付款完成后,修改PayPal IPN侦听器以处理多个查询

时间:2012-08-23 16:00:59

标签: php mysql sql paypal paypal-ipn

由于我缺乏PHP知识,我无法修改我的PayPal IPN监听器。

付款完成后,我的IPN监听器会将交易的详细信息插入到付款表中,但是我现在需要该脚本还要更新另一个名为“会员”的表格'所以我可以很容易地告诉谁付了钱。

这是我提出的SQL:

"UPDATE `Members` SET paid='TRUE' WHERE id='".$data['custom']."'

我正在使用IPN变量' custom'从原始付款表单中发送用户ID。

我已尝试将mysqli_multi_query实现到脚本中,但没有成功。我真的坚持这个,如果有人能指出我正确的方向,那就太棒了。

这是我的PHP:

function check_txnid($tnxid){
    global $link;
    return true;
    $valid_txnid = true;
    //get result set
    $sql = mysql_query("SELECT * FROM `payments` WHERE txnid = '$tnxid'", $link);       
    if($row = mysql_fetch_array($sql)) {
        $valid_txnid = false;
    }
    return $valid_txnid;
}

function check_price($price, $id){
    $valid_price = false;
    //you could use the below to check whether the correct price has been paid for the product

    /* 
    $sql = mysql_query("SELECT amount FROM `products` WHERE id = '$id'");       
    if (mysql_numrows($sql) != 0) {
        while ($row = mysql_fetch_array($sql)) {
            $num = (float)$row['amount'];
            if($num == $price){
                $valid_price = true;
            }
        }
    }
    return $valid_price;
    */
    return true;
}

function updatePayments($data){ 
    global $link;
    if(is_array($data)){                
        $sql = mysql_query("INSERT INTO `payments` (txnid, payment_amount, payment_status, itemid, createdtime) VALUES (
                '".$data['txn_id']."' ,
                '".$data['payment_amount']."' ,
                '".$data['payment_status']."' ,
                '".$data['item_number']."' ,
                '".date("Y-m-d H:i:s")."' 
                )", $link);

    return mysql_insert_id($link);
    }
}

//Database Connection
$link = mysql_connect($host, $user, $pass);
mysql_select_db($db_name);

// Check if paypal request or response
if (!isset($_POST["txn_id"]) && !isset($_POST["txn_type"])){

    // Firstly Append paypal account to querystring
    $querystring .= "?business=".urlencode($paypal_email)."&";  

    // Append amount& currency (£) to quersytring so it cannot be edited in html

    //The item name and amount can be brought in dynamically by querying the $_POST['item_number'] variable.
    $querystring .= "item_name=".urlencode($item_name)."&";
    $querystring .= "amount=".urlencode($item_amount)."&";

    //loop for posted values and append to querystring
    foreach($_POST as $key => $value){
        $value = urlencode(stripslashes($value));
        $querystring .= "$key=$value&";
    }

    // Append paypal return addresses
    $querystring .= "return=".urlencode(stripslashes($return_url))."&";
    $querystring .= "cancel_return=".urlencode(stripslashes($cancel_url))."&";
    $querystring .= "notify_url=".urlencode($notify_url);

    // Append querystring with custom field
    //$querystring .= "&custom=".USERID;

    // Redirect to paypal IPN
    header('location:https://www.paypal.com/cgi-bin/webscr'.$querystring);
    exit();

}else{

    // Response from Paypal

    // read the post from PayPal system and add 'cmd'
    $req = 'cmd=_notify-validate';
    foreach ($_POST as $key => $value) {
        $value = urlencode(stripslashes($value));
        $value = preg_replace('/(.*[^%^0^D])(%0A)(.*)/i','${1}%0D%0A${3}',$value);// IPN fix
        $req .= "&$key=$value";
}

    // assign posted variables to local variables
    $data['item_name']          = mysql_real_escape_string($_POST['item_name']);
    $data['item_number']        = mysql_real_escape_string($_POST['item_number']);
    $data['payment_status']     = mysql_real_escape_string($_POST['payment_status']);
    $data['payment_amount']     = mysql_real_escape_string($_POST['mc_gross']);
    $data['payment_currency']   = mysql_real_escape_string($_POST['mc_currency']);
    $data['txn_id']             = mysql_real_escape_string($_POST['txn_id']);
    $data['receiver_email']     = mysql_real_escape_string($_POST['receiver_email']);
    $data['payer_email']        = mysql_real_escape_string($_POST['payer_email']);
    $data['custom']             = mysql_real_escape_string($_POST['custom']);

    // post back to PayPal system to validate
    $header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
    $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
    $header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

    $fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30); 

    if (!$fp) {
        // HTTP ERROR
    } else {    

        fputs ($fp, $header . $req);
        while (!feof($fp)) {
            $res = fgets ($fp, 1024);
            if (strcmp($res, "VERIFIED") == 0) {

                // Used for debugging
                //@mail("you@youremail.com", "PAYPAL DEBUGGING", "Verified Response<br />data = <pre>".print_r($post, true)."</pre>");

                // Validate payment (Check unique txnid & correct price)
                $valid_txnid = check_txnid($data['txn_id']);
                $valid_price = check_price($data['payment_amount'], $data['item_number']);
                // PAYMENT VALIDATED & VERIFIED!
                if($valid_txnid && $valid_price){               
                    $orderid = updatePayments($data);       
                    if($orderid){                   
                        // Payment has been made & successfully inserted into the Database                              
                    }else{                              
                    // Error inserting into DB
                    // E-mail admin or alert user
                    }
                }else{                  
                    // Payment made but data has been changed
                    // E-mail admin or alert user
                }                       

            }else if (strcmp ($res, "INVALID") == 0) {

                // PAYMENT INVALID & INVESTIGATE MANUALY! 
                // E-mail admin or alert user

                // Used for debugging
                //@mail("you@youremail.com", "PAYPAL DEBUGGING", "Invalid Response<br />data = <pre>".print_r($post, true)."</pre>");
            }       
        }       
    fclose ($fp);
    }   
}
?>

1 个答案:

答案 0 :(得分:0)

只需进行两次查询

function updatePayments($data){ 
    global $link;
    if(is_array($data)){                
        $sql = mysql_query("INSERT INTO `payments` (txnid, payment_amount, payment_status, itemid, createdtime) VALUES (
                '".$data['txn_id']."' ,
                '".$data['payment_amount']."' ,
                '".$data['payment_status']."' ,
                '".$data['item_number']."' ,
                '".date("Y-m-d H:i:s")."' 
                )", $link);
         mysql_query("UPDATE `Members` SET paid='TRUE' WHERE id='".$data['custom'], $link);
    return mysql_insert_id($link);
    }
}