No points.. using Znote paypal

[Burdin]

This is the Error message I get in my DB Tabel Znote_Paypal when the payment is complete

ERROR: Invalid data. cmd=_notify-validate&mc_gross=5.00&settle_amount=32.57&protection_eligibility=Ineligible&payer_id=C9RRZT8B7Q466&tax=0.00&payment_date=17%3A39%3A31+Mar+27%2C+2014+PDT&payment_status=Completed&charset=windows-1252&first_name=Mark&mc_fee

Have no idea, what's wrong :/

 

[Znote]

Weird, that log message appear when the script gets to this line:
https://github.com/Znote/ZnoteAAC/blob/master/ipn.php#L122

Which indicates that status returned either false or null here:
https://github.com/Znote/ZnoteAAC/blob/master/ipn.php#L76

Which is this function:
https://github.com/Znote/ZnoteAAC/blob/master/ipn.php#L7

Which may indicate that the response is invalid.
You should reproduce that bug and add some extra lines in that function for extra debugging purposes.
(IPN messages can be re-sent on paypal to trigger ipn message again). Just put some patience in it as it tends to be a slow process waiting for paypal servers.

Add this line on code on various different spots on the function to determine where it fails: (Change the debugging message so you can identify it in the script)

mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '0', 'ERROR: Debugging message here', '0', '0', '0')");

And figure out where it breaks.

 

[Burdin]

I can follow you idea, but since I'm not that good to scripting I do not know where the smartest places is to place

mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '0', 'ERROR: Debugging message here', '0', '0', '0')");

So that I'm sure it's the real function bug I have found and not one I made because I placed the code at the wrong location

Do you have idea's where to place it?

<?php

    // Require the functions to connect to database and fetch config values
    require 'config.php';
    require 'engine/database/connect.php';

    function VerifyPaypalIPN(array $IPN = null){
        if(empty($IPN)){
            $IPN = $_POST;
        }
        if(empty($IPN['verify_sign'])){
            return null;
        }
        $IPN['cmd'] = '_notify-validate';
        $PaypalHost = (empty($IPN['test_ipn']) ? 'www' : 'www.sandbox').'.paypal.com';
        $cURL = curl_init();
        curl_setopt($cURL, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($cURL, CURLOPT_SSL_VERIFYHOST, false);
        curl_setopt($cURL, CURLOPT_URL, "https://{$PaypalHost}/cgi-bin/webscr");
        curl_setopt($cURL, CURLOPT_ENCODING, 'gzip');
        curl_setopt($cURL, CURLOPT_BINARYTRANSFER, true);
        curl_setopt($cURL, CURLOPT_POST, true); // POST back
        curl_setopt($cURL, CURLOPT_POSTFIELDS, $IPN); // the $IPN
        curl_setopt($cURL, CURLOPT_HEADER, false);
        curl_setopt($cURL, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($cURL, CURLOPT_FORBID_REUSE, true);
        curl_setopt($cURL, CURLOPT_FRESH_CONNECT, true);
        curl_setopt($cURL, CURLOPT_CONNECTTIMEOUT, 30);
        curl_setopt($cURL, CURLOPT_TIMEOUT, 60);
        curl_setopt($cURL, CURLINFO_HEADER_OUT, true);
        curl_setopt($cURL, CURLOPT_HTTPHEADER, array(
            'Connection: close',
            'Expect: ',
        ));
        $Response = curl_exec($cURL);
        $Status = (int)curl_getinfo($cURL, CURLINFO_HTTP_CODE);
        curl_close($cURL);
        if(empty($Response) or !preg_match('~^(VERIFIED|INVALID)$~i', $Response = trim($Response)) or !$Status){
            return null;
        }
        if(intval($Status / 100) != 2){
            return false;
        }
        return !strcasecmp($Response, 'VERIFIED');
    }

    // Fetch paypal configurations
    $paypal = $config['paypal'];
    $prices = $config['paypal_prices'];

    // Send an empty HTTP 200 OK response to acknowledge receipt of the notification
    header('HTTP/1.1 200 OK');

    // Build the required acknowledgement message out of the notification just received
    $req = 'cmd=_notify-validate';
    foreach ($_POST as $key => $value) {
        $value = urlencode(stripslashes($value));
        $req  .= "&$key=$value";
    }
    $postdata = $req;

    // Assign payment notification values to local variables
    $item_name        = $_POST['item_name'];
    $item_number      = $_POST['item_number'];
    $payment_status  = $_POST['payment_status'];
    $payment_amount  = $_POST['mc_gross'];
    $payment_currency = $_POST['mc_currency'];
    $txn_id          = $_POST['txn_id'];
    $receiver_email  = $_POST['receiver_email'];
    $payer_email      = $_POST['payer_email'];
    $custom          = (int)$_POST['custom'];

    $connectedIp = $_SERVER['REMOTE_ADDR'];
    mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '$txn_id', 'Connection from IP: $connectedIp', '0', '0', '0')");

    $status = VerifyPaypalIPN();
    if ($status) {
        // Check that the payment_status is Completed
        if ($payment_status == 'Completed') {


            // Check that txn_id has not been previously processed
            $txn_id_check = mysql_select_single("SELECT `txn_id` FROM `znote_paypal` WHERE `txn_id`='$txn_id'");
            if ($txn_id_check !== false) {
                // Check that receiver_email is your Primary PayPal email
                if ($receiver_email == $paypal['email']) {

                    $status = true;
                    $paidMoney = 0;
                    $paidPoints = 0;

                    foreach ($prices as $priceValue => $pointsValue) {
                        if ($priceValue == $payment_amount) {
                            $paidMoney = $priceValue;
                            $paidPoints = $pointsValue;
                        }
                    }

                    if ($paidMoney == 0) $status = false; // Wrong ammount of money
                    if ($payment_currency != $paypal['currency']) $status = false; // Wrong currency

                    // Verify that the user havent messed around with POST data
                    if ($status) {
                        // transaction log
                        mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '$txn_id', '$payer_email', '$custom', '".$paidMoney."', '".$paidPoints."')");

                        // Process payment
                        $data = mysql_select_single("SELECT `points` AS `old_points` FROM `znote_accounts` WHERE `account_id`='$custom';");

                        // Give points to user
                        $new_points = $data['old_points'] + $paidPoints;
                        mysql_update("UPDATE `znote_accounts` SET `points`='$new_points' WHERE `account_id`='$custom'");
                    }
                }  else {
                    $pmail = $paypal['email'];
                    mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '$txn_id', 'ERROR: Wrong mail. Received: $receiver_email, configured: $pmail', '0', '0', '0')");
                }
            }
        }
    } else {
        // Something is wrong
        mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '$txn_id', 'ERROR: Invalid data. $postdata', '0', '0', '0')");
    }
?>

 

[Znote]

Before function VerifyPaypalIPN returns anything. Like this:

<?php

    // Require the functions to connect to database and fetch config values
    require 'config.php';
    require 'engine/database/connect.php';

    function VerifyPaypalIPN(array $IPN = null){
        if(empty($IPN)){
            $IPN = $_POST;
        }
        if(empty($IPN['verify_sign'])){
            mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '0', 'ERROR: Verify sign is null', '0', '0', '0')");
            return null;
        }
        $IPN['cmd'] = '_notify-validate';
        $PaypalHost = (empty($IPN['test_ipn']) ? 'www' : 'www.sandbox').'.paypal.com';
        mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '0', 'NOTICE: About to contact = $PaypalHost', '0', '0', '0')");
        $cURL = curl_init();
        curl_setopt($cURL, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($cURL, CURLOPT_SSL_VERIFYHOST, false);
        curl_setopt($cURL, CURLOPT_URL, "https://{$PaypalHost}/cgi-bin/webscr");
        curl_setopt($cURL, CURLOPT_ENCODING, 'gzip');
        curl_setopt($cURL, CURLOPT_BINARYTRANSFER, true);
        curl_setopt($cURL, CURLOPT_POST, true); // POST back
        curl_setopt($cURL, CURLOPT_POSTFIELDS, $IPN); // the $IPN
        curl_setopt($cURL, CURLOPT_HEADER, false);
        curl_setopt($cURL, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($cURL, CURLOPT_FORBID_REUSE, true);
        curl_setopt($cURL, CURLOPT_FRESH_CONNECT, true);
        curl_setopt($cURL, CURLOPT_CONNECTTIMEOUT, 30);
        curl_setopt($cURL, CURLOPT_TIMEOUT, 60);
        curl_setopt($cURL, CURLINFO_HEADER_OUT, true);
        curl_setopt($cURL, CURLOPT_HTTPHEADER, array(
            'Connection: close',
            'Expect: ',
        ));
        $Response = curl_exec($cURL);
        $Status = (int)curl_getinfo($cURL, CURLINFO_HTTP_CODE);
        curl_close($cURL);
        if(empty($Response) or !preg_match('~^(VERIFIED|INVALID)$~i', $Response = trim($Response)) or !$Status){
            mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '0', 'ERROR: Response is invalid = $Response', '0', '0', '0')");
            return null;
        }
        if(intval($Status / 100) != 2){
            mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '0', 'ERROR: Status is invalid. = $Status', '0', '0', '0')");
            return false;
        }
        mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '0', 'Looks good: $Status $Response', '0', '0', '0')");
        return !strcasecmp($Response, 'VERIFIED');
    }

    // Fetch paypal configurations
    $paypal = $config['paypal'];
    $prices = $config['paypal_prices'];

    // Send an empty HTTP 200 OK response to acknowledge receipt of the notification
    header('HTTP/1.1 200 OK');

    // Build the required acknowledgement message out of the notification just received
    $req = 'cmd=_notify-validate';
    foreach ($_POST as $key => $value) {
        $value = urlencode(stripslashes($value));
        $req  .= "&$key=$value";
    }
    $postdata = $req;

    // Assign payment notification values to local variables
    $item_name        = $_POST['item_name'];
    $item_number      = $_POST['item_number'];
    $payment_status   = $_POST['payment_status'];
    $payment_amount   = $_POST['mc_gross'];
    $payment_currency = $_POST['mc_currency'];
    $txn_id           = $_POST['txn_id'];
    $receiver_email   = $_POST['receiver_email'];
    $payer_email      = $_POST['payer_email'];
    $custom           = (int)$_POST['custom'];

    $connectedIp = $_SERVER['REMOTE_ADDR'];
    mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '$txn_id', 'Connection from IP: $connectedIp', '0', '0', '0')");

    $status = VerifyPaypalIPN();
    if ($status) {
        // Check that the payment_status is Completed
        if ($payment_status == 'Completed') {


            // Check that txn_id has not been previously processed
            $txn_id_check = mysql_select_single("SELECT `txn_id` FROM `znote_paypal` WHERE `txn_id`='$txn_id'");
            if ($txn_id_check !== false) {
                // Check that receiver_email is your Primary PayPal email
                if ($receiver_email == $paypal['email']) {

                    $status = true;
                    $paidMoney = 0;
                    $paidPoints = 0;

                    foreach ($prices as $priceValue => $pointsValue) {
                        if ($priceValue == $payment_amount) {
                            $paidMoney = $priceValue;
                            $paidPoints = $pointsValue;
                        }
                    }

                    if ($paidMoney == 0) $status = false; // Wrong ammount of money
                    if ($payment_currency != $paypal['currency']) $status = false; // Wrong currency

                    // Verify that the user havent messed around with POST data
                    if ($status) {
                        // transaction log
                        mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '$txn_id', '$payer_email', '$custom', '".$paidMoney."', '".$paidPoints."')");

                        // Process payment
                        $data = mysql_select_single("SELECT `points` AS `old_points` FROM `znote_accounts` WHERE `account_id`='$custom';");

                        // Give points to user
                        $new_points = $data['old_points'] + $paidPoints;
                        mysql_update("UPDATE `znote_accounts` SET `points`='$new_points' WHERE `account_id`='$custom'");
                    }
                }  else {
                    $pmail = $paypal['email'];
                    mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '$txn_id', 'ERROR: Wrong mail. Received: $receiver_email, configured: $pmail', '0', '0', '0')");
                }
            }
        }
    } else {
        // Something is wrong
        mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '$txn_id', 'ERROR: Invalid data. $status : $postdata', '0', '0', '0')");
    }
?>

 

[Burdin]

I runned the function you wrote and got this in my tabel:

NOTICE: About to contact = www.paypal.com

ERROR: Response is invalid =

ERROR: Invalid data. : cmd=_notify-validate&mc_gross=1.00&settle_amount=4.50&protection_eligibility=Ineligible&payer_id=C9RRZT8B7Q466&tax=0.00&payment_date=03%3A43%3A56+Mar+28%2C+2014+PDT&payment_status=Completed&charset=windows-1252&first_name=Mark&mc_f

 

[Znote]

Ok, then we know which scope the error is in, but lets break it down even further:

<?php

// Require the functions to connect to database and fetch config values
require 'config.php';
require 'engine/database/connect.php';

function VerifyPaypalIPN(array $IPN = null){
if(empty($IPN)){
$IPN = $_POST;
}
if(empty($IPN['verify_sign'])){
mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '0', 'ERROR: Verify sign is null', '0', '0', '0')");
return null;
}
$IPN['cmd'] = '_notify-validate';
$PaypalHost = (empty($IPN['test_ipn']) ? 'www' : 'www.sandbox').'.paypal.com';
mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '0', 'NOTICE: About to contact = $PaypalHost', '0', '0', '0')");
$cURL = curl_init();
curl_setopt($cURL, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($cURL, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($cURL, CURLOPT_URL, "https://{$PaypalHost}/cgi-bin/webscr");
curl_setopt($cURL, CURLOPT_ENCODING, 'gzip');
curl_setopt($cURL, CURLOPT_BINARYTRANSFER, true);
curl_setopt($cURL, CURLOPT_POST, true); // POST back
curl_setopt($cURL, CURLOPT_POSTFIELDS, $IPN); // the $IPN
curl_setopt($cURL, CURLOPT_HEADER, false);
curl_setopt($cURL, CURLOPT_RETURNTRANSFER, true);
curl_setopt($cURL, CURLOPT_FORBID_REUSE, true);
curl_setopt($cURL, CURLOPT_FRESH_CONNECT, true);
curl_setopt($cURL, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($cURL, CURLOPT_TIMEOUT, 60);
curl_setopt($cURL, CURLINFO_HEADER_OUT, true);
curl_setopt($cURL, CURLOPT_HTTPHEADER, array(
'Connection: close',
'Expect: ',
));
$Response = curl_exec($cURL);
$Status = (int)curl_getinfo($cURL, CURLINFO_HTTP_CODE);
curl_close($cURL);
if(empty($Response)){
mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '0', 'ERROR: Response is empty.', '0', '0', '0')");
return null;
}
if(!preg_match('~^(VERIFIED|INVALID)$~i', $Response = trim($Response))){
mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '0', 'ERROR: Preg match returned false. $Response', '0', '0', '0')");
return null;
}
if(!$Status){
mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '0', 'ERROR: Status is false = $Response = $Status', '0', '0', '0')");
return null;
}
if(intval($Status / 100) != 2){
mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '0', 'ERROR: Status is invalid. = $Status', '0', '0', '0')");
return false;
}
mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '0', 'Looks good: $Status$Response', '0', '0', '0')");
return !strcasecmp($Response, 'VERIFIED');
}

// Fetch paypal configurations
$paypal = $config['paypal'];
$prices = $config['paypal_prices'];

// Send an empty HTTP 200 OK response to acknowledge receipt of the notification
header('HTTP/1.1 200 OK');

// Build the required acknowledgement message out of the notification just received
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
$postdata = $req;

// Assign payment notification values to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$custom = (int)$_POST['custom'];

$connectedIp = $_SERVER['REMOTE_ADDR'];
mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '$txn_id', 'Connection from IP: $connectedIp', '0', '0', '0')");

$status = VerifyPaypalIPN();
if ($status) {
// Check that the payment_status is Completed
if ($payment_status == 'Completed') {


// Check that txn_id has not been previously processed
$txn_id_check = mysql_select_single("SELECT `txn_id` FROM `znote_paypal` WHERE `txn_id`='$txn_id'");
if ($txn_id_check !== false) {
// Check that receiver_email is your Primary PayPal email
if ($receiver_email == $paypal['email']) {

$status = true;
$paidMoney = 0;
$paidPoints = 0;

foreach ($prices as $priceValue => $pointsValue) {
if ($priceValue == $payment_amount) {
$paidMoney = $priceValue;
$paidPoints = $pointsValue;
}
}

if ($paidMoney == 0) $status = false; // Wrong ammount of money
if ($payment_currency != $paypal['currency']) $status = false; // Wrong currency

// Verify that the user havent messed around with POST data
if ($status) {
// transaction log
mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '$txn_id', '$payer_email', '$custom', '".$paidMoney."', '".$paidPoints."')");

// Process payment
$data = mysql_select_single("SELECT `points` AS `old_points` FROM `znote_accounts` WHERE `account_id`='$custom';");

// Give points to user
$new_points = $data['old_points'] + $paidPoints;
mysql_update("UPDATE `znote_accounts` SET `points`='$new_points' WHERE `account_id`='$custom'");
}
} else {
$pmail = $paypal['email'];
mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '$txn_id', 'ERROR: Wrong mail. Received: $receiver_email, configured: $pmail', '0', '0', '0')");
}
}
}
} else {
// Something is wrong
mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '$txn_id', 'ERROR: Invalid data. $status : $postdata', '0', '0', '0')");
}
?>

 

[Burdin]

Its solved now, i made a upgrade on phpmyadmin today, and suddenly all worked out fine! Thx for taking you time to help!

 

[Znote]

That is just random. xD This is completely unrelated to phpmyadmin. D:
Weird...

 

[ATT3]

I am not going to try to update my phpmyadmin since I really doubt that it's the problem and I have reinstalled everything.

I am having the same problem don't know what could be causing this. (using the script above)
sandbox IPN

After "correcting" the IP (and custom field)

The same without email error.

Now same with real money.

Note: 200INVALID = wut?

 

[SirJohnsen]

anyone figured this out? im having the same issue.

 

[ATT3]

anyone figured this out? im having the same issue.

Are you using outdated IPN file?

Older than this? https://github.com/Znote/ZnoteAAC/commit/f7057feba11d0bbd67d5734603208e1446bc36c5

 

[SirJohnsen]

Are you using outdated IPN file?

Older than this? https://github.com/Znote/ZnoteAAC/commit/f7057feba11d0bbd67d5734603208e1446bc36c5

No that is the file im using. It does manage to post data in my znote_paypal in mysql. but it gives me error:

ERROR: Invalid data. cmd=_notify-validate&handling_amount=0.00&payer_id=YR49YDJV6SPNN&ipn_track_id=f12ddabfe89a3&shipping=0.00&charset=windows-1252&payment_gross=&verify_sign=AFcWxV21C7fd0v3bYYYRCpSSRl31A-W-FWXH..C76S4AZm6CyWRdGfA6&item_name=12+shop+point

I've been dealing with this all day checking that i have php 5+ and that curl is enabled.
Honestly im lost. I even tried making my own ipnlistner.php with a mix of mine and znotes ipn to insert the date. but it got me just as far.

 

[calveron]

gonna bump this. Having this exact issue. Anyone has any idea??

 

[Znote]

For debugging, try to use this one:
https://gist.github.com/Znote/9828922
Note that it is not safe security wise, but should contain better error reporting to tell you what is wrong.

 

[calveron]

Ran a test and resent the message from paypal, this is the result.. I don't really understand anything haha

NOTICE: About to contact = www.paypal.com
ERROR: Preg match returned false.
ERROR: Invalid data. : cmd=_notify-validate&settle_amount=5.86&payer_id=MPT5XZ3V479WC&ipn_track_id=f8c95524582cb&charset=windows-1252&settle_currency=SEK&payment_gross=&receipt_id=0732-2818-6893-9951&verify_sign=Ai1PaghZh5FmBLCDCTQpwG8jB264AEnqa8k7kSwpd2

 

[Znote]

@calveron above

if(!preg_match('~^(VERIFIED|INVALID)$~i', $Response = trim($Response))){

Add:

$looksie = var_export($Response, true);
mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '0', 'Looksie: Response data: $looksie', '0', '0', '0')");

It should attempt to show us what $Response contains

 

[calveron]

Connection from IP: 173.0.81.1
NOTICE: About to contact = www.paypal.com

This is what comes now, does that tell us anything?

 

[Znote]

Potentially a crash, what does your error logs say?

UniServerZ\core\apache2\logs\error.log

or

/var/log/apache2/error.log

something like that, look for the last error from ipn.php

 

[calveron]

there are no errors from ipn.php

 

[heros1994]

I also have a problem with paypal, points do not reach the SMS SHOP website after payment

in config.php regarding paypal I have this

// Write your paypal address here, and what currency you want to recieve money in.
$config['paypal'] = array(
'enabled' => true,
'email' => '', // Example: [email protected]
'points_per_currency' => 10, // 1 currency = ? points? [ONLY used to calculate bonuses]
'success' => "http://".$_SERVER['HTTP_HOST']."/success.php",
'failed' => "http://".$_SERVER['HTTP_HOST']."/failed.php",
'ipn' => "http://".$_SERVER['HTTP_HOST']."/ipn.php",
'showBonus' => false,
);

and this

$config['cur_table'] = array('EUR'=>'25','USD'=>'25','BRL'=>'6','GBP'=>'25');
$config['cur_min_table'] = array('EUR'=>'1','USD'=>'1','BRL'=>'5','GBP'=>'1');

my ipn.php

<?php


if ($result === FALSE) { }

$rt = $_SERVER['DOCUMENT_ROOT'];
// Require the functions to connect to database and fetch config values
require $rt.'/config.php';
require $rt.'/engine/database/connect.php';

// Fetch and sanitize POST and GET values
function getValue($value) {
return (!empty($value)) ? sanitize($value) : false;
}
function sanitize($data) {
return htmlentities(strip_tags(mysql_znote_escape_string($data)));
}

function VerifyPaypalIPN(array $IPN = null){
if(empty($IPN)){
$IPN = $_POST;
}
if(empty($IPN['verify_sign'])){
return null;
}
$IPN['cmd'] = '_notify-validate';
$PaypalHost = 'ipnpb.paypal.com';
$cURL = curl_init();
curl_setopt($cURL, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($cURL, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($cURL, CURLOPT_URL, "https://{$PaypalHost}/cgi-bin/webscr");
curl_setopt($cURL, CURLOPT_ENCODING, 'gzip');
curl_setopt($cURL, CURLOPT_BINARYTRANSFER, true);
curl_setopt($cURL, CURLOPT_POST, true); // POST back
curl_setopt($cURL, CURLOPT_POSTFIELDS, $IPN); // the $IPN
curl_setopt($cURL, CURLOPT_HEADER, false);
curl_setopt($cURL, CURLOPT_RETURNTRANSFER, true);
curl_setopt($cURL, CURLOPT_FORBID_REUSE, true);
curl_setopt($cURL, CURLOPT_FRESH_CONNECT, true);
curl_setopt($cURL, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($cURL, CURLOPT_TIMEOUT, 60);
curl_setopt($cURL, CURLINFO_HEADER_OUT, true);
curl_setopt($cURL, CURLOPT_HTTPHEADER, array(
'Connection: close',
'Expect: ',
));
$Response = curl_exec($cURL);
$Status = (int)curl_getinfo($cURL, CURLINFO_HTTP_CODE);
curl_close($cURL);
if(empty($Response) or !preg_match('~^(VERIFIED|INVALID)$~i', $Response = trim($Response)) or !$Status){
return null;
}
if(intval($Status / 100) != 2){
mysql_insert("INSERT INTO znote_paypal VALUES ('', '0', 'ERROR: Status is invalid. = $Status', '0', '0', '0')");
return false;
}
return !strcasecmp($Response, 'VERIFIED');
}

// Fetch paypal configurations
$paypal = $config['paypal'];
$prices = $config['paypal_prices'];

// Send an empty HTTP 200 OK response to acknowledge receipt of the notification
header('HTTP/1.1 200 OK');

// Build the required acknowledgement message out of the notification just received
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
$postdata = $req;

// Assign payment notification values to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = getValue($_POST['txn_id']);
$receiver_email = getValue($_POST['receiver_email']);
$payer_email = getValue($_POST['payer_email']);

$accId = (int)$_POST['invoice'];
$accId = explode('_',$accId);
$accId = $accId[0];

$receivePoints = (int)$_POST['custom'];
/*
$calcPayed = $config['cur_table'][$payment_currency] * $receivePoints;

if($payment_amount != $calcPayed){
mysql_insert("INSERT INTO account_bans (account_id, reason, banned_at, expires_at, banned_by) VALUES ('$accId', 'Fraud', 1558545070, 1661137070, 1)");
exit;
}
*/


$connectedIp = $_SERVER['REMOTE_ADDR'];
mysql_insert("INSERT INTO znote_paypal VALUES ('0', '$txn_id', 'Connection from IP: $connectedIp', '0', '0', '0','0','')");

$status = VerifyPaypalIPN();
if ($status) {
// Check that the payment_status is Completed
if ($payment_status == 'Completed') {


// Check that txn_id has not been previously processed
$txn_id_check = mysql_select_single("SELECT txn_id FROM znote_paypal WHERE txn_id='$txn_id'");
if ($txn_id_check !== false) {

$bannedAt = time();
$expires_at = $bannedAt + 1000000;
// Check that receiver_email is your Primary PayPal email
if ($receiver_email == $paypal['email'] || $receiver_email == '[email protected]') {

$status = true;
$paidPoints = 0;

if ($payment_amount == 0) $status = false; // Wrong ammount of money
if(!isset($config['cur_table'][$payment_currency])){
return false;
}

$calcCheck = $payment_amount * $config['cur_table'][$payment_currency];
if($calcCheck != $receivePoints){
mysql_insert("INSERT INTO account_bans (account_id, reason, banned_at, expires_at, banned_by) VALUES ('$accId', 'Fraud', '$bannedAt', '$expires_at', 1)");
return false;
}
// Verify that the user havent messed around with POST data
if ($status) {
if($payment_amount < 7){
mysql_insert("INSERT INTO account_bans (account_id, reason, banned_at, expires_at, banned_by) VALUES ('$accId', 'Fraud', '$bannedAt', '$expires_at', 1)");
return false;
}
$url = 'https://discord.com/api/webhooks/10...p93MLjB6NBDrWJy0S6SwT60hCZIyLWBou0o-SmCJfTl';
/*if($payment_amount >= 20){
$receivePoints = $receivePoints + (($receivePoints*50)/100);
}*/
$data = array('content' => 'New payment in PAYPAL FROM: '.$payer_email.' | ACC: '.$accId.' | POINTS: '.$receivePoints.' | PAYED: '.$payment_currency.' '.$payment_amount.'', 'username' => 'YurOTS BOT');
$options = array(
'http' => array(
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => http_build_query($data)
)
);
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);

// transaction log
mysql_insert("INSERT INTO znote_paypal VALUES ('0', '$txn_id', '$payer_email', '$accId', '".$payment_amount."', '".$receivePoints."','1','".$payment_currency."')");

// Process payment
$data = mysql_select_single("SELECT points AS old_points FROM znote_accounts WHERE account_id='$accId';");

// Give points to user
$new_points = $data['old_points'] + $receivePoints;
mysql_update("UPDATE znote_accounts SET points='$new_points' WHERE account_id='$accId'");
}
} else {
$pmail = $paypal['email'];
mysql_insert("INSERT INTO znote_paypal VALUES ('0', '$txn_id', 'ERROR: Wrong mail. Received: $receiver_email, configured: $pmail', '0', '0', '0','0','None')");
}
}
}
} else {
// Something is wrong
mysql_insert("INSERT INTO znote_paypal VALUES ('0', '$txn_id', 'ERROR: Invalid data. $postdata', '0', '0', '0')");
}
?>

i changed too

// Fetch paypal configurations
$paypal = $config['paypal'];
$prices = $config['paypal_prices'];

for this ( I don't know how it should be because I don't have something like "$config['paypal_prices']" in config.php )

// Fetch paypal configurations
$paypal = $config['paypal'];
$prices = $config['cur_table'];

one player from Brazil bought and got points on account. (in BRL currency)
I'm trying from the second account and I don't get points on SMS SHOP and I also don't go back with Paypal after paying to the ots website. payments are made to the paypal account

I also got BAN (Fraud) yesterday while trying
in phpmyadmin i have successful and failed transaction

@Znote