www.gusucode.com > Destoon B2B仿淘宝电子商务网站 UTF8 v6.0源码程序 > destoon/api/pay/paypal/notify.php
<?php
$_SERVER['REQUEST_URI'] = '';
$_DPOST = $_POST;
$_DGET = $_GET;
require '../../../common.inc.php';
$_POST = $_DPOST;
$_GET = $_DGET;
if(!$_POST && !$_GET) exit('fail');
$bank = 'paypal';
$PAY = cache_read('pay.php');
if(!$PAY[$bank]['enable']) exit('fail');
if(!$PAY[$bank]['partnerid']) exit('fail');
$editor = 'N'.$bank;
$header = "";
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
// Handle escape characters, which depends on setting of magic quotes
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
// Post back to PayPal to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen('www.paypal.com', 80, $errno, $errstr, 30);
#$fp = fsockopen('ssl://www.paypal.com', 443, $errno, $errstr, 30);
// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$charge_status = 0;
$item_number = intval($item_number);
$r = $db->get_one("SELECT * FROM {$DT_PRE}finance_charge WHERE itemid='$item_number'");
if($r) {
if($r['status'] == 0) {
$charge_orderid = $r['itemid'];
$charge_money = $r['amount'] + $r['fee'];
$charge_amount = $r['amount'];
// Process validation from PayPal
if (!$fp) {
// HTTP ERROR
$charge_status = 2;
$charge_errcode = 'PayPal HTTP ERROR';
} else {
// NO HTTP ERROR
fputs($fp, $header.$req);
while(!feof($fp)) {
$res = fgets($fp, 1024);
if(strcmp($res, "VERIFIED") == 0) {
// TODO:
// Check the payment_status is Completed
// Check that txn_id has not been previously processed
// Check that receiver_email is your Primary PayPal email
// Check that payment_amount/payment_currency are correct
// Process payment
if($payment_amount != $charge_money) {
$charge_status = 2;
$charge_errcode = '充值金额不匹配';
} else if($payment_currency != $PAY[$bank]['currency']) {
$charge_status = 2;
$charge_errcode = '充值币种不匹配';
} else if($receiver_email != $PAY[$bank]['partnerid']) {
$charge_status = 2;
$charge_errcode = '收款帐号不匹配';
} else if($payment_status == 'Completed') {
$charge_status = 1;
}
} else if(strcmp($res, "INVALID") == 0) {
// If 'INVALID', send an email. TODO: Log for manual investigation.
$charge_status = 2;
$charge_errcode = '支付失败';
}
}
}
fclose($fp);
if($charge_status == 1) {
$db->query("UPDATE {$DT_PRE}finance_charge SET status=3,money=$charge_money,receivetime='$DT_TIME',editor='$editor' WHERE itemid=$charge_orderid");
require DT_ROOT.'/include/module.func.php';
money_add($r['username'], $r['amount']);
money_record($r['username'], $r['amount'], $PAY[$bank]['name'], 'system', '在线充值', '流水号:'.$charge_orderid);
$MOD = cache_read('module-2.php');
if($MOD['credit_charge'] > 0) {
$credit = intval($r['amount']*$MOD['credit_charge']);
if($credit > 0) {
credit_add($r['username'], $credit);
credit_record($r['username'], $credit, 'system', '充值奖励', '充值'.$r['amount'].$DT['money_unit']);
}
}
exit('success');
} else {
$note = $charge_errcode;
$db->query("UPDATE {$DT_PRE}finance_charge SET status=1,receivetime='$DT_TIME',editor='$editor',note='$note' WHERE itemid=$charge_orderid");//支付失败
exit('fail');
}
} else if($r['status'] == 1) {
exit('fail');
} else if($r['status'] == 2) {
exit('fail');
} else {
exit('success');
}
} else {
exit('fail');
}
?>