File "payments.php"
Full Path: /home/sasslijg/public_html/Paypal/payments.php
File size: 6.9 KB
MIME-type: text/x-php
Charset: utf-8
<?php
session_start();
include("conf.php");
if(isset($_POST['final_checkout']))
{
$order_id=rand(10,100000);
$query="SELECT * from orders WHERE order_id='$order_id'";
$order=db::getRecord($query);
if($order!=NULL)
{
while($order!=NULL)
{
$order_id=rand(10,100000);
$query="SELECT * from orders WHERE order_id='$order_id'";
$order=db::getRecord($query);
}
}
$_SESSION['order_id']=$order_id;
$user_id=session_id();
$_SESSION['user_id']=$user_id;
// print_r ($user_id);
$query="SELECT * from temp_cart WHERE user_id='$user_id'";
$cart=db::getRecords($query);
$size=NULL;
if(is_array($cart))
{
$size=sizeof($cart);
}
$db = db::open();
$name = $db->real_escape_string($_POST['fname']);
$l_name = $db->real_escape_string($_POST['lname']);
$f_name=$name." ".$l_name;
$email = $db->real_escape_string($_POST['email']);
$address = $db->real_escape_string($_POST['address']);
$zip = $db->real_escape_string($_POST['postcode']);
$city = $db->real_escape_string($_POST['city']);
$phone = $db->real_escape_string($_POST['phone']);
$order_note = $db->real_escape_string($_POST['note']);
$total_bill = $_POST['total_amount'];
$payment_method = "Paypal";
$payment_status = "Unpaid";
$total_products=$size;
if($cart!=null)
{
foreach($cart as $cart2)
{
$product_id=$cart2['product_id'];
$quantity=$cart2['quantity'];
$query="SELECT * from product WHERE id='$product_id'";
$product=db::getRecord($query);
$query="SELECT * from product where id='$product_id'";
$product=db::getRecord($query);
$product_name = $product['name'];
$product_price = $product['price'];
$query="INSERT into order_detail (order_id,user_id,product_id,product_name,quantity,total) VALUES ('$order_id','$user_id','$product_id','$product_name','$quantity','$product_price')";
$insert=db::query($query);
}
}
$query="INSERT into orders (order_id,user_id,name,email,address,postcode,city,phone,note,total_products,total_bill,payment_status,payment_method)
VALUES ('$order_id','$user_id','$f_name','$email','$address','$zip','$city','$phone','$order_note','$total_products','$total_bill','$payment_status','$payment_method')";
$insert=db::query($query);
$_SESSION['total_bill']=$total_bill;
}
$item_name = 'Co Fit';
$item_amount = $total_bill;
// Include Functions
include("functions.php");
// Check if paypal request or response
if (!isset($_POST["txn_id"]) && !isset($_POST["txn_type"])){
$querystring = '';
// Firstly Append paypal to querystring
$querystring .= "?business=".urlencode($paypal_email)."&";
// Append amount& currency (£) to quersytring so it cannot be edited in html
//The item name and amount can be brought in dynamically by querying the $_POST['item_number'] variable.
$querystring .= "item_name=".urlencode($item_name)."&";
$querystring .= "amount=".urlencode($item_amount)."&custom=12&";
//loop for posted values and append to querystring
foreach($_POST as $key => $value){
$value = $value;
$querystring .= "$key=$value&";
}
// Append paypal return addresses
$querystring .= "return=".urlencode(stripslashes($return_url))."&";
$querystring .= "cancel_return=".urlencode(stripslashes($cancel_url))."&";
$querystring .= "notify_url=".urlencode($notify_url);
// Append querystring with custom field
//$querystring .= "&custom=".USERID;
// Redirect to paypal IPN
header('location:https://www.paypal.com/cgi-bin/webscr'.$querystring);
exit();
} else {
//Database Connection
$link = mysql_connect($host, $user, $pass);
mysql_select_db($db_name);
// Response from Paypal
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$value = preg_replace('/(.*[^%^0^D])(%0A)(.*)/i','${1}%0D%0A${3}',$value);// IPN fix
$req .= "&$key=$value";
}
// assign posted variables to local variables
$data['item_name'] = $_POST['item_name'];
$data['item_number'] = $_POST['item_number'];
$data['payment_status'] = $_POST['payment_status'];
$data['payment_amount'] = $_POST['mc_gross'];
$data['payment_currency'] = $_POST['mc_currency'];
$data['txn_id'] = $_POST['txn_id'];
$data['receiver_email'] = $_POST['receiver_email'];
$data['payer_email'] = $_POST['payer_email'];
$data['custom'] = $_POST['custom'];
// post back to PayPal system to validate
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
if (!$fp) {
// HTTP ERROR
} else {
fputs($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp($res, "VERIFIED") == 0) {
// Used for debugging
// mail('user@domain.com', 'PAYPAL POST - VERIFIED RESPONSE', print_r($post, true));
// Validate payment (Check unique txnid & correct price)
$valid_txnid = check_txnid($data['txn_id']);
$valid_price = check_price($data['payment_amount'], $data['item_number']);
// PAYMENT VALIDATED & VERIFIED!
if ($valid_txnid && $valid_price) {
$orderid = updatePayments($data);
if ($orderid) {
// Payment has been made & successfully inserted into the Database
} else {
// Error inserting into DB
// E-mail admin or alert user
// mail('user@domain.com', 'PAYPAL POST - INSERT INTO DB WENT WRONG', print_r($data, true));
}
} else {
// Payment made but data has been changed
// E-mail admin or alert user
}
} else if (strcmp ($res, "INVALID") == 0) {
// PAYMENT INVALID & INVESTIGATE MANUALY!
// E-mail admin or alert user
// Used for debugging
//@mail("user@domain.com", "PAYPAL DEBUGGING", "Invalid Response<br />data = <pre>".print_r($post, true)."</pre>");
}
}
fclose ($fp);
}
}
?>