Changeset View
Changeset View
Standalone View
Standalone View
community/donations/notify.php
1 | <?php | 1 | <?php | ||
---|---|---|---|---|---|
2 | 2 | | |||
3 | $do_debug = true; | 3 | $do_debug = true; | ||
4 | $debug = ""; | ||||
4 | 5 | | |||
5 | // STEP 1: read POST data | 6 | // STEP 1: read POST data | ||
6 | 7 | | |||
7 | // Reading POSTed data directly from $_POST causes serialization issues with array data in the POST. | 8 | // Reading POSTed data directly from $_POST causes serialization issues with array data in the POST. | ||
8 | // Instead, read raw POST data from the input stream. | 9 | // Instead, read raw POST data from the input stream. | ||
9 | $raw_post_data = file_get_contents('php://input'); | 10 | $raw_post_data = file_get_contents('php://input'); | ||
10 | $raw_post_array = explode('&', $raw_post_data); | 11 | $raw_post_array = explode('&', $raw_post_data); | ||
11 | $myPost = array(); | 12 | $myPost = array(); | ||
Show All 13 Lines | 25 | if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) { | |||
25 | $value = urlencode(stripslashes($value)); | 26 | $value = urlencode(stripslashes($value)); | ||
26 | } else { | 27 | } else { | ||
27 | $value = urlencode($value); | 28 | $value = urlencode($value); | ||
28 | } | 29 | } | ||
29 | $req .= "&$key=$value"; | 30 | $req .= "&$key=$value"; | ||
30 | } | 31 | } | ||
31 | 32 | | |||
32 | if ($do_debug) { | 33 | if ($do_debug) { | ||
34 | error_log("your message"); | ||||
aacid: do we need this? | |||||
33 | $debug = fopen('/tmp/data.txt', 'a+'); | 35 | $debug = fopen('/tmp/data.txt', 'a+'); | ||
34 | fwrite($debug, "Raw Data: $raw_post_data\n"); | 36 | fwrite($debug, "Raw Data: $raw_post_data\n"); | ||
35 | fwrite($debug, "PHP Decoded: " . var_export($_POST, true) . "\n"); | 37 | fwrite($debug, "PHP Decoded: " . var_export($_POST, true) . "\n"); | ||
36 | fwrite($debug, "verify: $req\n"); | 38 | fwrite($debug, "verify: $req\n"); | ||
37 | } | 39 | } | ||
38 | 40 | | |||
39 | 41 | | |||
40 | $ch = curl_init('https://www.paypal.com/cgi-bin/webscr'); | 42 | $ch = curl_init('https://www.paypal.com/cgi-bin/webscr'); | ||
41 | curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); | 43 | curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); | ||
aacid: and here | |||||
42 | curl_setopt($ch, CURLOPT_POST, 1); | 44 | curl_setopt($ch, CURLOPT_POST, 1); | ||
43 | curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); | 45 | curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); | ||
44 | curl_setopt($ch, CURLOPT_POSTFIELDS, $req); | 46 | curl_setopt($ch, CURLOPT_POSTFIELDS, $req); | ||
45 | curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); | 47 | curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); | ||
46 | curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); | 48 | curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); | ||
47 | curl_setopt($ch, CURLOPT_FORBID_REUSE, 1); | 49 | curl_setopt($ch, CURLOPT_FORBID_REUSE, 1); | ||
48 | curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close')); | 50 | curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close')); | ||
49 | 51 | | |||
50 | // In wamp-like environments that do not come bundled with root authority certificates, | 52 | // In wamp-like environments that do not come bundled with root authority certificates, | ||
51 | // please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set | 53 | // please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set | ||
52 | // the directory path of the certificate as shown below: | 54 | // the directory path of the certificate as shown below: | ||
53 | // curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem'); | 55 | // curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem'); | ||
54 | if( !($res = curl_exec($ch)) ) { | 56 | if( !($res = curl_exec($ch)) ) { | ||
55 | if ($do_debug) { | 57 | if ($do_debug) { | ||
56 | fwrite($debug, "Error in calling curl_exec\n"); | 58 | fwrite($debug, "Error in calling curl_exec\n"); | ||
59 | error_log("Error in calling curl_exec"); | ||||
i think we're always running in debug (double check with ben, so no need to have these error_log calls?) aacid: i think we're always running in debug (double check with ben, so no need to have these… | |||||
57 | } | 60 | } | ||
58 | curl_close($ch); | 61 | curl_close($ch); | ||
59 | exit; | 62 | exit; | ||
60 | } | 63 | } | ||
61 | curl_close($ch); | 64 | curl_close($ch); | ||
62 | 65 | | |||
63 | if (strcmp ($res, "VERIFIED") == 0) { | 66 | if (strcmp ($res, "VERIFIED") === 0) { | ||
67 | error_log("VERIFIED"); | ||||
aacid: this doesn't seem like an error | |||||
64 | // assign posted variables to local variables | 68 | // assign posted variables to local variables | ||
65 | $item_name = $_POST['item_name']; | 69 | $item_name = $_POST['item_name']; | ||
66 | $item_number = $_POST['item_number']; | 70 | $item_number = $_POST['item_number']; | ||
67 | $payment_status = $_POST['payment_status']; | 71 | $payment_status = $_POST['payment_status']; | ||
68 | $payment_amount = $_POST['mc_gross']; | 72 | $payment_amount = $_POST['mc_gross']; | ||
69 | $payment_currency = $_POST['mc_currency']; | 73 | $payment_currency = $_POST['mc_currency']; | ||
70 | $txn_id = $_POST['txn_id']; | 74 | $txn_id = $_POST['txn_id']; | ||
71 | $memo = $_POST['memo']; | 75 | $memo = $_POST['memo']; | ||
72 | $receiver_email = $_POST['receiver_email']; | 76 | $receiver_email = $_POST['receiver_email']; | ||
73 | $payer_email = $_POST['payer_email']; | 77 | $payer_email = $_POST['payer_email']; | ||
74 | $donate_url = $_POST['custom']; | 78 | $donate_url = $_POST['custom']; | ||
75 | 79 | | |||
76 | require("donations_auth.inc"); | 80 | require("config.php"); | ||
77 | | ||||
78 | /* | | |||
79 | $query = "CREATE TABLE IF NOT EXISTS donations ( id "; | | |||
80 | $query .= "INT AUTO_INCREMENT PRIMARY KEY, date DATETIME, "; | | |||
81 | $query .= "amount float(10,2), message VARCHAR(255), "; | | |||
82 | $query .= "transactionid VARCHAR(255) UNIQUE, donate_url VARCHAR(255) )"; | | |||
83 | mysql_query($query,$sq); | | |||
84 | echo mysql_error(); | | |||
85 | */ | | |||
86 | 81 | | |||
87 | // check the payment_status is Completed | 82 | // check the payment_status is Completed | ||
88 | if ( $payment_status != "Completed") { | 83 | if ( $payment_status !== "Completed") { | ||
89 | if ($do_debug) { | 84 | if ($do_debug) { | ||
90 | fwrite($debug, "Unexpected payment status: ".$payment_status."\n"); | 85 | fwrite($debug, "Unexpected payment status: ".$payment_status."\n"); | ||
86 | error_log("Unexpected payment status: ".$payment_status."\n"); | ||||
91 | } | 87 | } | ||
92 | die("Payment status is ".$payment_status); | 88 | die("Payment status is ".$payment_status); | ||
93 | } | 89 | } | ||
94 | 90 | | |||
95 | // check that receiver_email is your Primary PayPal email | 91 | // check that receiver_email is your Primary PayPal email | ||
96 | if ( $receiver_email != "kde-ev-board@kde.org") { | 92 | if ( $receiver_email !== "kde-ev-paypal@kde.org") { | ||
I would rather you don't change this since the current setup works, why are you changing it? aacid: I would rather you don't change this since the current setup works, why are you changing it? | |||||
97 | if ($do_debug) { | 93 | if ($do_debug) { | ||
98 | fwrite($debug, "Unexpected receiver email: ".$receiver_email."\n"); | 94 | fwrite($debug, "Unexpected receiver email: ".$receiver_email."\n"); | ||
95 | error_log("Unexpected receiver email: ".$receiver_email."\n"); | ||||
99 | } | 96 | } | ||
100 | die("Unknown email"); | 97 | die("Unknown email"); | ||
101 | } | 98 | } | ||
102 | 99 | | |||
103 | // check that payment_amount/payment_currency are correct | 100 | // check that payment_amount/payment_currency are correct | ||
104 | if ( $payment_currency != "EUR" ) { | 101 | if ( $payment_currency != "EUR" ) { | ||
105 | if ($do_debug) { | 102 | if ($do_debug) { | ||
103 | error_log("Unexpected payment currency: ".$payment_currency."\n"); | ||||
106 | fwrite($debug, "Unexpected payment currency: ".$payment_currency."\n"); | 104 | fwrite($debug, "Unexpected payment currency: ".$payment_currency."\n"); | ||
107 | } | 105 | } | ||
108 | die("Unknown currency used"); | 106 | die("Unknown currency used"); | ||
109 | } | 107 | } | ||
110 | 108 | | |||
111 | // sanitise date | 109 | // sanitise date | ||
112 | $date = strtotime( $_POST["payment_date"] ); | 110 | $date = strtotime( $_POST["payment_date"] ); | ||
113 | if ( $date === false ) { | 111 | if (!$date) { | ||
114 | echo "Date parsing failed, assuming now()"; | 112 | echo "Date parsing failed, assuming now()"; | ||
115 | $date = time(); | 113 | $date = time(); | ||
116 | } | 114 | } | ||
117 | $date = date("Y-m-d H:i:s", $date); | 115 | $date = date("Y-m-d H:i:s", $date); | ||
118 | 116 | | |||
119 | // process payment | 117 | // process payment | ||
120 | $query = "REPLACE into donations VALUES( '', \"".$date."\""; | 118 | $stmt = $dbConnection->prepare("REPLACE into donations VALUES( NULL, :date, :payment_amount, :memo, :txn_id, :donate_url)"); | ||
121 | $query .= ", ".$payment_amount.", \"".addslashes( $memo )."\""; | 119 | $stmt->execute([ | ||
122 | $query .= ",\"".$txn_id."\", \"".addslashes( $donate_url )."\" )"; | 120 | 'date' => $date, | ||
123 | mysql_query($query, $sq); | 121 | 'payment_amount' => $payment_amount, | ||
122 | 'memo' => addslashes($memo), | ||||
123 | 'txn_id' => $txn_id, | ||||
124 | 'donate_url' => addslashes($donate_url), | ||||
125 | ]); | ||||
124 | 126 | | |||
125 | if ($do_debug) { | 127 | if ($do_debug) { | ||
126 | fwrite( $debug, "\nQuery:".$query."\n" ); | 128 | error_log("\nQuery:".$stmt->debugDumpParams()."\n" ); | ||
127 | fwrite( $debug, "Error:".mysql_error()."\n" ); | 129 | fwrite( $debug, "\nQuery:".$stmt->debugDumpParams()."\n" ); | ||
128 | } | 130 | } | ||
129 | 131 | | |||
130 | 132 | | |||
131 | } else if (strcmp ($res, "INVALID") == 0) { | 133 | } else if (strcmp ($res, "INVALID") === 0) { | ||
132 | if ($do_debug) { | 134 | if ($do_debug) { | ||
133 | fwrite($debug, "Invalid transaction\n"); | 135 | fwrite($debug, "Invalid transaction\n"); | ||
134 | } | 136 | } | ||
135 | } else { | 137 | } else { | ||
136 | if ($do_debug) { | 138 | if ($do_debug) { | ||
137 | fwrite($debug, "Paypal returned neither VERIFIED nor INVALID\n"); | 139 | fwrite($debug, "Paypal returned neither VERIFIED nor INVALID\n"); | ||
138 | fwrite($debug, $res."\n"); | 140 | fwrite($debug, $res."\n"); | ||
139 | } | 141 | } | ||
140 | } | 142 | } | ||
141 | 143 | | |||
142 | if ($do_debug) { | 144 | if ($do_debug) { | ||
143 | fwrite( $debug, "\n---------------------------------------\n" ); | 145 | fwrite( $debug, "\n---------------------------------------\n" ); | ||
144 | fclose($debug); | 146 | fclose($debug); | ||
145 | } | 147 | } | ||
146 | ?> | 148 | ?> |
do we need this?