我正在试图找出如何在Paypal付款时更新我名为Premium_Access的表格中的列。
我自己想出的是如何通过自己输入特定的memberID来更新Premium_Access。就像你可以在我的代码中看到的那样。 我应该如何以及在哪里获得登录用户的memberID?
这是我的listener.php
header('HTTP/1.1 200 OK');
//
// STEP 2 - create the response we need to send back to PayPal for them to confirm that it's legit
//
$resp = 'cmd=_notify-validate';
foreach ($_POST as $parm => $var)
{
$var = urlencode(stripslashes($var));
$resp .= "&$parm=$var";
}
// STEP 3 - Extract the data PayPal IPN has sent us, into local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$record_id = $_POST['custom'];
// Right.. we've pre-pended "cmd=_notify-validate" to the same data that PayPal sent us (I've just shown some of the data PayPal gives us. A complete list
// is on their developer site. Now we need to send it back to PayPal via HTTP. To do that, we create a file with the right HTTP headers followed by
// the data block we just createdand then send the whole bally lot back to PayPal using fsockopen
// STEP 4 - Get the HTTP header into a variable and send back the data we received so that PayPal can confirm it's genuine
$httphead = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$httphead .= "Content-Type: application/x-www-form-urlencoded\r\n";
$httphead .= "Content-Length: " . strlen($resp) . "\r\n\r\n";
// Now create a ="file handle" for writing to a URL to paypal.com on Port 443 (the IPN port)
$errno ='';
$errstr='';
$fh = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
// STEP 5 - Nearly done. Now send the data back to PayPal so it can tell us if the IPN notification was genuine
if (!$fh) {
// Uh oh. This means that we have not been able to get thru to the PayPal server. It's an HTTP failure
//
// You need to handle this here according to your preferred business logic. An email, a log message, a trip to the pub..
}
// Connection opened, so spit back the response and get PayPal's view whether it was an authentic notification
else {
fputs ($fh, $httphead . $resp);
while (!feof($fh))
{
$readresp = fgets ($fh, 1024);
if (strcmp ($readresp, "VERIFIED") == 0)
{
$servername = "my db ip";
$username = "my db username";
$password = "my db password";
$dbname = "my database";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
//When the payment is made i want to update Premiumaccsess in members to YES (for the logged in user)
//Im not sure if i should find out who is logged in by memberID or username
$sql = "UPDATE members SET Premium_Accsess='YES' WHERE memberID=15";
if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $conn->error;
}
$conn->close();
}
else if (strcmp ($readresp, "INVALID") == 0)
{
// Man alive! A hacking attempt?
}
}
fclose ($fh);
}
?>
这是我的user.php(我不认为我必须在这里做更多的事情,但如果你能看到错误请告诉我。)
<?php
include('password.php');
class User extends Password{
private $_db;
function __construct($db){
parent::__construct();
$this->_db = $db;
}
private function get_user_hash($username){
try {
$stmt = $this->_db->prepare('SELECT password, username, memberID, Premium_Accsess FROM members WHERE username = :username AND active="Yes" ');
$stmt->execute(array('username' => $username));
return $stmt->fetch();
} catch(PDOException $e) {
echo '<p class="bg-danger">'.$e->getMessage().'</p>';
}
}
public function isValidUsername($username){
if (strlen($username) < 3) return false;
if (strlen($username) > 17) return false;
if (!ctype_alnum($username)) return false;
return true;
}
public function login($username,$password){
if (!$this->isValidUsername($username)) return false;
if (strlen($password) < 3) return false;
$row = $this->get_user_hash($username);
if($this->password_verify($password,$row['password']) == 1){
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $row['username'];
$_SESSION['memberID'] = $row['memberID'];
return true;
}
}
public function logout(){
session_destroy();
}
public function is_logged_in(){
if(isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true){
return true;
}
}
}