<?
include('config.php');
//save post variables to local variables
$custom = stripslashes(ucwords(strtolower(trim($_REQUEST['custom']))));
$receiver_email = $_REQUEST['receiver_email'];
$payment_status = $_REQUEST['payment_status'];
$item_name = $_REQUEST['item_name'];
$item_number = $_REQUEST['item_number'];
$payment_amount = $_REQUEST['mc_gross'];
$payment_currency = $_REQUEST['mc_currency'];
$txn_id = $_REQUEST['txn_id'];
$payer_email = $_REQUEST['payer_email'];
// connect db
$db = mysql_connect($mysql_host, $mysql_user, $mysql_pass);
mysql_select_db($mysql_db, $db);
//read the actual number of points
$query = "SELECT premium_points FROM accounts WHERE accounts.name = '$custom'";
//add points to variable
$result = mysql_query($query);
$prem = mysql_fetch_array($result);
if ($pointsperbuck == 1)
$points = $prem['premium_points'] + (floor($payment_amount) * $pointsperbuck_add);
else
$points = $prem['premium_points'] + $points_add;
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
if ($pointsperbuck == 0) {
if ($payment_status == "Completed" & $receiver_email == $my_email & $my_currency == $payment_currency & $my_amount == $payment_amount)
{
$qry2 = "UPDATE accounts SET premium_points = '$points' WHERE accounts.name = '$custom'";
$result2 = mysql_query($qry2);
$save_payment = "INSERT INTO payments(account_name, payment_status, payment_amount, payment_currency, txn_id, receiver_email, payer_email) VALUES('$custom', '$payment_status', '$payment_amount', '$payment_currency', '$txn_id', '$receiver_email', '$payer_email')";
$save_qry = mysql_query($save_payment);
}
else {
$save_uncompleted = "INSERT INTO wrong_payments(account_name, payment_status, payment_amount, payment_currency, txn_id, receiver_email, payer_email) VALUES('$custom', '$payment_status', '$payment_amount', '$payment_currency', '$txn_id', '$receiver_email', '$payer_email')";
$save_unquery = mysql_query($save_uncompleted);
}
}
else if ($pointsperbuck == 1) {
if ($payment_status == "Completed" & $receiver_email == $my_email & $my_currency == $payment_currency)
{
$qry2 = "UPDATE accounts SET premium_points = '$points' WHERE accounts.name = '$custom'";
$result2 = mysql_query($qry2);
$save_payment = "INSERT INTO payments(account_name, payment_status, payment_amount, payment_currency, txn_id, receiver_email, payer_email) VALUES('$custom', '$payment_status', '$payment_amount', '$payment_currency', '$txn_id', '$receiver_email', '$payer_email')";
$save_qry = mysql_query($save_payment);
}
else {
$save_uncompleted = "INSERT INTO wrong_payments(account_name, payment_status, payment_amount, payment_currency, txn_id, receiver_email, payer_email, invalid) VALUES('$custom', '$payment_status', '$payment_amount', '$payment_currency', '$txn_id', '$receiver_email', '$payer_email', 0)";
$save_unquery = mysql_query($save_uncompleted);
}
}
}
else if (strcmp ($res, "INVALID") == 0) {
$inv_save = "INSERT INTO wrong_payments(account_name, payment_status, payment_amount, payment_currency, txn_id, receiver_email, payer_email, invalid) VALUES('$custom', '$payment_status', '$payment_amount', '$payment_currency', '$txn_id', '$receiver_email', '$payer_email', 1)";
$inv_query = mysql_query($inv_save);
echo("Invalid.");
}
}
fclose ($fp);
}
?>