Paypal Php Script

[R0cky0wnz]

Hey guys, some friend told me to post here as he claimed that my code is out of date and isn't working

 

Here are the files http://www.upload.ee/files/2930049/img.rar.html

 

Im getting trouble with database updating as mysql insert function fails to work

[Christian F.]

Please post the relevant code here, using the

code tags.

I do not wish to download a random RAR file from somewhere, and spend a lot of time going through multiple files, just to be able to help you. Disregarding the possibility of malware, I simply don't have the time to spend on all of this. At least not without getting paid. A situation which is true for most of us, I suspect.

 

In short: Help us help you, and the likelihood of actually getting help will increase.

Edited December 26, 2012 by Christian F.

[R0cky0wnz]

alright

 

paypal.class.php

<?php
/*******************************************************************************
*                      PHP Paypal IPN Integration Class
*******************************************************************************
*      Author:     Micah Carrick
*      Email:      email@micahcarrick.com
*      Website:    http://www.micahcarrick.com
*
*      File:       paypal.class.php
*      Version:    1.3.0
*      Copyright:  (c) 2005 - Micah Carrick
*                  You are free to use, distribute, and modify this software
*                  under the terms of the GNU General Public License.  See the
*                  included license.txt file.
*      
*******************************************************************************
*  VERION HISTORY:
*      v1.3.0 [10.10.2005] - Fixed it so that single quotes are handled the
*                            right way rather than simple stripping them.  This
*                            was needed because the user could still put in
*                            quotes.
*  
*      v1.2.1 [06.05.2005] - Fixed typo from previous fix 
*
*      v1.2.0 [05.31.2005] - Added the optional ability to remove all quotes
*                            from the paypal posts.  The IPN will come back
*                            invalid sometimes when quotes are used in certian
*                            fields.
*
*      v1.1.0 [05.15.2005] - Revised the form output in the submit_paypal_post
*                            method to allow non-javascript capable browsers
*                            to provide a means of manual form submission.
*
*      v1.0.0 [04.16.2005] - Initial Version
*
*******************************************************************************
*  DESCRIPTION:
*
*      NOTE: See www.micahcarrick.com for the most recent version of this class
*            along with any applicable sample files and other documentaion.
*
*      This file provides a neat and simple method to interface with paypal and
*      The paypal Instant Payment Notification (IPN) interface.  This file is
*      NOT intended to make the paypal integration "plug 'n' play". It still
*      requires the developer (that should be you) to understand the paypal
*      process and know the variables you want/need to pass to paypal to
*      achieve what you want.  
*
*      This class handles the submission of an order to paypal aswell as the
*      processing an Instant Payment Notification.
*  
*      This code is based on that of the php-toolkit from paypal.  I've taken
*      the basic principals and put it in to a class so that it is a little
*      easier--at least for me--to use.  The php-toolkit can be downloaded from
*      http://sourceforge.net/projects/paypal.
*      
*      To submit an order to paypal, have your order form POST to a file with:
*
*          $p = new paypal_class;
*          $p->add_field('business', 'somebody@domain.com');
*          $p->add_field('first_name', $_POST['first_name']);
*          ... (add all your fields in the same manor)
*          $p->submit_paypal_post();
*
*      To process an IPN, have your IPN processing file contain:
*
*          $p = new paypal_class;
*          if ($p->validate_ipn()) {
*          ... (IPN is verified.  Details are in the ipn_data() array)
*          }
*
*
*      In case you are new to paypal, here is some information to help you:
*
*      1. Download and read the Merchant User Manual and Integration Guide from
*         http://www.paypal.com/en_US/pdf/integration_guide.pdf.  This gives
*         you all the information you need including the fields you can pass to
*         paypal (using add_field() with this class) aswell as all the fields
*         that are returned in an IPN post (stored in the ipn_data() array in
*         this class).  It also diagrams the entire transaction process.
*
*      2. Create a "sandbox" account for a buyer and a seller.  This is just
*         a test account(s) that allow you to test your site from both the
*         seller and buyer perspective.  The instructions for this is available
*         at https://developer.paypal.com/ as well as a great forum where you
*         can ask all your paypal integration questions.  Make sure you follow
*         all the directions in setting up a sandbox test environment, including
*         the addition of fake bank accounts and credit cards.
*
*******************************************************************************
*/

class paypal_class {

  var $last_error;                 // holds the last error encountered

  var $ipn_log;                    // bool: log IPN results to text file?

  var $ipn_log_file;               // filename of the IPN log
  var $ipn_response;               // holds the IPN response from paypal  
  var $ipn_data = array();         // array contains the POST values for IPN

  var $fields = array();           // array holds the fields to submit to paypal


  function paypal_class() {

     // initialization constructor.  Called when class is created.

     $this->paypal_url = 'https://www.paypal.com/cgi-bin/webscr';

     $this->last_error = '';

     $this->ipn_log_file = '.ipnx_results.log';
     $this->ipn_log = true;
     $this->ipn_response = '';

     // populate $fields array with a few default values.  See the paypal
     // documentation for a list of fields and their data types. These defaul
     // values can be overwritten by the calling script.

     $this->add_field('rm','2');           // Return method = POST
     $this->add_field('cmd','_xclick');

  }

  function add_field($field, $value) {

     // adds a key=>value pair to the fields array, which is what will be
     // sent to paypal as POST variables.  If the value is already in the
     // array, it will be overwritten.

     $this->fields["$field"] = $value;
  }

  function submit_paypal_post() {

     // this function actually generates an entire HTML page consisting of
     // a form with hidden elements which is submitted to paypal via the
     // BODY element's onload attribute.  We do this so that you can validate
     // any POST vars from you custom form before submitting to paypal.  So
     // basically, you'll have your own form which is submitted to your script
     // to validate the data, which in turn calls this function to create
     // another hidden form and submit to paypal.

     // The user will briefly see a message on the screen that reads:
     // "Please wait, your order is being processed..." and then immediately
     // is redirected to paypal.

     echo "<html>\n";
     echo "<head><title>Processing Payment...</title></head>\n";
     echo "<body onload=\"document.forms['paypal_form'].submit();\">\n";
     echo "<center><h2>Please wait, your order is being processed and you";
     echo " will be redirected to the paypal website.</h2></center>\n";
     echo "<form method=\"post\" name=\"paypal_form\" ";
     echo "action=\"".$this->paypal_url."\">\n";

     foreach ($this->fields as $name => $value) {
        echo "<input type=\"hidden\" name=\"$name\" value=\"$value\"/>\n";
     }
     echo "<center><br/><br/>If you are not automatically redirected to ";
     echo "paypal within 5 seconds...<br/><br/>\n";
     echo "<input type=\"submit\" value=\"Click Here\"></center>\n";

     echo "</form>\n";
     echo "</body></html>\n";

  }

  function validate_ipn() {

     // parse the paypal URL
     $url_parsed=parse_url($this->paypal_url);        

     // generate the post string from the _POST vars aswell as load the
     // _POST vars into an arry so we can play with them from the calling
     // script.
     $post_string = '';    
     foreach ($_POST as $field=>$value) {
        $this->ipn_data["$field"] = $value;
        $post_string .= $field.'='.urlencode(stripslashes($value)).'&';
     }
     $post_string.="cmd=_notify-validate"; // append ipn command

     // open the connection to paypal
     $fp = fsockopen('ssl://'.$url_parsed[host],"443",$err_num,$err_str,30);


     if(!$fp) {

        // could not open the connection.  If loggin is on, the error message
        // will be in the log.
        $this->last_error = "fsockopen error no. $errnum: $errstr";
        $this->log_ipn_results(false);      
        return false;

     } else {

        // Post the data back to paypal
        fputs($fp, "POST $url_parsed[path] HTTP/1.1\r\n");
        fputs($fp, "Host: $url_parsed[host]\r\n");
        fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n");
        fputs($fp, "Content-length: ".strlen($post_string)."\r\n");
        fputs($fp, "Connection: close\r\n\r\n");
        fputs($fp, $post_string . "\r\n\r\n");

        // loop through the response from the server and append to variable
        while(!feof($fp)) {
           $this->ipn_response .= fgets($fp, 1024);
        }

        fclose($fp); // close connection

     }

     if (eregi("VERIFIED",$this->ipn_response)) {

        // Valid IPN transaction.
        $this->log_ipn_results(true);
        return true;      

     } else {

        // Invalid IPN transaction.  Check the log for details.
        $this->last_error = 'IPN Validation Failed.';
        $this->log_ipn_results(false);  
        return false;

     }

  }

  function log_ipn_results($success) {

     if (!$this->ipn_log) return;  // is logging turned off?

     // Timestamp
     $text = '['.date('m/d/Y g:i A').'] - ';

     // Success or failure being logged?
     if ($success) $text .= "SUCCESS!\n";
     else $text .= 'FAIL: '.$this->last_error."\n";

     // Log the POST variables
     $text .= "IPN POST Vars from Paypal:\n";
     foreach ($this->ipn_data as $key=>$value) {
        $text .= "$key=$value, ";
     }

     // Log the response from the paypal server
     $text .= "\nIPN Response from Paypal Server:\n ".$this->ipn_response;

     // Write to log
     $fp=fopen($this->ipn_log_file,'a');
     fwrite($fp, $text . "\n\n");

     fclose($fp);  // close file
  }

  function dump_fields() {

     // Used for debugging, this function will output all the field/value pairs
     // that are currently defined in the instance of the class using the
     // add_field() function.

     echo "<h3>paypal_class->dump_fields() Output:</h3>";
     echo "<table width=\"95%\" border=\"1\" cellpadding=\"2\" cellspacing=\"0\">
          <tr>
             <td bgcolor=\"black\"><b><font color=\"white\">Field Name</font></b></td>
             <td bgcolor=\"black\"><b><font color=\"white\">Value</font></b></td>
          </tr>";

     ksort($this->fields);
     foreach ($this->fields as $key => $value) {
        echo "<tr><td>$key</td><td>".urldecode($value)." </td></tr>";
     }

     echo "</table><br>";
  }
}

 

paypal.php

<?php

/*  PHP Paypal IPN Integration Class Demonstration File
*  4.16.2005 - Micah Carrick, email@micahcarrick.com
*
*  This file demonstrates the usage of paypal.class.php, a class designed  
*  to aid in the interfacing between your website, paypal, and the instant
*  payment notification (IPN) interface.  This single file serves as 4
*  virtual pages depending on the "action" varialble passed in the URL. It's
*  the processing page which processes form data being submitted to paypal, it
*  is the page paypal returns a user to upon success, it's the page paypal
*  returns a user to upon canceling an order, and finally, it's the page that
*  handles the IPN request from Paypal.
*
*  I tried to comment this file, aswell as the acutall class file, as well as
*  I possibly could.  Please email me with questions, comments, and suggestions.
*  See the header of paypal.class.php for additional resources and information.
*/
session_start();
$base = "/var/www/html/";
include("db.php");
require_once('paypal.class.php');  // include the class file
$p = new paypal_class;             // initiate an instance of the class
$p->paypal_url = 'https://www.sandbox.paypal.com/cgi-bin/webscr';   // testing paypal url
//$p->paypal_url = 'https://www.paypal.com/cgi-bin/webscr';     // paypal url

// setup a variable for this script (ie: 'http://www.micahcarrick.com/paypal.php')
$this_script = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];

// if there is not action variable, set the default action of 'process'
if (empty($_GET['action'])) $_GET['action'] = 'process';  


if (empty($_GET['amm'])) $_GET['amm'] = '1';


$EMAIL = 'apels9@gmail.com'; 


switch ($_GET['action']) {

  case 'process':      // Process and order...

if (empty($_GET['prod'])){
header("Location: index.php");
exit;
}


if (empty($_GET['username'])){
if($_GET['action'] = 'process'){
header("Location: index.php");
exit;
}
} 
     //if(!isset($_SESSION["username"])) {
     //    header("Location: login.php");
     //    exit;
     //}

     //include("include.php");
//die("donation is temporarily disabled!");

     // There should be no output at this point.  To process the POST data,
     // the submit_paypal_post() function will output all the HTML tags which
     // contains a FORM which is submited instantaneously using the BODY onload
     // attribute.  In other words, don't echo or printf anything when you're
     // going to be calling the submit_paypal_post() function.

     // This is where you would have your form validation  and all that jazz.
     // You would take your POST vars and load them into the class like below,
     // only using the POST values instead of constant string expressions.

     // For example, after ensureing all the POST variables from your custom
     // order form are valid, you might have:
     //
     // $p->add_field('first_name', $_POST['first_name']);
     // $p->add_field('last_name', $_POST['last_name']);

$price = '5.00';
 if($_GET['prod'] == 1)
  $price = '5.00';
 if($_GET['prod'] == 2)
  $price = '15.00';
 if($_GET['prod'] == 3)
  $price = '15.00';
 if($_GET['prod'] == 4)
  $price = '10.00';


     $p->add_field('custom', $_GET['username']);
     $p->add_field('business', $EMAIL);
     $p->add_field('return', $this_script.'?action=success');
     $p->add_field('cancel_return', $this_script.'?action=cancel');
     $p->add_field('notify_url', $this_script.'?action=ipn');
     $p->add_field('item_name', 'Package '.$_GET['prod']);
  $p->add_field('item_number', $_GET['prod']);
     $p->add_field('currency_code', 'USD');
     $p->add_field('amount', $price);
     //$p->add_field('quantity', $_GET['amm']);
     $p->add_field('lc', 'GB');
     $p->submit_paypal_post(); // submit the fields to paypal
     //$p->dump_fields();      // for debugging, output a table of all the fields
     break;

  case 'success':      // Order was successful...

     // This is where you would probably want to thank the user for their order
     // or what have you.  The order information at this point is in POST
     // variables.  However, you don't want to "process" the order until you
     // get validation from the IPN.  That's where you would have the code to
     // email an admin, update the database with payment status, activate a
     // membership, etc.  

     //include("include.php");
     echo "<h2>Donation Successful</h2><p>Your donation has been completed. To receive your items, log in to the Server. If you are already logged in, your must logout and then log back in. If you do not receive your donator items, please contact an administrator.</p>";
     // You could also simply re-direct them to another page, or your own
     // order status page which presents the user with the status of their
     // order based on a database (which can be modified with the IPN code
     // below).

     break;

  case 'cancel':       // Order was canceled...

     // The order was canceled before being completed.
     //include("include.php");
     echo "<h2>Donation Cancelled</h2><p>Your donation was cancelled.</p>";

     break;

  case 'ipn':          // Paypal is calling page for IPN validation...

     // It's important to remember that paypal calling this script.  There
     // is no output here.  This is where you validate the IPN data and if it's
     // valid, update your database to signify that the user has payed.  If
     // you try and use an echo or printf function here it's not going to do you
     // a bit of good.  This is on the "backend".  That is why, by default, the
     // class logs all IPN data to a text file.


     if ($p->validate_ipn()) {

        // Payment has been recieved and IPN is verified.  This is where you
        // update your database to activate or process the order, or setup
        // the database with the user's order details, email an administrator,
        // etc.  You can access a slew of information via the ipn_data() array.

        // Check the paypal documentation for specifics on what information
        // is available in the IPN POST variables.  Basically, all the POST vars
        // which paypal sends, which we send back for validation, are now stored
        // in the ipn_data() array.
        //$fh = fopen(".ipn", "a");
        //fwrite($fh, print_r($p->ipn_data, true));
        //fclose($fh);

        // For this example, we'll just email ourselves ALL the data.
        if($p->ipn_data["payment_status"] != "Completed") die();


        if($p->ipn_data["mc_gross"] > 0 && strcmp ($p->ipn_data["business"],$EMAIL) == 0) {
            $user = $p->ipn_data["custom"];
            $date = $p->ipn_data["payment_date"];
            $prodid = $p->ipn_data["item_number"];
            $amount = $p->ipn_data["mc_gross"];
            $amountTickets = 1;

            $user = str_replace("-", " ", $user);
            $user = str_replace("_", " ", $user);
            $user = mysql_real_escape_string($user);
            mysql_query("INSERT INTO `donation` (`username`, `time`, `productid`, `price`) VALUES ('" . $user . "', '" . $date . "', '" . $prodid . "', '" . $amount . "')") or die(mysql_error());


            $fh = fopen(".ipnerr", "a");
            fwrite($fh, mysql_error());
            fclose($fh);
        }
     }
     break;
}    

?>

[R0cky0wnz]

so the problem is that the insert mysql function doesnt work, any help?

[drewdan]

mysql_query requires to variables if I am not mistaken. The string and the connection. I cannot see this here.

 

mysql_query("INSERT INTO `donation` (`username`, `time`, `productid`, `price`) VALUES ('" . $user . "', '" . $date . "', '" . $prodid . "', '" . $amount . "')") or die(mysql_error());

 

I would use mysqli_query and do it like this:

 

$sql = "insert into donation values('$user', '$date', '$prodid', '$amount')";
$sql_res = mysqli_query($conn, $sql) or die(mysqli_error($conn));

 

The $conn variable would be your database connection. Seperating the sql string from the query helps me to see things better, it may be a little less efficent, but it helps me follow my code better.

 

Hope this helps!

[R0cky0wnz]

mysql_query requires to variables if I am not mistaken. The string and the connection. I cannot see this here.

 

mysql_query("INSERT INTO `donation` (`username`, `time`, `productid`, `price`) VALUES ('" . $user . "', '" . $date . "', '" . $prodid . "', '" . $amount . "')") or die(mysql_error());

 

I would use mysqli_query and do it like this:

 

$sql = "insert into donation values('$user', '$date', '$prodid', '$amount')";
$sql_res = mysqli_query($conn, $sql) or die(mysqli_error($conn));

 

The $conn variable would be your database connection. Seperating the sql string from the query helps me to see things better, it may be a little less efficent, but it helps me follow my code better.

 

Hope this helps!

alright man, Ill test, thanks

[R0cky0wnz]

nope it didnt work, could the problem be on PayPal IPN's sending?

[drewdan]

are you getting any error message? how are you testing the API?

[Muddy_Funster]

mysql_query requires to variables if I am not mistaken. The string and the connection. I cannot see this here.

 

mysql_query("INSERT INTO `donation` (`username`, `time`, `productid`, `price`) VALUES ('" . $user . "', '" . $date . "', '" . $prodid . "', '" . $amount . "')") or die(mysql_error());

 

I would use mysqli_query and do it like this:

 

$sql = "insert into donation values('$user', '$date', '$prodid', '$amount')";
$sql_res = mysqli_query($conn, $sql) or die(mysqli_error($conn));

 

The $conn variable would be your database connection. Seperating the sql string from the query helps me to see things better, it may be a little less efficent, but it helps me follow my code better.

 

Hope this helps!

There is absoloutly nothing wrong with the original query, and the suggested replacement will not work if there are more rows in the table than are being inserted.

 

@ OP -

so the problem is that the insert mysql function doesnt work, any help?

you need to explain this statement, what actually happens?

[R0cky0wnz]

I found the issue - it doesnt connect to database, but I have put all required rights already

[Muddy_Funster]

what's stoping it connecting?

[drewdan]

There is absoloutly nothing wrong with the original query, and the suggested replacement will not work if there are more rows in the table than are being inserted.

 

You're quite right, that would only if those 4 fields were all that were in the database, though, I imagine there would be some more. Can you show us your code you are using to connect to the database? (with users pass etc ommited).

 

$conn = mysqli_connect("localhost","username","password") or die(mysqli_error($conn));
mysqli_select_db($conn, "databasename") or die(mysqli_error($conn));
$sql = "INSERT INTO `donation` (`username`, `time`, `productid`, `price`) VALUES ('" . $user . "', '" . $date . "', '" . $prodid . "', '" . $amount . "')";
$sql_res=mysqli_query($conn, $sql) or die(mysqli_error($conn));

 

That would be my prefered way of connecting too and running a query on a mysql database. I assume that your database connection would be in here:

include("db.php");

 

Is this file including correctly?