04f47a89 |
1 | <?php // $Id$ |
2 | |
3 | /** |
4 | * Listens for Instant Payment Notification from Paypal |
5 | * |
6 | * This script waits for Payment notification from Paypal, |
7 | * then double checks that data by sending it back to Paypal. |
8 | * If Paypal verifies this then it sets up the enrolment for that |
9 | * |
10 | * Set the $user->timeaccess course array |
11 | * |
12 | * @param user referenced object, must contain $user->id already set |
13 | */ |
14 | |
15 | |
16 | /// Keep out casual intruders |
17 | if (empty($_POST)) { |
18 | error("Sorry, you can not use the script that way."); |
19 | } |
20 | |
21 | /// Read all the data from Paypal and get it ready for later |
22 | |
23 | $req = 'cmd=_notify-validate'; |
24 | |
25 | foreach ($_POST as $key => $value) { |
26 | $value = urlencode(stripslashes($value)); |
27 | $req .= "&$key=$value"; |
28 | $data->$key = $value; |
29 | } |
30 | |
31 | $data->courseid = $data->item_number; |
32 | $data->userid = $data->custom; |
33 | $data->payment_amount = $data->mc_gross; |
34 | $data->payment_currency = $data->mc_currency; |
35 | |
36 | |
37 | /// Open a connection back to PayPal to validate the data |
38 | |
39 | $header = ''; |
40 | $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n"; |
41 | $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; |
42 | $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; |
43 | $fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30); |
44 | |
45 | if (!$fp) { /// Could not open a socket to Paypal - FAIL |
46 | echo "<p>Error: could not access paypal.com</p>"; |
47 | email_paypal_error_to_admin("Could not access paypal.com to verify payment", $data); |
48 | die; |
49 | } |
50 | |
51 | /// Connection is OK, so now we post the data to validate it |
52 | |
53 | fputs ($fp, $header.$req); |
54 | |
55 | /// Now read the response and check if everything is OK. |
56 | |
57 | while (!feof($fp)) { |
58 | $result = fgets($fp, 1024); |
59 | if (strcmp($result, "VERIFIED") == 0) { // VALID PAYMENT! |
60 | |
61 | // check the payment_status is Completed |
62 | |
63 | if ($data->payment_status != "Completed") { // Not complete? |
64 | email_paypal_error_to_admin("Transaction status is: $data->payment_status", $data); |
65 | die; |
66 | } |
67 | |
68 | if ($existing = get_record("enrol_paypal", "txn_id", $data->txn_id)) { // Make sure this transaction doesn't exist already |
69 | |
70 | } |
71 | |
72 | if () { // Check that the email is the one we want it to be |
73 | |
74 | } |
75 | |
76 | if (!$user = get_record('user', 'id', $data->userid)) { // Check that user exists |
77 | email_paypal_error_to_admin("User $data->userid doesn't exist", $data); |
78 | } |
79 | |
80 | if (!$course = get_record('user', 'id', $data->courseid)) { // Check that course exists |
81 | email_paypal_error_to_admin("Course $data->courseid doesn't exist", $data); |
82 | } |
83 | |
84 | if () { // Check that amount paid is the correct amount |
85 | |
86 | } |
87 | |
88 | // ALL CLEAR ! |
89 | |
90 | if (!insert_record("enrol_paypal", $data)) { // Insert a transaction record |
91 | email_paypal_error_to_admin("Error while trying to insert valid transaction", $data); |
92 | } |
93 | |
94 | if (!enrol_student($user->id, $course->id)) { // Enrol the student |
95 | email_paypal_error_to_admin("Error while trying to enrol ".fullname($user)." in '$course->fullname'", $data); |
96 | } else { |
97 | if (!empty($CFG->enrol_paypalemail)) { |
98 | $teacher = get_teacher(); |
99 | email_to_user($teacher, $user, get_string("enrolmentnew"), "I have enrolled in your class via Paypal"); |
100 | email_to_user($user, $teacher, get_string("enrolmentnew"), get_string('welcometocoursetext')); |
101 | } |
102 | } |
103 | |
104 | |
105 | } else if (strcmp ($result, "INVALID") == 0) { // ERROR |
106 | insert_record("enrol_paypal", $data); |
107 | email_paypal_error_to_admin("Received an invalid payment notification!! (Fake payment?)", $data); |
108 | } |
109 | } |
110 | |
111 | fclose($fp); |
112 | exit; |
113 | |
114 | |
115 | |
116 | /// FUNCTIONS ////////////////////////////////////////////////////////////////// |
117 | |
118 | |
119 | function email_paypal_error_to_admin($subject, $data) { |
120 | $admin = get_admin(); |
121 | $site = get_admin(); |
122 | |
123 | $message = "$site->fullname: Transaction failed.\n\n$subject\n\n"; |
124 | |
125 | foreach ($data as $key => $value) { |
126 | $message .= "$key => $value\n"; |
127 | } |
128 | |
129 | email_to_user($admin, $admin, "PAYPAL ERROR: ".$subject, $message); |
130 | |
131 | } |
132 | |
133 | ?> |