我在尝试捕获订阅取消时遇到很多问题。这是我从Paypal的代码示例页面获得的IPN Im。当用户结束订阅时,我添加了mySQL脚本以减去4000个学分。当我用另一个paypal帐户测试代码时,一旦我取消订阅,就不会减去4000个信用 PayPal IPN是错误的还是按钮错误或者是什么!?
<?php
session_start();
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
//////////////////////////////////////////////I added this here also. Check if its canceled
if("subscr_cancel" = $_POST['txn_type']){
if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
// check the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment
/////I added this mysql
$password = secret
$username = secret
$websites= "websites";
$database = "k29803_1";
mysql_connect("localhost", $username, $password) or die(mysql_error());
mysql_select_db($database);
$query = "SELECT * FROM users WHERE username= '$_SESSION[username]' AND password = '$_SESSION[password]'";
$results = mysql_query($query)or die(mysql_error());
if(mysql_num_rows($results)==1){
$add_credits = "UPDATE users SET credits = credits +1000
WHERE username= '$_SESSION[username]' AND password = '$_SESSION[password]'";
mysql_query($add_credits) or die(mysql_error());
}
}
else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
}
}
fclose ($fp);
}
}
?>
按钮看起来像这样
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="NQMGM2LCZUQRE">
<input type="hidden" name="item_name" value="1" />
<input type="hidden" name="item_number" value="01" />
<input type="hidden" name="amount" value="1.99" />
<input type="hidden" name="currency_code" value="USD" />
<input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_subscribeCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>
我被重定向到此页面,但我没有减去MYSQL值
答案 0 :(得分:0)
我看到的主要问题是您正在使用会话变量。请注意,点击您的PHP代码的请求将直接来自PayPal服务器,并且无与当前登录的用户有关。
您需要将用户信息传递给PayPal,以便PayPal可以将其作为IPN请求的一部分传递回您的服务器。您可以做的另一件事是检查IPN中的一些值,例如付款人的电子邮件地址(payer_email
)或parent_txn_id
或payer_id
。
我不确定订阅,但退款和取消IPN将包含提供原始购买的txn_id的parent_txn_id
,因此您可以使用它来找到用户的帐户。
您需要做的是确保在购买时您正在保存来自IPN的所有信息并通过txn_id或类似用户的帐户将其绑定。取消时,使用parent_txn_id
或您用于在数据库中查找帐户的任何值,然后将更改应用于用户的帐户。
我在上面的代码中看到了许多其他问题。
$query = "SELECT * FROM users WHERE username= '$_SESSION[username]' AND password = '$_SESSION[password]'";
您需要在添加到查询中的所有变量上使用mysql_real_escape_string。你应该这样做:
$query = "SELECT * FROM users WHERE username='".mysql_real_escape_string($username)."' AND password = '.mysql_real_escape_string($password).'";
其次,数组引用应该使用键名称周围的引号:
$_SESSION[password] => $_SESSION['password']
第三,您应该按用户表中的行ID(您确实将主键“id”设置为自动增量,对吗?)而不是用户名和密码来定位数据库中的用户。在对用户进行身份验证之后,您实际上不应该将其密码保存在会话变量中。
答案 1 :(得分:0)
您的代码有错误:
if("subscr_cancel" = $_POST['txn_type']){
看看比较:
if("subscr_cancel" == $_POST['txn_type']){