PayPal to PHP script.

[bundyxc]

I want to make it so that once a user pays for a premium account, then my site runs a script similar to this: "UPDATE users SET premium=1 WHERE userid =" . $userid . " and premium = 0"

 

Pretty simple.. but I'm curious: how do I make it so that this is executed once the user pays via PayPal?

[Mardoxx]

Don't paypal accommodate for this with their payment script thing?

 

or does it just allow redirection?

 

if it only allows redirection i suppose you could make it redirect to a script that executes the sql code but ONLY if $_GET['uniqueID']= something..

 

i'm not very good with authentication...soo

 

 

I'm p sure there are some addons for joomla or things like that or even phpbb or vbulletin or IPB that have paypal donation scripts you could dissect and have a look at how they do it

[bundyxc]

Anybody have any experience in this, or any clue?

[gevans]

Paypal offers an IPN service, instant payment notification. Once a payment has been attempted it calls a designated script on your server (in the background) with all the details off the payment.

 

An IPN script I've written before looks like this...

 

<?php
if(!require_once('../inc/config.php')) exit;
if(!require_once('../libs/mysql.lib.php')) exit;
$DB = new mysql($CONFIG);
if(!require_once('../libs/clean.lib.php')) exit;
$CN = new clean;

// if there's no Post data stop the script
if(empty($_POST)) exit;

include_once('../func/sendMail.func.php');

function paymentResponse($notes, $verified=0, $valid=0) {
global $DB, $CONFIG;
if(!$valid || !$verified) {
	$subject = "##### Premiere Payment";
	$message = <<<MSG
##### Admin,\r\n\r\n
There was a problem with a recent Paypal Transaction\r\n\r\n
Best Wishes,\r\n
##### Automated System
MSG;
	sendMail($subject, $message, $CONFIG['ADMIN']);
}
if(!LIVE) {
	$valid = 0;
	$verified = 0;
	$notes = "SANDBOX - ".$notes;
}

$main_query = "INSERT INTO `premiere_history` (property_id, booking_date, txn_id, valid, verified, notes)
VALUES ('{$_POST['custom']}',NOW(),'{$_POST['txn_id']}',$valid,$verified,'$notes')";
$DB->query($main_query);
if($valid && $verified) {
	$confirm_property = "UPDATE `property` SET `active`=1 WHERE id={$_POST['custom']}";
	$result = $DB->query($confirm_property);
	if(!$result) {
		$subject = "##### Premiere Payment";
		$message = <<<MSG
##### Admin,\r\n\r\n
There was a problem updating premiere_history following a Paypal Transaction\r\n\r\n
Best Wishes,\r\n
##### Automated System
MSG;
		sendMail($subject, $message, $CONFIG['ADMIN']);
	} else {
		//send mail to user	
		$query = "SELECT `u`.`fnm`, `u`.`snm`, `u`.`email` 
			FROM `users` u, `property` p 
			WHERE `p`.`id`={$_POST['custom']} 
			AND `u`.`id`=`p`.`user_id`";
		$result = $DB->query($query);
		list($fnme,$snme,$email) = $DB->fetch_row($result);
		$subject = "##### Premiere Payment";
		$message = <<<MSG
Dear {$fnme} {$snme},\r\n\r\n
Thank you for registering your Premiere Listing with #####\r\n\r\n
Best Wishes,\r\n
##### Automated System
MSG;
		sendMail($subject, $message, $email);
	}
}

//save all data
//add date for reference
$fp_log = fopen('../datalog.txt', 'a');
fwrite($fp_log, "-------------------------------------------------------------------------\n\n");
fwrite($fp_log, "Date: ".date('d-m-y H:i:s')."\n");
fwrite($fp_log, "Note: ".$notes."\n");
foreach($_POST as $key => $value) {
	fwrite($fp_log, "$key: $value\n");
}
fwrite($fp_log, "\n");
fclose($fp_log);
}

// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';

foreach($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}

// start post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

// assign posted variables to local variables
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];

if(isset($_POST['test_ipn']) && $_POST['test_ipn']) {
// run following script when testing payments
$fp_pp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);
define('LIVE', FALSE);
} else {
// run following script when receiving normal payments
$fp_pp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
define('LIVE', TRUE);
}

if (!$fp_pp) {
// HTTP ERROR
paymentResponse('HTTP ERROR', 0, 0);
} else {
fputs($fp_pp, $header.$req);
while (!feof($fp_pp)) {
	$res = fgets($fp_pp, 1024);
	if(strcmp($res, "VERIFIED") == 0) {
		if($payment_status == 'Completed') {
			$query = "SELECT `id` FROM `premiere_history` WHERE txn_id = '$txn_id'";
			$result = $DB->query($query);
			if($DB->num_rows($result) === FALSE) {
				if(($receiver_email == $CONFIG['PAYPAL_RECEIVER_EMAIL']) && $payment_amount == $CONFIG['PAYPAL_PAYMENT_AMOUNT'] && $payment_currency == $CONFIG['PAYPAL_CURRENCY'] && $item_number == $CONFIG['PAYPAL_ITEM_NUMBER']) {
					paymentResponse('It was all fine', 1, 1);
				} else {
					paymentResponse('Problem with receiver email, payment amount, payment currency or item number', 1, 0);
				}
			} else {
				paymentResponse('txn_id been previosuly processed', 1, 0);
			}
		} else {
			paymentResponse('payment_status not set to "Complete", payment_status: '.$payment_status, 1, 0);
		}
	} elseif(strcmp($res, "INVALID") == 0) {
		paymentResponse('Paypal returned INVALID', 0, 0);
	}
}
fclose ($fp_pp);
}
?>

 

The '#####' are just hidding the name of the site it was built for.