PHP and Paypal IPN

[Ricksteruk]

Hi guys

 

I have a script currently working however I am trying to add a SQL command within the script to update a database.

<?php
session_start();

// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
$ip = $_SERVER['REMOTE_ADDR'];
$amt = 0.01;
$url=$_SERVER['REQUEST_URI'];

if(strstr($url,'2diWrwJlDa')){
    $amt=0.01;
}



foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);

// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = strtolower($_POST['payment_status']);
$payment_amount = $_POST['mc_gross'];
$sub_status = $_POST['txn_type'];
$sub_amount = $_POST['mc_amount3'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$business = $_POST['business'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];

/* ------- Feel free to add any variables above ------
   ------- that you wish to retrieve from PayPal ----- */

if (!$fp) {
   unable();
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {

$payment_status = strtolower($payment_status);
$sub_status = strtolower($sub_status);
$verifyNum=0;
if((strstr($payment_status,"comp"))||(strstr($sub_status,"signup"))||(strstr($sub_status,"payment"))){$verifyNum++;}
else if(strstr($sub_status,"cancel")){fclose ($fp);exit;}
else{$reason1 = "Payment/Subscription Status Not Complete.";}

$receiver="stevegodders@hotmail.com";
if((strstr($receiver,$receiver_email))||($business=="stevegodders@hotmail.com")){$verifyNum++;}
else{$reason2 = "Payment Receiver Email not correct.";}

if((($payment_amount == $amt)||($sub_amount == $amt)) && (strtolower($payment_currency) == "gbp")){$verifyNum++;}
else{
if(strtolower($payment_currency) != "gbp"){$cur=strtoupper('gbp');$reason3 = "Currency is set at $payment_currency and not $cur";}
else{$reason3 = "Payment amount has been tampered with.";}
}
// IF ERRORS FOUND
   if(($verifyNum < 3)&&($ip != "216.113.188.202")){
        $headrs = "From: Payment Error Report <email@hotmail.com>\n";
        $headrs .= "Content-type: text/plain;\r\n";
        $sendToMe = "email@hotmail.com";
        $errSub = "IPN Payment Error Reporting\n";
        $errMessage = "
There has been an Error with the following Payment >>>

Transaction ID: $txn_id
Reciever Email: $receiver_email
Payee Email: $payer_email
Logged IP: $ip

Reasons:
$reason1
$reason2
$reason3

Please investigate.

Instant IPN Generator Payment Error Reporting.";

        mail($sendToMe,$errSub,$errMessage,$headrs);
        isError($ip);
        exit;
   }
   else if($verifyNum == 3){
       

       /* -----------------------------
       If you'd like to add the PayPal information to
       a database or email your buyer, you can add any
       code here between the two headers:
       
          BEGIN EDITABLE AREA ---------- */
      mysql_connect("localhost", "XXXXX", "XXXXX")or die("cannot connect");

      mysql_select_db("XXXXX")or die("cannot select DB");

[color=red]"UPDATE qls3_users SET group_id = '9' WHERE $payer_email = 'email'";[/color]  <<<< THIS IS THE BIT THAT DONT SEEM TO WORK

       /* END EDITABLE AREA ------------ */

       header("location:undefined");
       exit;
   }
   else {
       unable();
   }

}
else if (strcmp ($res, "INVALID") == 0) {
        $headrs = "From: betbox Payment Error <email@hotmail.com>\n";
        $headrs .= "Content-type: text/plain;\r\n";
        $sendToMe = "email.com";
        $errSub = "IPN  Payment Error Reporting\n";
        $errMessage = "
There has been an Error with the following Payment >>>

Logged IP: $ip

Reasons:
Payment came back as INVALID. Possible direct view or attempt at Fraud.

Please investigate.

Instant IPN Generator Payment Error Reporting.";
     mail($sendToMe,$errSub,$errMessage,$headrs);
     isError($ip);

}
}
fclose ($fp);
}
function isError($ip){
echo "<p>Sorry, there was an error with your payment.</p>";
  if($ip){
      echo "<p>Your IP address of $ip has been logged for further investigation.</p>";
  }
echo "<p>If you have purchased this product and are seeing this error, please contact us at<br><a href=\"mailto:email.com\" style=\"color:#AA0000;\">email.com</a> and quote your PayPal Transaction ID.<br><br>Thank You,<br>bet fair.<br><a href=\"http://www.betfairbettingsoftware.com\" style=\"color:#AA0000;\">http://www.example.com</a></p>";
}
function unable(){
?>
<head>
<title>http://www.exampl.com Payment Error</title>
</head>
<body>
<div style="text-align:center;">
<div style="margin:10px auto 10px auto;width:600px;background:#F0F0F0;padding:20px;text-align:left;border:solid 3px #FF0000;font-family:arial;font-size:13px;">
<p>We are very sorry, there seems to be some difficulty processing your Payment.</p>
<p>This may be an error related to our Web Site communicating with PayPal's Web Site. We are very sorry for the inconvenience. Your payment may have been received regardless of this error.</p>
<p>Please log into your PayPal account and verify whether or not this transaction has been completed. If so, please contact us at <a href="mailto:email.com" style="color:#AA0000;">email addy</a>. Please quote the Transaction ID in your correspondence.</p>
<p>If your PayPal account shows no indication of this transaction having been completed, feel free to try purchasing again on our <a href="http://www.example.com" style="color:#AA0000;">Web Site</a>. If, inadvertently, you are double charged through this course of action, we will refund one of your purchases immediately.</p>
<p>Once again, we are sorry for your inconvenience.</p>
<p>Kind Regards,<br>
<br>
http://www.example.com</p>
</div>
</div>
</body>
<?
}
?>

 

Does anyone have a way to resolve this. Basically All i need to do is when I get the IPN is update a datasebase group ID to 9 for a user whos email address is the same as that used in paypal?

 

[harristweed]

Payer email wont ='emal'

 

It might = $payer_email

 

UPDATE qls3_users SET group_id = '9' WHERE email = '$payer_email' 

[Ricksteruk]

Thanks for the suggestion, i have just tried that and the database still does not get updated, no error messages get returned either though

[harristweed]

where is the update run?

mysql_select_db("XXXXX")or die("cannot select DB");

[color=red]"UPDATE qls3_users SET group_id = '9' WHERE $payer_email = 'email'";[/color]  <<<< THIS IS THE BIT THAT DONT SEEM TO WORK

       /* END EDITABLE AREA ------------ */

       header("location:undefined");
       exit;

 

I can't see that you have even connected to the database!

      $link_id=mysql_connect("localhost", "XXXXX", "XXXXX")or die("cannot connect");

      mysql_select_db("XXXXX")or die("cannot select DB");

$update="UPDATE qls3_users SET group_id = '9' WHERE  email = '$payer_email'";

if(!mysql_query($update,$link_id))
$error=mysql_error();
echo $error; // or add to email or wherever you want to show it

       /* END EDITABLE AREA ------------ */

       header("location:undefined");
       exit;

 

 

[harristweed]

missed of the braces doh!!!

if(!mysql_query($update,$link_id)) {
$error=mysql_error();
echo $error; 
}

 

 

[Ricksteruk]

Ok I now have

      mysql_connect("localhost", "XXXX", "XXXXX")or die("cannot connect");

      mysql_select_db("XXXXX")or die("cannot select DB");

$update="UPDATE qls3_users SET group_id = '9' WHERE  email = '$payer_email'";

if(!mysql_query($update,$link_id)) {
$error=mysql_error();
echo $error; 
}

 

 

But the database is still not being updated or any error messages?

 

[Ricksteruk]

I have just found out its creating these errors

 

 

[21-Feb-2010 06:45:30] PHP Warning:  mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/xxxx/public_html/pay.php on line 109

[21-Feb-2010 06:45:30] PHP Warning:  Cannot modify header information - headers already sent by (output started at /home/xxxxx/public_html/pay.php:109) in /home/betfairb/public_html/pay.php on line 119

 

But I cant work out what is causing them. Usually im quite confident with PHP however i think i must be having a dunce week

[brosskgm]

Maybe this will help. It's what I use. But it takes several files to get the sign-up process finished and updated by IPN to the database.

 

Paypal will also monitor if they cancel and dates and everything for you as long as your system talks to theirs. You don't need to monitor it much except to make sure it's doing what it's suppose to.

 

Paypal has a sandbox.paypal.com that is very helpful.

 

[attachment deleted by admin]

[brosskgm]

My next step is to also include alertpay in the mix. They are gaining ground where paypal is not.

[Ricksteruk]

Nice script Brosskgm however I like to keep things simple and your particular script is giving far to many options etc.

 

I already have a log in system which is working fine, my only problem is getting the IPN to update the database to show someone has paid something for their group status.

[brosskgm]

Right,

 

But under signup.php and backend.php it has all the talk/reply from paypal and might give a little help to what yours is missing or might need. I just tossed it all because that how it was worked on when it was getting cleaned it up. I inherited it from a friend that could never get it working, and I had found a lot of typo's, and <?= $_variable ?> that needed to be changed to <?php echo $_variable; ?> But after a couple weeks the things are working great. So when I see someone working on a paypal IPN I just send it to maybe it will help.

 

I used to have my own login add user etc, I actually switched to this one and made it the main user database(members in this code) because a membership IPN will need to be in Paypal format for them to keep you updated.

 

 

 

 

[Ricksteruk]

I am still looking through the scripts to see if i can spot what is wrong with my one.

 

With your script does it prevent the same user from logging in more than once at a time, ie I log in and then my friend logs in with my details at the same time?

[brosskgm]

Let me rephrase that a little. The members part of the database it creates under admininstall.php is the style paypal uses to send it's information and keep your records of the users, payment made, canceled, etc..  You don't have to do anything once it's running except keep an eye on them.

 

I had my own signup and add user routine, but I changed it to use the members table and the incorporated parts of signup.php and backend, success(needed by paypal return) into my signup.php.

[brosskgm]

Not really, My system is information they upload to only their databases, so that was never really an issue. If they allowed friends etc... It would all get mixed in and they wouldn't be able to sort it.

 

Now it does have an IP monitor, or number of login's in one day and can send a warning, or if you set a limit on daily logins. you might be abel to do somethign if they use a different location. I'd have to look to see if it has that in there.

 

 

 

[DataRater]

I doubt that '$payer_email'"; will convert $payer_email to an email as you have got single quotes around it.

 

Stephen

[DataRater]

Sorry I'm wrong.

 

Stephen

[DataRater]

You've lost your $link_id =

 

mysql_connect("localhost", "XXXX", "XXXXX")or die("cannot connect");

 

      mysql_select_db("XXXXX")or die("cannot select DB");

 

$update="UPDATE qls3_users SET group_id = '9' WHERE  email = '$payer_email'";

 

if(!mysql_query($update,$link_id)) {

$error=mysql_error();

echo $error;

}

 

 

Stephen

[brosskgm]

In your paypal setup make sure the notification URL points to signup.php and the web site payment preferences have auto return on also pointing to signup.php.

 

All the code sent to you has the sandbox url for testing. I didn't put the live link in there.

I believe there are two or three places just search for "sandbox" and remove it from the url when you go live.