I wrote an automated donations system for someone, so that people who play on his game servers can enter their information, donate, and automatically be added to a database. Its working great, but im not very php saavy, so I am hoping you guys can take a look and tell me what else I should add. I need to remove them when the subscription ends, which I think is subscr_eot, but I cant find any good examples of using it. And as for the rest I am just hoping it looks okay, thanks!
<?php
// database
include_once('config.php');
//Connect
$db_connect = mysql_connect($DB_host, $DB_username, $DB_password) or die(mysql_error());
mysql_select_db($DB_name) or die(mysql_error());
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value)
{
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-T开发者_高级运维ype: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);
// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$txn_type = $_POST['txn_type'];
$receiver_email = $_POST['receiver_email'];
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$payer_email = $_POST['payer_email'];
$steam_id = $_POST['custom'];
if ($fp)
{
fputs ($fp, $header . $req);
while (!feof($fp))
{
$res = fgets ($fp, 1024);
switch ($res)
{
//Payment is Validated
case 'VERIFIED':
if(strcmp($payment_status, "Completed") == 0)
{
$firstlast = $first_name[0] . $last_name;
$username = strtolower($firstlast);
$query = "INSERT INTO sb_admins (user, authid, password, gid, email, validate, extraflags, immunity, srv_group, srv_password) VALUES('". $username ."', '". $steam_id ."', '', -1, '". mysql_real_escape_string($payer_email) ."', 0, 0, 0, '". $sm_group ."', 'password')";
mysql_query($query) or die(mysql_error());
}
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment
break;
case 'INVALID':
// PAYMENT INVALID & INVESTIGATE MANUALLY!
$to = $receiver_email;
$subject = 'XA - BattleClan | Invalid Donation';
$message = '
Dear Administrator,
A donation has been made but is flagged as INVALID.
Please verify the payment manually and contact the donator.
Donator Email: '.$email.'
';
$headers = 'From:administrator@xa-battleclan.com' . "\r\n";
mail($to, $subject, $message, $headers);
break;
default:
break;
}
}
fclose ($fp);
}
?>
For anyone looking in the future, paypal does call your handler again. It sends notification to whatever url you have for notify_url set to.
精彩评论