Differential D23639 Diff 66512 community/donations/notify.php

Changeset View

Standalone View

community/donations/notify.php

1	<?php	1		<?php
2		2
3	$do_debug = true;	3		$do_debug = true;
		4		$debug = "";
4		5
5	// STEP 1: read POST data	6		// STEP 1: read POST data
6		7
7	// Reading POSTed data directly from $_POST causes serialization issues with array data in the POST.	8		// Reading POSTed data directly from $_POST causes serialization issues with array data in the POST.
8	// Instead, read raw POST data from the input stream.	9		// Instead, read raw POST data from the input stream.
9	$raw_post_data = file_get_contents('php://input');	10		$raw_post_data = file_get_contents('php://input');
10	$raw_post_array = explode('&', $raw_post_data);	11		$raw_post_array = explode('&', $raw_post_data);
11	$myPost = array();	12		$myPost = array();
Show All 13 Lines		25	if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
25	$value = urlencode(stripslashes($value));	26		$value = urlencode(stripslashes($value));
26	} else {	27		} else {
27	$value = urlencode($value);	28		$value = urlencode($value);
28	}	29		}
29	$req .= "&$key=$value";	30		$req .= "&$key=$value";
30	}	31		}
31		32
32	if ($do_debug) {	33		if ($do_debug) {
		34		error_log("your message");
			aacidUnsubmitted Done do we need this? aacid: do we need this?
33	$debug = fopen('/tmp/data.txt', 'a+');	35		$debug = fopen('/tmp/data.txt', 'a+');
34	fwrite($debug, "Raw Data: $raw_post_data\n");	36		fwrite($debug, "Raw Data: $raw_post_data\n");
35	fwrite($debug, "PHP Decoded: " . var_export($_POST, true) . "\n");	37		fwrite($debug, "PHP Decoded: " . var_export($_POST, true) . "\n");
36	fwrite($debug, "verify: $req\n");	38		fwrite($debug, "verify: $req\n");
37	}	39		}
38		40
39		41
40	$ch = curl_init('https://www.paypal.com/cgi-bin/webscr');	42		$ch = curl_init('https://www.paypal.com/cgi-bin/webscr');
41	curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);	43		curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
			aacidUnsubmitted Done and here aacid: and here
42	curl_setopt($ch, CURLOPT_POST, 1);	44		curl_setopt($ch, CURLOPT_POST, 1);
43	curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);	45		curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
44	curl_setopt($ch, CURLOPT_POSTFIELDS, $req);	46		curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
45	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);	47		curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
46	curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);	48		curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
47	curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);	49		curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
48	curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));	50		curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
49		51
50	// In wamp-like environments that do not come bundled with root authority certificates,	52		// In wamp-like environments that do not come bundled with root authority certificates,
51	// please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set	53		// please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set
52	// the directory path of the certificate as shown below:	54		// the directory path of the certificate as shown below:
53	// curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');	55		// curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
54	if( !($res = curl_exec($ch)) ) {	56		if( !($res = curl_exec($ch)) ) {
55	if ($do_debug) {	57		if ($do_debug) {
56	fwrite($debug, "Error in calling curl_exec\n");	58		fwrite($debug, "Error in calling curl_exec\n");
		59		error_log("Error in calling curl_exec");
			aacidUnsubmitted Done i think we're always running in debug (double check with ben, so no need to have these error_log calls?) aacid: i think we're always running in debug (double check with ben, so no need to have these…
57	}	60		}
58	curl_close($ch);	61		curl_close($ch);
59	exit;	62		exit;
60	}	63		}
61	curl_close($ch);	64		curl_close($ch);
62		65
63	if (strcmp ($res, "VERIFIED") == 0) {	66		if (strcmp ($res, "VERIFIED") === 0) {
		67		error_log("VERIFIED");
			aacidUnsubmitted Done this doesn't seem like an error aacid: this doesn't seem like an error
64	// assign posted variables to local variables	68		// assign posted variables to local variables
65	$item_name = $_POST['item_name'];	69		$item_name = $_POST['item_name'];
66	$item_number = $_POST['item_number'];	70		$item_number = $_POST['item_number'];
67	$payment_status = $_POST['payment_status'];	71		$payment_status = $_POST['payment_status'];
68	$payment_amount = $_POST['mc_gross'];	72		$payment_amount = $_POST['mc_gross'];
69	$payment_currency = $_POST['mc_currency'];	73		$payment_currency = $_POST['mc_currency'];
70	$txn_id = $_POST['txn_id'];	74		$txn_id = $_POST['txn_id'];
71	$memo = $_POST['memo'];	75		$memo = $_POST['memo'];
72	$receiver_email = $_POST['receiver_email'];	76		$receiver_email = $_POST['receiver_email'];
73	$payer_email = $_POST['payer_email'];	77		$payer_email = $_POST['payer_email'];
74	$donate_url = $_POST['custom'];	78		$donate_url = $_POST['custom'];
75		79
76	require("donations_auth.inc");	80		require("config.php");
77
78	/*
79	$query = "CREATE TABLE IF NOT EXISTS donations ( id ";
80	$query .= "INT AUTO_INCREMENT PRIMARY KEY, date DATETIME, ";
81	$query .= "amount float(10,2), message VARCHAR(255), ";
82	$query .= "transactionid VARCHAR(255) UNIQUE, donate_url VARCHAR(255) )";
83	mysql_query($query,$sq);
84	echo mysql_error();
85	*/
86		81
87	// check the payment_status is Completed	82		// check the payment_status is Completed
88	if ( $payment_status != "Completed") {	83		if ( $payment_status !== "Completed") {
89	if ($do_debug) {	84		if ($do_debug) {
90	fwrite($debug, "Unexpected payment status: ".$payment_status."\n");	85		fwrite($debug, "Unexpected payment status: ".$payment_status."\n");
		86		error_log("Unexpected payment status: ".$payment_status."\n");
91	}	87		}
92	die("Payment status is ".$payment_status);	88		die("Payment status is ".$payment_status);
93	}	89		}
94		90
95	// check that receiver_email is your Primary PayPal email	91		// check that receiver_email is your Primary PayPal email
96	if ( $receiver_email != "kde-ev-board@kde.org") {	92		if ( $receiver_email !== "kde-ev-paypal@kde.org") {
	aacidUnsubmitted Done I would rather you don't change this since the current setup works, why are you changing it? aacid: I would rather you don't change this since the current setup works, why are you changing it?
97	if ($do_debug) {	93		if ($do_debug) {
98	fwrite($debug, "Unexpected receiver email: ".$receiver_email."\n");	94		fwrite($debug, "Unexpected receiver email: ".$receiver_email."\n");
		95		error_log("Unexpected receiver email: ".$receiver_email."\n");
99	}	96		}
100	die("Unknown email");	97		die("Unknown email");
101	}	98		}
102		99
103	// check that payment_amount/payment_currency are correct	100		// check that payment_amount/payment_currency are correct
104	if ( $payment_currency != "EUR" ) {	101		if ( $payment_currency != "EUR" ) {
105	if ($do_debug) {	102		if ($do_debug) {
		103		error_log("Unexpected payment currency: ".$payment_currency."\n");
106	fwrite($debug, "Unexpected payment currency: ".$payment_currency."\n");	104		fwrite($debug, "Unexpected payment currency: ".$payment_currency."\n");
107	}	105		}
108	die("Unknown currency used");	106		die("Unknown currency used");
109	}	107		}
110		108
111	// sanitise date	109		// sanitise date
112	$date = strtotime( $_POST["payment_date"] );	110		$date = strtotime( $_POST["payment_date"] );
113	if ( $date === false ) {	111		if (!$date) {
114	echo "Date parsing failed, assuming now()";	112		echo "Date parsing failed, assuming now()";
115	$date = time();	113		$date = time();
116	}	114		}
117	$date = date("Y-m-d H:i:s", $date);	115		$date = date("Y-m-d H:i:s", $date);
118		116
119	// process payment	117		// process payment
120	$query = "REPLACE into donations VALUES( '', \"".$date."\"";	118		$stmt = $dbConnection->prepare("REPLACE into donations VALUES( NULL, :date, :payment_amount, :memo, :txn_id, :donate_url)");
121	$query .= ", ".$payment_amount.", \"".addslashes( $memo )."\"";	119		$stmt->execute([
122	$query .= ",\"".$txn_id."\", \"".addslashes( $donate_url )."\" )";	120		'date' => $date,
123	mysql_query($query, $sq);	121		'payment_amount' => $payment_amount,
		122		'memo' => addslashes($memo),
		123		'txn_id' => $txn_id,
		124		'donate_url' => addslashes($donate_url),
		125		]);
124		126
125	if ($do_debug) {	127		if ($do_debug) {
126	fwrite( $debug, "\nQuery:".$query."\n" );	128		error_log("\nQuery:".$stmt->debugDumpParams()."\n" );
127	fwrite( $debug, "Error:".mysql_error()."\n" );	129		fwrite( $debug, "\nQuery:".$stmt->debugDumpParams()."\n" );
128	}	130		}
129		131
130		132
131	} else if (strcmp ($res, "INVALID") == 0) {	133		} else if (strcmp ($res, "INVALID") === 0) {
132	if ($do_debug) {	134		if ($do_debug) {
133	fwrite($debug, "Invalid transaction\n");	135		fwrite($debug, "Invalid transaction\n");
134	}	136		}
135	} else {	137		} else {
136	if ($do_debug) {	138		if ($do_debug) {
137	fwrite($debug, "Paypal returned neither VERIFIED nor INVALID\n");	139		fwrite($debug, "Paypal returned neither VERIFIED nor INVALID\n");
138	fwrite($debug, $res."\n");	140		fwrite($debug, $res."\n");
139	}	141		}
140	}	142		}
141		143
142	if ($do_debug) {	144		if ($do_debug) {
143	fwrite( $debug, "\n---------------------------------------\n" );	145		fwrite( $debug, "\n---------------------------------------\n" );
144	fclose($debug);	146		fclose($debug);
145	}	147		}
146	?>	148		?>