Location: PHPKode > projects > Lizard Cart CMS > notify.php
<?php
include ("config.inc.php");
#########################################################
#                                                       #
#  Program         : IPN Development Handler            #
#  Author          : Marcus Cicero                      #
#  File            : notify.php                         #
#  Function        : Skeleton IPN Handler               #
#  Version         : 1.4                                #
#  Last Modified   : 11/18/2002                         #
#  Copyright       : EliteWeaver UK                     #
#                                                       #
#########################################################
#    THIS SCRIPT IS FREEWARE AND IS NOT FOR RE-SALE     #
#########################################################


// IPN Posting Modes, Choose: 1 or 2

$postmode = "1";

           //* 1 = Live Via PayPal Network
           //* 2 = Test Via EliteWeaver UK


// Convert Super globals on Older PHP builds

            if(phpversion() <= "4.0.6")
            {
                   $_POST = ($HTTP_POST_VARS);
                                  }

// No IPN post Means this Script does Not exist :)

            if (!$_POST['txn_type'])
            { header("Status: 404 Not Found"); exit;
                                  }
            else
            { header("Status: 200 OK");
                                  }

// Read the Posted IPN, filter Restricted vars and Add "cmd" for Post back Validation

                   $postvars = array();
                   $restrict = array('receiver_email','business','item_name','item_number','quantity','invoice','custom','option_name','option_selection','num_cart_items','payment_status','pending_reason','payment_date','settle_amount','settle_currency','exchange_rate','payment_gross','payment_fee','mc_gross','mc_fee','mc_currency','txn_id','tax','txn_type','memo','first_name','last_name','address_street','address_city','address_state','address_zip','address_country','address_status','payer_email','payer_id','payer_status','payment_type','notify_version','verify_sign','subscr_date','period','amount','recurring','reattempt','retry_at','recur_times','username','password','subscr_id');
                   // Restrict array Should not Contain numerical Characters because IPN related to the PayPal "_cart" Will be INVALID *** Always keep This array Updated with New IPN variables and Maintain full Filtered control Over what this Script and PayPal are Allowed to Talk about ;-) Why? ->>> http://www.php.net/manual/en/security.registerglobals.php

            foreach ($_POST as $ipnkey => $ipnvalue)
            { if (in_array (ereg_replace("[0-9]", '', $ipnkey), $restrict)) {
                   $GLOBALS[$ipnkey] = $ipnvalue; // Posted variable Localization
                   $postvars[] = $ipnkey;
                                  }}

                   $postipn = 'cmd=_notify-validate';
                   $noteipn = '<b>IPN post variables in order of appearance:</b><br><br>';

            for ($x=0; $x < count($postvars); $x++)
            { $y=$x+1;
                   $postkey = $postvars[$x];
                   $postval = $$postvars[$x];
                   $postipn.= "&" . $postkey . "=" . urlencode($postval);
                   $noteipn.= "<b>#" . $y . "</b> Key: " . $postkey . " <b>=</b> Value: " . $postval . "<br>";
                                  }

// PostMode 1: Live Via PayPal Network

            if ($postmode == 1)
            {
$socket = fsockopen ("www.paypal.com", 80, $errno, $errstr, 30);
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header.= "Host: www.paypal.com\r\n";
$header.= "Content-Type: application/x-www-form-urlencoded\r\n";
$header.= "Content-Length: " . strlen($postipn) . "\r\n\r\n";
//* Note: "Connection: Close" is Not required Using HTTP/1.0
                                  }

// PostMode 2: Test Via EliteWeaver UK

            elseif ($postmode == 2)
            {
$socket = fsockopen ("www.eliteweaver.co.uk", 80, $errno, $errstr, 30);
$header = "POST /testing/ipntest.php HTTP/1.0\r\n";
$header.= "Host: www.eliteweaver.co.uk\r\n";
$header.= "Content-Type: application/x-www-form-urlencoded\r\n";
$header.= "Content-Length: " . strlen($postipn) . "\r\n\r\n";
//* Note: "Connection: Close" is Not required Using HTTP/1.0
                                  }

// Selected PostMode was Probably Not Set to 1 or 2

            else
            { $error=1;
echo "PostMode: " . $postmode . " is invalid!";
exit;
                                  }


// Problem: Now is this your Firewall or your Ports?
// Maybe Setup a little email Notification here. . .

            if (!$socket && !$error)
            {
echo "Problem: Error Number: " . $errno . " Error String: " . $errstr;
exit;
                                  }


// If No Problems have Occured then We proceed With the Processing

            else
            {
fputs ($socket, $header . $postipn);

            while (!feof($socket))
	    {
                   $reply = fgets ($socket, 1024);
                   $reply = trim ($reply); // Required on some Environments
                                  }

// Prepare debug Report for Browser display

                   $report = $noteipn . "<br><b>" . "IPN Reply: " . $reply . "</b>";

// Already localized, but This may Protect your Own code From the G and C in GPC ;-)

// Standard - Instant Payment Notifiction Variables

                   $receiver_email = $_POST['receiver_email'];
                   $business = $_POST['business'];
                   $item_name = $_POST['item_name'];
                   $item_number = $_POST['item_number'];
                   $quantity = $_POST['quantity'];
                   $invoice = $_POST['invoice'];
                   $custom = $_POST['custom'];
                   $option_name1 = $_POST['option_name1'];
                   $option_selection1 = $_POST['option_selection1'];
                   $option_name2 = $_POST['option_name2'];
                   $option_selection2 = $_POST['option_selection2'];
                   $num_cart_items = $_POST['num_cart_items'];
                   $payment_status = $_POST['payment_status'];
                   $pending_reason = $_POST['pending_reason'];
                   $payment_date = $_POST['payment_date'];
                   $settle_amount = $_POST['settle_amount'];
                   $settle_currency = $_POST['settle_currency'];
                   $exchange_rate = $_POST['exchange_rate'];
                   $payment_gross = $_POST['payment_gross'];
                   $payment_fee = $_POST['payment_fee'];
                   $mc_gross = $_POST['mc_gross'];
                   $mc_fee = $_POST['mc_fee'];
                   $mc_currency = $_POST['mc_currency'];
                   $tax = $_POST['tax'];
                   $txn_id = $_POST['txn_id'];
                   $txn_type = $_POST['txn_type'];
                   $memo = $_POST['memo'];
                   $first_name = $_POST['first_name'];
                   $last_name = $_POST['last_name'];
                   $address_street = $_POST['address_street'];
                   $address_city = $_POST['address_city'];
                   $address_state = $_POST['address_state'];
                   $address_zip = $_POST['address_zip'];
                   $address_country = $_POST['address_country'];
                   $address_status = $_POST['address_status'];
                   $payer_email = $_POST['payer_email'];
                   $payer_id = $_POST['payer_id'];
                   $payer_status = $_POST['payer_status'];
                   $payment_type = $_POST['payment_type'];
                   $notify_version = $_POST['notify_version'];
                   $verify_sign = $_POST['verify_sign'];

// Subscription - Instant Payment Notifiction Variables

                   $subscr_date = $_POST['subscr_date'];
                   $period1 = $_POST['period1'];
                   $period2 = $_POST['period2'];
                   $period3 = $_POST['period3'];
                   $amount1 = $_POST['amount1'];
                   $amount2 = $_POST['amount2'];
                   $amount3 = $_POST['amount3'];
                   $recurring = $_POST['recurring'];
                   $reattempt = $_POST['reattempt'];
                   $retry_at = $_POST['retry_at'];
                   $recur_times = $_POST['recur_times'];
                   $username = $_POST['username'];
                   $password = $_POST['password'];
                   $subscr_id = $_POST['subscr_id'];


// IPN was Confirmed as both Genuine and VERIFIED

            if (!strcmp ($reply, "VERIFIED"))
            {


$query = "INSERT INTO var_notify (ipn_id,receiver_email,business,item_name,item_number,quantity,invoice,custom,option_name1,option_selection1,option_name2,option_selection2,num_cart_items,payment_status,pending_reason,payment_date,settle_amount,settle_currency,exchange_rate,payment_gross,payment_fee,mc_gross,mc_fee,mc_currency,tax,txn_id,txn_type,memo,first_name,last_name,address_street,address_city,address_state,address_zip,address_country,address_status,payer_email,payer_id,payer_status,payment_type,subscr_date,period1,period2,period3,amount1,amount2,amount3,recurring,reattempt,retry_at,recur_times,username,password,subscr_id,notify_version,verify_sign,status) VALUES ('$ipn_id','$receiver_email','$business','$item_name','$item_number','$quantity','$invoice','$custom','$option_name1','$option_selection1','$option_name2','$option_selection2','$num_cart_items','$payment_status','$pending_reason','$payment_date','$settle_amount','$settle_currency','$exchange_rate','$payment_gross','$payment_fee','$mc_gross','$mc_fee','$mc_currency','$tax','$txn_id','$txn_type','$memo','$first_name','$last_name','$address_street','$address_city','$address_state','$address_zip','$address_country','$address_status','$payer_email','$payer_id','$payer_status','$payment_type','$subscr_date','$period1','$period2','$period3','$amount1','$amount2','$amount3','$recurring','$reattempt','$retry_at','$recur_times','$username','$password','$subscr_id','$notify_version','$verify_sign','$status')";
$req = mysql_query($query);

if (!$req)
{ echo "<B>Error ".mysql_errno()." :</B> ".mysql_error()."";
exit; }			
// Check that the "payment_status" variable is: Completed
// If it is Pending you may Want to Inform your Customer?
// Check your DB to Ensure this "txn_id" is Not a Duplicate
// You may want to Check "payment_gross" or "mc_gross" matches listed Prices?
// You definately want to Check the "receiver_email" or "business" is yours
// Update your DB and Process this Payment accordingly
echo $report; // Remove: # for Testing
                                  }

// IPN was Not Validated as Genuine and is INVALID

            elseif (!strcmp ($reply, "INVALID"))
            {
// Check your code for any Post back Validation problems
// Investigate the Fact that this Could be a spoofed IPN
// If updating your DB, Ensure this "txn_id" is Not a Duplicate
echo $report; // Remove: # for Testing
                                  }

            else
            {
// Just incase Something serious Should ever Happen!
echo $report; // Remove: # for Testing
                                  }


// Terminate the Socket connection and Exit

fclose ($socket);
exit;
                 }

#########################################################
#    THIS SCRIPT IS FREEWARE AND IS NOT FOR RE-SALE     #
#########################################################

?>
Return current item: Lizard Cart CMS