$http_post_vars

crawfd

Trying to re-write the portion below so that it works with register_globals 'off'. I think http_post_vars is depricated.

$postvars = array();
while (list ($key, $value) = each ($HTTP_POST_VARS)) {
$postvars[] = $key;
}
$req = 'cmd=_notify-validate';
for ($var = 0; $var < count ($postvars); $var++) {
$postvar_key = $postvars[$var];
$postvar_value = $$postvars[$var];
$req .= "&" . $postvar_key . "=" . urlencode ($postvar_value);
}

rincewind456

$HTTP_POST_VARS is now $_POST

crawfd

I replaced, but there still must be elements that are depricated? The script below works fine with globals on, ....but with them off it doesn't work. I'm trying to get it functioning with globals set to off for security issues.....

<?php
//------------------------------------------------------------------
// Open log file (in append mode) and write the current time into it.
// Open the DB Connection. Open the actual database.
//-------------------------------------------------------------------
$log = fopen("ipn.log", "a");
fwrite($log, "\n\nipn - " . gmstrftime ("%b %d %Y %H:%M:%S", time()) . "\n");
$db = mysql_connect("mysql.mysite.com", "", "");
mysql_select_db("mycel001",$db);


//------------------------------------------------
// Read post from PayPal system and create reply
// starting with: 'cmd=_notify-validate'...
// then repeating all values sent - VALIDATION.
//------------------------------------------------
$postvars = array();
while (list ($key, $value) = each ($_POST)) {
$postvars[] = $key;
}
$req = 'cmd=_notify-validate';
for ($var = 0; $var < count ($postvars); $var++) {
$postvar_key = $postvars[$var];
$postvar_value = $$postvars[$var];
$req .= "&" . $postvar_key . "=" . urlencode ($postvar_value);
}


//--------------------------------------------
// Create message to post back to PayPal...
// Open a socket to the PayPal server...
//--------------------------------------------
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen ($req) . "\r\n\r\n";
$fp = fsockopen ("www.paypal.com", 80, $errno, $errstr, 30);


fwrite($log, "Vals: ". $invoice." ". $receiver_email." ". $item_name." ". $item_number." ". $quantity." ". $payment_status." ". $pending_reason." ".$payment_date." ". $payment_gross." ". $payment_fee." ". $txn_id." ". $txn_type." ". $first_name." ". $last_name." ". $address_street." ". $address_city." ". $address_state . " ".$address_zip." ". $address_country." ". $address_status." ". $payer_email. " ". $payer_status." ". $payment_type." ". $notify_version." ". $verify_sign. "\ n"); 

//----------------------------------------------------------------------
// Check HTTP connection made to PayPal OK, If not, print an error msg
//----------------------------------------------------------------------
if (!$fp) {
echo "$errstr ($errno)";
fwrite($log, "Failed to open HTTP connection!");
$res = "FAILED";
}

//--------------------------------------------------------
// If connected OK, write the posted values back, then...
//--------------------------------------------------------
else {
fputs ($fp, $header . $req);
//-------------------------------------------
// ...read the results of the verification...
// If VERIFIED = continue to process the TX...
//-------------------------------------------
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {




//----------------------------------------------------------------------
// If the payment_status=Completed... Get the password for the product
// from the DB and email it to the customer.
//----------------------------------------------------------------------
if (strcmp ($payment_status, "Completed") == 0) {
$qry = "UPDATE catalog SET pass=\"1\" WHERE session = \"$item_number\"";
$result = mysql_query($qry,$db);

//send email with session variable

$header = "From: sales@mysite.com\n";
$header .= "MIME-Version: 1.0\n";
$header .= "Content-Type: text/html; charset=iso-8859-1\n";
$header .= "X-Mailer: PHP / ".phpversion()."\n";

$message = "<html>\n";
$message .= "<body>\n";
$message .= "<table border=0 cellspacing=0 cellpadding=0>\n";
$message .= "<tr>\n";
$message .= "<td><img src=\"http://www.mysite.com/images/logo.gif\"><br><br>Dear ".$first_name."<br><br><b><font color=red>Your template(s) are available for download!</font></b><br><br>Thank you for choosing <a href=\"http://www.mysite.com\" target=\"_blank\">mysite.com</a> for your template needs!.<br><br>Click on the link below to download your template(s). You will be able to access your template downloads for 24 hours after initial purchase.<br><br><a href=\"http://www.mysite.com/cart/mytemplates.php?tpl=".$item_number."&fname=".$first_name."\">http://www.mysite.com/cart/mytemplates.php?tpl=".$item_number."&fname=".$first_name."</a><br><br>Your Ticket number is: ".$item_number."<br><br>Sincerely Yours,<br><br>mysite.com Staff";
$message .= "</tr>\n";
$message .= "</table>\n";
$message .= "</body>\n";
$message .= "</html>\n";

$sendto = "".$payer_email.", info@mysite.com";
$subject = "Your Template(s) are available! - mysite.com";

mail($sendto,$subject,$message,$header);

//--------------------------------------
// Insert Transaction details into DB.
//--------------------------------------
$qry2 = "INSERT into sales (invoice, receiver_email, item_name, item_number, quantity, payment_status, pending_reason, payment_date, payment_gross, payment_fee, txn_id, txn_type, first_name, last_name, address_street, address_city, address_state, address_zip, address_country, address_status, payer_email, payer_status, payment_type, notify_version , verify_sign)
VALUES
( \"$invoice\", \"$receiver_email\", \"$item_name\", \"$item_number\", \"$quantity\", \"$payment_status\", \"$pending_reason\", \"$payment_date\", \"$payment_gross\", \"$payment_fee\", \"$txn_id\", \"$txn_type\", \"$first_name\", \"$last_name\", \"$address_street\", \"$address_city\", \"$address_state\", \"$address_zip \", \"$address_country\", \"$address_status\", \"$payer_email\", \"$payer_status \", \"$payment_type\", \"$notify_version\", \"$verify_sign\" )";

$result2 = mysql_query($qry2,$db);

}




//----------------------------------------------------------------------
// If the payment_status is NOT Completed... You'll have to send the 
// password later, by hand, when the funds clear...
//----------------------------------------------------------------------
//} else {
//$message .= "Dear Customer,\n Thankyou for your order.\n\nThe link for the item(s) you ordered will be sent to you when the funds have cleared.\n\nThankyou 

//\n\nsales\@yourdomain.com";

//mail($payer_email, "mysite.com - Your Template(s) link...", $message, "From: info@mysite.com\nReply-To: 

//info@mysite.com");

//mail($receiver_email, "mysite.com - Incomplete PayPal TX...", "An incomplete transaction requires your attention.");


else {


mail($payer_email, "mysite.com - An Error Occurred...", "Dear Customer,\n an error occurred while PayPal was processing your order. It will be investigated by a human at the earliest opportunity.\n\nWe apologise for any inconvenience.", "From: info@mysite.com\nReply-To: info@mysite.com");

mail($receiver_email, "mysite.com - Invalid PayPal TX...", "An invalid transaction requires your attention.");


}
}
}
}





//-------------------------------------------
// Close PayPal Connection, Log File and DB.
//-------------------------------------------
fclose ($fp);
fclose ($log);
mysql_close($db);
?>

rincewind456

Well a quick run through Zend code analyzer gives this

Global variable $errno  was used before it was defined (line 36)
Global variable $errstr  was used before it was defined (line 36)
Global variable $invoice  was used before it was defined (line 39)
Global variable $receiver_email  was used before it was defined (line 39)
Global variable $item_name  was used before it was defined (line 39)
Global variable $item_number  was used before it was defined (line 39)
Global variable $quantity  was used before it was defined (line 39)
Global variable $payment_status  was used before it was defined (line 39)
Global variable $pending_reason  was used before it was defined (line 39)
Global variable $payment_date  was used before it was defined (line 39)
Global variable $payment_gross  was used before it was defined (line 39)
Global variable $payment_fee  was used before it was defined (line 39)
Global variable $txn_id  was used before it was defined (line 39)
Global variable $txn_type  was used before it was defined (line 39)
Global variable $first_name  was used before it was defined (line 39)
Global variable $last_name  was used before it was defined (line 39)
Global variable $address_street  was used before it was defined (line 39)
Global variable $address_city  was used before it was defined (line 39)
Global variable $address_state  was used before it was defined (line 39)
Global variable $address_zip  was used before it was defined (line 39)
Global variable $address_country  was used before it was defined (line 39)
Global variable $address_status  was used before it was defined (line 39)
Global variable $payer_email  was used before it was defined (line 39)
Global variable $payer_status  was used before it was defined (line 39)
Global variable $payment_type  was used before it was defined (line 39)
Global variable $notify_version  was used before it was defined (line 39)
Global variable $verify_sign  was used before it was defined (line 39)
Global variable $errstr  was used before it was defined (line 45)
Global variable $errno  was used before it was defined (line 45)
Global variable $payment_status  was used before it was defined (line 70)
Global variable $item_number  was used before it was defined (line 71)
Global variable $first_name  was used before it was defined (line 85)
Global variable $item_number  was used before it was defined (line 85)
Global variable $first_name  was used before it was defined (line 85)
Global variable $item_number  was used before it was defined (line 85)
Global variable $first_name  was used before it was defined (line 85)
Global variable $item_number  was used before it was defined (line 85)
Global variable $payer_email  was used before it was defined (line 91)
Global variable $invoice  was used before it was defined (line 101)
Global variable $receiver_email  was used before it was defined (line 101)
Global variable $item_name  was used before it was defined (line 101)
Global variable $item_number  was used before it was defined (line 101)
Global variable $quantity  was used before it was defined (line 101)
Global variable $payment_status  was used before it was defined (line 101)
Global variable $pending_reason  was used before it was defined (line 101)
Global variable $payment_date  was used before it was defined (line 101)
Global variable $payment_gross  was used before it was defined (line 101)
Global variable $payment_fee  was used before it was defined (line 101)
Global variable $txn_id  was used before it was defined (line 101)
Global variable $txn_type  was used before it was defined (line 101)
Global variable $first_name  was used before it was defined (line 101)
Global variable $last_name  was used before it was defined (line 101)
Global variable $address_street  was used before it was defined (line 101)
Global variable $address_city  was used before it was defined (line 101)
Global variable $address_state  was used before it was defined (line 101)
Global variable $address_zip  was used before it was defined (line 101)
Global variable $address_country  was used before it was defined (line 101)
Global variable $address_status  was used before it was defined (line 101)
Global variable $payer_email  was used before it was defined (line 101)
Global variable $payer_status  was used before it was defined (line 101)
Global variable $payment_type  was used before it was defined (line 101)
Global variable $notify_version  was used before it was defined (line 101)
Global variable $verify_sign  was used before it was defined (line 101)
Global variable $payer_email  was used before it was defined (line 129)
Global variable $receiver_email  was used before it was defined (line 131)

So iI guess you need to see where your vars are coming from, to see if any need to be rewritten.