I got a web site put together for testing, searched for and found some PHP code, and created a couple of MySQL tables consistent with the PHP code.
I'm trying to start some testing with PayPal. (Don't seem to have much luck with posts at their developer site.) Just a few problems. (What an understatement...)
I've hidden my test web site behind a password protected file address. PayPal will POST to a URL that you provide some information regarding whether a transaction has gone through. I need to get past the password tha tis protecting the file in which the test web site exists to get to the URL (corresponding to the PHP code) that will then start to interact with the MySQL database (which, of course, is also password protected, but the PHP code I found seems to be able to handle the MySQL database password. What am I to do about protecting the PHP behind a password protected portion of the site, so that others can use it to access a database?
The following is the PHP code I found. I have some questions (outlined below), that reference it. I could really use some answers to these questions, and some useful perspectives on how to approach testing and operational factors. Thank you.
I discovered the following two PHP files and the related MySql table creation scripts on the internet. The two other MySQL files seem to work in terms of actually setting up a table inside a MySQL database that I've created. I'm trying to determine where I fill in the data specific to that table in the PHP files that are shown below. I've begun the task by adding a few comments and changing some e-mail references to make more sense to me relative to this post. I'd appreciate any information that you might provide or straightforward recommendations to provide for a successful initial sandbox test and long term functionality. Thank you.
My questions:
Can someone please advise me and confirm how to use the non-software class file? (The one that immediately follows this inquiry section.)
I believe that I am only supposed to fill in the following in the non-software class file, but please correct me if I am wrong:
A. $ln = "UserName" - I fill in my MySql Username.
B. $pw = "mypassword" - I fill in my MySql password.
C. $db - I fill in MySql database name.
D. $host - I fill in nothing, the server knows this already.
E. $paypal_email - I fill in my e-mail address.
F. $error_email - I fill in my e-mail address.
G. I don't know from where the "from_e-mail" or other data referred to as e-mail headers ($em_headers) is coming. I question if that is supposed to be supplied from an HTML form that is not inherently part of these two PHP files, I could use some expert perception in that regard.
The two PHP files are shown below:
<?
// made by robin kohli (robin@19.5degs.com) for 19.5 Degrees (http://www.19.5degs.com)
// ----- edit these settings
// database settings
//I do nothing to the "localhost" setting because that is a keyword that the server will properly interpret??
$host="localhost";
//My User Log-On Name
$ln="UserName";
//my password
$pw="mypassword";
//my database name
$db="my_data";
// paypal email
$paypal_email = "MyEmail@mail.com";
// email address where script should send notifications
$error_email = "MyEmail@mail.com";
// email header - this is a real question mark for me - what does it do
//and where does the data come from?
$em_headers = "From: from_name <from_email>\n";
$em_headers .= "Reply-To: from_email\n";
$em_headers .= "Return-Path: from_email\n";
$em_headers .= "Organization: company_name\n";
$em_headers .= "X-Priority: 3\n";
// -----------------
require("ipn_cls.php";
$paypal_info = $HTTP_POST_VARS;
$paypal_ipn = new paypal_ipn($paypal_info);
foreach ($paypal_ipn->paypal_post_vars as $key=>$value) {
if (getType($key)=="string" {
eval("\$$key=\$value;";
}
}
$paypal_ipn->send_response();
$paypal_ipn->error_email = $error_email;
if (!$paypal_ipn->is_verified()) {
$paypal_ipn->error_out("Bad order (PayPal says it's invalid)" . $paypal_ipn->paypal_response , $em_headers);
die();
}
switch( $paypal_ipn->get_payment_status() )
{
case 'Pending':
$pending_reason=$paypal_ipn->paypal_post_vars['pending_reason'];
if ($pending_reason!="intl" {
$paypal_ipn->error_out("Pending Payment - $pending_reason", $em_headers);
break;
}
case 'Completed':
$qry= "SELECT i.mc_gross, i.mc_currency FROM item_table as i WHERE i.item_number='$item_number'";
mysql_connect("$host","$ln","$pw" or die("Unable to connect to database";
mysql_select_db("$db" or die("Unable to select database";
$res=mysql_query ($qry);
$config=mysql_fetch_array($res);
if ($paypal_ipn->paypal_post_vars['txn_type']=="reversal" {
$reason_code=$paypal_ipn->paypal_post_vars['reason_code'];
$paypal_ipn->error_out("PayPal reversed an earlier transaction.", $em_headers);
// you should mark the payment as disputed now
} else {
if (
(strtolower(trim($paypal_ipn->paypal_post_vars['business'])) == $paypal_email) && (trim($mc_currency)==$config['mc_currency']) && (trim($mc_gross)-$tax == $quantity*$config['mc_gross'])
) {
$qry="INSERT INTO paypal_table VALUES (0 , '$payer_id', '$payment_date', '$txn_id', '$first_name', '$last_name', '$payer_email', '$payer_status', '$payment_type', '$memo', '$item_name', '$item_number', $quantity, $mc_gross, '$mc_currency', '$address_name', '".nl2br($address_street)."', '$address_city', '$address_state', '$address_zip', '$address_country', '$address_status', '$payer_business_name', '$payment_status', '$pending_reason', '$reason_code', '$txn_type')";
if (mysql_query($qry)) {
$paypal_ipn->error_out("This was a successful transaction", $em_headers);
// you should add your code for sending out the download link to your customer at $payer_email here.
} else {
$paypal_ipn->error_out("This was a duplicate transaction", $em_headers);
}
} else {
$paypal_ipn->error_out("Someone attempted a sale using a manipulated URL", $em_headers);
}
}
break;
case 'Failed':
// this will only happen in case of echeck.
$paypal_ipn->error_out("Failed Payment", $em_headers);
break;
case 'Denied':
// denied payment by us
$paypal_ipn->error_out("Denied Payment", $em_headers);
break;
case 'Refunded':
// payment refunded by us
$paypal_ipn->error_out("Refunded Payment", $em_headers);
break;
case 'Canceled':
// reversal cancelled
// mark the payment as dispute cancelled
$paypal_ipn->error_out("Cancelled reversal", $em_headers);
break;
default:
// order is not good
$paypal_ipn->error_out("Unknown Payment Status - " . $paypal_ipn->get_payment_status(), $em_headers);
break;
}
?>
<?php
class paypal_ipn
{
var $paypal_post_vars;
var $paypal_response;
var $timeout;
var $error_email;
function paypal_ipn($paypal_post_vars) {
$this->paypal_post_vars = $paypal_post_vars;
$this->timeout = 120;
}
function send_response()
{
$fp = @fsockopen( "www.sandbox.paypal.com", 80, &$errno, &$errstr, 120 );
if (!$fp) {
$this->error_out("PHP fsockopen() error: " . $errstr , "";
} else {
foreach($this->paypal_post_vars AS $key => $value) {
if (@get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
$values[] = "$key" . "=" . urlencode($value);
}
$response = @implode("&", $values);
$response .= "&cmd=_notify-validate";
fputs( $fp, "POST /cgi-bin/webscr HTTP/1.0\r\n" );
fputs( $fp, "Content-type: application/x-www-form-urlencoded\r\n" );
fputs( $fp, "Content-length: " . strlen($response) . "\r\n\n" );
fputs( $fp, "$response\n\r" );
fputs( $fp, "\r\n" );
$this->send_time = time();
$this->paypal_response = "";
// get response from paypal
while (!feof($fp)) {
$this->paypal_response .= fgets( $fp, 1024 );
if ($this->send_time < time() - $this->timeout) {
$this->error_out("Timed out waiting for a response from PayPal. ($this->timeout seconds)" , "";
}
}
fclose( $fp );
}
}
function is_verified() {
if( ereg("VERIFIED", $this->paypal_response) )
return true;
else
return false;
}
function get_payment_status() {
return $this->paypal_post_vars['payment_status'];
}
function error_out($message, $em_headers)
{
$date = date("D M j G:i:s T Y", time());
$message .= "\n\nThe following data was received from PayPal:\n\n";
@reset($this->paypal_post_vars);
while( @list($key,$value) = @each($this->paypal_post_vars)) {
$message .= $key . ':' . " \t$value\n";
}
mail($this->error_email, "[$date] paypay_ipn notification", $message, $em_headers);
}
}
?>
