s2dpaypp.php /// Art: Payment /// Inhalt: Transaktionsscript für Paypal /// Beschreibung: Nimmt die Rückmeldung von Paypal entgegen und wertet diese entsprechend aus. /// Benötigt: normal /// CCML-Parsing: notwendig /// //////////////////////////////////////////////////////////////////////////// /// /// Letzte Änderungen: /// //////////////////////////////////////////////////////////////////////////// ///<20.10.2008/6.0.3.2/> define('ROOT', './'); define('ASSETS', ROOT.'assets/'); require(ASSETS.'s2diconf.php'); require(CC_INCLUDE_INIT); if (!in_array(ini_get('allow_url_fopen'), array('1', 'On', 'on', 'ON'))) { @ini_set('allow_url_fopen', '1'); if (!in_array(ini_get('allow_url_fopen'), array('1', 'On', 'on', 'ON'))) die('Can not handle request due to provider restrictions'); } $log = handle_transaction(); // Log speichern if (LOG_PAYMENT) save_to_file(FILE_PAYMENTLOG, "\nPaypal ".time()."\n".($log ? $log : 'OK')); if ($log) script_die(CC_RESSOURCE_FORBIDDEN, __FILE__, __LINE__); //////////////////////////////////////////////////////////////////////////// function handle_transaction() { $content = 'cmd=_notify-validate'; foreach($_POST as $k => $v) $content .= "&$k=".rawurlencode(stripslashes($v)); $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: ".strlen($content)."\r\n\r\n"; // Socket zu Paypal öffnen.Testumgebung: www.sandbox.paypal.com $socket = @fsockopen('ssl://www.'.(PAYMENT_TESTMODE ? 'sandbox.' : '').'paypal.com', 443, $errno, $errstr, 30); if (!$socket) return "Connot open socket, errno=$errno, errstr=$errstr\n"; // Daten an Paypal senden fputs($socket, $header.$content); while(!feof($socket)) $response .= fgets($socket, 1024); fclose($socket); if (!preg_match('/VERIFIED$/', $response)) return "Transaction not verified\n"; // Transaktionsstatus $status = is_post('payment_status') ? post('payment_status') : null; if ($status != 'Completed') return null; //////////////////////////////////////////////////////////////////////////// Überprüfungen // Bestellung laden und Bestellnummer überprüfen $order_id = is_post('invoice') ? post('invoice') : null; $myorder = new order($order_id); if ($myorder->order_id != $order_id) return "No such order $order_id\n"; // Bestellbezeichnung überprüfen $payment_subject = is_post('item_name') ? post('item_name') : null; if ($payment_subject != CC_SITE_SHOPNAME.', '.CC_RESSOURCE_DESCRIPTION.' '.$myorder->order_date.', '.CC_RESSOURCE_ORDERID.' '.$myorder->order_id) return "Subjects mismatch: '$payment_subject' and '".CC_SITE_SHOPNAME.', '.CC_RESSOURCE_DESCRIPTION.' '.$myorder->order_date.', '.CC_RESSOURCE_ORDERID.' '.$myorder->order_id."' \n"; // Bezahlmethode einlesen $payment_id = is_post('custom') ? post('custom') : null; $payment = new payment(); if (!$pm = $payment->get($payment_id)) return "Cannot open payment $payment_id\n"; // Gesamtpreis überprüfen $total = is_post('mc_gross') ? floatval(post('mc_gross')) : 0; if ($total != $myorder->get_totalprice()) return "Total mismatch: '$total' and '".$myorder->get_totalprice()."' \n"; // Währung überprüfen $currency_code = is_post('mc_currency') ? post('mc_currency') : ''; if ($currency_code != $pm->parameter[3]) return "Currency mismatch: '$currency_code' and '".$pm->parameter[3]."' \n"; // Verkäuferkonto überprüfen $business = is_post('business') ? post('business') : ''; if ($business != $pm->parameter[1]) return "User mismatch: '$business' and '".$pm->parameter[1]."' \n"; //////////////////////////////////////////////////////////////////////////// Zahlung abschliessen // Falls Sofortspeicherung aktiviert ist, neuen Status eintragen if ($pm->autocharge) { $myorder->set_status(CC_RESSOURCE_ORDERSTATUSSHORT_WAITINGITEMS, true); $myorder->send_status_email(); } } ?>