paypal

[afebmunn]

Hey Guys,

 

i have another problem, i am using paypal IPN, and i want the details of the order to be stored in my orders table of the databse as well as sending me an email. Im pretty sure the code is ok, but it is not working. Can some one please take a look?

 

<?php

 

include('db_fns.php');

 

 

// change these to your paypal settings

$paypal_email = "benmunns@gmail.com";

$paypal_currency = 'USD';

$shipping = 10.00;

 

 

/**

  * checks if paypal trans id is already in database

  * @param int $trans_id

  * @return bool

  */

function no_paypal_trans_id($trans_id)

{

$connection = db_connect();

$query = sprintf("SELECT id from orders WHERE paypal_trans_id = '%s'",

                mysql_real_escape_string($trans_id));

$result = mysql_query($query);

 

$num_results = mysql_num_rows($result);

 

if($num_results == 0)

{

return true;

}

 

return false;

 

}

 

/**

  * checks to make sure that paypal payment amount is correct

  * @param int $shipping

* @param array $params

  * @return bool

  */

function payment_amount_correct($shipping, $params)

{

  $amount = 0.00;

 

for ($i=1;  $i <= $params['num_cart_items']; $i++)

{

  $query = sprintf("SELECT price from products where id='%s'",

mysql_real_escape_string($params["item_number{$i}"]));

$result = mysql_query($query);

if($result)

{

  $item_price = mysql_result($result, 0, 'price');

  $amount += $item_price * $params["quantity{$i}"];

}

}

 

if(($amount+$shipping) == $params['mc_gross'])

{

  return true;

}

else

{

  return false;

}

 

}

 

 

 

/**

* creates order and adds items

* @param array $params

* @return bool

*/

function create_order($params)

{

  db_connect();

 

$query =  sprintf("INSERT INTO orders set

                    orders.firstname = '%s',

  orders.lastname = '%s',

  orders.email = '%s',

  orders.country = '%s',

                          orders.address = '%s',

                          orders.city = '%s',

orders.zip_code = '%s',

orders.state = '%s',

orders.status = '%s',

orders.amount = '%s',

orders.paypal_trans_id = '%s',

  created_at = NOW()

",

  mysql_real_escape_string($params['first_name']),

mysql_real_escape_string($params['last_name']),

mysql_real_escape_string($params['payer_email']),

  mysql_real_escape_string($params['address_country']),

mysql_real_escape_string($params['address_street']),

mysql_real_escape_string($params['address_city']),

mysql_real_escape_string($params['address_zip']),

mysql_real_escape_string($params['address_state']),

mysql_real_escape_string($params['payment_status']),

mysql_real_escape_string($params['mc_gross']),

mysql_real_escape_string($params['txn_id'])

               

);

 

$result = mysql_query($query);

if(!$result)

{

return false;

}

 

$order_id = mysql_insert_id();

 

for ($i=1;  $i <= $params['num_cart_items'] ; $i++)

{

  $product = find_product($params["item_number{$i}"]);

 

  $query = sprintf("INSERT

                    INTO items

                          set

order_id = '%s',

product_id = '%s',

title = '%s',

price = '%s',

qty = '%s'

",

mysql_real_escape_string($order_id),

mysql_real_escape_string($product['id']),

mysql_real_escape_string($product['title']),

  mysql_real_escape_string($product['price']),

mysql_real_escape_string($params["quantity{$i}"])

 

);

 

$result = mysql_query($query);

 

if(!$result)

{

return false;

}

 

}

 

 

return true;

}

 

 

 

 

// read the post from PayPal system and add 'cmd'

$req = 'cmd=_notify-validate';

 

foreach ($_POST as $key => $value) {

$value = urlencode(stripslashes($value));

$req .= "&$key=$value";

}

 

// post back to PayPal system to validate

$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";

$header .= "Content-Type: application/x-www-form-urlencoded\r\n";

$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);

 

// assign posted variables to local variables

$item_name = $_POST['item_name'];

$item_number = $_POST['item_number'];

$payment_status = $_POST['payment_status'];

$payment_amount = $_POST['mc_gross'];

$payment_currency = $_POST['mc_currency'];

$txn_id = $_POST['txn_id'];

$receiver_email = $_POST['receiver_email'];

$payer_email = $_POST['payer_email'];

 

if (!$fp) {

// HTTP ERROR

} else {

fputs ($fp, $header . $req);

while (!feof($fp)) {

$res = fgets ($fp, 1024);

if (strcmp ($res, "VERIFIED") == 0) {

 

if ($_POST['payment_status'] == 'Completed'

  && no_paypal_trans_id($_POST['txn_id'])

&& $paypal_email == $_POST['receiver_email']

&& $paypal_currency == $_POST['mc_currency']

&& payment_amount_correct($shipping, $_POST)

)

{

    // process payment

create_order($_POST);

 

}

 

}

else if (strcmp ($res, "INVALID") == 0) {

// log for manual investigation

}

}

fclose ($fp);

}

?>

[Pikachu2000]

When posting code, please enclose it within the forum's

 . . . 

BBCode tags.