Paypal IPN什么时候更新数据库?

时间:2017-06-30 05:56:22

标签: php paypal

我有这个paypal IPN脚本。目前我正在更新案例Success上的数据库。但在某个地方,我觉得我做错了。我认为我应该在IPN验证后更新数据库(通过向用户帐户添加余额或处理订单来处理)。请查看下面的代码,如果我做错了,请告诉我。

<?php
session_start();
include'config/db.php';
require_once('paypal.class.php');  // include the class file
$p = new paypal_class;             // initiate an instance of the class
$p->paypal_url = 'https://sandbox.paypal.com/cgi-bin/webscr';   // testing paypal url
//$p->paypal_url = 'https://www.paypal.com/cgi-bin/webscr';     // paypal url

// setup a variable for this script (ie: 'http://www.micahcarrick.com/paypal.php')
$this_script = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
$try_script = 'http://'.$_SERVER['HTTP_HOST'];

// if there is not action variable, set the default action of 'process'
if (empty($_GET['action'])) $_GET['action'] = 'process';
switch ($_GET['action']) {
   case 'process':      // Process and order...
?>
<!DOCTYPE html>
<html>
  <head>
    <title>Redirecting to Paypal</title>
  </head>
  <body>
    <center>Please wait while we redirect you to Paypal...<br><img src="images/paypal-loading.gif" width="auto" height="75"></center>
  </body>
</html>
<?php
      // There should be no output at this point.  To process the POST data,
      // the submit_paypal_post() function will output all the HTML tags which
      // contains a FORM which is submited instantaneously using the BODY onload
      // attribute.  In other words, don't echo or printf anything when you're
      // going to be calling the submit_paypal_post() function.

      // This is where you would have your form validation  and all that jazz.
      // You would take your POST vars and load them into the class like below,
      // only using the POST values instead of constant string expressions.

      // For example, after ensureing all the POST variables from your custom
      // order form are valid, you might have:
      //
      // $p->add_field('first_name', $_POST['first_name']);
      // $p->add_field('last_name', $_POST['last_name']);

      $CatDescription = $_REQUEST['CatDescription'];
      $payment = $_REQUEST['payment'];
      $id = $_REQUEST['id'];
      $key = $_REQUEST['key'];
      $merchant = $_REQUEST['business'];
      $custom = $_REQUEST['custom'];

      $p->add_field('business', $merchant);
      $p->add_field('return', $this_script.'?action=success');
      $p->add_field('cancel_return', $this_script.'?action=cancel');
      $p->add_field('notify_url', $this_script.'?action=ipn');
      $p->add_field('item_name', $CatDescription);
      $p->add_field('amount', $payment);
      $p->add_field('key', $key);
      $p->add_field('item_number', $id);
      $p->add_field('custom', $custom);


      $p->submit_paypal_post(); // submit the fields to paypal
      //$p->dump_fields();      // for debugging, output a table of all the fields
      break;

   case 'success':      // Order was successful...

      // This is where you would probably want to thank the user for their order
      // or what have you.  The order information at this point is in POST
      // variables.  However, you don't want to "process" the order until you
      // get validation from the IPN.  That's where you would have the code to
      // email an admin, update the database with payment status, activate a
      // membership, etc.

      //echo "<br/><p><b>Thank you for your Donation. </b><br /></p>";

      //foreach ($_POST as $key => $value) { echo "$key: $value<br>"; }

      // You could also simply re-direct them to another page, or your own
      // order status page which presents the user with the status of their
      // order based on a database (which can be modified with the IPN code
      // below).

      $state = $_POST['payment_status'];
      $amount = $_POST['mc_gross'];
      $currency = $_POST['mc_currency'];
      $firstname = $_POST["first_name"];
      $lastname = $_POST["last_name"];
      $country = $_POST["address_country"];
      $txnid = $_POST["txn_id"];
      $uniqueid = $_POST["payer_id"];
      $email = $_POST["payer_email"];
      $merchant = $_POST["business"];
      $custom = $_POST["custom"];
      $licence = $_POST['item_number'];

      /***** CURRENTLY UPDATING THE DATABSE HERE *****/

      //header('Location: success.php?gate=paypal&state='.$state.'&amount='.$amount.'&currency='.$currency.'&fname='.$firstname.'&lname='.$lastname.'&country='.$country.'&txnid='.$txnid.'&uniqueid='.$uniqueid.'&merchant='.$merchant.'&email='.$email.'');
      header('Location: success.php?gate=paypal&txn_id='.$txnid.'');

      break;

   case 'cancel':       // Order was canceled...

      // The order was canceled before being completed.
      //echo "<br/><p><b>The order was canceled!</b></p><br />";
      //foreach ($_POST as $key => $value) { echo "$key: $value<br>"; }
      header('Location: failed.php');
      break;

   case 'ipn':          // Paypal is calling page for IPN validation...

      // It's important to remember that paypal calling this script.  There
      // is no output here.  This is where you validate the IPN data and if it's
      // valid, update your database to signify that the user has payed.  If
      // you try and use an echo or printf function here it's not going to do you
      // a bit of good.  This is on the "backend".  That is why, by default, the
      // class logs all IPN data to a text file.

      if ($p->validate_ipn()) {

         // Payment has been recieved and IPN is verified.  This is where you
         // update your database to activate or process the order, or setup
         // the database with the user's order details, email an administrator,
         // etc.  You can access a slew of information via the ipn_data() array.

         // Check the paypal documentation for specifics on what information
         // is available in the IPN POST variables.  Basically, all the POST vars
         // which paypal sends, which we send back for validation, are now stored
         // in the ipn_data() array.

         // For this example, we'll just email ourselves ALL the data.
         $dated = date("D, d M Y H:i:s", time());

         /***** BUT I FEEL THAT DATABASE SHOULD BE UPDATED HERE *****/

         /*
         $subject = 'Instant Payment Notification - Recieved Payment';
         $to = 'hb@supertec.com';    //  your email
         $body =  "An instant payment notification was successfully recieved\n";
         $body .= "from ".$p->ipn_data['payer_email']." on ".date('m/d/Y');
         $body .= " at ".date('g:i A')."\n\nDetails:\n";
         $headers = "";
         $headers .= "From: Test Paypal \r\n";
         $headers .= "Date: $dated \r\n";

        $PaymentStatus =  $p->ipn_data['payment_status'];
        $Email        =  $p->ipn_data['payer_email'];
        $id           =  $p->ipn_data['item_number'];

        if($PaymentStatus == 'Completed' or $PaymentStatus == 'Pending'){
          $PaymentStatus = '2';
        }else{
          $PaymentStatus = '1';
        }

        foreach ($p->ipn_data as $key => $value) { $body .= "\n$key: $value"; }
        fopen("http://www.virtualphoneline.com/admins/TestHMS.php?to=".urlencode($to)."&subject=".urlencode($subject)."&message=".urlencode($body)."&headers=".urlencode($headers)."","r");
        */
  }
      break;
 }
?>

0 个答案:

没有答案
相关问题
最新问题