Файл: Update 2.1.1/sources/ipn_deposit/paypal.php
Строк: 89
<?php
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0rn";
$header .= "Content-Type: application/x-www-form-urlencodedrn";
$header .= "Content-Length: " . strlen($req) . "rnrn";
$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$time = time();
$accountQuery = $db->query("SELECT * FROM companies WHERE name='PayPal'");
$acc = $accountQuery->fetch_assoc();
$date = date("d/m/Y H:i:s");
if(checkSession()) { $uid = $_SESSION['suid']; } else { $uid = 0; }
$check_trans = $db->query("SELECT * FROM transactions WHERE tid='$txn_id' and date='$date' and uid='$uid'");
if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
if ($payment_status == 'Completed') {
if ($receiver_email==$acc['a_field_1']) {
if($check_trans->num_rows>0) {
echo error($lang['error_15']);
} else {
$insert = $db->query("INSERT transactions (tid,from,uid,in,amount,currency,date) VALUES ('$txn_id','$payer_email','$uid','PayPal','$payment_amount','$payment_currency','$date')");
$check_wallet = $db->query("SELECT * FROM wallets WHERE uid='$_SESSION[suid]' and currency='$payment_currency'");
if($check_wallet->num_rows>0) {
$update_wallet = $db->query("UPDATE wallets SET amount=amount+$payment_amount,updated='$time' WHERE uid='$_SESSION[suid]' and currency='$payment_currency'");
echo success("Your deposit was successfully. You added $payment_amount $payment_currency to your wallet.");
} else {
$insert = $db->query("INSERT wallets (uid,amount,currency,created) VALUES ('$_SESSION[suid]','$payment_amount','$payment_currency','$time')");
echo success("Your deposit was successfully. You added $payment_amount $payment_currency to your wallet.");
}
}
} else {
echo error($lang['error_17']);
}
}
}
else if (strcmp ($res, "INVALID") == 0) {
echo error($lang['error_20']);
}
}
fclose ($fp);
}
?>