[moodle.git] / enrol / paypal / ipn.php

<?php  // $Id$

/**
* Listens for Instant Payment Notification from Paypal
*
* This script waits for Payment notification from Paypal,
* then double checks that data by sending it back to Paypal.
* If Paypal verifies this then it sets up the enrolment for that
* 
* Set the $user->timeaccess course array
*
* @param    user  referenced object, must contain $user->id already set
*/


/// Keep out casual intruders
    if (empty($_POST)) {
        error("Sorry, you can not use the script that way.");
    }

/// Read all the data from Paypal and get it ready for later

    $req = 'cmd=_notify-validate';

    foreach ($_POST as $key => $value) {
        $value = urlencode(stripslashes($value));
        $req .= "&$key=$value";
        $data->$key = $value;
    }

    $data->courseid         = $data->item_number;
    $data->userid           = $data->custom;
    $data->payment_amount   = $data->mc_gross;
    $data->payment_currency = $data->mc_currency;


/// Open a connection back to PayPal to validate the data

    $header = '';
    $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
    $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
    $header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
    $fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);

    if (!$fp) {  /// Could not open a socket to Paypal - FAIL
        echo "<p>Error: could not access paypal.com</p>";
        email_paypal_error_to_admin("Could not access paypal.com to verify payment", $data);
        die;
    }

/// Connection is OK, so now we post the data to validate it

    fputs ($fp, $header.$req);

/// Now read the response and check if everything is OK.

    while (!feof($fp)) {
        $result = fgets($fp, 1024);
        if (strcmp($result, "VERIFIED") == 0) {          // VALID PAYMENT!

            // check the payment_status is Completed

            if ($data->payment_status != "Completed") {   // Not complete?
                email_paypal_error_to_admin("Transaction status is: $data->payment_status", $data);
                die;
            }

            if ($existing = get_record("enrol_paypal", "txn_id", $data->txn_id)) {   // Make sure this transaction doesn't exist already

            } 
            
            if () {   // Check that the email is the one we want it to be

            } 
            
            if (!$user = get_record('user', 'id', $data->userid)) {   // Check that user exists
                email_paypal_error_to_admin("User $data->userid doesn't exist", $data);
            }

            if (!$course = get_record('user', 'id', $data->courseid)) { // Check that course exists
                email_paypal_error_to_admin("Course $data->courseid doesn't exist", $data);
            }

            if () {   // Check that amount paid is the correct amount

            }

            // ALL CLEAR !

            if (!insert_record("enrol_paypal", $data)) {       // Insert a transaction record
                email_paypal_error_to_admin("Error while trying to insert valid transaction", $data);
            }

            if (!enrol_student($user->id, $course->id)) {       // Enrol the student
                email_paypal_error_to_admin("Error while trying to enrol ".fullname($user)." in '$course->fullname'", $data);
            } else {
                if (!empty($CFG->enrol_paypalemail)) {
                    $teacher = get_teacher();
                    email_to_user($teacher, $user, get_string("enrolmentnew"), "I have enrolled in your class via Paypal");
                    email_to_user($user, $teacher, get_string("enrolmentnew"), get_string('welcometocoursetext'));
                }
            }


        } else if (strcmp ($result, "INVALID") == 0) { // ERROR
            insert_record("enrol_paypal", $data);
            email_paypal_error_to_admin("Received an invalid payment notification!! (Fake payment?)", $data);
        }
    }

    fclose($fp);
    exit;


/// FUNCTIONS //////////////////////////////////////////////////////////////////


function email_paypal_error_to_admin($subject, $data) {
    $admin = get_admin();
    $site = get_admin();

    $message = "$site->fullname:  Transaction failed.\n\n$subject\n\n";

    foreach ($data as $key => $value) {
        $message .= "$key => $value\n";
    }

    email_to_user($admin, $admin, "PAYPAL ERROR: ".$subject, $message);

}

?>
Commit	Line	Data
04f47a89	1	<?php // $Id$
	2
	3	/**
	4	* Listens for Instant Payment Notification from Paypal
	5	*
	6	* This script waits for Payment notification from Paypal,
	7	* then double checks that data by sending it back to Paypal.
	8	* If Paypal verifies this then it sets up the enrolment for that
	9	*
	10	* Set the $user->timeaccess course array
	11	*
	12	* @param user referenced object, must contain $user->id already set
	13	*/
	14
	15
	16	/// Keep out casual intruders
	17	if (empty($_POST)) {
	18	error("Sorry, you can not use the script that way.");
	19	}
	20
	21	/// Read all the data from Paypal and get it ready for later
	22
	23	$req = 'cmd=_notify-validate';
	24
	25	foreach ($_POST as $key => $value) {
	26	$value = urlencode(stripslashes($value));
	27	$req .= "&$key=$value";
	28	$data->$key = $value;
	29	}
	30
	31	$data->courseid = $data->item_number;
	32	$data->userid = $data->custom;
	33	$data->payment_amount = $data->mc_gross;
	34	$data->payment_currency = $data->mc_currency;
	35
	36
	37	/// Open a connection back to PayPal to validate the data
	38
	39	$header = '';
	40	$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
	41	$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
	42	$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
	43	$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);
	44
	45	if (!$fp) { /// Could not open a socket to Paypal - FAIL
	46	echo "<p>Error: could not access paypal.com</p>";
	47	email_paypal_error_to_admin("Could not access paypal.com to verify payment", $data);
	48	die;
	49	}
	50
	51	/// Connection is OK, so now we post the data to validate it
	52
	53	fputs ($fp, $header.$req);
	54
	55	/// Now read the response and check if everything is OK.
	56
	57	while (!feof($fp)) {
	58	$result = fgets($fp, 1024);
	59	if (strcmp($result, "VERIFIED") == 0) { // VALID PAYMENT!
	60
	61	// check the payment_status is Completed
	62
	63	if ($data->payment_status != "Completed") { // Not complete?
	64	email_paypal_error_to_admin("Transaction status is: $data->payment_status", $data);
65	die;
66	}
67
68	if ($existing = get_record("enrol_paypal", "txn_id", $data->txn_id)) { // Make sure this transaction doesn't exist already
69
70	}
71
72	if () { // Check that the email is the one we want it to be
73
74	}
75
76	if (!$user = get_record('user', 'id', $data->userid)) { // Check that user exists
77	email_paypal_error_to_admin("User $data->userid doesn't exist", $data);
78	}
79
80	if (!$course = get_record('user', 'id', $data->courseid)) { // Check that course exists
81	email_paypal_error_to_admin("Course $data->courseid doesn't exist", $data);
82	}
83
84	if () { // Check that amount paid is the correct amount
85
86	}
87
88	// ALL CLEAR !
89
90	if (!insert_record("enrol_paypal", $data)) { // Insert a transaction record
91	email_paypal_error_to_admin("Error while trying to insert valid transaction", $data);
92	}
93
94	if (!enrol_student($user->id, $course->id)) { // Enrol the student
95	email_paypal_error_to_admin("Error while trying to enrol ".fullname($user)." in '$course->fullname'", $data);
96	} else {
97	if (!empty($CFG->enrol_paypalemail)) {
98	$teacher = get_teacher();
99	email_to_user($teacher, $user, get_string("enrolmentnew"), "I have enrolled in your class via Paypal");
100	email_to_user($user, $teacher, get_string("enrolmentnew"), get_string('welcometocoursetext'));
101	}
102	}
103
104
105	} else if (strcmp ($result, "INVALID") == 0) { // ERROR
106	insert_record("enrol_paypal", $data);
107	email_paypal_error_to_admin("Received an invalid payment notification!! (Fake payment?)", $data);
108	}
109	}
110
111	fclose($fp);
112	exit;
113
114
115
116	/// FUNCTIONS //////////////////////////////////////////////////////////////////
117
118
119	function email_paypal_error_to_admin($subject, $data) {
120	$admin = get_admin();
121	$site = get_admin();
122
123	$message = "$site->fullname: Transaction failed.\n\n$subject\n\n";
124
125	foreach ($data as $key => $value) {
126	$message .= "$key => $value\n";
127	}
128
129	email_to_user($admin, $admin, "PAYPAL ERROR: ".$subject, $message);
130
131	}
132
133	?>