I just made a shortened (clean) version of stian's paypal IPN, even though paypal is suffering downtimes, this will be handy for you.
# the script won't log payments
# the script will reject scammers
I didn't test it, so... have fun.
v.3 (latest)
v.2 better than v.1
v.1 vulnerable
Report bugs. x_x
# the script won't log payments
# the script will reject scammers
I didn't test it, so... have fun.
v.3 (latest)
PHP:
<?php
## ## ## ## ## ## ## ##
## PayPal IPN script ##
## by archez ##
## ## ## ## ## ## ## ##
## fixes at otland ##
## ## ## ## ## ## ## ##
## first script by ##
## stian, at otland ##
## http://otland.net ##
## ## ## ## ## ## ## ##
if(gethostbyaddr($_SERVER['REMOTE_ADDR']) != 'notify.paypal.com')
{
exit();
}
if($_REQUEST['debug'])
{
ini_set('display_errors', true);
error_reporting(E_ALL);
}
// MySQLi connection
$mysql = new mysqli('localhost', 'root', 'password', 'database');
// Variables, don't touch!
$receiverEmail = $_REQUEST['receiver_email'];
$paymentStatus = $_REQUEST['payment_status'];
$mcGross = $_REQUEST['mc_gross'];
$mcCurrency = $_REQUEST['mc_currency'];
$customValue = stripslashes(ucwords(strtolower(trim($_REQUEST['custom']))));
// Prices
$prices = array('10.00' => 20, '20.00' => 40, '30.00' => 60, '40.00' => 80);
// Setup
$receiver = '[email protected]';
$currency = 'EUR';
$whatToDo = 1; // 1 - delete, 2 - custom
if($paymentStatus == 'Completed' && $receiverEmail == $receiver && isset($prices[$mcGross]) && $mcCurrency == $currency)
{
$mysql->query('UPDATE `accounts` SET `premium_points` = `premium_points` + ' . $prices[$mc_gross] . ' WHERE `name` = "' . $customValue . '"');
}
elseif($paymentStatus == 'Reversed' && $receiverEmail == $receiver)
{
if($whatToDo == 1)
{
$mysql->query('DELETE FROM `accounts` WHERE `name` = "' . $customValue . '"');
}
elseif($whatToDo == 2)
{
// if not deleting, what to do?
}
}
else
{
exit();
}
?>
v.2 better than v.1
PHP:
<?php
## ## ## ## ## ## ## ##
## PayPal IPN script ##
## by archez ##
## ## ## ## ## ## ## ##
## first script by ##
## stian, at otland ##
## http://otland.net ##
## ## ## ## ## ## ## ##
if($_REQUEST['debug'])
{
ini_set('display_errors', true);
error_reporting(E_ALL);
}
// MySQL connection
$mysql = array('host' => 'localhost', 'user' => 'root', 'password' => '#', 'database' => '#');
$connect = mysql_connect($mysql['host'], $mysql['user'], $mysql['password']);
$database = mysql_select_db($mysql['database'], $connect);
// Variables, don't touch!
$receiverEmail = $_REQUEST['receiver_email'];
$paymentStatus = $_REQUEST['payment_status'];
$mcGross = $_REQUEST['mc_gross'];
$mcCurrency = $_REQUEST['mc_currency'];
$customValue = stripslashes(ucwords(strtolower(trim($_REQUEST['custom']))));
// Prices
$prices = array('10.00' => 20, '20.00' => 40, '30.00' => 60, '40.00' => 80);
// Setup
$receiver = '[email protected]';
$currency = 'EUR';
$whatToDo = 1; // 1 - delete, 2 - custom
// Unwanted people IP addresses
$unwanted = array('66.211.170.66', '216.113.188.202', '216.113.188.203', '216.113.188.204', '216.113.188.205', '66.135.197.163', '66.135.197.164', ' 66.135.197.162', '66.135.197.141', '216.113.191.33');
if(!in_array($_SERVER['REMOTE_ADDR'], $unwanted))
{
die('Error #1, contact the administration.'); // You'll know what to do in case you get this report
}
if($paymentStatus == 'Completed' && $receiverEmail == $receiver && isset($prices[$mcGross]) && $mcCurrency == $currency)
{
mysql_query('UPDATE `accounts` SET `premium_points` = `premium_points` + ' . $prices[$mc_gross] . ' WHERE `name` = "' . $customValue . '"');
}
elseif($playmentStatus == 'Reversed' && $receiverEmail == $receiver)
{
if($whatToDo == 1)
{
mysql_query('DELETE FROM `accounts` WHERE `name` = "' . $customValue . '"');
}
elseif($whatToDo == 2)
{
// if not deleting, what to do?
}
}
else
{
die('Error #2, contact the administration.'); // You'll know what to do in case you get this report
}
?>
v.1 vulnerable
PHP:
<?php
## ## ## ## ## ## ## ##
## PayPal IPN script ##
## by archez ##
## ## ## ## ## ## ## ##
## first script by ##
## stian, at otland ##
## http://otland.net ##
## ## ## ## ## ## ## ##
if($_REQUEST['debug'])
{
ini_set('display_errors', true);
error_reporting(E_ALL);
}
// MySQL connection
$mysql = array('host' => 'localhost', 'user' => 'root', 'password' => '#', 'database' => '#');
$connect = mysql_connect($mysql['host'], $mysql['user'], $mysql['password']);
$database = mysql_select_db($mysql['database'], $connect);
// Variables, don't touch!
$receiverEmail = $_REQUEST['receiver_email'];
$paymentStatus = $_REQUEST['payment_status'];
$mcGross = $_REQUEST['mc_gross'];
$mcCurrency = $_REQUEST['mc_currency'];
$customValue = stripslashes(ucwords(strtolower(trim($_REQUEST['custom']))));
// Prices
$prices = array('10.00' => 20, '20.00' => 40, '30.00' => 60, '40.00' => 80);
// Setup
$receiver = '[email protected]';
$currency = 'EUR';
// Unwanted people IP addresses
$unwanted = array('66.211.170.66', '216.113.188.202', '216.113.188.203', '216.113.188.204', '216.113.188.205', '66.135.197.163', '66.135.197.164', ' 66.135.197.162', '66.135.197.141', '216.113.191.33');
if(!in_array($_SERVER['REMOTE_ADDR'], $unwanted))
{
die('Error #1, contact the administration.'); // You'll know what to do in case you get this report
}
if($paymentStatus == 'Completed' && $receiverEmail == $receiver && isset($prices[$mcGross]) && $mcCurrency == $currency)
{
$query = mysql_query('UPDATE `accounts` SET `premium_points` = `premium_points` + ' . $prices[$mc_gross] . ' WHERE `name` = "' . $customValue . '"');
$result = mysql_result($query);
}
else
{
die('Error #2, contact the administration.'); // You'll know what to do in case you get this report
}
?>
Report bugs. x_x
Last edited: