Function Reference: geodir_ipn_handler_paypal

Summary

This function has not been documented yet.

Source Code

function geodir_ipn_handler_paypal() {
	$paymentOpts = get_payment_options('paypal');
	$paymode = $paymentOpts['payment_mode'];
	$sandbox = $paymode == 'sandbox' ? true : false;
	
	$currency_code 	= geodir_get_currency_type(); // Actual curency code
	$merchantid 	= $paymentOpts['merchantid']; // Actual paypal business email
	
	/* read the post from PayPal system and add 'cmd' */
	$post_data = 'cmd=_notify-validate';
	
	$post = $_POST;

	foreach ($post as $key => $value) {
		$value = urlencode(stripslashes_deep($value));
		$value = preg_replace('/(.*[^%^0^D])(%0A)(.*)/i','${1}%0D%0A${3}',$value);/* this fixes paypal invalid IPN , STIOFAN */
		$post_data .= "&$key=$value";
	}
	
	// post back to PayPal system to validate
	$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
	$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
	$header .= "Content-Length: " . strlen($post_data) . "\r\n\r\n";
	
	$paypal_url = $paymode == 'sandbox' ? 'ssl://www.sandbox.paypal.com' : 'ssl://www.paypal.com';
		
	$fp = fsockopen ($paypal_url, 443, $errno, $errstr, 30);
	
	if (!$fp) { 
		// HTTP ERROR
	} else {
		fputs ($fp, $header . $post_data);
	
		while (!feof($fp)) {
			$res = fgets ($fp, 1024);
			
			// Inspect IPN validation result and act accordingly
			$valid_ipn = strstr($res, "VERIFIED");
			$invalid_ipn = strstr($res, "INVALID");
			
			$invoice_id		= isset($post['custom']) ? $post['custom'] : NULL; // invoice id
			$invoice_info 	= geodir_get_invoice( $invoice_id );

			// if no invoice info it might have wrong custom field in IPN, as the post id.
			if(!$invoice_info){
				global $wpdb;
				$invoice = $wpdb->get_row($wpdb->prepare("SELECT * FROM ".INVOICE_TABLE." WHERE post_id = %d ", array($invoice_id)));
				if($invoice){
					$invoice_info = $invoice;	
				}
			}

			$user_id		= !empty( $invoice_info ) ? $invoice_info->user_id : '1';
			
			if ( $valid_ipn || $sandbox) { // it will enter in condition in test mode. 
				$item_name		= $post['item_name'];
				$txn_id			= $post['txn_id'];
				$payment_status	= $post['payment_status'];
				$payment_type	= $post['payment_type'];
				$payment_date	= $post['payment_date'];
				$txn_type		= $post['txn_type'];
				$subscription 	= $txn_type == 'recurring_payment' || $txn_type == 'subscr_payment' ? true : false;
				
				$mc_currency	= $post['mc_currency'];
				$mc_gross		= $post['mc_gross'];
				$payment_gross	= $post['payment_gross'];
				$receiver_email	= $post['receiver_email'];
				$receiver_id	= $post['receiver_id']; // Paypal Merchant Account ID
				$paid_amount	= $mc_gross ? $mc_gross : $payment_gross;
				
				$cart_amount	= $invoice_info->paied_amount;
				$post_id		= $invoice_info->post_id;
				
				/*####################################
				######## FRAUD CHECKS ################
				####################################*/
				$fraud					= false;
				$fraud_msg				= '';
				$transaction_details	= '';
				
				// Paypal business field allows both paypal id and paypal email. @see https://developer.paypal.com/docs/classic/paypal-payments-standard/integration-guide/Appx_websitestandard_htmlvariables/#html-variables-for-shopping-carts
				if ( !( $receiver_email == $merchantid || $receiver_id == $merchantid ) ) {
					$fraud = true;
					$fraud_msg .= __('### The Paypal receiver email address does not match the paypal address for this site ###
', 'geodir_payments'); } if ( floatval($paid_amount) != floatval($cart_amount) ) { $fraud = true; $fraud_msg .= __('### The paid amount does not match the price package selected ###
', 'geodir_payments'); } if ( $mc_currency != $currency_code ) { $fraud = true; $fraud_msg .= __('### The currency code returned does not match the code on this site. ###
', 'geodir_payments'); } /*##################################### ######## PAYMENT SUCCESSFUL ########### ######################################*/ if ($txn_type == 'web_accept' || $txn_type == 'subscr_payment' || $txn_type == 'recurring_payment' || $txn_type == 'express_checkout' ) { $paid_amount_with_currency = geodir_payment_price($paid_amount); if ( $fraud ) { $transaction_details .= __('WARNING FRAUD DETECTED PLEASE CHECK THE DETAILS - (IF CORRECT, THEN PUBLISH THE POST)', 'geodir_payments')."
"; } $transaction_details .= $fraud_msg; $transaction_details .= "--------------------------------------------------
"; $transaction_details .= sprintf(__("Payment Details for Invoice ID #%s", 'geodir_payments'), geodir_payment_invoice_id_formatted($invoice_id)) ."
"; $transaction_details .= "--------------------------------------------------
"; $transaction_details .= sprintf(__("Item Name: %s", 'geodir_payments'),$item_name)."
"; $transaction_details .= "--------------------------------------------------
"; $transaction_details .= sprintf(__("Trans ID: %s", 'geodir_payments'), $txn_id)."
"; $transaction_details .= sprintf(__("Status: %s", 'geodir_payments'), $payment_status)."
"; $transaction_details .= sprintf(__("Amount: %s", 'geodir_payments'), $paid_amount_with_currency)."
"; $transaction_details .= sprintf(__("Type: %s", 'geodir_payments'),$payment_type)."
"; $transaction_details .= sprintf(__("Date: %s", 'geodir_payments'), $payment_date)."
"; $transaction_details .= sprintf(__("Method: %s", 'geodir_payments'), $txn_type)."
"; $transaction_details .= "--------------------------------------------------
"; /*############ SET THE INVOICE STATUS START ############*/ // update invoice status and transaction details geodir_update_invoice_status( $invoice_id, 'confirmed', $subscription ); geodir_update_invoice_transaction_details( $invoice_id, $transaction_details ); /*############ SET THE INVOICE STATUS END ############*/ // send notification to admin geodir_payment_adminEmail( $post_id, $user_id, 'payment_success', $transaction_details ); // send notification to client geodir_payment_clientEmail( $post_id, $user_id, 'payment_success', $transaction_details ); } else if ( $txn_type == 'subscr_cancel' || $txn_type == 'subscr_failed' ) { // Set the subscription ac cancelled $post_content = str_replace("&", "
", urldecode($post_data)); $post_content .= '
############## '.__('ORIGINAL SUBSCRIPTION INFO BELOW', 'geodir_payments').' ####################
'; $post_content .= $invoice_info->html; // update invoice status and transaction details $status = $txn_type == 'subscr_cancel' ? 'cancelled' : 'failed'; geodir_update_invoice_status( $invoice_id, $status, $subscription ); geodir_update_invoice_transaction_details( $invoice_id, $post_content ); } else if( $txn_type == 'subscr_signup' ) { $post_content = '####### '.__('THIS IS A SUBSCRIPTION SIGNUP AND IF A FREE TRIAL WAS OFFERED NO PAYMENT WILL BE RECEIVED', 'geodir_payments').' ######
'; $post_content .= str_replace("&", "
", urldecode($post_data)); // update invoice status and transaction details geodir_update_invoice_status( $invoice_id, 'confirmed', $subscription ); geodir_update_invoice_transaction_details( $invoice_id, $post_content ); } /*##################################### ######## PAYMENT SUCCESSFUL ########### ######################################*/ } else if ( $invalid_ipn ) { // update invoice status geodir_update_invoice_status( $invoice_id, 'failed' ); // send notification to admin geodir_payment_adminEmail( $invoice_id, $user_id, 'payment_fail' ); } } } }