I'm working with a backend notify paypal script which seemingly works when registered globals are turned on, ..but when turned off this doesn't work. I obviously want to have this functioning with globals off due to security issues. I know exactly what two areas aren't updating. When globals are off it doesn't update the advertiser's record/credits(noted in comment below) nor is it updating the the account status (to active). Do I have to extract some variables to get them used in the script?
<?
include_once("conn.php");
include_once("includes.php");
if($_POST[credit_card_processed] == 'Y')
{
$GetInfo = explode("|", $_POST[cart_order_id]);
$PriceID = $GetInfo[1];
}
elseif(!empty($_POST[custom]))
{
$GetInfo = explode("|", $_POST[custom]);
$PriceID = $GetInfo[1];
}
else
{
//get the templates
require_once("templates/HeaderTemplate.php");
require_once("templates/ProblemPaymentTemplate.php");
require_once("templates/FooterTemplate.php");
exit();
}
//get the price details
$q1 = "select * from class_prices where PriceID = '$PriceID' ";
$r1 = mysql_query($q1) or die(mysql_error());
$a1 = mysql_fetch_array($r1);
//update the advertiser's record/credits
$aexp = mktime(0,0,0,date(m),date(d) + $a1[days],date(Y));
if($a1[PriorityLevel] == '1')
{
if($GetInfo[2] == 'm')
{
$q2 = "update class_members set ExpDate = '$aexp', AccountStatus = 'active', FeaturedAds = FeaturedAds + '$a1[ads]' where MemberID = '$GetInfo[0]' ";
}
else
{
$q2 = "update class_members set ExpDate = '$aexp', AccountStatus = 'active', FeaturedAds = '$a1[ads]' where MemberID = '$GetInfo[0]' ";
}
$v = 1;
}
else
{
if($GetInfo[2] == 'm')
{
$q2 = "update class_members set ExpDate = '$aexp', AccountStatus = 'active', StandardAds = StandardAds + '$a1[ads]' where MemberID = '$GetInfo[0]' ";
}
else
{
$q2 = "update class_members set ExpDate = '$aexp', AccountStatus = 'active', StandardAds = '$a1[ads]' where MemberID = '$GetInfo[0]' ";
}
$v = 2;
}
mysql_query($q2) or die(mysql_error());
$ExpDate = date('M d Y', $aexp);
//get the member info
$q2 = "select * from class_members where MemberID = '$GetInfo[0]' ";
$r2 = mysql_query($q2) or die(mysql_error());
$a2 = mysql_fetch_array($r2);
//send an email
$to = $a2[email];
if($GetInfo[2] == 'n')
{
$subject = "Your registration at $_SERVER[HTTP_HOST]";
$message = "Hello $a2[FirstName] $a2[LastName],\nhere is your login information for $_SERVER[HTTP_HOST]\n\nUsername: $a2[username]\nPassword: $a2[password]\n\nYou are able to post ";
if($v == '1')
{
$message .= "$a1[ads] Featured offers\n";
}
elseif($v == '2')
{
$message .= "$a1[ads] standard offers\n";
}
$message .= "until $ExpDate\n\nTo login, follow this link:\nhttp://$_SERVER[HTTP_HOST]/login.php\n\nThank you for your registration!";
}
else
{
$subject = "Your account was renewed!";
$message = "Hello $a2[FirstName] $a2[LastName],\nYour account at $_SERVER[HTTP_HOST] was renewed successfully! Here is your login information for $_SERVER[HTTP_HOST]\n\nUsername: $a2[username]\nPassword: $a2[password]\n\nYou are able to post ";
if($v == '1')
{
$message .= "$a1[FeaturedAds] Featured offers\n";
}
elseif($v == '2')
{
$message .= "$a1[StandardAds] standard offers\n";
}
$message .= "until $ExpDate\n\nTo login, follow this link:\nhttp://$_SERVER[HTTP_HOST]/login.php\n\nThank you for your registration!";
}
$headers = "MIME-Version: 1.0\n";
$headers .= "Content-type: text/plain; charset=iso-8859-1\n";
$headers .= "Content-Transfer-Encoding: 8bit\n";
$headers .= "From: $_SERVER[HTTP_HOST] <$aset[ContactEmail]>\n";
$headers .= "X-Priority: 1\n";
$headers .= "X-MSMail-Priority: High\n";
$headers .= "X-Mailer: PHP/" . phpversion()."\n";
mail($to, $subject, $message, $headers);
header("location:login.php");
exit();
?>
