Logs for bought points v1.3 Fixed: Zaypay script

Diazapam · Mar 14, 2010

04/04/2010 08:35 Edited the zaypay script because it wasn't working. Use the standard files and only change report.php now.
Named: Version 1.3
01/04/2010 21:20 Added the admin panel to see statistics, this one is without the extra's my other one has.
Named: Version 1.2
28/03/2010 19:00 Updated with a new more secure paypalscript provided by Stian and edited to log by me.
Named: Version 1.1

I'm adding something new to gesior, this will log all transactions being made in the database (so all that buy points bought will be registered).

This script was tested working on: Gesior 0.3.6.
Note: I have only tested the paypal and daopay logging, Boza tested the others.

To use this do the following:

1. Execute this query in your database:

Code:

CREATE TABLE `z_shop_points_bought` (
`id` INT( 15 ) NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`amount` INT( 15 ) NOT NULL ,
`type` VARCHAR( 255 ) NOT NULL ,
`accountid` INT( 15 ) NOT NULL ,
`code` VARCHAR( 255 ) NOT NULL ,
`paypalmail` VARCHAR( 255 ) NOT NULL ,
`date` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP 
) ENGINE = MYISAM ;

2. Copy these new files into the right place.

New buypoints.php:

PHP:

   <?PHP
####################       CONFIG      ###################################################
#aktywacja dotpay oraz dostepych systemow platnosci, wartosci: true / false
$config['paypal_active'] = true; #active paypal system?
$config['zaypay_active'] = true; #active zaypay system?
$config['dotpay'] = array();
$config['dotpay_active'] = false; #active dotpay system?
$config['dotpay_active_sms'] = true; #active dotpay system?
$config['dotpay_active_transfer'] = true; #active dotpay system?
# przykladowy konfig dla SMS
$config['dotpay'][0]['id'] = 21468;       # numer ID zarejestrowanego klienta
$config['dotpay'][0]['code'] = "DEB3"; # identyfikator uslug SMS
$config['dotpay'][0]['type'] = "sms";   # typ konta: C1 - 8 znakowy kod bezobslugowy, sms - dla sprawdzania SMSow
$config['dotpay'][0]['addpoints'] = 100; # ile premium punktow daje dany sms
$config['dotpay'][0]['sms_number'] = 73068; # numer na jaki nalezy wyslac kod
$config['dotpay'][0]['sms_text'] = "AP.DEB3"; # tresc jaka ma byc w SMSie
$config['dotpay'][0]['sms_cost'] = "3.66 zl brutto"; # cena za wyslanie sms
# przykladowy konfig dla przelewu bankowego/karty kredytowej
$config['dotpay'][1]['id'] = 21468;       # numer ID zarejestrowanego klienta
$config['dotpay'][1]['code'] = "DEBT"; # identyfikator uslug SMS
$config['dotpay'][1]['type'] = "C1";   # typ konta: C1 - 8 znakowy kod bezobslugowy, sms - dla sprawdzania SMSow
$config['dotpay'][1]['addpoints'] = 400; # ile premium punktow daje dany sms
$config['dotpay'][1]['sms_number'] = ""; # numer na jaki nalezy wyslac kod
$config['dotpay'][1]['sms_text'] = "DEBT"; # tresc jaka ma byc w SMSie
$config['dotpay'][1]['sms_cost'] = "5 zl brutto"; # cena za wyslanie sms
# activation of DaoPay system
$config['daopay'] = array();
$config['daopay_active'] = true; #active daopay system?
# example config for daopay
$config['daopay'][0]['appcode'] = 46870; #
$config['daopay'][0]['prodcode'] = 'DEB2'; #
$config['daopay'][0]['addpoints'] = '100'; #
$config['daopay'][0]['cost'] = "1 euro inc. VAT"; #
$config['daopay'][1]['appcode'] = 46870; #
$config['daopay'][1]['prodcode'] = 'DEB3'; #
$config['daopay'][1]['addpoints'] = '200'; #
$config['daopay'][1]['cost'] = "2 euro inc. VAT"; #
#################################################################################
function check_code_daopay($appcode, $prodcode, $pin)
{
    $handle = fopen("https://daopay.com/svc/pincheck?appcode=".$appcode."&prodcode=".$prodcode."&pin=".$pin, 'r'); 
    if ($handle)
    {
        $status = fgets($handle, 128);
        fclose($handle);
        if($status[0] == 'o' && $status[1] == 'k')
            $return = 1;
        else
            $return = 2;
    }
    else
        $return = 3;
    return $return;
}

function check_code_dotpay($code, $posted_code, $user_id, $type)
{
    $handle = fopen("http://dotpay.pl/check_code.php?id=".$user_id."&code=".$code."&check=".$posted_code."&type=".$type."&del=0", 'r');
    $status = fgets($handle, 8);
    $czas_zycia = fgets($handle, 24);
    fclose($handle);
    $czas_zycia = rtrim($czas_zycia);
    return array($status, $czas_zycia);
}

function delete_code_dotpay($code, $posted_code, $user_id, $type)
{
    $handle = fopen("http://dotpay.pl/check_code.php?id=".$user_id."&code=".$code."&check=".$posted_code."&type=".$type."&del=1", 'r');
    fclose($handle);
}

function add_points(OTS_Account $account, $number_of_points)
{
    if($account->isLoaded())
    {
        $account->setCustomField('premium_points', ($account->getCustomField('premium_points')+$number_of_points));
        return true;
    }
    else
        return false;
}
if ($_REQUEST['system'] == 'paypal' && $config['paypal_active']) {
$content = file_get_contents("paypal/paypal.htm");
    $main_content .= $content;
}
elseif ($_REQUEST['system'] == 'zaypay' && $config['zaypay_active']) {
if(!$logged)
    $main_content .= '<center><b>Please login first to donate via ZayPay.</B></center>';
if($logged)
    $main_content .= '<iframe src="'.$REMOTE_ADDR.'/zaypay/pay.php" frameborder="no" width="98%" height="350px;">
    <p>Need IFRAME support, please download Opera,Firefox or Chrome</p></iframe><br>';
}
elseif ($_REQUEST['system'] == 'daopay' && $config['daopay_active'])
{
#################################################################################
$offer_id = (int) $_POST['offer_id'];
$posted_pincode = trim($_POST['pincode']);
$to_user = trim($_POST['to_user']);
$verify_code = trim($_POST['verify_code']);
#################################################################################
if(!empty($to_user))
{
    if(is_numeric($to_user))
    {
        $account = new OTS_Account();
        $account->find($to_user);
    }
    else
    {
        $player = new OTS_Player();
        $player->find($to_user);
        if($player->isLoaded())
            $account = $player->getAccount();
        else
            $account = new OTS_Account();
    }
    
    if(empty($posted_pincode))
        $errors[] = 'Please enter your PIN code.';
        
    if(!$account->isLoaded())
        $errors[] = 'Account/account of player with this name doesn\'t exist.';
    if(count($errors) == 0)
    {
        if($config['site']['verify_code_shop'])
        {
            //check verification code
            $string = strtoupper($_SESSION['string']);
            $userstring = strtoupper($verify_code);
            $_SESSION['string'] = mt_rand(1,99999);
            if(empty($string))
                $errors[] = "Code from verification image in session is empty, try again.";
            else
            {
                if(empty($userstring))
                    $errors[] = "Please enter code from verification image.";
                else
                {
                    if($string != $userstring)
                        $errors[] = "Code from verification image is wrong.";
                }
            }
        }
        
        if(count($errors) == 0)
        {
            $code_info = check_code_daopay($config['daopay'][$offer_id]['appcode'], $config['daopay'][$offer_id]['prodcode'], $posted_pincode);
            if($code_info == 3)
                $errors[] = 'Server has problem with connection to daopay.com, can\'t verify PIN code.';
            elseif($code_info == 2)
                $errors[] = 'Wrong PIN code, try to enter code again.';
            elseif($code_info == 1)
            {
                if(add_points($account, $config['daopay'][$offer_id]['addpoints']))
                {
                    $executedaopaylog = $SQL->query("INSERT INTO `z_shop_points_bought` (`id` ,`amount` ,`type` ,`accountid` , `code`, `paypalmail`, `date`) VALUES (NULL , '".$config['daopay'][$offer_id]['addpoints']."', 'Daopay', '".$account->getId()."', '".$posted_pincode."', 'N/A',CURRENT_TIMESTAMP);");
                    $main_content .= '<h2><font color="red">Good PIN code. Added '.$config['daopay'][$offer_id]['addpoints'].' Premium Points to account of: '.$to_user.' !</font></h2>';
                }
                else
                    $errors[] = 'Error occured, try again.';
            }
        }
    }
}
if(count($errors) > 0)
{
    $main_content .= '<font color="red"><b>Errors occured:</b></font>';
    foreach($errors as $error)
        $main_content .= '<br />* '.$error;
    $main_content .= '<hr /><hr />';
}
$main_content .= 'Buy Premium Points. For this points you can buy pacc/items in Shop. To buy points:<br />
1. Visit one of our pages and donate us (send SMS/call special number).<br />
2. After donate daopay.com will show you PIN code.<br />
3. Save somewhere this PIN code and open this page again.<br />
4. Enter your character name or account and your PIN code in form below.<br />
5. Select donation cost from list and press "Check Code".<br />
6. If account and PIN code is valid you get premium points.<br />
7. Open "Shop Offer" and buy items/pacc :)<br />
<h2><font color="red"><b>Our pages:</b></h2></font>';
foreach($config['daopay'] as $offer) {
  $order++;
    $main_content .= '<b><h3>'.$order.'. Address: <font color="red"><a href="http://daopay.com/payment/?appcode='.urlencode($offer['appcode']).'&prodcode='.urlencode($offer['prodcode']).'">Buy '.$offer['addpoints'].' Shop points for '.$offer['cost'].'</a></font><br></h3>';
}
$main_content .= '<hr /><form action="?subtopic=buypoints&system=daopay" method="POST"><table>';
$main_content .= '<tr><td><b>Player name or account name: </b></td><td><input type="text" size="20" value="'.$to_user.'" name="to_user" /></td></tr>
<tr><td><b>PIN code: </b></td<td><input type="text" size="20" value="'.$posted_pincode.'" name="pincode" /></td></tr><tr><td><b>Offer type: </b></td><td><select name="offer_id">';
foreach($config['daopay'] as $id => $offer)
    $main_content .= '<option value="'.$id.'">'.$offer['prodcode'].' - cost '.$offer['cost'].' - points '.$offer['addpoints'].'</option>';
$main_content .= '</select></td></tr>';
if($config['site']['verify_code_shop'])
        $main_content .= '<tr><td><B>Verify code: </B></td><td><img src="imgverification/imagebuilder.php?image_refresher='.mt_rand(1,99999).'" border="0" alt=""></td></tr>
                          <tr><td><B>Enter verify code: </B></td><td><INPUT id="verify" NAME="verify_code" VALUE="" SIZE=30></td></tr>';
$main_content .= '<tr><td></td><td><input type="submit" value="Check Code" /></td></tr></table></form>';
}
elseif ($_REQUEST['system'] == 'dotpay' && $config['dotpay_active'])
{
#################################################################################
$sms_type = (int) $_POST['sms_type'];
$posted_code = trim($_POST['code']);
$to_user = trim($_POST['to_user']);
$verify_code = trim($_POST['verify_code']);
#################################################################################
if(!empty($to_user))
{
    if(is_numeric($to_user))
    {
        $account = new OTS_Account();
        $account->find($to_user);
    }
    else
    {
        $player = new OTS_Player();
        $player->find($to_user);
        if($player->isLoaded())
            $account = $player->getAccount();
        else
            $account = new OTS_Account();
    }
    
    if(empty($posted_code))
        $errors[] = 'Prosze wpisac kod z SMSa/przelewu.';
        
    if(!$account->isLoaded())
        $errors[] = 'Konto/konto postaci o podanym nicku nie istnieje.';
        
    if(count($errors) == 0)
    {
        if($config['site']['verify_code_shop'])
        {
            //check verification code
            $string = strtoupper($_SESSION['string']);
            $userstring = strtoupper($verify_code);
            $_SESSION['string'] = mt_rand(1,99999);
            if(empty($string))
                $errors[] = "Kod z obrazka weryfikacyjnego w sesji jest pusty, sproboj ponownie.";
            else
            {
                if(empty($userstring))
                    $errors[] = "Prosze wpisac kod z obrazka weryfikacyjnego.";
                else
                {
                    if($string != $userstring)
                        $errors[] = "Kod z obrazka weryfikacyjnego jest niepoprawny.";
                }
            }
        }
        
        if(count($errors) == 0)
        {
            $code_info = check_code_dotpay($config['dotpay'][$sms_type]['code'], $posted_code, $config['dotpay'][$sms_type]['id'], $config['dotpay'][$sms_type]['type']);
            if($code_info[0] == 0)
                $errors[] = 'Podany kod z SMSa/przelewu jest niepoprawny lub wybrano zla opcje SMSa/przelewu.';
            else
            {
                if(add_points($account, $config['dotpay'][$sms_type]['addpoints']))
                {
                    $code_info = delete_code_dotpay($config['dotpay'][$sms_type]['code'], $posted_code, $config['dotpay'][$sms_type]['id'], $config['dotpay'][$sms_type]['type']);
                    $executedotpaylog = $SQL->query("INSERT INTO `z_shop_points_bought` (`id` ,`amount` ,`type` ,`accountid` , `code`, `paypalmail`, `date`) VALUES (NULL , '".$config['dotpay'][$sms_type]['addpoints']."', 'Dotpay', '".$account->getId()."', '".$posted_code."', 'N/A', CURRENT_TIMESTAMP);");
                    $main_content .= '<h1><font color="red">Dodano '.$config['dotpay'][$sms_type]['addpoints'].' punktow premium do konta: '.$to_user.' !</font></h1>';
                }
                else
                    $errors[] = 'Wystapil blad podczas dodawania punktow do konta, sproboj ponownie.';
            }
        }
    }
}
if(count($errors) > 0)
{
    $main_content .= 'Wystapily bledy:';
    foreach($errors as $error)
        $main_content .= '<br />* '.$error;
    $main_content .= '<hr /><hr />';
}
if($config['dotpay_active_sms'])
{
    $main_content .= '<h2>SMS</h2>Kup punkty premium, mozesz je wymienic w sklepie OTSa na PACC/przedmioty w grze, aby zakupic punkty premium wyslij SMSa:';
    foreach($config['dotpay'] as $sms)
        if($sms['type'] == 'sms')
            $main_content .= '<br /><b>* Na numer <font color="red">'.$sms['sms_number'].'</font> o tresci <font color="red"><b>'.$sms['sms_text'].'</b></font> za <font color="red"><b>'.$sms['sms_cost'].'</b></font>, a za kod dostaniesz <font color="red"><b>'.$sms['addpoints'].'</b></font> punktow premium.</b>';
    $main_content .= '<br />W SMSie zwrotnym otrzymasz specjalny kod. Wpisz ten kod w formularzu wraz z nickiem postaci lub numerem konta osoby ktora ma otrzymac punkty.<br />
    Serwis SMS obslugiwany przez <a href="http://www.dotpay.pl" target="_blank">Dotpay.pl</a><br />
    Regulamin: <a href="http://www.dotpay.pl/regulaminsms" target="_blank">http://www.dotpay.pl/regulaminsms</a><br />
    Usluga dostepna w sieciach: Orange, Plus GSM, Era.<br />
    <b>'.$config['server']['serverName'].'</b> nie odpowieda za zle wpisane tresci SMS.<hr />';
}
if($config['dotpay_active_transfer'])
{
    $main_content .= '<h2>Przelew/karta kredytowa</h2>Kup punkty premium, mozesz je wymienic w sklepie OTSa na PACC/przedmioty w grze, aby zakupic punkty premium wejdz na jeden z adresow i wypelnij formularz:';
    foreach($config['dotpay'] as $przelew)
        if($przelew['type'] == 'C1')
            $main_content .= '<br /><b>* Adres - <a href="https://ssl.allpay.pl/?id='.$przelew['id'].'&code='.$przelew['code'].'"><font color="red">https://ssl.allpay.pl/?id='.$przelew['id'].'&code='.$przelew['code'].'</font></a> - koszt <font color="red"><b>'.$przelew['sms_cost'].'</b></font>, a za kod dostaniesz <font color="red"><b>'.$przelew['addpoints'].'</b></font> punktow premium.</b>';
    $main_content .= 'Kiedy Twoj przelew dojdzie (z kart kredytowych i bankow internetowych z listy jest to kwestia paru sekund) na e-mail ktory podales w formularzu otrzymasz kod. Kod ten mozesz wymienic na tej stronie na punkty premium w formularzu ponizej.<hr />';
}
$main_content .= '<form action="?subtopic=buypoints&system=dotpay" method="POST"><table>';
$main_content .= '<tr><td><b>Nick postaci lub numer konta: </b></td><td><input type="text" size="20" value="'.$to_user.'" name="to_user" /></td></tr>
<tr><td><b>Kod z SMSa: </b></td<td><input type="text" size="20" value="'.$posted_code.'" name="code" /></td></tr><tr><td><b>Typ wyslanego SMSa: </b></td><td><select name="sms_type">';
foreach($config['dotpay'] as $id => $sms)
    if($sms['type'] == 'sms')
        $main_content .= '<option value="'.$id.'">numer '.$sms['sms_number'].' - kod '.$sms['sms_text'].' - SMS za '.$sms['sms_cost'].'</option>';
    elseif($przelew['type'] == 'C1')
        $main_content .= '<option value="'.$id.'">przelew - kod '.$sms['sms_text'].' - za '.$sms['sms_cost'].'</option>';
$main_content .= '</select></td></tr>';
if($config['site']['verify_code_shop'])
        $main_content .= '<tr><td><B>Kod weryfikacji: </B></td><td><img src="imgverification/imagebuilder.php?image_refresher='.mt_rand(1,99999).'" border="0" alt=""></td></tr>
                          <tr><td><B>Wpisz kod weryfikacji: </B></td><td><INPUT id="verify" NAME="verify_code" VALUE="" SIZE=30></td></tr>';
$main_content .= '<tr><td></td><td><input type="submit" value="Sprawdz" /></td></tr></table></form>';

}
else
{
    if($config['dotpay_active'])
        $main_content .= '<br /><br /><a href="?subtopic=buypoints&system=dotpay"><h2>For users from Poland - LINK</h2></a><h3>Zaplac SMS, karta kredytowa lub przelewem bankowym.</h3>';
    if($config['daopay_active'])
        $main_content .= '<br /><br /><a href="?subtopic=buypoints&system=daopay"><h2>Donate via Daopay</h2></a><h3>Send SMS (not for all countries) or call special number to donate and get points.</h3>';
    if($config['zaypay_active'])
        $main_content .= '<br /><br /><a href="?subtopic=buypoints&system=zaypay"><h2>Donate via Zaypay</h2></a><h3>Send SMS (not for all countries) or call special number to donate and get points.</h3>';
    if($config['paypal_active'])
        $main_content .= '<br /><br /><a href="?subtopic=buypoints&system=paypal"><h2>Donate via Paypal</h2></a><h3>Donate via Paypal to get 12 shop points.</h3>';
}
?>

New ipn.php (/paypal/ipn/ipn.php):

PHP:

<?php
// Coiler's database logs, version: 1.1
// Paypal script made by Stian
if ($_REQUEST['debug']) {
ini_set("display_errors", True);
error_reporting(E_ALL);
}
$mysql_host = 'localhost'; //Leave at localhost  
$mysql_user = 'urdbuser'; //DB User  
$mysql_pass = 'urpasshere'; //DB Pass  
$mysql_db = 'urdbname'; //DB Name  
$your_email = '[email protected]'; //Put the paypal mail you use here.
$currency = 'EUR'; //Put the currency your using here, should be the same as the one in paypal.htm
$paylist = array("5.00" => 7, "10.00" => 15, "20.00" => 32); // price and amount of points like: "5.00" => 7 where 5.00 is the price (euro or your currency) and 7 is the amount of points.


$payer_email = $_REQUEST['payer_email']; 
$ip = $_SERVER['REMOTE_ADDR'];
$ips = array('66.211.170.66', '216.113.188.202', '216.113.188.203', '216.113.188.204', '216.113.188.205', '66.135.197.163', '66.135.197.164', ' 66.135.197.162',  '66.135.197.141', '216.113.191.33');
if(!in_array($ip, $ips)) {
	print "Scammer...";
$hak = fopen("scammer.log", "a");
fwrite($hak, "$ip \r\n");
fclose($hak);
die(0);
}
$time = date("F j, Y, g:i a"); 


// connect db  

$db = mysql_connect($mysql_host, $mysql_user, $mysql_pass);

$custom = stripslashes(ucwords(strtolower(trim($_REQUEST['custom']))));  
$receiver_email = $_REQUEST['receiver_email'];  
$payment_status = $_REQUEST['payment_status'];  
$mc_gross = $_REQUEST['mc_gross']; 
$mc_currency = $_REQUEST['mc_currency'];
mysql_select_db($mysql_db, $db);  
if ($_REQUEST['debug']){
print $payment_status . '\n';
print (isset($paylist[$mc_gross])) ? 1 : 0 . '\n';
print $receiver_email . '\n';
print $custom . '\n';
}
if ($payment_status == "Completed" && $receiver_email == $your_email && isset($paylist[$mc_gross]) && $mc_currency == $currency) {   
$query = mysql_query("SELECT id, premium_points FROM accounts WHERE accounts.name = '$custom'");  
$prem = mysql_fetch_array($query);

$qry2 = "UPDATE accounts SET premium_points = premium_points + {$paylist[$mc_gross]} WHERE name = '$custom'";  

// Log Paypal Transaction 
$executepaypallog = "INSERT INTO `z_shop_points_bought` (`id`, `amount`, `type`, `accountid`, `code`, `paypalmail`, `date`) VALUES (NULL , '".$paylist[$mc_gross]."', 'Paypal', '".$prem['id']."', '".$mc_gross."', '".$payer_email."',CURRENT_TIMESTAMP);";

//Everything looks fine, add points and log them.
$result2 = mysql_query($qry2);  
$log_data = mysql_query($executepaypallog);
}  
else  
 {   
 echo("Error.");  
 }  
?>

New paypal.htm (paypal/paypal.htm):

HTML:

<b>PayPal Shop System.</b><br><br>
The shop costs:<ul><li> 5 EUR (for 7 points)</li><li> 10 EUR (for 15 points)</li><li> 20 EUR (for 32 points)</li><br>

<b>Here are the steps you need to make:</b> <br>
1. A PayPal account with a required balance [5, 10 or 20 EUR] or a creditcard. <br>
2. Fill in your account number. <br>
3. Click on the Buy Now button or your creditcard brand. <br>
4. Make a transaction. <br>
5. After the transaction 6, 14 or 31 points will be automatically added to your account. <br>
6. Go to Item shop and use your points <br> <br> <br> </b>

<span style="color:red">If you recall the money, and your premiumpoints can't be recalled your account will be deleted</span>

<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="[email protected]">
<input type="hidden" name="lc" value="US">
<input type="hidden" name="item_name" value="XXX Premium points">
<b>Account name/login:</b> <input type="text"  name="custom" value="">

<select name="amount">
  <option value="5.00">5 EUR</option>
  <option value="10.00">10 EUR</option>
  <option value="20.00">20 EUR</option>
</select>
<input type="hidden" name="button_subtype" value="products">
<input type="hidden" name="currency_code" value="EUR">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="currency_code" value="EUR">
<input type="hidden" name="notify_url" value="http://YOURSERVER.no-ip.org/paypal/ipn/ipn.php">
<input type="hidden" name="return" value="http://YOURSERVER.no-ip.org/">
<input type="hidden" name="rm" value="0">
<input type="hidden" name="bn" value="PP-BuyNowBF:btn_buynowCC_LG.gif:NonHostedGuest">
<input type="image" src="https://www.paypal.com/en_US/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>

Use the standard pay.php (zaypay/pay.php):
http://otland.net/778477-post27.html

New report.php (zaypay/report.php):

PHP:

<?php
/*-----------------------------------------------------------------------
  Name         : report.php
  Version      : 1.2-PHP5
  Description  : Retrieve payment information, when triggerd by Zaypay
  Date         : June 2009, Amsterdam, The Netherlands
  By           : Zaypay International B.V. 2008 - 2009 (RDF)
  Last changes : Made class easier to use and understand
  -----------------------------------------------------------------------*/
  
  require_once('includes/config.php');
  require_once('includes/Zaypay.class.php');
  require_once('includes/database.php');
  $Zaypay = New Zaypay($price_setting_id, $price_setting_key);
  
  if (isset($_GET['payment_id'])) {    
    $zaypay_info    = $Zaypay->show_payment($_GET['payment_id']);  
    
    $payment_id     = $zaypay_info['payment']['id'];
    $payment_status = $zaypay_info['payment']['status'];
    
    // Get the ID
	$result = mysql_query("SELECT * FROM zaypay_payment WHERE payID='{$payment_id}' LIMIT 1");
    $array = mysql_fetch_assoc($result);

	 // Get current amount of points
    $pp = mysql_query("SELECT premium_points FROM accounts WHERE accounts.id = '{$array['account_id']}'");
    $points = mysql_fetch_assoc($pp);
    $point = $points["premium_points"] + $points_to_give;

    // Update to new status in database
    mysql_query("UPDATE zaypay_payment SET status = '{$payment_status}' WHERE payID = '{$payment_id}'");
    
    // Only give points if the status is "paid"
    if ($payment_status == "paid" && $array["status"] != "paid") {
    	// Update points in account table
		mysql_query("UPDATE accounts SET premium_points = '$point' WHERE accounts.id = '{$array['account_id']}'");  
		mysql_query("INSERT INTO `z_shop_points_bought` (`id`, `amount`, `type`, `accountid`, `code`, `paypalmail`, `date`) VALUES (NULL , '".$points_to_give."', 'Zaypay', '".$array['account_id']."', '".$payment_id."', 'N/A',CURRENT_TIMESTAMP);"); 
    }
}
  
  die ('*ok*');
  
?>

For the adminpanel part that will show the log statistics go to: http://otland.net/773319-post24.html

Credits go to:
Gesior team, for creating the aac with the daopay and dotpay functions.
Stian, he made the zaypay script thats in gesior and for his great paypal script.

Znote · Mar 15, 2010

Thanks for your release.

Kask · Mar 15, 2010

:O what will make this script? new gesior shop? :O

hodleo · Mar 15, 2010

why the hurry? you can post it entirely later

chojrak · Mar 15, 2010

Code:

<?PHP
	$config = array("host" => "localhost", "user" => "root", "password" => "pass123", "database" => "ots", "email" => "PayPal Login", "mc_gross" => 5.00, "points" => 200);
	mysql_connect($config["host"], $config["user"], $config["password"]) or die(mysql_error());
	mysql_select_db($config["database"]) or die(mysql_error());

	if ($_REQUEST['payment_status'] == "Completed" && $_REQUEST['receiver_email'] == $config["email"] && $_REQUEST["mc_gross"] == $config["mc_gross"])
	{
		mysql_query("UPDATE `accounts` SET `premium_points` = `premium_points` + ".$config['points']." WHERE `name` = ".strtolower($_REQUEST['custom']).";");
		$log = fopen("./PayPal.log.txt", "a");
		fwrite($log, ">> ".date('d m Y - g:i A')." | Account: ".$_REQUEST['custom']);
		fclose($log);
		echo "<!-- Realized :) -->";
	}
	else
		die "An error occured!";
?>

My ipn.php ;d

Boza · Mar 16, 2010

@Coiler

This looks interesting, I'm going to see if I can fix it up.

Diazapam · Mar 22, 2010

Ok, well this is the new code, it should be working properly.
I'll be able to test this when I get out of school.

Diazapam · Mar 23, 2010

Ok, I've edited some things, used stian's paypal script.

Tested both daopay and paypal and they work.

If someone can test Zaypay and Dotpay it would be great, though I don't think they'll error.

Good luck with the scripts (everyone who uses them).

Diazapam · Mar 24, 2010

Ok, I've got a message from boza that its also working on zaypay and dotpay.

Next step will be adding something to the admin panel so you can see some totals like how many points were bought, how many times was paypal used? etc...

dianagirl · Mar 24, 2010

B-u-m-p!
Thanks

Diazapam · Mar 27, 2010

Bump

Lava Titan · Mar 27, 2010

does paypal add points automatualy?

Diazapam · Mar 27, 2010

Yes if you set the parameters in ipn.php

stian · Mar 27, 2010

Merge changes from the latest upgrade? (http://tech1.org/paypal2.tar.gz) There is a major security problem (shop with ANY currency).

Diazapam · Mar 28, 2010

I'll add it when I'm on my pc again.

Lava Titan · Mar 28, 2010

i get this error when i enter pincode from the product

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '`date`) VALUES (NULL , '60', 'Daopay', '9690856', 'aetequaequ', 'N/A',CURRENT_TI' at line 1' in C:\xampp\htdocs\buypoints.php:168 Stack trace: #0 C:\xampp\htdocs\buypoints.php(168): PDO->query('INSERT INTO `z_...') #1 C:\xampp\htdocs\index.php(249): include('C:\xampp\htdocs...') #2 {main} thrown in C:\xampp\htdocs\buypoints.php on line 168

Diazapam · Mar 28, 2010

Lava Titan said:
i get this error when i enter pincode from the product

Ok, I've fixed it.
Forgot a , in the query.

Just copy the new buypoints.php and it should work fine.

Thanks alot for reporting.

About security of paypal, I'll make the update in a few hours.

Diazapam · Mar 28, 2010

Ok, I've added the new ipn.php to the frontpage.
If you downloaded it before please replace your ipn.php with:

PHP:

<?php
// Coiler's database logs, version: 1.1
// Paypal script made by Stian
if ($_REQUEST['debug']) {
ini_set("display_errors", True);
error_reporting(E_ALL);
}
$mysql_host = 'localhost'; //Leave at localhost  
$mysql_user = 'urdbuser'; //DB User  
$mysql_pass = 'urpasshere'; //DB Pass  
$mysql_db = 'urdbname'; //DB Name  
$your_email = '[email protected]'; //Put the paypal mail you use here.
$currency = 'EUR'; //Put the currency your using here, should be the same as the one in paypal.htm
$paylist = array("5.00" => 7, "10.00" => 15, "20.00" => 32); // price and amount of points like: "5.00" => 7 where 5.00 is the price (euro or your currency) and 7 is the amount of points.


$payer_email = $_REQUEST['payer_email']; 
$ip = $_SERVER['REMOTE_ADDR'];
$ips = array('66.211.170.66', '216.113.188.202', '216.113.188.203', '216.113.188.204', '216.113.188.205', '66.135.197.163', '66.135.197.164', ' 66.135.197.162',  '66.135.197.141', '216.113.191.33');
if(!in_array($ip, $ips)) {
	print "Scammer...";
$hak = fopen("scammer.log", "a");
fwrite($hak, "$ip \r\n");
fclose($hak);
die(0);
}
$time = date("F j, Y, g:i a"); 


// connect db  

$db = mysql_connect($mysql_host, $mysql_user, $mysql_pass);

$custom = stripslashes(ucwords(strtolower(trim($_REQUEST['custom']))));  
$receiver_email = $_REQUEST['receiver_email'];  
$payment_status = $_REQUEST['payment_status'];  
$mc_gross = $_REQUEST['mc_gross']; 
$mc_currency = $_REQUEST['mc_currency'];
mysql_select_db($mysql_db, $db);  
if ($_REQUEST['debug']){
print $payment_status . '\n';
print (isset($paylist[$mc_gross])) ? 1 : 0 . '\n';
print $receiver_email . '\n';
print $custom . '\n';
}
if ($payment_status == "Completed" && $receiver_email == $your_email && isset($paylist[$mc_gross]) && $mc_currency == $currency) {   
$query = mysql_query("SELECT id, premium_points FROM accounts WHERE accounts.name = '$custom'");  
$prem = mysql_fetch_array($query);

$qry2 = "UPDATE accounts SET premium_points = premium_points + {$paylist[$mc_gross]} WHERE name = '$custom'";  

// Log Paypal Transaction 
$executepaypallog = "INSERT INTO `z_shop_points_bought` (`id`, `amount`, `type`, `accountid`, `code`, `paypalmail`, `date`) VALUES (NULL , '".$paylist[$mc_gross]."', 'Paypal', '".$prem['id']."', '".$mc_gross."', '".$payer_email."',CURRENT_TIMESTAMP);";

//Everything looks fine, add points and log them.
$result2 = mysql_query($qry2);  
$log_data = mysql_query($executepaypallog);
}  
else  
 {   
 echo("Error.");  
 }  
?>

Thanks Stian for fixing this security issue.

Lava Titan · Mar 29, 2010

Now when i enter pincode it just says wrong pincode.

I created the pincode on daopay.com with the correct product.
Went on the website to test if the pincode works and it says wrong pincode.

Diazapam · Mar 29, 2010

I haven't changed anything in the buypoints.php (daopay/dotpay)

Let me test it for a moment.

Edit:

Good PIN code. Added 100 Premium Points to account of: 1 !

Its working fine with me, I made a pincode on daopay.com and filled it in.
Are you sure everything is set correctly in buypoints.php?

Logs for bought points v1.3 *Fixed: Zaypay script*

!ROFLMAO!

<?php echo $title; ?>

Banned User

Formerly cbrm -Crypto enthusiast, Retired scripter

Banned User

New Member

!ROFLMAO!

!ROFLMAO!

!ROFLMAO!

Member

!ROFLMAO!

Developer

!ROFLMAO!

Banned User

!ROFLMAO!

Developer

!ROFLMAO!

!ROFLMAO!

Developer

!ROFLMAO!

Similar threads

Logs for bought points v1.3 Fixed: Zaypay script