<?php
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.sandbox.paypal.com', 80, $errno, $errstr, 30);
// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$quantity =$_POST['quantity'];
if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
// check the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment
$quant=$quantity*10;
$quant2=$quantity*50;
$quant3=$quantity*20;
$quant4=$quantity*10;
$address=$payer_email;
//$payer_email="hide@address.com";
//$item_number = '1ht';
if ($item_number =='1ht')
{
;
$sec=3600;
$number=$quant;
}
else if ($item_number =='st1ht')
{
$sec=3600;
$number=$quant;
}
else if ($item_number =='agbp1day')
{
$sec=3600;
$number=$quant;
}
else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
print "something wrong here";
}
}
fclose ($fp);
}
//$number=6;
//$sec=3600;
include('../../../dbconnect.php');
$min= ($sec/60);
//////////////////////////////////////////////////////////////////////////
// LOOP AS MANY TIMES AS $number FROM CARD CREATION //
//////////////////////////////////////////////////////////////////////////
for ($i=0;$i < $number;$i++)
{
for ($j=0;$j<1;$j++) // ------> CLEAN ME
{
//////////////////////////////////////////////////////////////////////////
// CREATE A RANDOM ID CONSISTING OF 6 LETTERS AND A NUMBER //
//////////////////////////////////////////////////////////////////////////
$consts='bcdgklmnprst';
$vowels='aeiou';
$num= (mt_rand(5, 15));
for ($x=0; $x < 6; $x++) {
$const[$x] = substr($consts,mt_rand(0,strlen($consts)-1),1);
$vow[$x] = substr($vowels,mt_rand(0,strlen($vowels)-1),1);
}
$ID = ($const[0] . $vow[0] .$const[2] . $const[1] . $vow[1] . $const[3] . $num);
//////////////////////////////////////////////////////////////////////////
// CREATE A RANDOM PASSWORD OF EIGHT LETTERS //
//////////////////////////////////////////////////////////////////////////
$consts='bcdgklmnprst';
$vowels='aeiou';
for ($x=0; $x < 6; $x++) {
// mt_srand ((double) microtime() * 1000000); // no longer required
$const[$x] = substr($consts,mt_rand(0,strlen($consts)-1),1);
$vow[$x] = substr($vowels,mt_rand(0,strlen($vowels)-1),1);
}
$PASS = ($const[0] . $vow[0] .$const[2] . $const[1] . $vow[1] . $const[3] . $vow[3] . $const[4]);
//////////////////////////////////////////////////////////////////////////
// ADD THE USERNAME AND PASSWORD TO AN ARRAY //
// We cheat here and use the username as the key and the value //
// as the password. This has the added benifit of ensuring that //
// they get all unique usernames although they would end up with //
// a card less then they ordered. We still need to error check //
// the usernames and passwords to make sure they don't already //
// exist in the database.
//////////////////////////////////////////////////////////////////////////
$UserPass[$ID] = $PASS;
}
}
//////////////////////////////////////////////////////////////////////////
// DATABASE INSERTION GOES HERE FOR NOW. //
// Later I may make an array and then //
// insert it all at once. //
// (C) Carl H. Peterson 2004 //
// (C) phpMyAdmin project 2004 //
//////////////////////////////////////////////////////////////////////////
//include('CrCards/DBinsert.php');
/////////////////////////////////////////////////////////////////////////
// DUMP IT INTO A TABLE IN CASE PDFS DON'T WORK //
/////////////////////////////////////////////////////////////////////////
//if(isset($_POST['AnzahlSeiten'])) {
// ---> CLEAN ME Need to look into one big insertion
// ATOMIC???
foreach($UserPass as $id => $pass ) {
$q0= "INSERT INTO radcheck (UserName , Attribute, op, Value) VALUES('$id','User-Password',':=','$pass')";
$insert0 = mysql_query($q0) or die(mysql_error());
$q1= "INSERT INTO radcheck (UserName , Attribute, op, Value) VALUES('$id','Simultaneous-Use',':=','1')";
$insert1 = mysql_query($q1) or die(mysql_error());
$q2= "INSERT INTO radcheck (UserName , Attribute, op, Value) VALUES('$id','Max-All-Session',':=','$sec')";
$insert2 = mysql_query($q2) or die(mysql_error());
$cards ="MyPrepaid/cards.csv";
$fp =fopen($cards, "w");
foreach($UserPass as $id => $pass ) {
$usera = "$id,$pass\n";
fputs($fp, $usera);
}
}
$subject="cards";
$fd =fopen($cards, "r");
$body = fread($fd, filesize($cards));
//Email the codes to the client.
$address="hide@address.com";
$mailsend = mail("$address", "$subject", "Here are your Swarm hotspot tickets.\n\nUserName Password\n\n$body\n\nThank you for your purchase.\n\hide@address.com", "From:hide@address.com");
print("$mailsend");
//Send yourself a copy of the transaction
$mailsend2 = mail("hide@address.com", "$subject", "Here are the Swarm hotspot tickets for $address.\n\nUserName Password\n\n$body\n\nThank you for your purchase.\n\hide@address.com", "From:hide@address.com");
print("$mailsend2");
print "sec";
print $sec;
print "number";
print $number;
print "submit";
Print $submit;
?>