Changeset View
Changeset View
Standalone View
Standalone View
community/donations/notify.php
Show All 24 Lines | 24 | if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) { | |||
---|---|---|---|---|---|
25 | $value = urlencode(stripslashes($value)); | 25 | $value = urlencode(stripslashes($value)); | ||
26 | } else { | 26 | } else { | ||
27 | $value = urlencode($value); | 27 | $value = urlencode($value); | ||
28 | } | 28 | } | ||
29 | $req .= "&$key=$value"; | 29 | $req .= "&$key=$value"; | ||
30 | } | 30 | } | ||
31 | 31 | | |||
32 | if ($do_debug) { | 32 | if ($do_debug) { | ||
33 | $debug = fopen('/tmp/data.txt', 'a+'); | 33 | $debug = fopen('/tmp/data.txt', 'a+'); | ||
aacid: do we need this? | |||||
34 | fwrite($debug, "Raw Data: $raw_post_data\n"); | 34 | fwrite($debug, "Raw Data: $raw_post_data\n"); | ||
35 | fwrite($debug, "PHP Decoded: " . var_export($_POST, true) . "\n"); | 35 | fwrite($debug, "PHP Decoded: " . var_export($_POST, true) . "\n"); | ||
36 | fwrite($debug, "verify: $req\n"); | 36 | fwrite($debug, "verify: $req\n"); | ||
37 | } | 37 | } | ||
38 | 38 | | |||
39 | 39 | | |||
40 | $ch = curl_init('https://www.paypal.com/cgi-bin/webscr'); | 40 | $ch = curl_init('https://www.paypal.com/cgi-bin/webscr'); | ||
41 | curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); | 41 | curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); | ||
aacid: and here | |||||
42 | curl_setopt($ch, CURLOPT_POST, 1); | 42 | curl_setopt($ch, CURLOPT_POST, 1); | ||
43 | curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); | 43 | curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); | ||
44 | curl_setopt($ch, CURLOPT_POSTFIELDS, $req); | 44 | curl_setopt($ch, CURLOPT_POSTFIELDS, $req); | ||
45 | curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); | 45 | curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); | ||
46 | curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); | 46 | curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); | ||
47 | curl_setopt($ch, CURLOPT_FORBID_REUSE, 1); | 47 | curl_setopt($ch, CURLOPT_FORBID_REUSE, 1); | ||
48 | curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close')); | 48 | curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close')); | ||
49 | 49 | | |||
50 | // In wamp-like environments that do not come bundled with root authority certificates, | 50 | // In wamp-like environments that do not come bundled with root authority certificates, | ||
51 | // please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set | 51 | // please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set | ||
52 | // the directory path of the certificate as shown below: | 52 | // the directory path of the certificate as shown below: | ||
53 | // curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem'); | 53 | // curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem'); | ||
54 | if( !($res = curl_exec($ch)) ) { | 54 | if( !($res = curl_exec($ch)) ) { | ||
55 | if ($do_debug) { | 55 | if ($do_debug) { | ||
56 | fwrite($debug, "Error in calling curl_exec\n"); | 56 | fwrite($debug, "Error in calling curl_exec\n"); | ||
57 | } | 57 | } | ||
i think we're always running in debug (double check with ben, so no need to have these error_log calls?) aacid: i think we're always running in debug (double check with ben, so no need to have these… | |||||
58 | curl_close($ch); | 58 | curl_close($ch); | ||
59 | exit; | 59 | exit; | ||
60 | } | 60 | } | ||
61 | curl_close($ch); | 61 | curl_close($ch); | ||
62 | 62 | | |||
63 | if (strcmp ($res, "VERIFIED") == 0) { | 63 | if (strcmp ($res, "VERIFIED") === 0) { | ||
64 | // assign posted variables to local variables | 64 | // assign posted variables to local variables | ||
aacid: this doesn't seem like an error | |||||
65 | $item_name = $_POST['item_name']; | 65 | $item_name = $_POST['item_name']; | ||
66 | $item_number = $_POST['item_number']; | 66 | $item_number = $_POST['item_number']; | ||
67 | $payment_status = $_POST['payment_status']; | 67 | $payment_status = $_POST['payment_status']; | ||
68 | $payment_amount = $_POST['mc_gross']; | 68 | $payment_amount = $_POST['mc_gross']; | ||
69 | $payment_currency = $_POST['mc_currency']; | 69 | $payment_currency = $_POST['mc_currency']; | ||
70 | $txn_id = $_POST['txn_id']; | 70 | $txn_id = $_POST['txn_id']; | ||
71 | $memo = $_POST['memo']; | 71 | $memo = $_POST['memo']; | ||
72 | $receiver_email = $_POST['receiver_email']; | 72 | $receiver_email = $_POST['receiver_email']; | ||
73 | $payer_email = $_POST['payer_email']; | 73 | $payer_email = $_POST['payer_email']; | ||
74 | $donate_url = $_POST['custom']; | 74 | $donate_url = $_POST['custom']; | ||
75 | 75 | | |||
76 | require("donations_auth.inc"); | 76 | require("donations_auth.inc"); | ||
77 | 77 | | |||
78 | /* | 78 | /* | ||
79 | $query = "CREATE TABLE IF NOT EXISTS donations ( id "; | 79 | $query = "CREATE TABLE IF NOT EXISTS donations ( id "; | ||
80 | $query .= "INT AUTO_INCREMENT PRIMARY KEY, date DATETIME, "; | 80 | $query .= "INT AUTO_INCREMENT PRIMARY KEY, date DATETIME, "; | ||
81 | $query .= "amount float(10,2), message VARCHAR(255), "; | 81 | $query .= "amount float(10,2), message VARCHAR(255), "; | ||
82 | $query .= "transactionid VARCHAR(255) UNIQUE, donate_url VARCHAR(255) )"; | 82 | $query .= "transactionid VARCHAR(255) UNIQUE, donate_url VARCHAR(255) )"; | ||
83 | mysql_query($query,$sq); | 83 | mysql_query($query,$sq); | ||
84 | echo mysql_error(); | 84 | echo mysql_error(); | ||
85 | */ | 85 | */ | ||
86 | 86 | | |||
87 | // check the payment_status is Completed | 87 | // check the payment_status is Completed | ||
88 | if ( $payment_status != "Completed") { | 88 | if ( $payment_status !== "Completed") { | ||
89 | if ($do_debug) { | 89 | if ($do_debug) { | ||
90 | fwrite($debug, "Unexpected payment status: ".$payment_status."\n"); | 90 | fwrite($debug, "Unexpected payment status: ".$payment_status."\n"); | ||
91 | } | 91 | } | ||
92 | die("Payment status is ".$payment_status); | 92 | die("Payment status is ".$payment_status); | ||
93 | } | 93 | } | ||
94 | 94 | | |||
95 | // check that receiver_email is your Primary PayPal email | 95 | // check that receiver_email is your Primary PayPal email | ||
96 | if ( $receiver_email != "kde-ev-board@kde.org") { | 96 | if ( $receiver_email !== "kde-ev-board@kde.org") { | ||
I would rather you don't change this since the current setup works, why are you changing it? aacid: I would rather you don't change this since the current setup works, why are you changing it? | |||||
97 | if ($do_debug) { | 97 | if ($do_debug) { | ||
98 | fwrite($debug, "Unexpected receiver email: ".$receiver_email."\n"); | 98 | fwrite($debug, "Unexpected receiver email: ".$receiver_email."\n"); | ||
99 | } | 99 | } | ||
100 | die("Unknown email"); | 100 | die("Unknown email"); | ||
101 | } | 101 | } | ||
102 | 102 | | |||
103 | // check that payment_amount/payment_currency are correct | 103 | // check that payment_amount/payment_currency are correct | ||
104 | if ( $payment_currency != "EUR" ) { | 104 | if ( $payment_currency != "EUR" ) { | ||
105 | if ($do_debug) { | 105 | if ($do_debug) { | ||
106 | fwrite($debug, "Unexpected payment currency: ".$payment_currency."\n"); | 106 | fwrite($debug, "Unexpected payment currency: ".$payment_currency."\n"); | ||
107 | } | 107 | } | ||
108 | die("Unknown currency used"); | 108 | die("Unknown currency used"); | ||
109 | } | 109 | } | ||
110 | 110 | | |||
111 | // sanitise date | 111 | // sanitise date | ||
112 | $date = strtotime( $_POST["payment_date"] ); | 112 | $date = strtotime( $_POST["payment_date"] ); | ||
113 | if ( $date === false ) { | 113 | if (!$date) { | ||
114 | echo "Date parsing failed, assuming now()"; | 114 | echo "Date parsing failed, assuming now()"; | ||
115 | $date = time(); | 115 | $date = time(); | ||
116 | } | 116 | } | ||
117 | $date = date("Y-m-d H:i:s", $date); | 117 | $date = date("Y-m-d H:i:s", $date); | ||
118 | 118 | | |||
119 | // process payment | 119 | // process payment | ||
120 | $query = "REPLACE into donations VALUES( '', \"".$date."\""; | 120 | $stmt = $dbConnection->prepare("REPLACE into donations VALUES( '', \":date\", :payment_amount, \":memo\", \":txn_id\", \":donate_url\")"); | ||
121 | $query .= ", ".$payment_amount.", \"".addslashes( $memo )."\""; | 121 | $stmt->execute([ | ||
122 | $query .= ",\"".$txn_id."\", \"".addslashes( $donate_url )."\" )"; | 122 | 'date' => $date, | ||
123 | mysql_query($query, $sq); | 123 | 'payment_amount' => $payment_amount, | ||
124 | 'memo' => addslashes($memo), | ||||
125 | 'txn_id' => $txn_id, | ||||
126 | 'donate_url' => addslashes($donate_url), | ||||
127 | ]); | ||||
124 | 128 | | |||
125 | if ($do_debug) { | 129 | if ($do_debug) { | ||
126 | fwrite( $debug, "\nQuery:".$query."\n" ); | 130 | fwrite( $debug, "\nQuery:".$stmt->debugDumpParams()."\n" ); | ||
127 | fwrite( $debug, "Error:".mysql_error()."\n" ); | | |||
128 | } | 131 | } | ||
129 | 132 | | |||
130 | 133 | | |||
131 | } else if (strcmp ($res, "INVALID") == 0) { | 134 | } else if (strcmp ($res, "INVALID") === 0) { | ||
132 | if ($do_debug) { | 135 | if ($do_debug) { | ||
133 | fwrite($debug, "Invalid transaction\n"); | 136 | fwrite($debug, "Invalid transaction\n"); | ||
134 | } | 137 | } | ||
135 | } else { | 138 | } else { | ||
136 | if ($do_debug) { | 139 | if ($do_debug) { | ||
137 | fwrite($debug, "Paypal returned neither VERIFIED nor INVALID\n"); | 140 | fwrite($debug, "Paypal returned neither VERIFIED nor INVALID\n"); | ||
138 | fwrite($debug, $res."\n"); | 141 | fwrite($debug, $res."\n"); | ||
139 | } | 142 | } | ||
140 | } | 143 | } | ||
141 | 144 | | |||
142 | if ($do_debug) { | 145 | if ($do_debug) { | ||
143 | fwrite( $debug, "\n---------------------------------------\n" ); | 146 | fwrite( $debug, "\n---------------------------------------\n" ); | ||
144 | fclose($debug); | 147 | fclose($debug); | ||
145 | } | 148 | } | ||
146 | ?> | 149 | ?> |
do we need this?