Changeset View
Changeset View
Standalone View
Standalone View
community/donations/notify.php
| Show All 24 Lines | 24 | if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) { | |||
|---|---|---|---|---|---|
| 25 | $value = urlencode(stripslashes($value)); | 25 | $value = urlencode(stripslashes($value)); | ||
| 26 | } else { | 26 | } else { | ||
| 27 | $value = urlencode($value); | 27 | $value = urlencode($value); | ||
| 28 | } | 28 | } | ||
| 29 | $req .= "&$key=$value"; | 29 | $req .= "&$key=$value"; | ||
| 30 | } | 30 | } | ||
| 31 | 31 | | |||
| 32 | if ($do_debug) { | 32 | if ($do_debug) { | ||
| 33 | $debug = fopen('/tmp/data.txt', 'a+'); | 33 | $debug = fopen('/tmp/data.txt', 'a+'); | ||
aacid: do we need this? | |||||
| 34 | fwrite($debug, "Raw Data: $raw_post_data\n"); | 34 | fwrite($debug, "Raw Data: $raw_post_data\n"); | ||
| 35 | fwrite($debug, "PHP Decoded: " . var_export($_POST, true) . "\n"); | 35 | fwrite($debug, "PHP Decoded: " . var_export($_POST, true) . "\n"); | ||
| 36 | fwrite($debug, "verify: $req\n"); | 36 | fwrite($debug, "verify: $req\n"); | ||
| 37 | } | 37 | } | ||
| 38 | 38 | | |||
| 39 | 39 | | |||
| 40 | $ch = curl_init('https://www.paypal.com/cgi-bin/webscr'); | 40 | $ch = curl_init('https://www.paypal.com/cgi-bin/webscr'); | ||
| 41 | curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); | 41 | curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); | ||
aacid: and here | |||||
| 42 | curl_setopt($ch, CURLOPT_POST, 1); | 42 | curl_setopt($ch, CURLOPT_POST, 1); | ||
| 43 | curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); | 43 | curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); | ||
| 44 | curl_setopt($ch, CURLOPT_POSTFIELDS, $req); | 44 | curl_setopt($ch, CURLOPT_POSTFIELDS, $req); | ||
| 45 | curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); | 45 | curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); | ||
| 46 | curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); | 46 | curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); | ||
| 47 | curl_setopt($ch, CURLOPT_FORBID_REUSE, 1); | 47 | curl_setopt($ch, CURLOPT_FORBID_REUSE, 1); | ||
| 48 | curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close')); | 48 | curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close')); | ||
| 49 | 49 | | |||
| 50 | // In wamp-like environments that do not come bundled with root authority certificates, | 50 | // In wamp-like environments that do not come bundled with root authority certificates, | ||
| 51 | // please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set | 51 | // please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set | ||
| 52 | // the directory path of the certificate as shown below: | 52 | // the directory path of the certificate as shown below: | ||
| 53 | // curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem'); | 53 | // curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem'); | ||
| 54 | if( !($res = curl_exec($ch)) ) { | 54 | if( !($res = curl_exec($ch)) ) { | ||
| 55 | if ($do_debug) { | 55 | if ($do_debug) { | ||
| 56 | fwrite($debug, "Error in calling curl_exec\n"); | 56 | fwrite($debug, "Error in calling curl_exec\n"); | ||
| 57 | } | 57 | } | ||
i think we're always running in debug (double check with ben, so no need to have these error_log calls?) aacid: i think we're always running in debug (double check with ben, so no need to have these… | |||||
| 58 | curl_close($ch); | 58 | curl_close($ch); | ||
| 59 | exit; | 59 | exit; | ||
| 60 | } | 60 | } | ||
| 61 | curl_close($ch); | 61 | curl_close($ch); | ||
| 62 | 62 | | |||
| 63 | if (strcmp ($res, "VERIFIED") == 0) { | 63 | if (strcmp ($res, "VERIFIED") === 0) { | ||
| 64 | // assign posted variables to local variables | 64 | // assign posted variables to local variables | ||
aacid: this doesn't seem like an error | |||||
| 65 | $item_name = $_POST['item_name']; | 65 | $item_name = $_POST['item_name']; | ||
| 66 | $item_number = $_POST['item_number']; | 66 | $item_number = $_POST['item_number']; | ||
| 67 | $payment_status = $_POST['payment_status']; | 67 | $payment_status = $_POST['payment_status']; | ||
| 68 | $payment_amount = $_POST['mc_gross']; | 68 | $payment_amount = $_POST['mc_gross']; | ||
| 69 | $payment_currency = $_POST['mc_currency']; | 69 | $payment_currency = $_POST['mc_currency']; | ||
| 70 | $txn_id = $_POST['txn_id']; | 70 | $txn_id = $_POST['txn_id']; | ||
| 71 | $memo = $_POST['memo']; | 71 | $memo = $_POST['memo']; | ||
| 72 | $receiver_email = $_POST['receiver_email']; | 72 | $receiver_email = $_POST['receiver_email']; | ||
| 73 | $payer_email = $_POST['payer_email']; | 73 | $payer_email = $_POST['payer_email']; | ||
| 74 | $donate_url = $_POST['custom']; | 74 | $donate_url = $_POST['custom']; | ||
| 75 | 75 | | |||
| 76 | require("donations_auth.inc"); | 76 | require("donations_auth.inc"); | ||
| 77 | 77 | | |||
| 78 | /* | 78 | /* | ||
| 79 | $query = "CREATE TABLE IF NOT EXISTS donations ( id "; | 79 | $query = "CREATE TABLE IF NOT EXISTS donations ( id "; | ||
| 80 | $query .= "INT AUTO_INCREMENT PRIMARY KEY, date DATETIME, "; | 80 | $query .= "INT AUTO_INCREMENT PRIMARY KEY, date DATETIME, "; | ||
| 81 | $query .= "amount float(10,2), message VARCHAR(255), "; | 81 | $query .= "amount float(10,2), message VARCHAR(255), "; | ||
| 82 | $query .= "transactionid VARCHAR(255) UNIQUE, donate_url VARCHAR(255) )"; | 82 | $query .= "transactionid VARCHAR(255) UNIQUE, donate_url VARCHAR(255) )"; | ||
| 83 | mysql_query($query,$sq); | 83 | mysql_query($query,$sq); | ||
| 84 | echo mysql_error(); | 84 | echo mysql_error(); | ||
| 85 | */ | 85 | */ | ||
| 86 | 86 | | |||
| 87 | // check the payment_status is Completed | 87 | // check the payment_status is Completed | ||
| 88 | if ( $payment_status != "Completed") { | 88 | if ( $payment_status !== "Completed") { | ||
| 89 | if ($do_debug) { | 89 | if ($do_debug) { | ||
| 90 | fwrite($debug, "Unexpected payment status: ".$payment_status."\n"); | 90 | fwrite($debug, "Unexpected payment status: ".$payment_status."\n"); | ||
| 91 | } | 91 | } | ||
| 92 | die("Payment status is ".$payment_status); | 92 | die("Payment status is ".$payment_status); | ||
| 93 | } | 93 | } | ||
| 94 | 94 | | |||
| 95 | // check that receiver_email is your Primary PayPal email | 95 | // check that receiver_email is your Primary PayPal email | ||
| 96 | if ( $receiver_email != "kde-ev-board@kde.org") { | 96 | if ( $receiver_email !== "kde-ev-board@kde.org") { | ||
I would rather you don't change this since the current setup works, why are you changing it? aacid: I would rather you don't change this since the current setup works, why are you changing it? | |||||
| 97 | if ($do_debug) { | 97 | if ($do_debug) { | ||
| 98 | fwrite($debug, "Unexpected receiver email: ".$receiver_email."\n"); | 98 | fwrite($debug, "Unexpected receiver email: ".$receiver_email."\n"); | ||
| 99 | } | 99 | } | ||
| 100 | die("Unknown email"); | 100 | die("Unknown email"); | ||
| 101 | } | 101 | } | ||
| 102 | 102 | | |||
| 103 | // check that payment_amount/payment_currency are correct | 103 | // check that payment_amount/payment_currency are correct | ||
| 104 | if ( $payment_currency != "EUR" ) { | 104 | if ( $payment_currency != "EUR" ) { | ||
| 105 | if ($do_debug) { | 105 | if ($do_debug) { | ||
| 106 | fwrite($debug, "Unexpected payment currency: ".$payment_currency."\n"); | 106 | fwrite($debug, "Unexpected payment currency: ".$payment_currency."\n"); | ||
| 107 | } | 107 | } | ||
| 108 | die("Unknown currency used"); | 108 | die("Unknown currency used"); | ||
| 109 | } | 109 | } | ||
| 110 | 110 | | |||
| 111 | // sanitise date | 111 | // sanitise date | ||
| 112 | $date = strtotime( $_POST["payment_date"] ); | 112 | $date = strtotime( $_POST["payment_date"] ); | ||
| 113 | if ( $date === false ) { | 113 | if (!$date) { | ||
| 114 | echo "Date parsing failed, assuming now()"; | 114 | echo "Date parsing failed, assuming now()"; | ||
| 115 | $date = time(); | 115 | $date = time(); | ||
| 116 | } | 116 | } | ||
| 117 | $date = date("Y-m-d H:i:s", $date); | 117 | $date = date("Y-m-d H:i:s", $date); | ||
| 118 | 118 | | |||
| 119 | // process payment | 119 | // process payment | ||
| 120 | $query = "REPLACE into donations VALUES( '', \"".$date."\""; | 120 | $stmt = $dbConnection->prepare("REPLACE into donations VALUES( '', \":date\", :payment_amount, \":memo\", \":txn_id\", \":donate_url\")"); | ||
| 121 | $query .= ", ".$payment_amount.", \"".addslashes( $memo )."\""; | 121 | $stmt->execute([ | ||
| 122 | $query .= ",\"".$txn_id."\", \"".addslashes( $donate_url )."\" )"; | 122 | 'date' => $date, | ||
| 123 | mysql_query($query, $sq); | 123 | 'payment_amount' => $payment_amount, | ||
| 124 | 'memo' => addslashes($memo), | ||||
| 125 | 'txn_id' => $txn_id, | ||||
| 126 | 'donate_url' => addslashes($donate_url), | ||||
| 127 | ]); | ||||
| 124 | 128 | | |||
| 125 | if ($do_debug) { | 129 | if ($do_debug) { | ||
| 126 | fwrite( $debug, "\nQuery:".$query."\n" ); | 130 | fwrite( $debug, "\nQuery:".$stmt->debugDumpParams()."\n" ); | ||
| 127 | fwrite( $debug, "Error:".mysql_error()."\n" ); | | |||
| 128 | } | 131 | } | ||
| 129 | 132 | | |||
| 130 | 133 | | |||
| 131 | } else if (strcmp ($res, "INVALID") == 0) { | 134 | } else if (strcmp ($res, "INVALID") === 0) { | ||
| 132 | if ($do_debug) { | 135 | if ($do_debug) { | ||
| 133 | fwrite($debug, "Invalid transaction\n"); | 136 | fwrite($debug, "Invalid transaction\n"); | ||
| 134 | } | 137 | } | ||
| 135 | } else { | 138 | } else { | ||
| 136 | if ($do_debug) { | 139 | if ($do_debug) { | ||
| 137 | fwrite($debug, "Paypal returned neither VERIFIED nor INVALID\n"); | 140 | fwrite($debug, "Paypal returned neither VERIFIED nor INVALID\n"); | ||
| 138 | fwrite($debug, $res."\n"); | 141 | fwrite($debug, $res."\n"); | ||
| 139 | } | 142 | } | ||
| 140 | } | 143 | } | ||
| 141 | 144 | | |||
| 142 | if ($do_debug) { | 145 | if ($do_debug) { | ||
| 143 | fwrite( $debug, "\n---------------------------------------\n" ); | 146 | fwrite( $debug, "\n---------------------------------------\n" ); | ||
| 144 | fclose($debug); | 147 | fclose($debug); | ||
| 145 | } | 148 | } | ||
| 146 | ?> | 149 | ?> | ||
do we need this?