• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

Website Show Online Record / Paypal Blacklist ZNOTE15

Thaian Citizen

Thaian Citizen

Hexenjäger
Joined
Apr 5, 2013
Messages
144
Solutions
4
Reaction score
17
Location
germany
Hello,
I am using znoteacc 1.5.
I want my online list to show the online players.
The output I get is always that there is no player record yet.

Part of the site php:
PHP: 
<?php require_once 'engine/init.php'; include 'layout/overall/header.php';
//$record = mysql_query('SELECT * FROM `server_record` ORDER BY `record` DESC LIMIT 1;');
$record = mysql_query('SELECT * FROM `server_record` WHERE record=(SELECT MAX(record) FROM `server_record`);');
$row = mysql_fetch_row($record);
?>
<h1>Who is online?</h1>
<?php
if(empty($row)) {
    echo 'No player online record yet.<br />';
} else {
    $time = date("M j Y", $row['timestamp']);
    echo '<h5>Online record was '. $row['record'] .' players on '. $time .' CET.</h5><br /><br />';
}

Screenshot part of the database showing the row
2v2652os.png


Can somebody tell me why it doesnt work? :-/

Thank you
 
Sort by date Sort by votes
You can easily achive this with ZnoteAAC own mysql functions.

PHP Code:
Code: 
<?php
// Fetching data from database
  $data = array(
  'playerRecord' => mysql_select_single("SELECT * FROM `server_record` ORDER BY `record` DESC LIMIT 1")
  );
?>

HTML/PHP Code:
Code: 
<center>
    Maximum players online was <?php echo $data['playerRecord']['record']; ?> on <?php echo date("M j Y h:i:s A", $data['playerRecord']['timestamp']); ?>!
</center>
 
Upvote 0 Downvote
It works with that znotes own function - thank you ! :)

You seem to be very familiar with znote..
So you might be able to steer me into the right direction with this:
I want to implement a blacklist for paypal, how can I do it?

  • I would create a db that functions like a list of email adresses
  • and then before or after ? someone clicks purchase => i check if the used mail is listed in my blacklist-db if its listed i abort the transaction?
I had some different thought about when to do the check:
the question - at what point can i securely check, so he isn't able to trick my system with a listed email?

also where would i put that I dont really get behind that buypoints.php
I only went through a crash course in php/html like 1 month ago, so I lack experience there

with the znote's zeotss I don't really get how it works, I dont even think it has that feature or does that?
 
Upvote 0 Downvote
Find : inside /engine/functions/users.php :

PHP: 
// Checks that this email exist.
function user_email_exist($email)
{
    $email = sanitize($email);
    $data = mysql_select_single("SELECT `id` FROM `accounts` WHERE `email`='$email';");
    return ($data !== false) ? true : false;
}

Next, you are pasting this new function right under it.

PHP: 
// Checks the database if blacklisted $email exists
function blacklist_email($email)
{
    $email = sanitize($email);
    $data = mysql_select_single("SELECT `id` FROM `blacklist` WHERE `email`='$email';");
    return ($data !== false) ? true : false;
}

Now, you're able to use the function blacklist_email($blacklisted_email) | example :

PHP: 
if (blacklist_email($_POST['email']) === true)
{
    echo 'This email ', $_POST['email'], ' is blacklisted';
}

I hope this will help you @Thaian Citizen

Kind regards,
@53701688
 
Last edited by a moderator:
Upvote 0 Downvote
Yes, thank you very much, but the problem was more about where to exactly check for blacklisted guys, in my ipn.php?

On the net I found someone saying they check in their online shop if someone is blacklisted and if so they refund him his payment-
I thought I dont even wanna go that far - I wanna block him from buying/sending me cash straight off, so he don't get processed to make a paypal payment ?
( But I think he would still be able to process a payment with some sort of fake form / going around my website blacklist check ) ?

What I'm thinking is
  1. You click purchase points button (for the specific amount you want)
  2. You get send to paypal site, asking you to login and confirm payment
  3. if you confirmed, paypal sends back the ipn success stuff
  4. you can only check here for guy's paypal-mail ( his account email might not be same as his paypal email )
  5. if you check him now and he's blacklisted, he already did the cash sending in paypal
Am i having the right logic for this purchase process?
and then, can i pass that ipn message from paypal back with a not-accepted/failed/refund possibility?
 
Upvote 0 Downvote
Ok, I read into ipn.php again and also checked paypal developers to see how their system works ( https://developer.paypal.com/docs/classic/ipn/gs_IPN/ )
So according to what I read on the paypal site I thought at step 4 (bold) i should check if guy is blacklisted
  1. A user clicks a PayPal button to kick off a checkout flow; your web application makes an API call; your back-office system makes an API call; or PayPal observes an event.

  2. PayPal posts a message to your listener, notifying you of this event, which starts the request-response process.

  3. Your listener returns an empty HTTP 200 response.

  4. Your listener performs an HTTP POST to send the complete, unaltered notification back to PayPal, completing the initial request-response handshake, and allowing PayPal to verify that the IPN message is being sent to the correct location.

  5. PayPal sends a single word back - either VERIFIED (if the message matches the original) or INVALID (if the message does not match the original).
Click to expand...
So I altered my script, it should now BEFORE step 4 check if email is blacklisted
> if email is blacklisted > it doesn't even get to the step 4 of sending back the verify ipn message "handshake"
So this way now it should turn out as failed transaction and wont be processed, right? He wont send money, i wont get money, nothing, right?

I'm sorry for asking that much, but I don't want to just copy something I want to know exactly what's happening ;)

Here's my ipn.php: ( changes are at start of VerifyIPN~ and at the very end elseif check for blacklisted )

PHP: 
<?php

    // Require the functions to connect to database and fetch config values
    require 'config.php';
    require 'engine/database/connect.php';

    function VerifyPaypalIPN(array $IPN = null){
        if (blacklist_email($_POST['payer_email']) === true) {
            echo 'This email ', $_POST['payer_email'], ' is blacklisted';
            return 'BLACKLISTED';
        }
        if(empty($IPN)){
            $IPN = $_POST;
        }
        if(empty($IPN['verify_sign'])){
            return null;
        }
        $IPN['cmd'] = '_notify-validate';
        $PaypalHost = (empty($IPN['test_ipn']) ? 'www' : 'www.sandbox').'.paypal.com';
        $cURL = curl_init();
        curl_setopt($cURL, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($cURL, CURLOPT_SSL_VERIFYHOST, false);
        curl_setopt($cURL, CURLOPT_URL, "https://{$PaypalHost}/cgi-bin/webscr");
        curl_setopt($cURL, CURLOPT_ENCODING, 'gzip');
        curl_setopt($cURL, CURLOPT_BINARYTRANSFER, true);
        curl_setopt($cURL, CURLOPT_POST, true); // POST back
        curl_setopt($cURL, CURLOPT_POSTFIELDS, $IPN); // the $IPN
        curl_setopt($cURL, CURLOPT_HEADER, false);
        curl_setopt($cURL, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($cURL, CURLOPT_FORBID_REUSE, true);
        curl_setopt($cURL, CURLOPT_FRESH_CONNECT, true);
        curl_setopt($cURL, CURLOPT_CONNECTTIMEOUT, 30);
        curl_setopt($cURL, CURLOPT_TIMEOUT, 60);
        curl_setopt($cURL, CURLINFO_HEADER_OUT, true);
        curl_setopt($cURL, CURLOPT_HTTPHEADER, array(
            'Connection: close',
            'Expect: ',
        ));
        $Response = curl_exec($cURL);
        $Status = (int)curl_getinfo($cURL, CURLINFO_HTTP_CODE);
        curl_close($cURL);
        if(empty($Response) or !preg_match('~^(VERIFIED|INVALID)$~i', $Response = trim($Response)) or !$Status){
            return null;
        }
        if(intval($Status / 100) != 2){
            return false;
        }
        return !strcasecmp($Response, 'VERIFIED');
    }

    // Fetch paypal configurations
    $paypal = $config['paypal'];
    $prices = $config['paypal_prices'];

    // Send an empty HTTP 200 OK response to acknowledge receipt of the notification
    header('HTTP/1.1 200 OK');

    // Build the required acknowledgement message out of the notification just received
    $req = 'cmd=_notify-validate';
    foreach ($_POST as $key => $value) {
        $value = urlencode(stripslashes($value));
        $req  .= "&$key=$value";
    }
    $postdata = $req;

    // Assign payment notification values to local variables
    $item_name        = $_POST['item_name'];
    $item_number      = $_POST['item_number'];
    $payment_status   = $_POST['payment_status'];
    $payment_amount   = $_POST['mc_gross'];
    $payment_currency = $_POST['mc_currency'];
    $txn_id           = $_POST['txn_id'];
    $receiver_email   = $_POST['receiver_email'];
    $payer_email      = $_POST['payer_email'];
    $custom           = (int)$_POST['custom'];

    $connectedIp = $_SERVER['REMOTE_ADDR'];
    mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '$txn_id', 'Connection from IP: $connectedIp', '0', '0', '0')");

    $status = VerifyPaypalIPN();
    if ($status) {
        // Check that the payment_status is Completed
        if ($payment_status == 'Completed') {

        
            // Check that txn_id has not been previously processed
            $txn_id_check = mysql_select_single("SELECT `txn_id` FROM `znote_paypal` WHERE `txn_id`='$txn_id'");
            if ($txn_id_check !== false) {
                // Check that receiver_email is your Primary PayPal email
                if ($receiver_email == $paypal['email']) {
                
                    $status = true;
                    $paidMoney = 0;
                    $paidPoints = 0;

                    foreach ($prices as $priceValue => $pointsValue) {
                        if ($priceValue == $payment_amount) {
                            $paidMoney = $priceValue;
                            $paidPoints = $pointsValue;
                        }
                    }

                    if ($paidMoney == 0) $status = false; // Wrong ammount of money
                    if ($payment_currency != $paypal['currency']) $status = false; // Wrong currency
                
                    // Verify that the user havent messed around with POST data
                    if ($status) {
                        // transaction log
                        mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '$txn_id', '$payer_email', '$custom', '".$paidMoney."', '".$paidPoints."')");
                    
                        // Process payment
                        $data = mysql_select_single("SELECT `points` AS `old_points` FROM `znote_accounts` WHERE `account_id`='$custom';");

                        // Give points to user
                        $new_points = $data['old_points'] + $paidPoints;
                        mysql_update("UPDATE `znote_accounts` SET `points`='$new_points' WHERE `account_id`='$custom'");
                    }
                }  else {
                    $pmail = $paypal['email'];
                    mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '$txn_id', 'ERROR: Wrong mail. Received: $receiver_email, configured: $pmail', '0', '0', '0')");
                }
            }
        }
    } elseif ($status == 'BLACKLISTED') {
        // Something is wrong
        mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '$txn_id', 'REJECTED: Blacklisted customer. $postdata', '0', '0', '0')");
    } else {
        // Something is wrong
        mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '$txn_id', 'ERROR: Invalid data. $postdata', '0', '0', '0')");
    }
?>
 
Upvote 0 Downvote
bump~

Anyone who can look up my last post about my ipn.php changes? And tell me if it works that way, or where exactly I have to execute that blacklist check.
I would apply some try-and-fail method if it didn't involve sending cash over several times...
 
Upvote 0 Downvote
BUMP

I tested it, it doesnt work- who can tell me how to make a blacklist system that interrupts the payment process? i dont even want to receive cash from a blacklisted guy...

And also the points that I bought didnt get added to my account, this is what the paypal table showed after the purchase:
3xk9hmon.png


Would be really nice if someone could help me sort these last 2 problems out :)
  • shop points not arriving
  • blacklist system or alternative way to get rid of a chargebacker
 
Last edited:
Upvote 0 Downvote

Similar threads

ghunalma
  • Question
AAC [Znote AAC] admin_news dont upload images
Replies
3
Views
326
ghunalma
ghunalma
ralke
  • Question
AAC ZnoteAAC show killing assists at characterprofile deathlist
Replies
0
Views
176
ralke
ralke
Czorcik
  • Question
Highscore reborn system in acc maker
Replies
0
Views
267
Czorcik
Czorcik
blokerzinha
  • Question
Problem with the wrong player appearing as top even though he is not. Znote
Replies
1
Views
333
blokerzinha
blokerzinha
Back
Top