revealability

Back Back Up Advanced Editor

<?php
session_start();
include("conf.php");

if(isset($_POST['final_checkout']))
{

$order_id=rand(10,100000);

$query="SELECT * from orders WHERE order_id='$order_id'";
    $order=db::getRecord($query);

if($order!=NULL)
    {
        while($order!=NULL)
        {
            $order_id=rand(10,100000);

$query="SELECT * from orders WHERE order_id='$order_id'";
            $order=db::getRecord($query);
        }
    }

$_SESSION['order_id']=$order_id;

$user_id=session_id();

$_SESSION['user_id']=$user_id;

//  print_r ($user_id);
    $query="SELECT * from temp_cart WHERE user_id='$user_id'";
    $cart=db::getRecords($query);

$size=NULL;

if(is_array($cart))
    {
        $size=sizeof($cart);
    }

$db             = db::open();
    $name         = $db->real_escape_string($_POST['fname']);
    $l_name         = $db->real_escape_string($_POST['lname']);
    $f_name=$name." ".$l_name;
    $email         = $db->real_escape_string($_POST['email']);
    $address         = $db->real_escape_string($_POST['address']);
    $zip         = $db->real_escape_string($_POST['postcode']);
    $city         = $db->real_escape_string($_POST['city']);
    $phone         = $db->real_escape_string($_POST['phone']);
    $order_note         = $db->real_escape_string($_POST['note']);
    $total_bill = $_POST['total_amount'];
    $payment_method = "Paypal";
    $payment_status = "Unpaid";
    $total_products=$size;

if($cart!=null)
    {
        foreach($cart as $cart2)
        {

$product_id=$cart2['product_id'];

$quantity=$cart2['quantity'];

$query="SELECT * from product WHERE id='$product_id'";
            $product=db::getRecord($query);

$query="SELECT * from product where id='$product_id'";
            $product=db::getRecord($query);
            $product_name  = $product['name'];
            $product_price  = $product['price'];

$query="INSERT into order_detail (order_id,user_id,product_id,product_name,quantity,total) VALUES ('$order_id','$user_id','$product_id','$product_name','$quantity','$product_price')";

$insert=db::query($query);

}

$query="INSERT into orders (order_id,user_id,name,email,address,postcode,city,phone,note,total_products,total_bill,payment_status,payment_method)

VALUES ('$order_id','$user_id','$f_name','$email','$address','$zip','$city','$phone','$order_note','$total_products','$total_bill','$payment_status','$payment_method')";

$insert=db::query($query);

$_SESSION['total_bill']=$total_bill;

}

$item_name = 'Co Fit';
$item_amount = $total_bill;

// Include Functions
include("functions.php");

// Check if paypal request or response
if (!isset($_POST["txn_id"]) && !isset($_POST["txn_type"])){
    $querystring = '';

// Firstly Append paypal to querystring
    $querystring .= "?business=".urlencode($paypal_email)."&";

// Append amount& currency (£) to quersytring so it cannot be edited in html

//The item name and amount can be brought in dynamically by querying the $_POST['item_number'] variable.
    $querystring .= "item_name=".urlencode($item_name)."&";
    $querystring .= "amount=".urlencode($item_amount)."&custom=12&";

//loop for posted values and append to querystring
    foreach($_POST as $key => $value){
        $value = $value;
        $querystring .= "$key=$value&";
    }

// Append paypal return addresses
    $querystring .= "return=".urlencode(stripslashes($return_url))."&";
    $querystring .= "cancel_return=".urlencode(stripslashes($cancel_url))."&";
    $querystring .= "notify_url=".urlencode($notify_url);

// Append querystring with custom field
    //$querystring .= "&custom=".USERID;

// Redirect to paypal IPN
    header('location:https://www.paypal.com/cgi-bin/webscr'.$querystring);
    exit();
} else {
    //Database Connection
    $link = mysql_connect($host, $user, $pass);
    mysql_select_db($db_name);

// Response from Paypal

// read the post from PayPal system and add 'cmd'
    $req = 'cmd=_notify-validate';
    foreach ($_POST as $key => $value) {
        $value = urlencode(stripslashes($value));
        $value = preg_replace('/(.*[^%^0^D])(%0A)(.*)/i','${1}%0D%0A${3}',$value);// IPN fix
        $req .= "&$key=$value";
    }

// assign posted variables to local variables
    $data['item_name']			= $_POST['item_name'];
    $data['item_number'] 		= $_POST['item_number'];
    $data['payment_status'] 	= $_POST['payment_status'];
    $data['payment_amount'] 	= $_POST['mc_gross'];
    $data['payment_currency']	= $_POST['mc_currency'];
    $data['txn_id']				= $_POST['txn_id'];
    $data['receiver_email'] 	= $_POST['receiver_email'];
    $data['payer_email'] 		= $_POST['payer_email'];
    $data['custom'] 			= $_POST['custom'];

// post back to PayPal system to validate
    $header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
    $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
    $header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);

if (!$fp) {
        // HTTP ERROR

} else {
        fputs($fp, $header . $req);
        while (!feof($fp)) {
            $res = fgets ($fp, 1024);
            if (strcmp($res, "VERIFIED") == 0) {

// Used for debugging
                // mail('user@domain.com', 'PAYPAL POST - VERIFIED RESPONSE', print_r($post, true));

// Validate payment (Check unique txnid & correct price)
                $valid_txnid = check_txnid($data['txn_id']);
                $valid_price = check_price($data['payment_amount'], $data['item_number']);
                // PAYMENT VALIDATED & VERIFIED!
                if ($valid_txnid && $valid_price) {

$orderid = updatePayments($data);

if ($orderid) {

// Payment has been made & successfully inserted into the Database
                    } else {

// Error inserting into DB
                        // E-mail admin or alert user
                        // mail('user@domain.com', 'PAYPAL POST - INSERT INTO DB WENT WRONG', print_r($data, true));
                    }
                } else {
                    // Payment made but data has been changed
                    // E-mail admin or alert user
                }

} else if (strcmp ($res, "INVALID") == 0) {

// PAYMENT INVALID & INVESTIGATE MANUALY!
                // E-mail admin or alert user

// Used for debugging
                //@mail("user@domain.com", "PAYPAL DEBUGGING", "Invalid Response<br />data = <pre>".print_r($post, true)."</pre>");

}
        }
        fclose ($fp);
    }
}
?>