leo7068 Posted February 8, 2008 Share Posted February 8, 2008 Hello, It looks like somewhere in this piece of code: if($HTTP_GET_VARS["action"]=="dodownload"){ if((session_is_registered("user"))){ $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); mysql_select_db(MYSQL_DATABASE); doheader("Download"); echo "<p>You have purchased the following files. Click on it to download.</p><p>"; $findhem = "select * from ipnm_txn where payer_id= '".addslashes($user)."'"; $query = mysql_query($findhem); echo $client; for($i=0; $i<mysql_num_rows($query); $i++){ $row = mysql_fetch_array($query); $item_info = "select * from ipnm_items where item_number = '".addslashes($row["item_number"])."'"; $query_item = mysql_query($item_info); $item_array = mysql_fetch_array($query_item); if($row["payment_status"] == "Completed"){ echo "<a href=\"".URL."?action=godownload&item_number=".$row["item_number"]."\">".stripslashes($item_array["item_name"])."</a><br>"; } } echo "</p>"; dofooter(); I am getting this error: [08-Feb-2008 13:20:51] PHP Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0 I am quessing it is this code creating the error, since it seems to be the only page not acting properly... Quote Link to comment Share on other sites More sharing options...
amites Posted February 8, 2008 Share Posted February 8, 2008 This is a fairly simple problem to patch and not so simple to fix, the patch will involve accessing your server an the fix will involve taking time to rewriting the script to match newer versions of PHP my recomendation: hire someone, it doesn't seem as though you want to take the time to learn to fix this yourself Quote Link to comment Share on other sites More sharing options...
leo7068 Posted February 8, 2008 Author Share Posted February 8, 2008 Here is the full code if that is needed: <? define("MYSQL_IP","localhost"); //database connection IP define("MYSQL_USERNAME","domesti3_payment"); //database username define("MYSQL_PASSWORD","caltrans"); //database password define("MYSQL_DATABASE","domesti3_iphone"); //database IPNm is stored in define("URL","http://unlock-iphone-otb.com/ipnm.php"); //Full URL to your script. SSL recommended but not required define("CURRENCY","USD"); //Set to the currency your paypal account is in. Check your paypal account for the 3 letter code define("INSTALL",0); //Determines if script is in Install mode. 0=Normal 1=INSTALL session_start(); function doheader($title){ echo "<html><head><title>ipnDownload $title</title></head><body><font size=\"+1\">$title</font>"; } function dofooter(){ echo "<p>"; if(session_is_registered("adminlog")){ echo "<a href=\"".URL."?action=admin\">Admin Home</a> <a href=\"".URL."?action=items\">Items</a> <a href=\"".URL."?action=users\">Users</a> <a href=\"".URL."?action=options\">Options</a> <a href=\"".URL."?action=logoutadmin\">Logout</a></p>"; } echo "</body></html>"; } if (INSTALL == 1 && !$HTTP_GET_VARS["install"]){ doheader("INSTALL"); echo "<p>Welcome to the IPNm installation process. This process will guide you through setting up IPNm on your server. Be sure you have already correctly defined the variables in this file.</p>"; echo "<p><form action=\"".URL."?install=1\" method = \"POST\" name=\"step0frm\"><input name=\"step0smt\" type=\"submit\" value=\"Continue\"></form>"; dofooter(); } if (INSTALL == 1 && $HTTP_GET_VARS["install"]==1){ doheader("INSTALL - Step 1"); echo "<p>Enter the information about your PayPal account below. Be sure this information is the same as entered on your PayPal account.</p>"; echo "<p><form action=\"".URL."?install=2\" method = \"POST\" name=\"step1frm\">Registered PayPal Email: <input type=\"text\" name=\"receiver_email\" size=\"20\"><br>Website/Business Name (Just the name your website/business goes by): <input type=\"text\" name=\"business\" size=\"20\"></p><p><input name=\"step1smt\" type=\"submit\" value=\"Continue\"></form>"; dofooter(); } if (INSTALL == 1 && $HTTP_GET_VARS["install"]==2){ doheader("INSTALL - Step 2"); echo "<p>Enter your desired administrator password below.</p>"; echo "<p><form action=\"".URL."?install=3\" method = \"POST\" name=\"step2frm\">Administrator Password: <input type=\"password\" name=\"adminpass\" size=\"20\"><input type=\"hidden\" name=\"receiver_email\" value=\"".$HTTP_POST_VARS["receiver_email"]."\"><input type=\"hidden\" name=\"business\" value=\"".$HTTP_POST_VARS["business"]."\"></p><p><input name=\"step2smt\" type=\"submit\" value=\"Continue\"></form>"; dofooter(); } if (INSTALL == 1 && $HTTP_GET_VARS["install"]==3){ doheader("INSTALL - Step 3"); echo "<p>You must now enter the full path to the location in which your protected downloads will reside. This should be a directory either inaccessable from the internet or protected by an .htaccess file. <b>The default value should be fine. DON'T CHANGE THIS UNLESS YOU KNOW WHAT YOU ARE DOING!</b></p>"; echo "<p><form action=\"".URL."?install=4\" method = \"POST\" name=\"step3frm\">Path to download dir: <input type=\"text\" name=\"image_url\" size=\"60\" value=\"".dirname(__FILE__)."/downloads/"."\"><input type=\"hidden\" name=\"receiver_email\" value=\"".$HTTP_POST_VARS["receiver_email"]."\"><input type=\"hidden\" name=\"business\" value=\"".$HTTP_POST_VARS["business"]."\"><input type=\"hidden\" name=\"adminpass\" value=\"".$HTTP_POST_VARS["adminpass"]."\"></p><p><input name=\"step2smt\" type=\"submit\" value=\"Continue\"></form>"; dofooter(); } if (INSTALL == 1 && $HTTP_GET_VARS["install"]==4){ doheader("INSTALL - Write to Database"); $receiver_email = trim($HTTP_POST_VARS["receiver_email"]); $adminpass = trim($HTTP_POST_VARS["adminpass"]); $business = trim($HTTP_POST_VARS["business"]); $image_url = trim($HTTP_POST_VARS["image_url"]); if ($receiver_email && $adminpass && business && $image_url){ $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); mysql_select_db(MYSQL_DATABASE); $ctable_sql = " CREATE TABLE `ipnm_clients` ( `payer_id` varchar(127) NOT NULL default '', `password` varchar(150) NOT NULL default '', `payer_email` varchar(127) NOT NULL default '', `first_name` varchar(127) NOT NULL default '', `last_name` varchar(127) NOT NULL default '', PRIMARY KEY (`payer_id`) ) TYPE=MyISAM; "; $ctable2_sql = " CREATE TABLE `ipnm_items` ( `item_number` int(11) NOT NULL auto_increment, `item_name` varchar(127) NOT NULL default '', `mc_gross` varchar(127) NOT NULL default '', `filename` varchar(150) NOT NULL default '', `serial_script` varchar(150) NOT NULL default '', PRIMARY KEY (`item_number`) ) TYPE=MyISAM AUTO_INCREMENT=9 ; "; $ctable3_sql = " CREATE TABLE `ipnm_options` ( `name` varchar(20) NOT NULL default '', `option` text NOT NULL ) TYPE=MyISAM; "; $ctable4_sql = " CREATE TABLE `ipnm_txn` ( `txn_id` varchar(127) NOT NULL default '', `payment_status` varchar(127) NOT NULL default '', `payer_id` varchar(127) NOT NULL default '', `item_number` varchar(127) NOT NULL default '', `payment_date` varchar(127) NOT NULL default '', `memo` varchar(127) NOT NULL default '', PRIMARY KEY (`txn_id`) ) TYPE=MyISAM; "; $ctable_result = mysql_query($ctable_sql); $ctable2_result = mysql_query($ctable2_sql); $ctable3_result = mysql_query($ctable3_sql); $ctable4_result = mysql_query($ctable4_sql); $i1 = "INSERT INTO `ipnm_options` VALUES ('payment_failed', 'Your purchase of item_name was not completed, probably due to the fact that the payment didn\'t transfer from the bank account you used to fund your purchase. No money was transfered from your account. Please make sure your bank account is properly set up with your paypal account and then try repurchasing the item.')"; $i2 = "INSERT INTO `ipnm_options` VALUES ('payment_denied', 'Your purchase of item_name has been denied. This usually is because of a credit/debit card not funding the purchase. Check your PayPal account for more information and then try purchasing item_name again.')"; $i3 = "INSERT INTO `ipnm_options` VALUES ('payment_complete', 'Thank you for purchasing item_name. Your purchase has been completed. You must not visit downurl to download your file. You will be asked for the following info.downpass')"; $i4 = "INSERT INTO `ipnm_options` VALUES ('payment_refunded', 'Your purchase of item_name has been succussfully refunded.')"; $i1 = mysql_query($i1); $i2 = mysql_query($i2); $i3 = mysql_query($i3); $i4 = mysql_query($i4); $insert_rec_sql = "insert into ipnm_options values ('receiver_email','".addslashes($receiver_email)."')"; $insert_rec_result = mysql_query($insert_rec_sql); $insert_admin_sql = "insert into ipnm_options values ('adminpass','".addslashes(crypt($adminpass,"drtsyscool"))."')"; $insert_admin_result = mysql_query($insert_admin_sql); $insert_image_sql = "insert into ipnm_options values ('image_url','".addslashes($image_url)."')"; $insert_image_result = mysql_query($insert_image_sql); $insert_bus_sql = "insert into ipnm_options values ('business','".addslashes($business)."')"; $insert_bus_result = mysql_query($insert_bus_sql); echo "<p>You have successfully finished setting up the database. You are not done yet though, there is one more very important step.</p>"; echo "<p>You must set the INSTALL variable in the script to '0'. The script will not function until you do so.</p>"; echo "<p>After completing those steps, you can begin to use your script. Your administration control panel can be accessed by directing your browser to this script. From there you can add items and start selling your products!</p>"; }else{ echo "<p>you have not completed all the required fields. Click <a href=\"".URL."\">here</a> to rerun setup.</p>"; } dofooter(); } if (INSTALL == 1){ exit; } function DownloadFile($filename) { // Check filename if (empty($filename) || !file_exists($filename)) { return FALSE; } // Create download file name to be displayed to user $saveasname = basename($filename); // Send binary filetype HTTP header header('Content-Type: application/octet-stream'); // Send content-length HTTP header header('Content-Length: '.filesize($filename)); // Send content-disposition with save file name HTTP header header('Content-Disposition: attachment; filename="'.$saveasname.'"'); // Output file readfile($filename); // Done return TRUE; } if($HTTP_GET_VARS["action"]=="godownload"){ if((session_is_registered("user"))){ $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); mysql_select_db(MYSQL_DATABASE); $item_number = $HTTP_GET_VARS["item_number"]; $findhem = "select * from ipnm_txn where payer_id= '".addslashes($user)."' and item_number = '".$item_number."'"; $query = mysql_query($findhem); if (mysql_num_rows($query) > 0){ $trans = mysql_fetch_array($query); if($trans["payment_status"] == "Completed"){ $query_item = "select * from ipnm_items where item_number = '".$item_number."'"; $result_item = mysql_query($query_item); $itemsarray = mysql_fetch_array($result_item); $filename = $itemsarray["filename"]; $getoptions = "select * from ipnm_options where name = 'image_url'"; $row = mysql_result(mysql_query($getoptions),0,"option"); $prefix = $row; $wholefile = $prefix."/".$filename; DownloadFile($wholefile); echo $wholefile; } } } } if($HTTP_GET_VARS["action"]=="dodownload"){ if((session_is_registered("user"))){ $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); mysql_select_db(MYSQL_DATABASE); doheader("Download"); echo "<p>You have purchased the following files. Click on it to download.</p><p>"; $findhem = "select * from ipnm_txn where payer_id= '".addslashes($user)."'"; $query = mysql_query($findhem); echo $client; for($i=0; $i<mysql_num_rows($query); $i++){ $row = mysql_fetch_array($query); $item_info = "select * from ipnm_items where item_number = '".addslashes($row["item_number"])."'"; $query_item = mysql_query($item_info); $item_array = mysql_fetch_array($query_item); if($row["payment_status"] == "Completed"){ echo "<a href=\"".URL."?action=godownload&item_number=".$row["item_number"]."\">".stripslashes($item_array["item_name"])."</a><br>"; } } echo "</p>"; dofooter(); } } if($HTTP_GET_VARS["action"]=="download"){ $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); mysql_select_db(MYSQL_DATABASE); $getoptions = "select * from ipnm_clients where payer_email = '".addslashes($HTTP_POST_VARS["payer_email"])."'"; if($HTTP_POST_VARS["payer_email"]){ $row = mysql_fetch_array(mysql_query($getoptions)); } if(($HTTP_POST_VARS["password"] == stripslashes($row["password"]) && $HTTP_POST_VARS["payer_email"] && $HTTP_POST_VARS["password"])){ $user = $row["payer_id"]; session_register("user"); header("Location: ".URL."?action=dodownload"); }else{ doheader("Download Login"); if ($HTTP_POST_VARS["payer_email"]){ echo "<p>Your login information was incorrect. Please try again</p>"; } ?> <p>In order to download your file, you must enter the information given to you in the email sent to you below.<br><form method="POST" action="<?echo URL;?>?action=download"> <p>E-mail: <input type="text" name="payer_email" size="20"><br>Password: <input type="password" name="password" size="20"><input type="submit" value="Submit" name="B1"></p> </form></p> <? dofooter(); } } if(!$HTTP_GET_VARS["action"]){ doheader("IPNm"); echo "<p>Welcome to IPNm. If are a user who has purchased something, click <a href=\"".URL."?action=download\">here</a>. If you are an administrator, click <a href=\"".URL."?action=admin\">here</a>.</p>"; dofooter(); } if($HTTP_GET_VARS["action"]=="success"){ doheader("Purchase Succussfull!"); echo "<p>You purchase has been completed succussfully. An email has been sent to you with instructions on how to download your file.</p>"; dofooter(); } if($HTTP_GET_VARS["action"]=="cancel"){ doheader("Purchase Unsuccussfull"); echo "<p>You purchase has not been completed.</p>"; dofooter(); } if($HTTP_GET_VARS["action"]=="dooptions" && session_is_registered("adminlog")){ $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); mysql_select_db(MYSQL_DATABASE); if($HTTP_POST_VARS["adminpass"] && $HTTP_POST_VARS["option"]==$HTTP_POST_VARS["option2"]){ $sql = "update ipnm_options set `option` = '".addslashes(crypt($HTTP_POST_VARS["option"],"drtsyscool"))."' where name = 'adminpass'"; }else if($HTTP_POST_VARS["image_url"] && $HTTP_POST_VARS["option"]){ $sql = "update ipnm_options set `option` = '".addslashes($HTTP_POST_VARS["option"])."' where name = 'image_url'"; }else if($HTTP_POST_VARS["payment_email"] && $HTTP_POST_VARS["option"] && $HTTP_POST_VARS["payment"]){ $sql = "update ipnm_options set `option` = '".addslashes($HTTP_POST_VARS["option"])."' where name = '".addslashes($HTTP_POST_VARS["payment"])."'"; }else if($HTTP_POST_VARS["receiver_email"] && $HTTP_POST_VARS["option"]){ $sql = "update ipnm_options set `option` = '".$HTTP_POST_VARS["option"]."' where name = 'receiver_email'"; } if ($sql){ $result = mysql_query($sql); header("Location: ".URL."?action=options"); }else{ doheader("Change Options"); echo "<p>The options were not changed. Please try again</p>"; dofooter(); } } if($HTTP_GET_VARS["action"]=="options" && session_is_registered("adminlog")){ doheader("Options"); $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); mysql_select_db(MYSQL_DATABASE); $image_url = mysql_result(mysql_query("select * from ipnm_options where name = 'image_url'"),0,"option"); $payment_complete = mysql_result(mysql_query("select * from ipnm_options where name = 'payment_complete'"),0,"option"); $payment_failed = mysql_result(mysql_query("select * from ipnm_options where name = 'payment_failed'"),0,"option"); $payment_denied = mysql_result(mysql_query("select * from ipnm_options where name = 'payment_denied'"),0,"option"); $payment_refunded = mysql_result(mysql_query("select * from ipnm_options where name = 'Payment_refunded'"),0,"option"); $actionurl = URL."?action=dooptions"; $receiver_email = mysql_result(mysql_query("select * from ipnm_options where name = 'receiver_email'"),0,"option"); ?> <script language="javascript"> function change_payment() { if (document.payment_email.payment.value == "payment_complete"){ document.payment_email.option.value = "<?echo addslashes(stripslashes($payment_complete));?>"; } if (document.payment_email.payment.value == "payment_failed"){ document.payment_email.option.value = "<?echo addslashes(stripslashes($payment_failed));?>"; } if (document.payment_email.payment.value == "payment_denied"){ document.payment_email.option.value = "<?echo addslashes(stripslashes($payment_denied));?>"; } if (document.payment_email.payment.value == "payment_refunded"){ document.payment_email.option.value = "<?echo addslashes(stripslashes($payment_refunded));?>"; } } </script> <body> <form action="<?echo $actionurl;?>" method="post" name="adminpass" id="adminpass"> <p>Administrator Password: <input name="option" type="password" id="option"> Confirm: <input name="option2" type="password" id="option2"> <input name="adminpass" type="submit" id="adminpass" value="change"> </p> </form> <form action="<?echo $actionurl;?>" method="post" name="image_url" id="image_url"> Downloads Directory (full path): <input name="option" type="text" id="option" size="50" value="<?echo htmlspecialchars(addslashes($image_url));?>"> <input name="image_url" type="submit" id="image_url" value="change"> </form> <form action="<?echo $actionurl;?>" method="post" name="receiver_email" id="receiver_email"> Paypal Reciever Email: <input name="option" type="text" id="option" size="50" value="<?echo htmlspecialchars(addslashes($receiver_email));?>"> <input name="receiver_email" type="submit" id="receiver_email" value="change"> </form> <form action="<?echo $actionurl;?>" method="post" name="payment_email" id="payment_email"> Payment Response E-Mails: <select name="payment" id="payment" onClick="change_payment()"> <option value="payment_failed">Payment Failed</option> <option value="payment_denied">Payment Denied</option> <option value="payment_complete">Payment Complete</option> <option value="payment_refunded">Payment Refunded</option> </select> <input name="payment_email" type="submit" id="payment_email" value="change"> <br> <textarea name="option" cols="80" rows="10" id="option"></textarea> </form> <? dofooter(); } if($HTTP_GET_VARS["action"]=="doedititem" && session_is_registered("adminlog")){ $item_number = $HTTP_POST_VARS["item_number"]; $item_name = trim($HTTP_POST_VARS["item_name"]); $mc_gross = doubleval($HTTP_POST_VARS["mc_gross"]); $filename = trim($HTTP_POST_VARS["filename"]); $serial_script = trim($HTTP_POST_VARS["serial_script"]); $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); mysql_select_db(MYSQL_DATABASE); if($item_name && $mc_gross && $filename && $num_rows == 0){ $additem = "update ipnm_items set item_name='".addslashes($item_name)."', mc_gross='".addslashes($mc_gross)."', filename='".addslashes($filename)."', serial_script='".addslashes($serial_script)."' where item_number='".$item_number."'"; $add_item_result = mysql_query($additem); }else{ $error = "<p>Item Edit failed. Make sure you entered all required fields.</p>"; } //add html formatting!!!!!! doheader("Add Item"); if (!$error){ echo "<p>Item Edit successful. You probably need to recreate your buy-now button.</p>"; }else{ echo $error; } dofooter(); } //begin download section if($HTTP_GET_VARS["action"]=="deluser" && session_is_registered("adminlog")){ $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); mysql_select_db(MYSQL_DATABASE); $killit = "delete from ipnm_clients where payer_id = '".$HTTP_GET_VARS["user"]."'"; $result = mysql_query($killit); header("Location: ".URL."?action=users"); } //end download section if($HTTP_GET_VARS["action"]=="delitem" && session_is_registered("adminlog")){ $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); mysql_select_db(MYSQL_DATABASE); $killit = "delete from ipnm_items where item_number = '".$HTTP_GET_VARS["item"]."'"; $result = mysql_query($killit); header("Location: ".URL."?action=items"); } if($HTTP_GET_VARS["action"]=="deltrans" && session_is_registered("adminlog")){ $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); mysql_select_db(MYSQL_DATABASE); $killit = "delete from ipnm_txn where txn_id = '".$HTTP_GET_VARS["trans"]."'"; $result = mysql_query($killit); if($HTTP_GET_VARS["user"]){ header("Location: ".URL."?action=transactions&user=".$HTTP_GET_VARS["user"]); } if($HTTP_GET_VARS["item"]){ header("Location: ".URL."?action=transactions&item=".$HTTP_GET_VARS["item"]); } } //begin createbutton section if($HTTP_GET_VARS["action"]=="createbutton" && session_is_registered("adminlog")){ doheader("Generate Button"); $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); mysql_select_db(MYSQL_DATABASE); $updatesofar = "select * from ipnm_items where item_number = '".$HTTP_GET_VARS["item"]."'"; $result = mysql_query($updatesofar); $row = mysql_fetch_array($result); $item_name = $row["item_name"]; $mc_gross = $row["mc_gross"]; $item_number = $row["item_number"]; $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); mysql_select_db(MYSQL_DATABASE); $getoptions = "select * from ipnm_options where name = 'receiver_email'"; $row = mysql_result(mysql_query($getoptions),0,"option"); $receiver_email = $row; $button_image = "https://www.paypal.com/en_US/i/btn/x-click-but23.gif"; ?> <p>Copy and paste the following code into your html wherever you want your button to appear.<br><textarea name="LogoHTML" rows=6 cols=35 wrap="soft"><form action="https://www.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_xclick"> <input type="hidden" name="bn" value="DRT Systems.IPNm"> <input type="hidden" name="business" value="<?echo htmlspecialchars(stripslashes($receiver_email));?>"> <input type="hidden" name="item_name" value="<?echo htmlspecialchars(stripslashes($item_name));?>"> <input type="hidden" name="item_number" value="<?echo $item_number;?>"> <input type="hidden" name="amount" value="<?echo $mc_gross;?>"> <input type="hidden" name="no_shipping" value="1"> <input type="hidden" name="return" value="<?echo URL."?action=success";?>"> <input type="hidden" name="cancel_return" value="<?echo URL."?action=cancel";?>"> <input type="hidden" name="no_note" value="1"> <input type="hidden" name="notify_url" value="<?echo htmlspecialchars(URL)."?action=IPN";?>"> <input type="hidden" name="currency_code" value="<?echo CURRENCY;?>"> <input type="image" src="<?echo $button_image;?>" border="0" name="submit" alt="Paypal with DRT Systems IPN-Master"> </form></textarea></p> <? dofooter(); } //end createbutton section Quote Link to comment Share on other sites More sharing options...
revraz Posted February 8, 2008 Share Posted February 8, 2008 change if($HTTP_GET_VARS["action"]=="dodownload"){ to if ($_GET['action'] =="dodownload") { change if((session_is_registered("user"))){ to if ($_SESSION['user']){ But this also means you have sessions on other pages that need to be fixed and you need to add session_start() to the top of every page that requires them. Quote Link to comment Share on other sites More sharing options...
leo7068 Posted February 8, 2008 Author Share Posted February 8, 2008 2nd half of code: //begin additem section if($HTTP_GET_VARS["action"]=="admin"){ if(session_is_registered("adminlog")){ doheader("Administration"); echo "<p>Welcome to the IPN-Master Admininistration section. Here you can add items, generate buy-now buttons, view transactionsand users, etc. Follow the links below to administer your downloads.</p>"; dofooter(); }else{ header("Location: ".URL."?action=login"); } } if($HTTP_GET_VARS["action"]=="edititem" && session_is_registered("adminlog")){ $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); mysql_select_db(MYSQL_DATABASE); $getinfo = mysql_query("select * from ipnm_items where item_number = '".$HTTP_GET_VARS["item"]."'"); $row = mysql_fetch_array($getinfo); doheader("Edit Item"); ?> <p><form method="POST" action="<?echo URL;?>?action=doedititem"> <p>Item Name: <input type="text" name="item_name" size="23" value="<?echo htmlspecialchars(stripslashes($row["item_name"]));?>"><br> Price: <input type="text" name="mc_gross" size="5"value="<?echo htmlspecialchars(stripslashes($row["mc_gross"]));?>"><br> Filename: <input type="text" name="filename" size="21" value="<?echo htmlspecialchars(stripslashes($row["filename"]));?>"><br> <input type="hidden" value="<?echo $HTTP_GET_VARS["item"];?>" name="item_number"> <input type="submit" value="Submit" name="B1"></p> </form></p> <? dofooter(); } if($HTTP_GET_VARS["action"]=="users" && session_is_registered("adminlog")){ doheader("Users Admin"); echo "<p><table border=\"1\" width=\"500\"><tr><td><b>Email</b></td><td><b>User</b></td><td></td></tr>"; $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); mysql_select_db(MYSQL_DATABASE); $query="select * from ipnm_clients"; $result = mysql_query($query); $num_results= mysql_num_rows($result); for ($i=0; $i<$num_results; $i++){ $row=mysql_fetch_array($result); echo "<tr>"; echo "<td>"; echo htmlspecialchars(stripslashes($row["payer_email"])); echo "</td><td>"; echo htmlspecialchars(stripslashes($row["first_name"]))." ".htmlspecialchars(stripslashes($row["last_name"])); ?> <script language="JavaScript"> function doSure<?echo $i;?>(){ if (confirm("Are you sure?")) { window.location="<?echo URL."?action=deluser&user=".$row["payer_id"];?>"; } } </script> <? echo "</td><td><a href=\"javascript:doSure".$i."()\">delete</a>,<a href=\"".URL."?action=transactions&user=".$row["payer_id"]."\">transactions</a></td></tr>"; } echo"</table></p>"; dofooter(); } if($HTTP_GET_VARS["action"]=="transactions" && session_is_registered("adminlog")){ $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); mysql_select_db(MYSQL_DATABASE); if ($HTTP_GET_VARS["user"]){ $payer_id = $HTTP_GET_VARS["user"]; $user_query = "select * from ipnm_clients where payer_id = '".$payer_id."'"; @$email = mysql_result(mysql_query($user_query),0,"payer_email"); doheader("$email's Transactions"); $thing = "Item"; $thing2 = "user"; }else if($HTTP_GET_VARS["item"]){ $payer_id = $HTTP_GET_VARS["item"]; $user_query = "select * from ipnm_items where item_number = '".$payer_id."'"; @$email = mysql_result(mysql_query($user_query),0,"item_name"); doheader("$email Transactions"); $thing = "Purchaser"; $thing2 = "item"; } echo "<p><table border=\"1\" width=\"500\"><tr><td><b>$thing</b></td><td><b>Date</b></td><td><b>Payment Status</b></td><td><b></b></td><td></td></tr>"; if ($HTTP_GET_VARS["user"]){ $query="select * from ipnm_txn where payer_id = '".$payer_id."'"; }else if($HTTP_GET_VARS["item"]){ $query="select * from ipnm_txn where item_number = '".$payer_id."'"; } @$result = mysql_query($query); @$num_results= mysql_num_rows($result); for ($i=0; $i<$num_results; $i++){ $row=mysql_fetch_array($result); if ($HTTP_GET_VARS["user"]){ $query2="select * from ipnm_items where item_number = '".$row["item_number"]."'"; @$item = mysql_result(mysql_query($query2),0,"item_name"); }else if($HTTP_GET_VARS["item"]){ $query2="select * from ipnm_clients where payer_id = '".$row["payer_id"]."'"; @$item = mysql_result(mysql_query($query2),0,"payer_email"); } echo "<tr>"; echo "<td>"; echo htmlspecialchars(stripslashes($item)); echo "</td><td>"; echo htmlspecialchars(stripslashes($row["payment_date"])); echo "</td><td>"; echo htmlspecialchars(stripslashes($row["payment_status"])); ?> <script language="JavaScript"> function doSure<?echo $i;?>(){ if (confirm("Are you sure?")) { window.location="<?echo URL."?action=deltrans&trans=".$row["txn_id"]."&".$thing2."=".$payer_id;?>"; } } </script> <? echo "</td><td><a href=\"javascript:doSure".$i."()\">delete</a></td></tr>"; } echo"</table></p>"; dofooter(); } if($HTTP_GET_VARS["action"]=="login"){ $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); mysql_select_db(MYSQL_DATABASE); $getoptions = "select * from ipnm_options where name = 'adminpass'"; $row = mysql_result(mysql_query($getoptions),0,"option"); if(crypt($HTTP_POST_VARS["pass"],"drtsyscool") == stripslashes($row)){ $adminlog = 1; session_register("adminlog"); header("Location: ".URL."?action=admin"); }else{ doheader("Admin Login"); ?> <p>You must enter your password to enter the admin area.<br><form method="POST" action="<?echo URL;?>?action=login"> <p><input type="password" name="pass" size="20"><input type="submit" value="Submit" name="B1"></p> </form></p> <? dofooter(); } } if($HTTP_GET_VARS["action"]=="logoutadmin"){ session_unregister("adminlog"); header("Location: ".URL."?action=login"); } if($HTTP_GET_VARS["action"]=="additemform" && session_is_registered("adminlog")){ doheader("Add Item"); ?> <p><form method="POST" action="<?echo URL;?>?action=additem"> <p>Item Name: <input type="text" name="item_name" size="23"><br> Price: <input type="text" name="mc_gross" size="5"><br> Filename: <input type="text" name="filename" size="21"><br> <input type="submit" value="Submit" name="B1"></p> </form></p> <? dofooter(); } if($HTTP_GET_VARS["action"]=="items" && session_is_registered("adminlog")){ doheader("Items"); echo "<p><table border=\"1\" width=\"500\"><tr><td><b>Item</b></td><td><b>Cost</b></td><td><b>Filename</b></td><td></td></tr>"; $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); mysql_select_db(MYSQL_DATABASE); $query="select * from ipnm_items"; $result = mysql_query($query); $num_results= mysql_num_rows($result); for ($i=0; $i<$num_results; $i++){ $row=mysql_fetch_array($result); echo "<tr>"; echo "<td>"; echo htmlspecialchars(stripslashes($row["item_name"])); echo "</td><td>"; echo htmlspecialchars(stripslashes($row["mc_gross"])); echo "</td><td>"; echo htmlspecialchars(stripslashes($row["filename"])); ?> <script language="JavaScript"> function doSure<?echo $i;?>(){ if (confirm("Are you sure?")) { window.location="<?echo URL."?action=delitem&item=".$row["item_number"];?>"; } } </script> <? echo "</td><td><a href=\"".URL."?action=edititem&item=".$row["item_number"]."\">edit</a>,<a href=\"javascript:doSure".$i."()\">delete</a>,<a href=\"".URL."?action=createbutton&item=".$row["item_number"]."\">generate web-button</a>,<a href=\"".URL."?action=transactions&item=".$row["item_number"]."\">transactions</a></td></tr>"; } echo "<tr><td colspan=\"4\"><a href=\"".URL."?action=additemform\">Add Item</a></td></tr></table></p>"; dofooter(); } if($HTTP_GET_VARS["action"]=="additem" && session_is_registered("adminlog")){ $item_name = trim($HTTP_POST_VARS["item_name"]); $mc_gross = doubleval($HTTP_POST_VARS["mc_gross"]); $filename = trim($HTTP_POST_VARS["filename"]); $serial_script = trim($HTTP_POST_VARS["serial_script"]); $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); mysql_select_db(MYSQL_DATABASE); $result_on_rows = mysql_db_query(MYSQL_DATABASE,"select * from ipnm_items where item_name like '".$item_name."'"); $num_rows = mysql_num_rows($result_on_rows); if($item_name && $mc_gross && $filename && $num_rows == 0){ $additem = "insert into ipnm_items values ('', '".addslashes($item_name)."', '".addslashes($mc_gross)."', '".addslashes($filename)."', '".addslashes($serial_script)."')"; $add_item_result = mysql_query($additem); }else{ $error = "<p>Item-Add failed. Make sure you entered all required fields and that the item has a unique product name.</p>"; } //add html formatting!!!!!! doheader("Add Item"); if (!$error){ echo "<p>Add Item Sucsussful! Be sure to create a buy-now button.</p>"; }else{ echo $error; } dofooter(); } //end additem section //begin ipn section if($HTTP_GET_VARS["action"]=="IPN"){ // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30); // assign posted variables to local variables $item_name = $_POST['item_name']; $item_number = $_POST['item_number']; $payment_status = $_POST['payment_status']; $mc_gross = $_POST['mc_gross']; $mc_currency = $_POST['mc_currency']; $txn_id = $_POST['txn_id']; $business = $_POST['business']; $reciever_email = $_POST['reciever_email']; $payer_email = $_POST['payer_email']; $memo = $_POST['memo']; $txn_type = $_POST['txn_type']; $pending_reason = $_POST['pending_reason']; $reason_code = $_POST['reason_code']; $payment_date = $_POST['payment_date']; $payment_type = $_POST['payment_type']; $payer_id = $_POST['payer_id']; $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); mysql_select_db(MYSQL_DATABASE); $getoptions = "select * from ipnm_options where name = 'business'"; $row = mysql_result(mysql_query($getoptions),0,"option"); $local_business = $row; $getoptions = "select * from ipnm_options where name = 'payment_failed'"; $row = mysql_result(mysql_query($getoptions),0,"option"); $payment_failed = str_replace("receiver_email",$receiver_email,str_replace("item_name",$item_name,$row)); $getoptions = "select * from ipnm_options where name = 'payment_refunded'"; $row = mysql_result(mysql_query($getoptions),0,"option"); $payment_refunded = str_replace("receiver_email",$receiver_email,str_replace("item_name",$item_name,$row)); $getoptions = "select * from ipnm_options where name = 'payment_denied'"; $row = mysql_result(mysql_query($getoptions),0,"option"); $payment_denied = str_replace("receiver_email",$receiver_email,str_replace("item_name",$item_name,$row)); if (!$fp) { // HTTP ERROR } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res, "VERIFIED") == 0) { function generatePassword ($length = { // start with a blank password $password = ""; // define possible characters $possible = "0123456789bcdfghjkmnpqrstvwxyz"; // set up a counter $i = 0; // add random characters to $password until $length is reached while ($i < $length) { // pick a random character from the possible ones $char = substr($possible, mt_rand(0, strlen($possible)-1), 1); // we don't want this character if it's already in the password if (!strstr($password, $char)) { $password .= $char; $i++; } } // done! return $password; } function add_data($payer_id,$payer_email,$first_name,$last_name,$txn_id,$payment_status,$item_number,$payment_date,$memo){ $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); mysql_select_db(MYSQL_DATABASE); $txn_check = mysql_num_rows(mysql_query("select * from ipnm_txn where txn_id like '".addslashes($txn_id)."'")); $user_check = mysql_num_rows(mysql_query("select * from ipnm_clients where payer_id like '".addslashes($payer_id)."'")); $password = generatePassword(); if($user_check == 0){ $user_insert = "insert into ipnm_clients values ('".addslashes($payer_id)."', '".addslashes($password)."', '".addslashes($payer_email)."', '".addslashes($first_name)."', '".addslashes($last_name)."')"; $result = mysql_query($user_insert); $txn_insert = "insert into ipnm_txn values ('".addslashes($txn_id)."', '".addslashes($payment_status)."', '".addslashes($payer_id)."', '".addslashes($item_number)."', '".addslashes($payment_date)."', '".addslashes($memo)."')"; $result = mysql_query($txn_insert); }else{ $user_modify = "update ipnm_clients set payer_email = '".addslashes($payer_email)."', first_name='".addslashes($first_name)."', last_name='".addslashes($last_name)."' where payer_id like '".$payer_id."'"; $result = mysql_query($user_modify); $txn_check = mysql_num_rows(mysql_query("select * from ipnm_txn where txn_id like '".addslashes($txn_id)."'")); if(txn_check == 0){ $txn_modify = "insert into ipnm_txn values ('".addslashes($txn_id)."', '".addslashes($payment_status)."', '".addslashes($payer_id)."', '".addslashes($item_number)."', '".addslashes($payment_date)."', '".addslashes($memo)."')"; $result = mysql_query($txn_modify); }else{ $txn_modify = "update ipnm_txn set payment_status='".addslashes($payment_status)."', payment_date='".addslashes($payment_date)."', memo='".addslashes($memo)."' where txn_id like '".$txn_id."'"; $result = mysql_query($txn_modify); } } } //end adddata function $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); mysql_select_db(MYSQL_DATABASE); $item_info = mysql_query("select * from ipnm_items where item_number = '".addslashes($item_number)."'"); if(mysql_num_rows($item_info)==1){ $txn_check = mysql_num_rows(mysql_query("select * from ipnm_txn where txn_id like '".addslashes($txn_id)."'")); if (strcmp ($payment_status, "Completed") == 0 && $txn_check ==0) { $item_info = mysql_query("select * from ipnm_items where item_number = '".addslashes($item_number)."'"); if(mysql_result($item_info,0,"mc_gross") == $mc_gross && $mc_currency = CURRENCY){ add_data($payer_id,$payer_email,$first_name,$last_name,$txn_id,$payment_status,$item_number,$payment_date,$memo); if(mysql_result($item_info,0,"serial_script")){ include($serial_script); $addserial = "Serial Number: ".$serial_number."/n"; }else{ $addserial = ""; } $downinfo = mysql_fetch_array(mysql_query("select * from ipnm_clients where payer_email like '".addslashes($payer_email)."'")); $downpass="\n\nThe following information will be requested to download your software.\nEmail: ".stripslashes($downinfo[payer_email])." \nPassword: ".stripslashes($downinfo[password])." \n$addserial"; $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); mysql_select_db(MYSQL_DATABASE); $getoptions = "select * from ipnm_options where name = 'payment_complete'"; $row = mysql_result(mysql_query($getoptions),0,"option"); $payment_complete = str_replace("downpass",$downpass,str_replace("downurl",URL ."?action=download",str_replace("receiver_email",$receiver_email,str_replace("item_name",$item_name,$row)))); mail($payer_email, "Your ".$item_name." Purchase",$payment_complete, "From: $receiver_email"); } }else{ //add_data($payer_id,$payer_email,$first_name,$last_name,$txn_id,$payment_status,$item_number,$payment_date,$memo); } if(strcmp ($payment_status, "Pending") == 0) { if (strcmp ($pending_reason, "echeck") == 0) { mail($payer_email, "Your ".$item_name." Purchase",$pending_echeck, "From: $receiver_email"); }else { mail($receiver_email, "".$item_name." Purchase Pending","A user has purchased ".$item_name." and the transaction is pending. Your account is probably not set up to recieve their payment automatically. You must log into your paypal account and manually accept or deny the payment. \n Pending Reason:".$pending_reason, "From: $receiver_email"); } }else if(strcmp ($payment_status, "Failed") == 0) { mail($payer_email, "Your ".$item_name." Purchase",$payment_failed, "From: $receiver_email"); }else if(strcmp ($payment_status, "Denied") == 0) { mail($payer_email, "Your ".$item_name." Purchase",$payment_denied, "From: $receiver_email"); }else if(strcmp ($payment_status, "Refunded") == 0) { mail($payer_email, "Your Purchase Refunded",$payment_refunded, "From: $receiver_email"); $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); mysql_select_db(MYSQL_DATABASE); $del = "delete from ipnm_txn where payer_id = '$payer_id' and item_number = '$item_number' limit 1"; mysql_query($del); add_data($payer_id,$payer_email,$first_name,$last_name,$txn_id,$payment_status,$item_number,$payment_date,$memo); } } }else if (strcmp ($res, "INVALID") == 0) { // log for manual investigation } } fclose ($fp); } } //end IPN section ?> Quote Link to comment Share on other sites More sharing options...
z0mb1 Posted February 8, 2008 Share Posted February 8, 2008 Fromt the php.net docs Caution If you are using $_SESSION (or $HTTP_SESSION_VARS), do not use session_register(), session_is_registered() and session_unregister(). Quote Link to comment Share on other sites More sharing options...
leo7068 Posted February 8, 2008 Author Share Posted February 8, 2008 Wow this is great. Everyone here seems very helpful and fast to respond. I replaced the two strings you mentioned revraz. How would I spot the other places within the code that might need session_start() ? Quote Link to comment Share on other sites More sharing options...
revraz Posted February 8, 2008 Share Posted February 8, 2008 Search for the word session in the page. Quote Link to comment Share on other sites More sharing options...
legohead6 Posted February 8, 2008 Share Posted February 8, 2008 or just keep trying the page, and it will tell you the line number the error is on. Quote Link to comment Share on other sites More sharing options...
leo7068 Posted February 8, 2008 Author Share Posted February 8, 2008 Do I just add session_start() to the top of all these entries or do I replace them? This whole thing is all in a single .php file. Here is where I see session: define("INSTALL",0); //Determines if script is in Install mode. 0=Normal 1=INSTALL session_start(); function doheader($title){ echo "<p>"; if(session_is_registered("adminlog")){ echo "<a href=\"".URL."?action=admin\">Admin Home</a> <a href=\"".URL. $user = $row["payer_id"]; session_register("user"); header("Location: ".URL."?action=dodownload"); dofooter(); } if($HTTP_GET_VARS["action"]=="dooptions" && session_is_registered("adminlog")){ $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); dofooter(); } } if($HTTP_GET_VARS["action"]=="options" && session_is_registered("adminlog")){ doheader("Options"); dofooter(); } if($HTTP_GET_VARS["action"]=="doedititem" && session_is_registered("adminlog")){ $item_number = $HTTP_POST_VARS["item_number"]; //begin download section if($HTTP_GET_VARS["action"]=="deluser" && session_is_registered("adminlog")){ $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); //end download section if($HTTP_GET_VARS["action"]=="delitem" && session_is_registered("adminlog")){ $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); } if($HTTP_GET_VARS["action"]=="deltrans" && session_is_registered("adminlog")){ $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); //begin createbutton section if($HTTP_GET_VARS["action"]=="createbutton" && session_is_registered("adminlog")){ doheader("Generate Button"); if($HTTP_GET_VARS["action"]=="admin"){ if(session_is_registered("adminlog")){ doheader("Administration"); } if($HTTP_GET_VARS["action"]=="edititem" && session_is_registered("adminlog")){ $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); } if($HTTP_GET_VARS["action"]=="users" && session_is_registered("adminlog")){ doheader("Users Admin"); if($HTTP_GET_VARS["action"]=="transactions" && session_is_registered("adminlog")){ $db = mysql_pconnect(MYSQL_IP,MYSQL_USERNAME,MYSQL_PASSWORD); 2 here: $adminlog = 1; session_register("adminlog"); header("Location: ".URL."?action=admin"); if($HTTP_GET_VARS["action"]=="logoutadmin"){ session_unregister("adminlog"); header("Location: ".URL."?action=login"); } if($HTTP_GET_VARS["action"]=="additemform" && session_is_registered("adminlog")){ doheader("Add Item"); if($HTTP_GET_VARS["action"]=="items" && session_is_registered("adminlog")){ doheader("Items"); if($HTTP_GET_VARS["action"]=="additem" && session_is_registered("adminlog")){ $item_name = trim($HTTP_POST_VARS["item_name"]); define("INSTALL",0); //Determines if script is in Install mode. 0=Normal 1=INSTALL session_start(); function doheader($title){ echo "<p>"; if(session_is_registered("adminlog")){ echo "<a href=\"".URL."?action=admin\">Admin Home</a> <a href=\"".URL. Quote Link to comment Share on other sites More sharing options...
revraz Posted February 8, 2008 Share Posted February 8, 2008 session_start(); is placed once at the top of the page where sessions are used. Quote Link to comment Share on other sites More sharing options...
leo7068 Posted February 8, 2008 Author Share Posted February 8, 2008 Anyone want to just fix this for a price? Quote Link to comment Share on other sites More sharing options...
revraz Posted February 8, 2008 Share Posted February 8, 2008 How many other pages are there or is it just this one? If it's just this one, post the whole file. Quote Link to comment Share on other sites More sharing options...
leo7068 Posted February 8, 2008 Author Share Posted February 8, 2008 It is just this one file. Here it is: http://www.unlock-iphone-otb.com/ipndownload-1.2.tar.gz Quote Link to comment Share on other sites More sharing options...
leo7068 Posted February 8, 2008 Author Share Posted February 8, 2008 did that work? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.