archive
/
utd-control-panel


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125
							<?PHP

 require_once('lib/common.php');
 require_once('lib/database.php');

 // Log the transaction
 $count = count(glob('/home/utd/public_html/ipn/*.html'));
 $count++; $id = str_pad($count,5,'0',STR_PAD_LEFT); define('ID', $id);

 $data = '<html><head><title>IPN Transaction details</title></head><body>';
 $data .= '<h2>Post details</h2><table>';
 foreach ($_POST as $k => $v) {
  $data .= '<tr><td>'.htmlentities($k).'</td>';
  $data .= '<td>'.htmlentities($v).'</td></tr>';
 }
 $data .= '</table><h2>Server details</h2><table>';
 foreach ($_SERVER as $k => $v) {
  if (is_array($v)) { continue; }
  $data .= '<tr><td>'.htmlentities($k).'</td>';
  $data .= '<td>'.htmlentities($v).'</td></tr>';
 }
 $data .= '</table></html>';

 file_put_contents('/home/utd/public_html/ipn/'.ID.'.html', $data);

 // Read the post from PayPal system and add 'cmd'
 $req = 'cmd=_notify-validate';

 foreach ($_POST as $key => $value) {
  $value = urlencode(stripslashes($value));
  $req .= "&$key=$value";
 }

 // Post back to PayPal system to validate
 $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
 $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
 $header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

 $sb = '';

 $fp = fsockopen ('www.'.$sb.'paypal.com', 80, $errno, $errstr, 30);
 if (!$fp) { fail('Unable to connect to paypal'); }

 // assign posted variables to local variables
 $item_name = $_POST['item_name'];
 $item_number = $_POST['item_number'];
 $payment_status = $_POST['payment_status'];
 $payment_amount = $_POST['mc_gross'];
 $payment_currency = $_POST['mc_currency'];
 $txn_id = $_POST['txn_id'];
 $receiver_email = strtolower($_POST['receiver_email']);
 $payer_email = $_POST['payer_email'];

 function fail($m) {
  logger::log(chr(2).'IPN'.chr(2).': Transaction '.ID.': Failure: '.$m, logger::important);
  exit;
 }
 
 if (!$fp) {
  fail('HTTP error when posting back: '.$errstr);
 } else {
  fputs ($fp, $header . $req);
  while (!feof($fp)) {
   $res = fgets ($fp, 1024);
   if (strcmp ($res, "VERIFIED") == 0) {
    // check the payment_status is Completed
    if ($payment_status != 'Completed') {
     fail('Payment status is '.$payment_status.' (expected "Completed")');
    }

    // check that txn_id has not been previously processed
    // check that receiver_email is your Primary PayPal email
    if ($receiver_email != 'chris87@gmail.com'
	 && $receiver_email != 'accounts@utd-hosting.com') {
     fail('Receiver is '.$receiver_email);
    }

    // check that payment_amount/payment_currency are correct
    if ($payment_currency != 'GBP') {
     fail('Invalid currency: '.$payment_currency);
    }

    $id = preg_replace('~^.*#([0-9]+)$~', '\1', $item_name);
    if (!is_numeric($id)) {
     fail('Unable to parse item_name: '.$item_name); 
    }

    $sql = 'SELECT user_id, user_name, bill_total, bill_paid';
    $sql .= ' FROM bills NATURAL JOIN users WHERE bill_id = '.$id; 
    $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
    if (mysql_num_rows($res) == 1) {
     $row = mysql_fetch_array($res);
     $amount = $payment_amount * 100;
     if ($amount != $row['bill_total'] || $row['bill_paid'] == 1) {
      fail('bill_total is incorrect, or bill already paid'); 
     }  

     $sql = 'UPDATE bills SET bill_paid = 1 WHERE bill_id = '.$id;
     $res = mysql_query($sql) or fail('SQL error: '.mysql_error());

     $sql = 'UPDATE userpackages, billitems, packages SET up_cost = package_cost, up_expires = up_expires + package_duration WHERE bill_id = '.$id.' AND userpackages.up_id = billitems.up_id AND packages.package_id = userpackages.package_id';
     $res = mysql_query($sql) or fail('SQL error: '.mysql_error());

     $sql = 'SELECT finance_balance FROM finances ORDER BY finance_time DESC';
     $res = mysql_query($sql) or fail('SQL error: '.mysql_error());
     $ro2 = mysql_fetch_array($res); $balance = $ro2[0];
     $sql = 'INSERT INTO finances (finance_time, finance_desc, user_id,';
     $sql .= ' finance_receipts, finance_payments, finance_balance) VALUES (';
     $sql .= time().', \'Bill payment\', '.$row['user_id'].', ';
     $sql .= $row['bill_amount'].', '.($_POST['mc_fee']*100).', ';
     $sql .= ($balance+$row['bill_amount']-($_POST['mc_fee']*100)).')';
     $res = mysql_query($sql) or fail('SQL error: '.mysql_error());

     logger::log('User '.chr(2).$row['user_name'].chr(2).': Bill '.$id.' paid.', logger::normal);
    } else { 
     fail('Bill not found: '.$id);
    }
   } else if (strcmp ($res, "INVALID") == 0) {
    fail('INVALID REQUEST -- INVESTIGATE -- http://admin.utd-hosting.com/ipn/'.ID.'.html');
   }
  }
  fclose ($fp);
 }

?>