Ok, this is the part of the script that seems to confuse me:
if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
// check the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment
}
else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
}
}
fclose ($fp);
So, Lets start with these 6 things the script does...
Check the payment:
I'm assuming I'm checking for a condition? Where do I get this condition and what do I check for?
Check txn_id: We keep completed payment ID's in our database, so I just check that this txn_id is unique, correct?
Check the reciever email: So basicly I just check that the guy who is getting paid is who is actually getting paid, correct?
Check that payment_amount/payment_currency: I just check to see if the payment is the correct amound and in US dollars, right?
Process payment: This is for me, I add the payment information to the database and register them as a real user. They paid, they get what they paid for.
Log for manual investigation: I just post information into a log file. What information do I post?
Thanks ahead of time!
