dezkit

<? if($logged == "yes"){ // do things for logged in people } ?>

Post code please.

works perfectly, thanks a bunch.

How would I go about doing this? So far I got: <?php $val = 255; if(strlen($str) > $val)){ // wat do? } ?>

<?php $str = "John Smith"; $str = explode( " " , $str ); echo $str[0]; // John echo $str[1]; // Smith ?>

should i also put strip_tags to all user submitted inputs to prevent xss injection?

Hey guys I had created a while ago a script for my friend where you can buy points and then redeem stuff with those points, i'm looking for ways to keep my site secure: currently what i have done- - protected all mysql queries with mysql_real_escape_string, strip_tags, and addslashes - have a valid SSL certificate on my website - checked if emails are valid for account creation what else can I do? Thank you.

mysql_query("UPDATE members SET credits- WHERE username='".$_SESSION["username"]."'") throws out the error MySQL ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '- WHERE username='username'' at line 1 I'm trying to decrement the int, but it wont work, thank you .

<?php $team = $_GET['team']; switch ($team){ case "$team": $result = mysql_query("SELECT * FROM players WHERE team='$team' ORDER BY total DESC") or die(mysql_error()); echo "<table>"; echo "<tr> <th>player name</th> <th>appearances</th> <th>goals</th> <th>assists</th> <th>total</th> <th>points/match</th> <th># motm</th> </tr>"; while($row = mysql_fetch_array( $result )) { echo "<tr><td>"; echo $row['name']; echo "</td><td><center>"; echo $row['apps']; echo "</center></td><td><center>"; echo $row['goals']; echo "</center></td><td><center>"; echo $row['assists']; echo "</center></td><td><center>"; echo $row['total']; echo "</center></td><td><center>"; echo $row['ppm']; echo "</center></td><td><center>"; echo $row['motm']; echo "</center></td></tr>"; } echo "</table>"; break; $player = $_GET['name']; switch ($player){ case "$player": $result2 = mysql_query("SELECT * FROM players WHERE name='$player'") or die(mysql_error()); echo "name:"; echo $_GET["name"]; echo "<br />"; echo "nation:"; echo $_GET["team"]; echo "<br />"; break; } } ?>[/code]try that

bump, please help

bump

bump

that means you're query is incorrect

hey guys I got this code <?php $txn_id = $_POST["txn_id"]; echo $txn_id; $query4 = mysql_query("SELECT * FROM soldpins WHERE transaction='".$txn_id."'") or die(mysql_error()); $row4 = mysql_fetch_array( $query4 ); echo "<i>This is a receipt of your purchase</i><br/><br/>"; echo "Your PIN Number: <b>".$row4["pin"]."</b><br/>"; echo "The Paypal Username that you had used: <b>".$row4["paypal"]."</b><br/>"; echo "Your Username: <b>".$row4["name"]."</b><br/>"; echo "Transaction ID: <b>".$row4["transaction"]."</b><br/><br/>"; echo "A receipt of the purchase had been sent to your paypal email.<br/>"; echo "We hope to see you as a customer again soon!<br/><br/>"; echo "This page will expire as soon as your session expires, <br/>your browser closes, or you buy another PIN Number.<br/><br/>"; echo "<u>Please save the PIN in a safe place.</u><br/><br/>"; echo "Click <a href=\"".$this_script."\">here</a> to go back to the main page."; ?> And almost everytime when i get redirected from paypal after a successful payment, I always get the query blank, after I refresh the page then the query works, for example, I buy something and get redirected to the page, then Pin number is blank, username is blank, etc, but when i refresh the page it all goes back, by the way, echo $txn_id; SHOWS the id even if the query is blank. oh and need a quick tip, when somebody is in the middle of buying a pin from the database, somebody else buys the last pin, what can i do so that if this happens the person will get an error and get their money refunded instead of actually paying the price and not receiving a pin, thanks guys.

Ok i Implemented so that the script searches the database for the transaction id, but I have a new problem, Whenever in the success page, the person sees the receipt perfectly, But when they refresh the page, everything is gone, even though i made it so that if the session isn't made, make it. please help, thanks all <?php session_start(); if($_SERVER['HTTPS']!="on") { $redirect= "https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; header("Location:$redirect"); } require_once('paypal.class.php'); // include the class file $p = new paypal_class; // initiate an instance of the class $p->paypal_url = 'https://www.sandbox.paypal.com/cgi-bin/webscr'; // testing paypal url //$p->paypal_url = 'https://www.paypal.com/cgi-bin/webscr'; // paypal url $p->connect(); $this_script = 'https://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']; $custom = $_POST['custom']; $first_name = $_POST["first_name"]; $last_name = $_POST["last_name"]; $payer_email = $_POST['payer_email']; $txn_id = $_POST['txn_id']; if (empty($_GET['action'])) $_GET['action'] = 'process'; switch ($_GET['action']) { case 'process': $p->add_field('business', 'xx'); $p->add_field('return', $this_script.'?action=success'); $p->add_field('cancel_return', $this_script.'?action=cancel'); $p->add_field('notify_url', $this_script.'?action=ipn'); $p->add_field('item_name', 'PIN Number'); $p->add_field('amount', '3.75'); $p->submit_paypal_post(); // submit the fields to paypal //$p->dump_fields(); // for debugging, output a table of all the fields break; case 'success': $p->begin(); $p->connect(); //foreach ($_POST as $key => $value) { echo "$key: $value<br>"; } if(!$_SESSION["txn_id"]){ $_SESSION["txn_id"] = $txn_id; } echo $_SESSION["txn_id"]; $query4 = mysql_query("SELECT * FROM soldpins WHERE transaction='".$_SESSION["txn_id"]."'") or die(mysql_error()); $row4 = mysql_fetch_array( $query4 ); echo "Receipt of your purchase<br/><br/>"; echo "Your PIN Number: <b>".$row4["pin"]."</b><br/>"; echo "The Paypal Username that you had used: <b>".$row4["paypal"]."</b><br/>"; echo "Your Sythe Username: <b>".$row4["name"]."</b><br/>"; echo "Transaction ID: <b>".$row4["transaction"]."</b><br/><br/>"; echo "A receipt of the purchase had been sent to your paypal email.<br/>"; echo "We hope to see you as a customer again soon!"; $p->end(); break;

Hey guys I currently have this code: <?php if($_SERVER['HTTPS']!="on") { $redirect= "https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; header("Location:$redirect"); } require_once('paypal.class.php'); // include the class file $p = new paypal_class; // initiate an instance of the class $p->paypal_url = 'https://www.sandbox.paypal.com/cgi-bin/webscr'; // testing paypal url //$p->paypal_url = 'https://www.paypal.com/cgi-bin/webscr'; // paypal url // setup a variable for this script (ie: 'http://www.micahcarrick.com/paypal.php') $p->connect(); $this_script = 'https://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']; $custom = $_POST['custom']; $first_name = $_POST["first_name"]; $last_name = $_POST["last_name"]; $payer_email = $_POST['payer_email']; $txn_id = $_POST['txn_id']; if (empty($_GET['action'])) $_GET['action'] = 'process'; switch ($_GET['action']) { case 'process': // Process and order... $p->add_field('business', 'xx'); $p->add_field('return', $this_script.'?action=success'); $p->add_field('cancel_return', $this_script.'?action=cancel'); $p->add_field('notify_url', $this_script.'?action=ipn'); $p->add_field('item_name', 'PIN Number'); $p->add_field('amount', '3.75'); $p->submit_paypal_post(); // submit the fields to paypal //$p->dump_fields(); // for debugging, output a table of all the fields break; case 'success': $p->begin(); $p->connect(); //foreach ($_POST as $key => $value) { echo "$key: $value<br>"; } echo "We are sending you a reminder that you bought a PIN from our shop recently,<br/><br/>"; echo "Your PIN Number: <b>{$get1pin}</b><br/>"; echo "The Paypal Username that you had used: <b>{$payer_email}</b><br/>"; echo "Your Username: <b>{$custom}</b><br/>"; echo "Transaction ID: <b>{$txn_id}</b><br/>"; echo "A receipt of the purchase had been sent to your paypal email.<br/>"; echo "We hope to see you as a customer again soon!"; $p->end(); break; case 'cancel': $p->begin(); echo "You canceled the order. <a href=\"".$this_script."\">Go back</a>"; $p->end(); break; case 'ipn': if ($p->validate_ipn()) { $query3 = mysql_query("SELECT * FROM pins WHERE used='0' ORDER BY RAND() LIMIT 1") or die(mysql_error()); $row1 = mysql_fetch_array( $query3 ); $get1pin = mysql_escape_string($row1["pins"]); mysql_query("UPDATE pins SET used='1' WHERE pins='".$get1pin."'"); mysql_query("INSERT INTO soldpins (pin, paypal, transaction, name, first_name, last_name, broke) VALUES('".$get1pin."', '".$payer_email."', '".$txn_id."', '".$custom."', '".$first_name."', '".$last_name."', '0') ") or die(mysql_error()); $message = " <html> <head> <title>PIN Number</title> </head> <body> Dear <b>{$first_name} {$last_name}</b>,<br/> We are sending you a reminder that you bought a PIN from our shop recently,<br/><br/> Your PIN Number: <b>{$get1pin}</b><br/> The Paypal Username that you had used: <b>{$payer_email}</b><br/> Your Sythe Username: <b>{$custom}</b><br/> Transaction ID: <b>{$txn_id}</b><br/><br/> We hope to see you as a customer again soon!<br/><br/> Regards, xx. </body> </html> "; $headers = "MIME-Version: 1.0" . "\r\n"; $headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n"; $headers .= 'From: <xx>' . "\r\n"; mail("xx","xx",$message,$headers); } break; } ?> The thing that I am having a trouble with is that showing the randomly generated pin number that is inserted into the database from the IPN part, which can only be read by paypal and not the buyer, I was thinking about using the transaction id to get the pin number* but can anybody suggest something else, or is this the most secure way to do this, are the transaction id's all unique? Thanks guys. *I thought of this just as i was making the thread

OK So about echo'ing the PIN Number in a returning page after a person had made a payment, should I make a session that equals to the id in the database, then check if the session exists and get the id from the database and echo all the information? Also: why doesn't os0 and os1 get posted back into my site.... everything works fine $os0 = $_POST['os0']; $os1 = $_POST['os1']; $first_name = ucwords(strtolower($_POST["first_name"])); $last_name = ucwords(strtolower($_POST["last_name"])); $payer_email = $_POST['payer_email']; $txn_id = $_POST['txn_id']; Everything gets saved into the database except os0 and os1, they always end up being blank, even when being echo'ed.

yes, don't do that. I'm very surprised Paypal allows the transfer of user credentials over an unsecure socket/port such as 80. You have eliminated the ssl (Secure Socket Layer) and replaced with a regular http protocol, and have also switched out a secure port 443 for an unsecure, easily scraped port 80. While it may work for you, I highly discourage this. this line: $fp = fsockopen ('ssl://www.sandbox.paypal.com/', 443, $errno, $errstr, 30); works perfectly fine. There must be configuration issue on your server. Make sure you have OpenSSL installed/enabled on your server. I don't think the sandbox has a ssl connection thing, I tried doing it to the regular domain and it worked... Anyways, does anybody know how I do so that when they actually PAY they get back to the website where they can see the random sql row?

After googling for a fix, I had seen that changing the $fp would do the fix <?php mysql_connect("localhost", "dima1989_max", "xxx") or die(mysql_error()); mysql_select_db("dima1989_henry") or die(mysql_error()); // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; //$fp = fsockopen ('ssl://www.sandbox.paypal.com/', 443, $errno, $errstr, 30); $fp = fsockopen ('www.sandbox.paypal.com', 80, $errno, $errstr, 30); if (!$fp) { $mail = mail('[email protected]', 'Error at 21', "{$errnum}: {$errstr}"); } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res, "VERIFIED") == 0) { // PAYMENT VALIDATED & VERIFIED! /* $sythename = $_POST['os0']; $payer_email = $_POST['payer_email']; $txn_id = $_POST['txn_id']; $get1pin = mysql_query("SELECT pins FROM pin ORDER BY RAND() LIMIT 1") or die(mysql_error()); $get1pin = mysql_escape_string($get1pin); $payer_email = mysql_escape_string($payer_email); $txn_id = mysql_escape_string($txn_id); $sythename = mysql_escape_string($sythename); mysql_query("INSERT INTO users (pin, paypal, transaction, name) VALUES('".$get1pin."', '".$txn_id."', '".$txn_id."','".$sythename."' ) ") or die(mysql_error()); echo "Your PIN number is ".$get1pin.". Keep it in a safe place."; mysql_query("INSERT INTO tes (test) VALUES('1') ") or die(mysql_error()); */ if (!@mysql_query("INSERT INTO tes (test) VALUES('1') ")) { @mail('[email protected]', 'Error at 47', mysql_error()); } else { @mail('[email protected]', 'Success at 49', mysql_error()); } }else if (strcmp ($res, "INVALID") == 0) { // PAYMENT INVALID & INVESTIGATE MANUALY! @mail('[email protected]', 'Success at 56', mysql_error()); } } fclose ($fp); } ?> However after debugging, I had been emailed the error that says Success at 49, meaning that the process was verified and the database had been updated. Thanks everybody for your help, does anybody know how I do so that only Paypal can view the ipn.php, because whenever I view it I get an email, which is terrible debugging. Thank you. Also can anybody give me more information on how to improve this code, security measures, etc? Thanks again guys

BTW: I receive two errors upon entering the ipn.php manually I also turned on the IPN in sandbox seller account. Warning: fsockopen() [function.fsockopen]: php_network_getaddresses: getaddrinfo failed: Name or service not known in /home/dima1989/public_html/henry/ipn.php on line 17 Warning: fsockopen() [function.fsockopen]: unable to connect to ssl://www.sandbox.paypal.com/:443 (php_network_getaddresses: getaddrinfo failed: Name or service not known) in /home/dima1989/public_html/henry/ipn.php on line 17 Current code: <?php mysql_connect("localhost", "dima1989_max", "xxx") or die(mysql_error()); mysql_select_db("dima1989_henry") or die(mysql_error()); // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen ('ssl://www.sandbox.paypal.com/', 443, $errno, $errstr, 30); if (!$fp) { $mail = mail('[email protected]', 'Error at 21', "{$errnum}: {$errstr}"); } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res, "VERIFIED") == 0) { // PAYMENT VALIDATED & VERIFIED! /* $sythename = $_POST['os0']; $payer_email = $_POST['payer_email']; $txn_id = $_POST['txn_id']; $get1pin = mysql_query("SELECT pins FROM pin ORDER BY RAND() LIMIT 1") or die(mysql_error()); $get1pin = mysql_escape_string($get1pin); $payer_email = mysql_escape_string($payer_email); $txn_id = mysql_escape_string($txn_id); $sythename = mysql_escape_string($sythename); mysql_query("INSERT INTO users (pin, paypal, transaction, name) VALUES('".$get1pin."', '".$txn_id."', '".$txn_id."','".$sythename."' ) ") or die(mysql_error()); echo "Your PIN number is ".$get1pin.". Keep it in a safe place."; mysql_query("INSERT INTO tes (test) VALUES('1') ") or die(mysql_error()); */ if (!@mysql_query("INSERT INTO tes (test) VALUES('1') ")) { @mail('[email protected]', 'Error at 47', mysql_error()); } else { @mail('[email protected]', 'Success at 49', mysql_error()); } }else if (strcmp ($res, "INVALID") == 0) { // PAYMENT INVALID & INVESTIGATE MANUALY! @mail('[email protected]', 'Success at 56', mysql_error()); } } fclose ($fp); } ?>

<?php mysql_connect("localhost", "dima1989_max", "xxx") or die(mysql_error()); mysql_select_db("dima1989_henry") or die(mysql_error()); // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen ('ssl://www.sandbox.paypal.com/', 443, $errno, $errstr, 30) if (!$fp) { $mail = mail('[email protected]', 'Error at 21', "{$errnum}: {$errstr}"); } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res, "VERIFIED") == 0) { // PAYMENT VALIDATED & VERIFIED! /* $sythename = $_POST['os0']; $payer_email = $_POST['payer_email']; $txn_id = $_POST['txn_id']; $get1pin = mysql_query("SELECT pins FROM pin ORDER BY RAND() LIMIT 1") or die(mysql_error()); $get1pin = mysql_escape_string($get1pin); $payer_email = mysql_escape_string($payer_email); $txn_id = mysql_escape_string($txn_id); $sythename = mysql_escape_string($sythename); mysql_query("INSERT INTO users (pin, paypal, transaction, name) VALUES('".$get1pin."', '".$txn_id."', '".$txn_id."','".$sythename."' ) ") or die(mysql_error()); echo "Your PIN number is ".$get1pin.". Keep it in a safe place."; mysql_query("INSERT INTO tes (test) VALUES('1') ") or die(mysql_error()); */ if (!@mysql_query("INSERT INTO tes (test) VALUES('1') ")) { @mail('[email protected]', 'Error at 47', mysql_error()); } else { @mail('[email protected]', 'Success at 49', mysql_error()); } else if (strcmp ($res, "INVALID") == 0) { // PAYMENT INVALID & INVESTIGATE MANUALY! @mail('[email protected]', 'Success at 56', mysql_error()); } } fclose ($fp); } ?> No email's at all, emails work on my server I used a test php file and it works. Does paypal not read the file at all? Is it because I have to turn on the IPN settings in the sandbox seller account? Oh and is the hidden inputs in the form correct? I don't think it are correct, Please help me, Thanks

Thanks for the post, I have implemented your idea into debugging it <?php mysql_connect("localhost", "dima1989_max", "xxx") or die(mysql_error()); mysql_select_db("dima1989_henry") or die(mysql_error()); // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen ('https://www.sandbox.paypal.com/', 443, $errno, $errstr, 30); if (!$fp) { // HTTP ERROR } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res, "VERIFIED") == 0) { // PAYMENT VALIDATED & VERIFIED! /* $sythename = $_POST['os0']; $payer_email = $_POST['payer_email']; $txn_id = $_POST['txn_id']; $get1pin = mysql_query("SELECT pins FROM pin ORDER BY RAND() LIMIT 1") or die(mysql_error()); $get1pin = mysql_escape_string($get1pin); $payer_email = mysql_escape_string($payer_email); $txn_id = mysql_escape_string($txn_id); $sythename = mysql_escape_string($sythename); mysql_query("INSERT INTO users (pin, paypal, transaction, name) VALUES('".$get1pin."', '".$txn_id."', '".$txn_id."','".$sythename."' ) ") or die(mysql_error()); echo "Your PIN number is ".$get1pin.". Keep it in a safe place."; mysql_query("INSERT INTO tes (test) VALUES('1') ") or die(mysql_error()); */ if (!@mysql_query("INSERT INTO tes (test) VALUES('1') ")) { @mail('[email protected]', 'Error at 47', mysql_error()); } else { @mail('[email protected]', 'Success at 49', mysql_error()); } else if (strcmp ($res, "INVALID") == 0) { // PAYMENT INVALID & INVESTIGATE MANUALY! @mail('[email protected]', 'Success at 56', mysql_error()); } } fclose ($fp); } ?> I had received NO email. What can be the problem here?

Hey, thanks for the replies, I just changed both of them to have sandbox url, but i still won't get an updated database, can somebody please look into this code? index.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>PIN shop</title> <link rel="stylesheet" type="text/css" media="All" href="css/style.css" /> </head> <body> <div id="wrap"> <h3>Purchase PINs</h3> <p>Please click the button below to receive login details for the download area. <br /> Already have an account? <a href="login.php">Login</a> here.</p> <form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_xclick"> <input type="hidden" name="business" value="[email protected]"> <input type="hidden" name="lc" value="US"> <input type="hidden" name="item_name" value="PIN Number"> <input type="hidden" name="amount" value="0.01"> <input type="hidden" name="currency_code" value="USD"> <input type="hidden" name="button_subtype" value="services"> <input type="hidden" name="notify_url" value="http://xxx.com/henry/ipn.php" /> <input type="hidden" name="bn" value="PP-BuyNowBF:btn_buynowCC_LG.gif:NonHosted"> <table> <tr><td><input type="hidden" name="on0" value="Sythe Username">Sythe Username</td></tr><tr><td><input type="text" name="os0" maxlength="60"></td></tr> <tr><td><input type="hidden" name="on1" value="Email Address">Email Address</td></tr><tr><td><input type="text" name="os1" maxlength="60"></td></tr> </table> <input type="image" src="https://www.paypal.com/en_US/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!"> <img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> </div> </body> </html> ipn.php <?php mysql_connect("localhost", "dima1989_max", "xx") or die(mysql_error()); mysql_select_db("dima1989_henry") or die(mysql_error()); // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen ('https://www.sandbox.paypal.com/', 443, $errno, $errstr, 30); if (!$fp) { // HTTP ERROR } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res, "VERIFIED") == 0) { // PAYMENT VALIDATED & VERIFIED! $sythename = $_POST['os0']; $payer_email = $_POST['payer_email']; $txn_id = $_POST['txn_id']; $get1pin = mysql_query("SELECT pins FROM pin ORDER BY RAND() LIMIT 1") or die(mysql_error()); $get1pin = mysql_escape_string($get1pin); $payer_email = mysql_escape_string($payer_email); $txn_id = mysql_escape_string($txn_id); $sythename = mysql_escape_string($sythename); mysql_query("INSERT INTO users (pin, paypal, transaction, name) VALUES('".$get1pin."', '".$txn_id."', '".$txn_id."','".$sythename."' ) ") or die(mysql_error()); echo "Your PIN number is ".$get1pin.". Keep it in a safe place."; mysql_query("INSERT INTO tes (test) VALUES('1') ") or die(mysql_error()); } else if (strcmp ($res, "INVALID") == 0) { // PAYMENT INVALID & INVESTIGATE MANUALY! echo "The payment is invalid."; } } fclose ($fp); } ?>

I have these two codes: index.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>PIN shop</title> <link rel="stylesheet" type="text/css" media="All" href="css/style.css" /> </head> <body> <div id="wrap"> <h3>Purchase PINs</h3> <p>Please click the button below to receive login details for the download area. <br /> Already have an account? <a href="login.php">Login</a> here.</p> <form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_xclick"> <input type="hidden" name="business" value="[email protected]"> <input type="hidden" name="lc" value="US"> <input type="hidden" name="item_name" value="PIN Number"> <input type="hidden" name="amount" value="0.01"> <input type="hidden" name="currency_code" value="USD"> <input type="hidden" name="button_subtype" value="services"> <input type="hidden" name="notify_url" value="http://newzonemedia.com/henry/ipn.php" /> <input type="hidden" name="bn" value="PP-BuyNowBF:btn_buynowCC_LG.gif:NonHosted"> <table> <tr><td><input type="hidden" name="on0" value="Sythe Username">Sythe Username</td></tr><tr><td><input type="text" name="os0" maxlength="60"></td></tr> <tr><td><input type="hidden" name="on1" value="Email Address">Email Address</td></tr><tr><td><input type="text" name="os1" maxlength="60"></td></tr> </table> <input type="image" src="https://www.paypal.com/en_US/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!"> <img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> </div> </body> </html> ipn.php <?php mysql_connect("localhost", "dima1989_max", "xxxxx") or die(mysql_error()); mysql_select_db("dima1989_henry") or die(mysql_error()); // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30); if (!$fp) { // HTTP ERROR } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res, "VERIFIED") == 0) { // PAYMENT VALIDATED & VERIFIED! $sythename = $_POST['os0']; $payer_email = $_POST['payer_email']; $txn_id = $_POST['txn_id']; $get1pin = mysql_query("SELECT pins FROM pin ORDER BY RAND() LIMIT 1") or die(mysql_error()); $get1pin = mysql_escape_string($get1pin); $payer_email = mysql_escape_string($payer_email); $txn_id = mysql_escape_string($txn_id); $sythename = mysql_escape_string($sythename); mysql_query("INSERT INTO users (pin, paypal, transaction, name) VALUES('".$get1pin."', '".$txn_id."', '".$txn_id."','".$sythename."' ) ") or die(mysql_error()); echo "Your PIN number is ".$get1pin.". Keep it in a safe place."; mysql_query("INSERT INTO tes (test) VALUES('1') ") or die(mysql_error()); } else if (strcmp ($res, "INVALID") == 0) { // PAYMENT INVALID & INVESTIGATE MANUALY! echo "The payment is invalid."; } } fclose ($fp); } ?> No matter what I do, the debug (Insert 1 into database) never does it, and I never get returned to the main page ipn.php. Help? Thanks

Hey guys I got this code: function SteamToCommunity( $SteamId ) { $Parts = Explode( ':', Str_Replace( 'STEAM_', '', $SteamId ) ); return BcAdd( BcAdd( '76561197960265728', $Parts[ '1' ] ), BcMul( $Parts[ '2' ], '2' ) ); } Whenever I try to use this function it always brings up trailing 0's after the interger, such as "76561197961308838.0000000000" I only need 76561197961308838, my friend who has the same exact script, it doesn't do the trailing zero's, any help? thanks.