| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270 |
- <?php
- /*******************************************************************************
- * PHP Paypal IPN Integration Class
- *******************************************************************************
- * Author: Micah Carrick
- * Email: [email protected]
- * Website: http://www.micahcarrick.com
- *
- * File: paypal.class.php
- * Version: 1.3.0
- * Copyright: (c) 2005 - Micah Carrick
- * You are free to use, distribute, and modify this software
- * under the terms of the GNU General Public License. See the
- * included license.txt file.
- *
- *******************************************************************************
- * VERION HISTORY:
- * v1.3.0 [10.10.2005] - Fixed it so that single quotes are handled the
- * right way rather than simple stripping them. This
- * was needed because the user could still put in
- * quotes.
- *
- * v1.2.1 [06.05.2005] - Fixed typo from previous fix :)
- *
- * v1.2.0 [05.31.2005] - Added the optional ability to remove all quotes
- * from the paypal posts. The IPN will come back
- * invalid sometimes when quotes are used in certian
- * fields.
- *
- * v1.1.0 [05.15.2005] - Revised the form output in the submit_paypal_post
- * method to allow non-javascript capable browsers
- * to provide a means of manual form submission.
- *
- * v1.0.0 [04.16.2005] - Initial Version
- *
- *******************************************************************************
- * DESCRIPTION:
- *
- * NOTE: See www.micahcarrick.com for the most recent version of this class
- * along with any applicable sample files and other documentaion.
- *
- * This file provides a neat and simple method to interface with paypal and
- * The paypal Instant Payment Notification (IPN) interface. This file is
- * NOT intended to make the paypal integration "plug 'n' play". It still
- * requires the developer (that should be you) to understand the paypal
- * process and know the variables you want/need to pass to paypal to
- * achieve what you want.
- *
- * This class handles the submission of an order to paypal aswell as the
- * processing an Instant Payment Notification.
- *
- * This code is based on that of the php-toolkit from paypal. I've taken
- * the basic principals and put it in to a class so that it is a little
- * easier--at least for me--to use. The php-toolkit can be downloaded from
- * http://sourceforge.net/projects/paypal.
- *
- * To submit an order to paypal, have your order form POST to a file with:
- *
- * $p = new paypal_class;
- * $p->add_field('business', '[email protected]');
- * $p->add_field('first_name', $_POST['first_name']);
- * ... (add all your fields in the same manor)
- * $p->submit_paypal_post();
- *
- * To process an IPN, have your IPN processing file contain:
- *
- * $p = new paypal_class;
- * if ($p->validate_ipn()) {
- * ... (IPN is verified. Details are in the ipn_data() array)
- * }
- *
- *
- * In case you are new to paypal, here is some information to help you:
- *
- * 1. Download and read the Merchant User Manual and Integration Guide from
- * http://www.paypal.com/en_US/pdf/integration_guide.pdf. This gives
- * you all the information you need including the fields you can pass to
- * paypal (using add_field() with this class) aswell as all the fields
- * that are returned in an IPN post (stored in the ipn_data() array in
- * this class). It also diagrams the entire transaction process.
- *
- * 2. Create a "sandbox" account for a buyer and a seller. This is just
- * a test account(s) that allow you to test your site from both the
- * seller and buyer perspective. The instructions for this is available
- * at https://developer.paypal.com/ as well as a great forum where you
- * can ask all your paypal integration questions. Make sure you follow
- * all the directions in setting up a sandbox test environment, including
- * the addition of fake bank accounts and credit cards.
- *
- *******************************************************************************
- */
- class paypal_class {
-
- var $last_error; // holds the last error encountered
-
- var $ipn_log; // bool: log IPN results to text file?
-
- var $ipn_log_file; // filename of the IPN log
- var $ipn_response; // holds the IPN response from paypal
- var $ipn_data = array(); // array contains the POST values for IPN
-
- var $fields = array(); // array holds the fields to submit to paypal
-
- function paypal_class() {
-
- // initialization constructor. Called when class is created.
-
- $this->paypal_url = 'https://www.paypal.com/cgi-bin/webscr';
-
- $this->last_error = '';
-
- $this->ipn_log_file = '.ipn_results.log';
- $this->ipn_log = true;
- $this->ipn_response = '';
-
- // populate $fields array with a few default values. See the paypal
- // documentation for a list of fields and their data types. These defaul
- // values can be overwritten by the calling script.
- $this->add_field('rm','2'); // Return method = POST
- $this->add_field('cmd','_xclick');
-
- }
-
- function add_field($field, $value) {
-
- // adds a key=>value pair to the fields array, which is what will be
- // sent to paypal as POST variables. If the value is already in the
- // array, it will be overwritten.
-
- $this->fields["$field"] = $value;
- }
- function submit_paypal_post() {
-
- // this function actually generates an entire HTML page consisting of
- // a form with hidden elements which is submitted to paypal via the
- // BODY element's onLoad attribute. We do this so that you can validate
- // any POST vars from you custom form before submitting to paypal. So
- // basically, you'll have your own form which is submitted to your script
- // to validate the data, which in turn calls this function to create
- // another hidden form and submit to paypal.
-
- // The user will briefly see a message on the screen that reads:
- // "Please wait, your order is being processed..." and then immediately
- // is redirected to paypal.
- echo "<head><title>Processing Payment...</title></head>\n";
- echo "<body onLoad=\"document.forms['paypal_form'].submit();\">\n";
- echo "<form method=\"post\" name=\"paypal_form\" ";
- echo "action=\"".$this->paypal_url."\">\n";
- echo '<input type="hidden" name="cmd" value="_xclick">';
- foreach ($this->fields as $name => $value) {
- echo "<input type=\"hidden\" name=\"$name\" value=\"$value\"/>\n";
- }
- echo "</form>\n";
- echo "</body>\n";
- }
-
- function validate_ipn() {
- // parse the paypal URL
- $url_parsed=parse_url($this->paypal_url);
- // generate the post string from the _POST vars aswell as load the
- // _POST vars into an arry so we can play with them from the calling
- // script.
- $post_string = '';
- foreach ($_POST as $field=>$value) {
- $this->ipn_data["$field"] = $value;
- $post_string .= $field.'='.urlencode(stripslashes($value)).'&';
- }
- $post_string.="cmd=_notify-validate"; // append ipn command
- // open the connection to paypal
- $fp = fsockopen($url_parsed[host],"80",$err_num,$err_str,30);
- if(!$fp) {
-
- // could not open the connection. If loggin is on, the error message
- // will be in the log.
- $this->last_error = "fsockopen error no. $errnum: $errstr";
- $this->log_ipn_results(false);
- return false;
-
- } else {
-
- // Post the data back to paypal
- fputs($fp, "POST $url_parsed[path] HTTP/1.1\r\n");
- fputs($fp, "Host: $url_parsed[host]\r\n");
- fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n");
- fputs($fp, "Content-length: ".strlen($post_string)."\r\n");
- fputs($fp, "Connection: close\r\n\r\n");
- fputs($fp, $post_string . "\r\n\r\n");
- // loop through the response from the server and append to variable
- while(!feof($fp)) {
- $this->ipn_response .= fgets($fp, 1024);
- }
- fclose($fp); // close connection
- }
-
- if (eregi("VERIFIED",$this->ipn_response)) {
-
- // Valid IPN transaction.
- $this->log_ipn_results(true);
- return true;
-
- } else {
-
- // Invalid IPN transaction. Check the log for details.
- $this->last_error = 'IPN Validation Failed.';
- $this->log_ipn_results(false);
- return false;
-
- }
-
- }
-
- function log_ipn_results($success) {
-
- if (!$this->ipn_log) return; // is logging turned off?
-
- // Timestamp
- $text = '['.date('m/d/Y g:i A').'] - ';
-
- // Success or failure being logged?
- if ($success) $text .= "SUCCESS!\n";
- else $text .= 'FAIL: '.$this->last_error."\n";
-
- // Log the POST variables
- $text .= "IPN POST Vars from Paypal:\n";
- foreach ($this->ipn_data as $key=>$value) {
- $text .= "$key=$value, ";
- }
-
- // Log the response from the paypal server
- $text .= "\nIPN Response from Paypal Server:\n ".$this->ipn_response;
-
- // Write to log
- $fp=fopen($this->ipn_log_file,'a');
- fwrite($fp, $text . "\n\n");
- fclose($fp); // close file
- }
- function dump_fields() {
-
- // Used for debugging, this function will output all the field/value pairs
- // that are currently defined in the instance of the class using the
- // add_field() function.
-
- echo "<h3>paypal_class->dump_fields() Output:</h3>";
- echo "<table width=\"95%\" border=\"1\" cellpadding=\"2\" cellspacing=\"0\">
- <tr>
- <td bgcolor=\"black\"><b><font color=\"white\">Field Name</font></b></td>
- <td bgcolor=\"black\"><b><font color=\"white\">Value</font></b></td>
- </tr>";
-
- ksort($this->fields);
- foreach ($this->fields as $key => $value) {
- echo "<tr><td>$key</td><td>".urldecode($value)." </td></tr>";
- }
-
- echo "</table><br>";
- }
- }
|
