remove the sandbox part and it will go back to normal workings on the main paypal site. Honestly I have done a fair amount of testing with the ipn and sandbox and I still find it confusing so you may get very frustrated with this before you're done.
-
Yes you would want to validate this on php side, java side would be pointless and could easily get by. Are you processing the form on the same page as the form? Here is a example of how to work this.
if($_SERVER['REQUEST_METHOD'] == "POST"){ // Pick up the form data and assign it to variables $name = stripslashes($_POST['name']); $email = stripslashes($_POST['email']); $tel = $_POST['telephone']; $comments = stripslashes($_POST['message']); $field = strtolower($_POST['field']); $spam_check = 'love'; if($field == $spam_check){ // Build the email (replace the address in the $to section with your own) $to = 'myemail@email.com'; $subject = "The Vintage Affair Web Quote enquiry"; $comments = "Name: $name \nEmail: $email \nTelephone: $tel \n\nDetails: $comments"; $headers = "From: myemail@email.com" . PHP_EOL . "Reply-To: myemail@email.com"; // Send the mail using PHPs mail() function mail($to, $subject, $comments, $headers); // Redirect header("Location: thankyou.html"); } else{ echo 'Spam check failed!'; } }
Also I do have a premade fully validated contact form that I distribute at http://amecms.com/article/Easy-to-use-contact-form-with-validation
-
Your site!
-
Be careful this site is using a javascript virus that my AVG picked up on.
-
Give the table a id and then target all the css at that id for the cells and rows.
-
It should seriously only take maybe an extra 5th of a second for the server to run the queries, I wouldn't worry about it.
-
Well it's fairly simple to put this in a function, but you will need to feed the function a parameter from the db of the file extension.
function functioname($fe) { if($fe == 'unknown'){$doc_extension = 'unknown'; $file_type = 'Unknown';} elseif(($fe=='docx')||($fe=='doc')||($fe=='docm')||($fe=='dotx')||($fe=='dotm')||($fe=='pages')||($fe=='wps')){$doc_extension='docx';$file_type='Word Document';} elseif(($fe=='pdf')||($fe=='pdp')){$doc_extension='pdf';$file_type='PDF';} elseif(($fe=='xlsx')||($fe=='xlsm')||($fe=='xlsb')||($fe=='xltx')||($fe=='xltm')||($fe=='xls')||($fe=='xlt')||($fe=='xls')||($fe=='csv')){$doc_extension='xlsx';$file_type='Excel Document';} elseif(($fe=='zip')||($fe=='zipx')||($fe=='tar')||($fe=='gz')||($fe=='z')||($fe=='cab')||($fe=='rar')||($fe=='bz2')||($fe=='lzh')||($fe=='7z')||($fe=='img')||($fe=='iso')){$doc_extension='zip';$file_type='Zip Folder';} elseif(($fe=='jpg')||($fe=='jpeg')||($fe=='jpe')){$doc_extension='jpg';$file_type='JPEG Image';} elseif(($fe=='png')||($fe=='pns')){$doc_extension='jpg';$file_type='PNG Image';} elseif(($fe=='gif')){$doc_extension='jpg';$file_type='GIF Image';} elseif(($fe=='tiff')||($fe=='tif')){$doc_extension='jpg';$file_type='TIFF/TIF Image';} elseif(($fe=='psb')||($fe=='bmp')||($fe=='rle')||($fe=='dib')||($fe=='eps')||($fe=='iff')||($fe=='tdi')||($fe=='jpf')||($fe=='jpx')||($fe=='jp2')||($fe=='j2c')||($fe=='j2k')||($fe=='jpc')||($fe=='jps')||($fe=='mpo')||($fe=='pcx')||($fe=='raw')||($fe=='pxr')||($fe=='pbm')||($fe=='ppm')||($fe=='pnm')||($fe=='pfm')||($fe=='pam')){$doc_extension='jpg';$file_type='Image File';} elseif(($fe=='mp3')){$doc_extension='mp3';$file_type='MP3';} else { $doc_extension = 'unknown'; $file_type = 'Unknown'; } $types = array('fe' => $fe, 'type' => $file_type); return $types; }
Then you would call and use it like this
$type = functionname($db['row']); // $db['row'] would be whatever you are using for info from the db. print_r($type); // this is just to show you how it comes back from the function. You would simply do checks against the specific array item.
-
Browsers will still render the page with the added tags but it's not correct in any way. It's probably Dreamweaver seeing the double tags.
-
$today = date("d/m/Y"); mysql_query("UPDATE `table` SET `column` = 0 WHERE `expire_date` < $today");
I did a little assuming on the $today and expire_date, this may not work correctly depending on the format you have the date stored in the db. If it's in a DATE format it might work right that way, otherwise I suggest reading up on the mysql date formats and queries for such things.
-
If this is the entire content of whit_head.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR...nsitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Untitled Document</title> </head> <body> <table><tr><td> This is my header </td></tr></table> </body> </html>
You need to get rid of everything besides what inside the body tags. You're basically putting another <head> and <html> and body tags in side the file rather than just the html that needs to be included. From what it looks like, you results would be like this
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR...nsitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Untitled Document</title> </head> <body> <p>more text goes here</p> <p> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR...nsitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Untitled Document</title> </head> <body> <table><tr><td> This is my header </td></tr></table> </body> </html> </p> <?php echo('test value');?> </body> </html>
-
No idea, you didn't show us how you were getting the value of ['term'] to the page in the first place. So $_POST could be correct if you're using a form to send that data and the form method is set to "post".
-
Ok well then you're not getting any results from the query or the query is failing. You need to start diagnosing that part first.
-
Do you have error reporting turned on? What do you get if you do a print_r($data); Are you sure the query isn't failing?
-
This is a working example, there are a couple ways you could tweak this depending on your needs.
http://jsfiddle.net/fastsol/6nXxe/1/
I wanted to do the check on keyup but then you couldn't even change the last number cause it would obviously be less than the 1.55, so went with focusout instead.
-
You had this
if (filter_var($fr_email, FILTER_VALIDATE_EMAIL) === FALSE)
As this before
if (filter_var($email, FILTER_VALIDATEEMAIL) === FALSE)
Can't remember if there was anymore, but those for sure.
-
I fixed them in the code I posted.
-
And you also had some variable misspellings and function misspellings too, fixed those.
-
Here is a reworked version of what you just posted. I tested and it works.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" > <head> <title> Firewall Request Form</title> </head> <body> <h2>Firewall Request Form</h2> <?php //date for time stamp on page $date = date("l F j, o g:i:s a"); //variable error array $error = array(); //error data in the variable for each element $iperror = "IP Address: Please fill out the source/destiantion IP address."; $porterror = "Port: Please fill out the source/destiantion port."; $protocolerror = "Protocol: Please fill out the protocol required(i.e. TCP...UDP)."; $apperror = "Application: Please fill out the source/destiantion application."; $reasonerror = "Description/Reason: Please fill out the reason/description box"; $emailerror = "Email: Please fill out the username/email."; if (isset($_POST['submit'])) { //pass POST to variables $fr_sd_ip = $_POST['fr_sd_ip']; $fr_sd_port = $_POST['fr_sd_port']; $fr_protocol = $_POST['fr_protocol']; $fr_sd_app = $_POST['fr_sd_app']; $fr_reason = $_POST['fr_reason']; $fr_email = $_POST['fr_email']; if (!filter_var($fr_sd_ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)){ $error[] = $iperror; } //Ports //http://stackoverflow.com/questions/6726450/check-for-valid-hostport-combination if (empty($fr_sd_port)){ $error[] = $porterror; } //protocol if (empty($fr_protocol)){ $error[] = $protocolerror; } //application if (empty($fr_sd_app)){ $error[] = $apperror; } //description if (empty($fr_reason)){ $error[] = $reasonerror; } if (filter_var($fr_email, FILTER_VALIDATE_EMAIL) === FALSE){ $error[] = $emailerror; //'Email: Please submit a valid email.'; } if (!empty($error)){ foreach($error as $errorsoutput){ //html formatting plus the error message echo $errorsoutput.'<br>'; } } else{ $success = 'Your firewall request form has been submitted.'; echo $success; } } ?> <form action="" method="POST"> <!-- This form is setup to allow the user to request changes to the firewall with requirements needed outlined in the form below. Fields needed are: Description, Source/Dest. port,Source/Dest. ip, Source/Dest. Application, Protocol (i.e. TCP, UDP, etc.), Username/Email --> <table width="525px"> <tr> <td valign="top" size="35%"> <label for="fr_sd_ip">Source/Dest. IP Address: *</label> </td> <td valign="top"> <input type="text" name="fr_sd_ip" maxlength="30" size="20" value="<?php echo (isset($_POST['fr_sd_ip'])) ? htmlentities($_POST["fr_sd_ip"]) : ''; ?>"/> </td> <td size="45%"> <span class="error" style="color:#FF0000"> <?php /*if (isset($_POST["fr_sd_ip"]) && $errorsoutput == $iperror){echo $errorsoutput;} */?></span> </td> </tr> <tr> <td valign="top"> <label for="fr_sd_port">Source/Dest. Port: *</label> </td> <td valign="top"> <input type="text" name="fr_sd_port" maxlength="30" size="20" value="<?php echo (isset($_POST['fr_sd_port'])) ? htmlentities($_POST["fr_sd_port"]) : ''; ?>"/> </td> <td size="45%"> <span class="error" style="color:#FF0000"> <?php /*if (isset($_POST["fr_sd_port"]) && $errorsoutput == $porterror){echo $errorsoutput;}*/ ?></span> </td> </tr> <tr> <td valign="top"> <label for="fr_protocol">Protocol: *</label> </td> <td valign="top"> <input type="text" name="fr_protocol" maxlength="30" size="20" value="<?php echo (isset($_POST['fr_protocol'])) ? htmlentities($_POST["fr_protocol"]) : ''; ?>"/> </td> <td size="45%"> <span class="error" style="color:#FF0000"> <?php /*if (isset($_POST["fr_protocol"]) && $errorsoutput == $protocolerror){echo $errorsoutput;}*/ ?></span> </td> </tr> <tr> <td valign="top"> <label for="fr_sd_app">Application: *</label> </td> <td valign="top"> <input type="text" name="fr_sd_app" maxlength="30" size="20" value="<?php echo (isset($_POST['fr_sd_app'])) ? htmlentities($_POST["fr_sd_app"]) : ''; ?>"/> </td> <td size="45%"> <span class="error" style="color:#FF0000"> <?php /*if (isset($_POST["fr_sd_app"]) && $errorsoutput == $apperror){echo $errorsoutput;}*/ ?></span> </td> </tr> <tr> <td valign="top"> <label for="fr_reason">Description/Reason: *</label> </td> <td valign="top"> <textarea name="fr_reason" maxlength="500" col="20" rows="8" placeholder="Describe the scenario..."> <?php echo (isset($_POST['fr_reason'])) ? htmlentities($_POST["fr_reason"]) : ''; ?></textarea> </td> <td size="45%"> <span class="error" style="color:#FF0000"> <?php /*if (isset($_POST["fr_reason"]) && $errorsoutput == $reasonerror){echo $errorsoutput;}*/ ?></span> </td> </tr> <tr> <td valign="top"> <label for="fr_email">Username/Email: *</label> </td> <td valign="top"> <input type="text" name="fr_email" maxlength="30" size="20" value="<?php echo (isset($_POST['fr_email'])) ? htmlentities($_POST["fr_email"]) : ''; ?>"/> </td> <td size="45%"> <span class="error" style="color:#FF0000"> <?php /*if (isset($_POST["fr_email"]) && $errorsoutput == $emailerror){echo $errorsoutput;}*/ ?></span> </td> </tr> </table> <input type="submit" value="Email Firewall Request" name="submit"/> <br /><br /> <?php echo "\nToday is: $date"; ?> <br /> <tr> <td valign="top"> <?php /*echo $fieldsrequired; if (isset($errorsoutput)){ echo $errorsoutput;}*/ ?> </td> </tr> </form> <br/> </body> </html>
-
Just so you know, you can't see any php code when you view the source of a page in the browser. All the php is server side and doesn't show client side.
-
I believe that responsive design will be more and more important as mobile only gets bigger. I have used responsive on a couple of my sites and really like how it makes it easier to navigate and read content on those sites for my phone, I can only imagine that customers appreciate that just as much. I don't really understand the use of a mobile domain, it's just seems like making 2 sites for the same purpose when responsive would achieve most of the same things. In short, absolutely start doing responsive designs.
-
Here is the php force file download tutorial.
http://amecms.com/article/PHP-Force-File-Download-With-File-Whitelist
-
by the way, i find it strange that mysql store file into *.dat file even though the file is pdf or docx format; is that going to be an issue.
The DB can't decide what file extension to store the data in, you do that through your script or manually. Maybe you should post a screenshot of your db data in question. There are plenty of download scripts online but I can't seem to find a really good one at this moment. I may do a tutorial on this soon, so I'll post it back here when I do.
Paypal Ipn Doesn't Update Database
in PHP Coding Help
Posted
Great, glad it worked right away for you. The $valu thing is really just for diagnostics during testing, development and for future diagnostics if you find consistent errors coming across, you can look at what was sent everytime by paypal and diagnose from there. I even have a testing script i use when making complex stuff for the ipn cause you can't get error feedback when the ipn script is live.