Hi,
I’m doing some work on a clients website and they want to implement paypal ipn for instant payments.
They have a custom CMS and i’m having trouble coming up with a solution of implementing my code.
Their site uses a standard MVC with a main controller and then functions within classes to build pages.
I’ve tested my IPN script (outside of their cms) and it works fine, but now i need to access some variables from within the website, such as logged in user information, which i don’t have access to at the moment, so now i need to implement this script within the CMS somewhere and this is where i’m struggling.
I’ve attached the code below.
Sorry about the poor explanation, but in short i need to be able to use the below code inside a MVC structure, as you can see i am manually connecting to the database, and i need to be able to check some values against session variables from within the MVC, at the moment this code is it’s own independent file.
I’ve tried things like putting it into a function and accessing it that way.
This is also the file that is used in PayPal IPN Settings.
Any thoughts?
<?php
ini_set('log_errors', true);
ini_set('error_log', dirname(__FILE__).'/ipn_errors.log');
include('listener.php');
$listener = new IpnListener();
$listener->use_sandbox = false;
try {
$listener->requirePostMethod();
$verified = $listener->processIpn();
} catch (Exception $e) {
error_log($e->getMessage());
exit(0);
}
if ($verified) {
$errmsg = '';
// Make sure the payment status is "Completed"
if ($_POST['payment_status'] != 'Completed') {
exit(0);
}
// Make sure seller email matches your primary account email.
if ($_POST['receiver_email'] != 'publishers@email.com') {
$errmsg .= "'receiver_email' does not match: ";
$errmsg .= $_POST['receiver_email']."\
";
}
// Make sure the amount(s) paid match
if ($_POST['mc_gross'] != '9.99') { // i need this cost to be fed from the website
$errmsg .= "'mc_gross' does not match: ";
$errmsg .= $_POST['mc_gross']."\
";
}
// Make sure the currency code matches
if ($_POST['mc_currency'] != 'USD') { // i need the currency to be fed from the website
$errmsg .= "'mc_currency' does not match: ";
$errmsg .= $_POST['mc_currency']."\
";
}
// Ensure the transaction is not a duplicate.
mysql_connect('localhost', 'username', 'dbpassword') or exit(0); // currently connecting to the database manually, outside of the cms.
mysql_select_db('dbname') or exit(0);
$txn_id = mysql_real_escape_string($_POST['txn_id']);
$sql = "SELECT COUNT(*) FROM orders WHERE txn_id = '$txn_id'";
$r = mysql_query($sql);
if (!$r) {
error_log(mysql_error());
exit(0);
}
$exists = mysql_result($r, 0);
mysql_free_result($r);
if ($exists) {
$errmsg .= "'txn_id' has already been processed: ".$_POST['txn_id']."\
";
}
if (!empty($errmsg)) {
// manually investigate errors from the fraud checking
$body = "IPN failed fraud checks: \
$errmsg\
\
";
$body .= $listener->getTextReport();
mail(publishers@email.com', 'IPN Fraud Warning', $body);
} else {
// add this order to a table of completed orders
$payer_email = mysql_real_escape_string($_POST['payer_email']);
$mc_gross = mysql_real_escape_string($_POST['mc_gross']);
$sql = "INSERT INTO orders VALUES (NULL, '$txn_id', '$payer_email', $mc_gross)";
if (!mysql_query($sql)) {
error_log(mysql_error());
exit(0);
}
// send user an email with a link to their digital download
//$to = filter_var($_POST['payer_email'], FILTER_SANITIZE_EMAIL);
$to = filter_var('buyers@email.com', FILTER_SANITIZE_EMAIL);
$subject = "Your digital download is ready";
mail($to, "Thank you for your order", "Download URL: ...");
// ...
}
} else {
// manually investigate the invalid IPN
mail('publishers@email.com', 'Invalid IPN', $listener->getTextReport());
}
// ...
?>