1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
<?
include ('../../init.php');
$debug = false;
$paypalmode = 'sandbox';
$paypalmode = '';
// debug
if ($debug == true)
{
$file = gmdate("YmdHis").'.txt';
$handle = fopen($file, 'w');
fwrite($handle, file_get_contents('php://input'));
fclose($handle);
}
if($_POST)
{
if($paypalmode == 'sandbox')
{
$paypalmode = '.sandbox';
}
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval)
{
$keyval = explode ('=', $keyval);
if (count($keyval) == 2)
$myPost[$keyval[0]] = urldecode($keyval[1]);
}
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc'))
{
$get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value)
{
if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1)
{
$value = urlencode(stripslashes($value));
}
else
{
$value = urlencode($value);
}
$req .= "&$key=$value";
}
$ch = curl_init('https://www'.$paypalmode.'.paypal.com/cgi-bin/webscr');
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
if( !($res = curl_exec($ch)) )
{
curl_close($ch);
exit;
}
curl_close($ch);
// debug
if ($debug == true)
{
$file = 'res_'.gmdate("YmdHis").'.txt';
$handle = fopen($file, 'w');
fwrite($handle, $res);
fclose($handle);
}
if (strcmp ($res, "VERIFIED") == 0)
{
// prepare data
$paymentstatus = $_POST['payment_status'];
$total = $_POST['mc_gross'];
$custom = $_POST['custom'];
// end prepare data
// check if completed
if ($paymentstatus != "Completed")
{
die;
}
// check if not negative price
if ($total <= 0)
{
die;
}
// check for filter params
$custom = explode(',', $custom);
if (count($custom) == 0)
{
die;
}
if ($gsValues['BILLING_PAYPAL_CUSTOM'] == '')
{
die;
}
if ($custom[0] == $gsValues['BILLING_PAYPAL_CUSTOM'])
{
$user_email = $custom[1];
$plan_id = $custom[2];
$api_url = $gsValues['URL_ROOT'].'/api/api.php';
$api_key = $gsValues['SERVER_API_KEY'];
if (($api_url != '') && ($api_key != ''))
{
$url = $api_url.'?api=server&ver=1.0&key='.$api_key.'&cmd=ADD_USER_BILLING_PLAN,'.$user_email.','.$plan_id;
file_get_contents($url, false, null);
}
}
}
}
?>