<?php
//Original source: https://cms.paypal.com/cms_content/US/en_US/files/developer/IPN_PHP_41.txt
//Modified sample code by Codex-m: http://www.php-developer.org
//License: Open source
//Target implementation: Paypal IPN implementation for digital downloads such as ebooks, mp3, etc
//The script assumes you are testing in Sandbox mode.
//For details and explanation of the following script, read my tutorial at Developer shed for this topic(search Paypal IPN): http://www.devshed.com/cp/bio/Codex%98M/
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);

$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$invoice = $_POST['invoice'];
$customeripaddress=$_POST['custom'];
$productname=$_POST['item_name'];

include '/home/www/php-developer.org/paypal_ipn_demo/connect.php';

if (!$fp) {
$log='http error='.$errno;
$log = mysql_real_escape_string($log);
mysql_query("INSERT INTO ipnlogs (eventlog) VALUES ('$log')");
}
else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
$log='Verified IPN Transaction';
$log = mysql_real_escape_string($log);
mysql_query("INSERT INTO ipnlogs (eventlog) VALUES ('$log')");
$txn_id = mysql_real_escape_string($txn_id);
if (!($fetch = mysql_fetch_array( mysql_query("SELECT `TransactionID` FROM `customerrecords` WHERE `TransactionID`='$txn_id'")))) {
if ($receiver_email=='codex__1293512831_biz@yahoo.com') {
$receiver_email = mysql_real_escape_string($receiver_email);
}
else {
die('ERROR: Invalid Paypal Seller Email address.');
}
if ($payment_currency=='USD') {
$payment_currency = mysql_real_escape_string($payment_currency);
}
else {
die('ERROR: Incorrect currency');
}
$productname = mysql_real_escape_string($productname);
$result = mysql_query("SELECT `ProductPrice` FROM `productstable` WHERE `ProductName`='$productname'")
or die(mysql_error());
$row = mysql_fetch_array($result)
or die("Invalid query: " . mysql_error());
$productprice = $row['ProductPrice'];
if ($payment_amount==$productprice) {
$payment_amount = mysql_real_escape_string($payment_amount);
}
else {
die('ERROR: Incorrect payment amount');
}
if ($payment_status=='Completed') {
$payment_status = mysql_real_escape_string($payment_status);
}
else {
die('ERROR: Payment status not completed');
}
require_once('is_email.php');
if (is_email($payer_email)) {
$payer_email = mysql_real_escape_string($payer_email);
}
else {
die('ERROR: Invalid payer email address');
}
if (ctype_alnum($invoice)){
$invoice = mysql_real_escape_string($invoice);
}
else {
die('ERROR: The submitted invoice data is NOT alphanumeric');
}
if(filter_var($customeripaddress, FILTER_VALIDATE_IP)){
$customeripaddress = mysql_real_escape_string($customeripaddress);
}
else {
die('ERROR: The submitted IP address data is NOT valid.');
}
$downloadstatus='incomplete';
$downloadstatus = mysql_real_escape_string($downloadstatus);
mysql_query("INSERT INTO customerrecords (PaymentStatus,PaymentAmount,PaymentCurrency,PayerEmail,ReceiverEmail,TransactionID,InvoiceNumber,ProductPurchased,IPAddress,DownloadStatus) VALUES ('$payment_status','$payment_amount','$payment_currency','$payer_email','$receiver_email','$txn_id','$invoice','$productname','$customeripaddress','$downloadstatus')")
or die(mysql_error());
mysql_close($dbhandle);
}
else {
die('Could not process request-transaction ID already exist');
}
}
else if (strcmp ($res, "INVALID") == 0) {
$log='Invalid IPN transaction';
$log = mysql_real_escape_string($log);
mysql_query("INSERT INTO ipnlogs (eventlog) VALUES ('$log')");
}
}
fclose ($fp);
}
?>