Function Reference: geodir_ipn_handler_paypal

Summary

This function has not been documented yet.

Source Code

function geodir_ipn_handler_paypal() {
	$paymentOpts = get_payment_options('paypal');
	$paymode = $paymentOpts['payment_mode'];
	$sandbox = $paymode == 'sandbox' ? true : false;
	
	$currency_code 	= geodir_get_currency_type(); // Actual curency code
	$merchantid 	= $paymentOpts['merchantid']; // Actual paypal business email
	
	/* read the post from PayPal system and add 'cmd' */
	$post_data = 'cmd=_notify-validate';
	
	$post = $_POST;

	foreach ($post as $key => $value) {
		$value = urlencode(stripslashes_deep($value));
		$value = preg_replace('/(.*[^%^0^D])(%0A)(.*)/i','${1}%0D%0A${3}',$value);/* this fixes paypal invalid IPN , STIOFAN */
		$post_data .= "&$key=$value";
	}
	
	// post back to PayPal system to validate
	$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
	$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
	$header .= "Content-Length: " . strlen($post_data) . "\r\n\r\n";
	
	$paypal_url = $paymode == 'sandbox' ? 'ssl://www.sandbox.paypal.com' : 'ssl://www.paypal.com';
		
	$fp = fsockopen ($paypal_url, 443, $errno, $errstr, 30);
	
	if (!$fp) { 
		// HTTP ERROR
	} else {
		fputs ($fp, $header . $post_data);
	
		while (!feof($fp)) {
			$res = fgets ($fp, 1024);
			
			// Inspect IPN validation result and act accordingly
			$valid_ipn = strstr($res, "VERIFIED");
			$invalid_ipn = strstr($res, "INVALID");
			
			$invoice_id		= isset($post['custom']) ? $post['custom'] : NULL; // invoice id
			$invoice_info 	= geodir_get_invoice( $invoice_id );

			// if no invoice info it might have wrong custom field in IPN, as the post id.
			if(!$invoice_info){
				global $wpdb;
				$invoice = $wpdb->get_row($wpdb->prepare("SELECT * FROM ".INVOICE_TABLE." WHERE post_id = %d ", array($invoice_id)));
				if($invoice){
					$invoice_info = $invoice;	
				}
			}

			$user_id		= !empty( $invoice_info ) ? $invoice_info->user_id : '1';
			
			if ( $valid_ipn || $sandbox) { // it will enter in condition in test mode. 
				$item_name		= $post['item_name'];
				$txn_id			= $post['txn_id'];
				$payment_status	= $post['payment_status'];
				$payment_type	= $post['payment_type'];
				$payment_date	= $post['payment_date'];
				$txn_type		= $post['txn_type'];
				$subscription 	= $txn_type == 'recurring_payment' || $txn_type == 'subscr_payment' ? true : false;
				
				$mc_currency	= $post['mc_currency'];
				$mc_gross		= $post['mc_gross'];
				$payment_gross	= $post['payment_gross'];
				$receiver_email	= $post['receiver_email'];
				$receiver_id	= $post['receiver_id']; // Paypal Merchant Account ID
				$paid_amount	= $mc_gross ? $mc_gross : $payment_gross;
				
				$cart_amount	= $invoice_info->paied_amount;
				$post_id		= $invoice_info->post_id;
				
				/*####################################
				######## FRAUD CHECKS ################
				####################################*/
				$fraud					= false;
				$fraud_msg				= '';
				$transaction_details	= '';
				
				// Paypal business field allows both paypal id and paypal email. @see https://developer.paypal.com/docs/classic/paypal-payments-standard/integration-guide/Appx_websitestandard_htmlvariables/#html-variables-for-shopping-carts
				if ( !( $receiver_email == $merchantid || $receiver_id == $merchantid ) ) {
					$fraud = true;
					$fraud_msg .= __('### The Paypal receiver email address does not match the paypal address for this site ###
', 'geodir_payments');
				}
				
				if ( floatval($paid_amount) != floatval($cart_amount) ) {
					$fraud = true;
					$fraud_msg .= __('### The paid amount does not match the price package selected ###
', 'geodir_payments');
				}
				
				if ( $mc_currency != $currency_code ) {
					$fraud = true;
					$fraud_msg .= __('### The currency code returned does not match the code on this site. ###
', 'geodir_payments');
				}
				
				/*#####################################
				######## PAYMENT SUCCESSFUL ###########
				######################################*/
				if ($txn_type == 'web_accept' || $txn_type == 'subscr_payment' || $txn_type == 'recurring_payment' || $txn_type == 'express_checkout' ) {
					$paid_amount_with_currency = geodir_payment_price($paid_amount);
					
					if ( $fraud ) {
						$transaction_details .= __('WARNING FRAUD DETECTED PLEASE CHECK THE DETAILS - (IF CORRECT, THEN PUBLISH THE POST)', 'geodir_payments')."
";
					}
					
					$transaction_details .= $fraud_msg;
					$transaction_details .= "--------------------------------------------------
";
					$transaction_details .= sprintf(__("Payment Details for Invoice ID #%s", 'geodir_payments'), geodir_payment_invoice_id_formatted($invoice_id)) ."
";
					$transaction_details .= "--------------------------------------------------
";
					$transaction_details .= sprintf(__("Item Name: %s", 'geodir_payments'),$item_name)."
";
					$transaction_details .= "--------------------------------------------------
";
					$transaction_details .= sprintf(__("Trans ID: %s", 'geodir_payments'), $txn_id)."
";
					$transaction_details .= sprintf(__("Status: %s", 'geodir_payments'), $payment_status)."
";
					$transaction_details .= sprintf(__("Amount: %s", 'geodir_payments'), $paid_amount_with_currency)."
";
					$transaction_details .= sprintf(__("Type: %s", 'geodir_payments'),$payment_type)."
";
					$transaction_details .= sprintf(__("Date: %s", 'geodir_payments'), $payment_date)."
";
					$transaction_details .= sprintf(__("Method: %s", 'geodir_payments'), $txn_type)."
";
					$transaction_details .= "--------------------------------------------------
";
										
					/*############ SET THE INVOICE STATUS START ############*/
					// update invoice status and transaction details
					geodir_update_invoice_status( $invoice_id, 'confirmed', $subscription );
					geodir_update_invoice_transaction_details( $invoice_id, $transaction_details );
					/*############ SET THE INVOICE STATUS END ############*/
					
					// send notification to admin
					geodir_payment_adminEmail( $post_id, $user_id, 'payment_success', $transaction_details );
					
					// send notification to client
					geodir_payment_clientEmail( $post_id, $user_id, 'payment_success', $transaction_details );
					
				} else if ( $txn_type == 'subscr_cancel' || $txn_type == 'subscr_failed' ) {
					// Set the subscription ac cancelled
					$post_content = str_replace("&", "
", urldecode($post_data));
					$post_content .= '
############## '.__('ORIGINAL SUBSCRIPTION INFO BELOW', 'geodir_payments').' ####################
';
					$post_content .= $invoice_info->html;
					
					// update invoice status and transaction details
					$status = $txn_type == 'subscr_cancel' ? 'cancelled' : 'failed';
					
					geodir_update_invoice_status( $invoice_id, $status, $subscription );
					geodir_update_invoice_transaction_details( $invoice_id, $post_content );
					
				} else if( $txn_type == 'subscr_signup' ) {
					$post_content = '####### '.__('THIS IS A SUBSCRIPTION SIGNUP AND IF A FREE TRIAL WAS OFFERED NO PAYMENT WILL BE RECEIVED', 'geodir_payments').' ######
';
					$post_content .= str_replace("&", "
", urldecode($post_data));
					
					// update invoice status and transaction details
					geodir_update_invoice_status( $invoice_id, 'confirmed', $subscription );
					geodir_update_invoice_transaction_details( $invoice_id, $post_content );
				}
				/*#####################################
				######## PAYMENT SUCCESSFUL ###########
				######################################*/				
			} else if ( $invalid_ipn ) {
				// update invoice status
				geodir_update_invoice_status( $invoice_id, 'failed' );
					
				// send notification to admin
				geodir_payment_adminEmail( $invoice_id, $user_id, 'payment_fail' );
			}	
		}
	}
}