Please Help me! Urgent. PayPal Script.

Er9s

Hello,

I need some help please! I have a script that sends my members to PayPal to buy credits. But when PayPal redirects them to the site again... no credits are added. Now it even says that it was a fraudulent atempt to gain credits. I know that this is not true because I used my PayPal account and gave me the same error. Please help me!

First we're in the members file and than we're redirected to this file: "pre-checkout.php"

<?


require_once( "../inc/header.inc.php" );
require_once( "$dir[inc]db.inc.php" );
require_once( "$dir[inc]profiles.inc.php" );
require_once( "$dir[inc]membership.inc.php" );

require_once( "$dir[inc]pre_checkout.inc.php" );

?>
<html>
<body>
<?php
if ( $en_credits && $_POST['use_credits'] == 'on' )
{ ?>

<form name="check_out_form" action="<?php echo $site['url']; ?>checkout/post_checkout.php" method=post>
<input type=hidden name=use_credits value=1>

<?php } else { ?>

 <form name="check_out_form" action="https://www.paypal.com/cgi-bin/webscr" method="post"> 
<!-- <form name="check_out_form" action="<?php echo $site[url]; ?>checkout/post_checkout.php" method=POST> -->

<?php } ?>

<input type="hidden" name="cmd" value="_xclick">

<input type="hidden" name="business" value="<? echo $MERCHANT_ID; ?>">
<input type="hidden" name="item_name" value="<? echo $cart_order_desc; ?>">
<input type="hidden" name="item_number" value="<? echo $cart_order_id; ?>">
<input type="hidden" name="amount" value="<? echo $total; ?>">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="currency_code" value="EUR">
<input type="hidden" name="return" value="<?php echo $site[url]; ?>checkout/post_checkout.php">
<input type="hidden" name="rm" value="2">


<script language="JavaScript">
document.forms["check_out_form"].submit();
</script>

</form>
</body>
</html>

Than they go to PayPal, meke their payments and paypal sends them to this page: "Post-checkout.php"

<?



require_once( "../inc/header.inc.php" );
require_once( "$dir[inc]design.inc.php" );
require_once( "$dir[inc]db.inc.php" );
require_once( "$dir[inc]profiles.inc.php" );
require_once( "$dir[inc]membership.inc.php" );
require_once( "$dir[inc]modules.inc.php" );

if ( !$_POST['payment_gross'] ) $_POST['payment_gross'] = $_POST['mc_gross'];

function cc_finish()
{
?>"><script language="JavaScript">document.forms[0].submit();</script></form></body></html><?
	exit;
}

if ( !$_POST['item_number'] )
{
	echo _t("_no data given");

echo "<form name=\"result_form\" action=\"$site[url]$str_arr[1]\" method=POST>";
echo "<input type=hidden name=result value=\"";
echo "0";
cc_finish();
exit;
}

$en_credits = getParam('en_credits') == 'on' ? 1 : 0;

$str_arr = explode( "|", base64_decode( urldecode( $_POST['item_number'] ) ) );


// - ID
$ID = (int)$str_arr[0];

// - return form generation
echo '<html><body>';
echo "<form name=\"result_form\" action=\"$site[url]$str_arr[1]\" method=POST>";
//echo "<form name=\"result_form\" action=\"http://localhost/$str_arr[2]\" method=POST>";
echo "<input type=hidden name=result value=\"";


$item_name  = $str_arr[3];
$id_buy_str = $str_arr[4];
$total		= $str_arr[5];

$post_total = $_POST['payment_gross'];
$post_email = $_POST['payer_email'];
$post_use_credits = $_POST['use_credits'];


if ( !$post_use_credits && $_POST['payment_status'] != "Completed" )
{
	echo "0";
	cc_finish();
}


//$order_arr = explode( "-", $_POST[order_number] );

if ( $post_use_credits )
{
	$post_total = $_POST['amount'];

//	foreach ( $_POST as $k => $v ) echo  "$k => $v <br>"; // debug message

if ( strcmp( $id_buy_str, crypt( $item_name, "secret_string" ) ) != 0
	||  strcmp( $total, crypt( sprintf("%.2f",$_POST['amount']), "secret_string" ) ) != 0
)
{
    echo "-1";

	foreach ( $_POST as $k => $v ) echo  "$k => $v <br>"; // debug message
	echo "total : $total <br>";
	echo "total(c) : ".crypt( $_POST['amount'], "secret_string" )." <br>";
	exit;

    cc_finish();
}
}
else
{
	if ( strcmp( $id_buy_str, crypt( $item_name, "secret_string" ) ) != 0
		||  $_POST['receiver_email'] != $MERCHANT_ID
		||  strcmp( $total, crypt( sprintf("%.2f",$_POST['payment_gross']), "secret_string" ) ) != 0
	//	|| $_SERVER[HTTP_REFERER] != "https://www.2checkout.com/cgi-bin/sbuyers/cartpurchase2.2c"
	)
	{
		echo "-1";
		cc_finish();
	}
}

// seed with microseconds
function make_seed() {
    list($usec, $sec) = explode(' ', microtime());
    return (float) $sec + ((float) $usec * 100000);
}
srand(make_seed());
$randval = rand(100,999);


if ( $post_use_credits )
{
    $tranID = "".time().$randval;
}
else
{
    $tranID = $_POST['txn_id'];
}

require_once( "$dir[inc]post_checkout.inc.php" );


?>

And than back to the "membership.php" page, but no credits are added.

Is there someone that can help me on this? If you whish I'm willing to pay for this.

Thank you,
A Nunes

Er9s

Someone? Please?

Er9s

Could you please at least point me in the right direction? Is there a better place to post this question/problem? Thank you!

brailleschool

i am new to php/mysql but i dont see any INSERT clauses in there. youll need to be able to insert the information into mysql (that is, if youre using mysql)

Er9s

Yes. I use mySQL. But I don't understand a lot about PHP.

brailleschool

Originally posted by Er9s
Yes. I use mySQL. But I don't understand a lot about PHP.

an insert code snippet would be like so:

//connect to the mysql server
$connection = mysql_connect("locahost", "BDUSERNAMEHERE", "DBPASSWORDHERE");

//connect to the mysql database
$db = mysql_select_db("TABLENAMEHERE", $connection);

//time to insert info into mysql table
$query = "INSERT INTO TABLENAMEHERE (ROW1NAMEHERE,ROW2NAMEHERE) VALUES ('VALUEOFROW1HERE', 'VALUEOFROW2HERE')";

//make sure its completed
$result = mysql_query($query, $connection);

NOTE:
one of mine looks like so:
$connection = mysql_connect("$server", "$db_user", "$db_pass");
$db = mysql_select_db("$database", $connection);
$query = "INSERT INTO contactbook (username,contactuser) VALUES ('$username', 'webmaster')";
$result = mysql_query($query, $connection);

I use global variables for $server, $db_user, $db_pass, and $database