2 $_user_location = 'public';
3 define('AT_INCLUDE_PATH', '../../include/');
4 require(AT_INCLUDE_PATH.'vitals.inc.php');
5 require('include/payments.lib.php');
7 // read the post from PayPal system and add 'cmd'
8 $req = 'cmd=_notify-validate';
10 foreach ($_POST as $key => $value) {
11 $value = urlencode($stripslashes($value));
12 $req .= "&$key=$value";
15 $host = parse_url($_config['ec_uri']);
16 $host = $host['host']; // either www.sandbox.paypal.com or just www.paypal.com
17 if (strcasecmp($host, 'www.sandbox.paypal.com') && strcasecmp($host, 'www.paypal.com')) {
18 // don't want to post this to the wrong URI
22 // post back to PayPal system to validate
23 $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
24 $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
25 $header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
26 $fp = fsockopen($host, 80, $errno, $errstr, 30);
30 fputs($fp, $header . $req);
32 $result .= fgets($fp, 1024);
35 if (strpos($result, 'VERIFIED') === FALSE) {
36 // Error: not VERIFIED by PayPal
37 log_paypal_ipn_requests('INVALID (1)' . $result);
39 } else if (strcasecmp($_POST['payment_status'], 'Completed')) {
40 // Error: not completed
41 log_paypal_ipn_requests('INCOMPLETE (2)');
46 $_POST['item_number'] = $addslashes($_POST['item_number']);
47 $_POST['txn_id'] = $addslashes($_POST['txn_id']);
49 // check that txn_id has not been previously processed
50 $sql = "SELECT transaction_id, amount FROM ".TABLE_PREFIX."payments WHERE payment_id='$_POST[item_number]'";
51 $result = mysql_query($sql, $db);
52 if (!($row = mysql_fetch_assoc($result))) {
53 // Error: no valid payment_id
55 } else if ($row['transaction_id']) {
56 // Error: this transaction has already been processed
58 } else if ($row['amount'] != $_POST['mc_gross']) {
59 // Error: wrong amount sent
61 } else if ($_config['ec_currency'] != $_POST['mc_currency']) {
62 // Error: wrong currency
67 approve_payment($_POST['item_number'], $_POST['txn_id']);
70 $status = "INVALID ($error)";
72 log_paypal_ipn_requests($status);