<?php
if ($result === FALSE) { }
$rt = $_SERVER['DOCUMENT_ROOT'];
// Require the functions to connect to database and fetch config values
require $rt.'/config.php';
require $rt.'/engine/database/connect.php';
// Fetch and sanitize POST and GET values
function getValue($value) {
return (!empty($value)) ? sanitize($value) : false;
}
function sanitize($data) {
return htmlentities(strip_tags(mysql_znote_escape_string($data)));
}
function VerifyPaypalIPN(array $IPN = null){
if(empty($IPN)){
$IPN = $_POST;
}
if(empty($IPN['verify_sign'])){
return null;
}
$IPN['cmd'] = '_notify-validate';
$PaypalHost = 'ipnpb.paypal.com';
$cURL = curl_init();
curl_setopt($cURL, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($cURL, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($cURL, CURLOPT_URL, "https://{$PaypalHost}/cgi-bin/webscr");
curl_setopt($cURL, CURLOPT_ENCODING, 'gzip');
curl_setopt($cURL, CURLOPT_BINARYTRANSFER, true);
curl_setopt($cURL, CURLOPT_POST, true); // POST back
curl_setopt($cURL, CURLOPT_POSTFIELDS, $IPN); // the $IPN
curl_setopt($cURL, CURLOPT_HEADER, false);
curl_setopt($cURL, CURLOPT_RETURNTRANSFER, true);
curl_setopt($cURL, CURLOPT_FORBID_REUSE, true);
curl_setopt($cURL, CURLOPT_FRESH_CONNECT, true);
curl_setopt($cURL, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($cURL, CURLOPT_TIMEOUT, 60);
curl_setopt($cURL, CURLINFO_HEADER_OUT, true);
curl_setopt($cURL, CURLOPT_HTTPHEADER, array(
'Connection: close',
'Expect: ',
));
$Response = curl_exec($cURL);
$Status = (int)curl_getinfo($cURL, CURLINFO_HTTP_CODE);
curl_close($cURL);
if(empty($Response) or !preg_match('~^(VERIFIED|INVALID)$~i', $Response = trim($Response)) or !$Status){
return null;
}
if(intval($Status / 100) != 2){
mysql_insert("INSERT INTO
znote_paypal
VALUES ('', '0', 'ERROR: Status is invalid. = $Status', '0', '0', '0')");
return false;
}
return !strcasecmp($Response, 'VERIFIED');
}
// Fetch paypal configurations
$paypal = $config['paypal'];
$prices = $config['paypal_prices'];
// Send an empty HTTP 200 OK response to acknowledge receipt of the notification
header('HTTP/1.1 200 OK');
// Build the required acknowledgement message out of the notification just received
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
$postdata = $req;
// Assign payment notification values to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = getValue($_POST['txn_id']);
$receiver_email = getValue($_POST['receiver_email']);
$payer_email = getValue($_POST['payer_email']);
$accId = (int)$_POST['invoice'];
$accId = explode('_',$accId);
$accId = $accId[0];
$receivePoints = (int)$_POST['custom'];
/*
$calcPayed = $config['cur_table'][$payment_currency] * $receivePoints;
if($payment_amount != $calcPayed){
mysql_insert("INSERT INTO
account_bans
(
account_id
,
reason
,
banned_at
,
expires_at
,
banned_by
) VALUES ('$accId', 'Fraud', 1558545070, 1661137070, 1)");
exit;
}
*/
$connectedIp = $_SERVER['REMOTE_ADDR'];
mysql_insert("INSERT INTO
znote_paypal
VALUES ('0', '$txn_id', 'Connection from IP: $connectedIp', '0', '0', '0','0','')");
$status = VerifyPaypalIPN();
if ($status) {
// Check that the payment_status is Completed
if ($payment_status == 'Completed') {
// Check that txn_id has not been previously processed
$txn_id_check = mysql_select_single("SELECT
txn_id
FROM
znote_paypal
WHERE
txn_id
='$txn_id'");
if ($txn_id_check !== false) {
$bannedAt = time();
$expires_at = $bannedAt + 1000000;
// Check that receiver_email is your Primary PayPal email
if ($receiver_email == $paypal['email'] || $receiver_email == '
[email protected]') {
$status = true;
$paidPoints = 0;
if ($payment_amount == 0) $status = false; // Wrong ammount of money
if(!isset($config['cur_table'][$payment_currency])){
return false;
}
$calcCheck = $payment_amount * $config['cur_table'][$payment_currency];
if($calcCheck != $receivePoints){
mysql_insert("INSERT INTO
account_bans
(
account_id
,
reason
,
banned_at
,
expires_at
,
banned_by
) VALUES ('$accId', 'Fraud', '$bannedAt', '$expires_at', 1)");
return false;
}
// Verify that the user havent messed around with POST data
if ($status) {
if($payment_amount < 7){
mysql_insert("INSERT INTO
account_bans
(
account_id
,
reason
,
banned_at
,
expires_at
,
banned_by
) VALUES ('$accId', 'Fraud', '$bannedAt', '$expires_at', 1)");
return false;
}
$url = '
https://discord.com/api/webhooks/10...p93MLjB6NBDrWJy0S6SwT60hCZIyLWBou0o-SmCJfTl';
/*if($payment_amount >= 20){
$receivePoints = $receivePoints + (($receivePoints*50)/100);
}*/
$data = array('content' => '
New payment in PAYPAL FROM: '.$payer_email.' | ACC: '.$accId.' | POINTS: '.$receivePoints.' | PAYED: '.$payment_currency.' '.$payment_amount.'', 'username' => 'YurOTS BOT');
$options = array(
'http' => array(
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => http_build_query($data)
)
);
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);
// transaction log
mysql_insert("INSERT INTO
znote_paypal
VALUES ('0', '$txn_id', '$payer_email', '$accId', '".$payment_amount."', '".$receivePoints."','1','".$payment_currency."')");
// Process payment
$data = mysql_select_single("SELECT
points
AS
old_points
FROM
znote_accounts
WHERE
account_id
='$accId';");
// Give points to user
$new_points = $data['old_points'] + $receivePoints;
mysql_update("UPDATE
znote_accounts
SET
points
='$new_points' WHERE
account_id
='$accId'");
}
} else {
$pmail = $paypal['email'];
mysql_insert("INSERT INTO
znote_paypal
VALUES ('0', '$txn_id', 'ERROR: Wrong mail. Received: $receiver_email, configured: $pmail', '0', '0', '0','0','None')");
}
}
}
} else {
// Something is wrong
mysql_insert("INSERT INTO
znote_paypal
VALUES ('0', '$txn_id', 'ERROR: Invalid data. $postdata', '0', '0', '0')");
}
?>