Some typos corrected
[moodle.git] / enrol / paypal / ipn.php
CommitLineData
04f47a89 1<?php // $Id$
2
3/**
4* Listens for Instant Payment Notification from Paypal
5*
6* This script waits for Payment notification from Paypal,
7* then double checks that data by sending it back to Paypal.
8* If Paypal verifies this then it sets up the enrolment for that
9*
10* Set the $user->timeaccess course array
11*
12* @param user referenced object, must contain $user->id already set
13*/
14
15
3d970777 16 require("../../config.php");
17 require("enrol.php");
18
04f47a89 19/// Keep out casual intruders
3d970777 20 if (empty($_POST) or !empty($_GET)) {
04f47a89 21 error("Sorry, you can not use the script that way.");
22 }
23
24/// Read all the data from Paypal and get it ready for later
25
26 $req = 'cmd=_notify-validate';
27
28 foreach ($_POST as $key => $value) {
29 $value = urlencode(stripslashes($value));
30 $req .= "&$key=$value";
3d970777 31 $data->$key = urldecode($value);
04f47a89 32 }
33
3d970777 34 $custom = explode('-', $data->custom);
35 $data->userid = $custom[0];
36 $data->courseid = $custom[1];
04f47a89 37 $data->payment_amount = $data->mc_gross;
38 $data->payment_currency = $data->mc_currency;
39
40
41/// Open a connection back to PayPal to validate the data
42
43 $header = '';
44 $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
45 $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
46 $header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
47 $fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);
48
49 if (!$fp) { /// Could not open a socket to Paypal - FAIL
50 echo "<p>Error: could not access paypal.com</p>";
51 email_paypal_error_to_admin("Could not access paypal.com to verify payment", $data);
52 die;
53 }
54
55/// Connection is OK, so now we post the data to validate it
56
57 fputs ($fp, $header.$req);
58
59/// Now read the response and check if everything is OK.
60
61 while (!feof($fp)) {
62 $result = fgets($fp, 1024);
63 if (strcmp($result, "VERIFIED") == 0) { // VALID PAYMENT!
64
65 // check the payment_status is Completed
66
67 if ($data->payment_status != "Completed") { // Not complete?
68 email_paypal_error_to_admin("Transaction status is: $data->payment_status", $data);
69 die;
70 }
71
72 if ($existing = get_record("enrol_paypal", "txn_id", $data->txn_id)) { // Make sure this transaction doesn't exist already
3d970777 73 email_paypal_error_to_admin("Transaction $data->txn_id is being repeated!", $data);
74 die;
04f47a89 75
76 }
77
3d970777 78 if ($data->business != $CFG->enrol_paypalbusiness) { // Check that the email is the one we want it to be
79 email_paypal_error_to_admin("Business email is $data->business (not $CFG->enrol_paypalbusiness)", $data);
80 die;
04f47a89 81
82 }
83
84 if (!$user = get_record('user', 'id', $data->userid)) { // Check that user exists
85 email_paypal_error_to_admin("User $data->userid doesn't exist", $data);
3d970777 86 die;
04f47a89 87 }
88
631cba64 89 if (!$course = get_record('course', 'id', $data->courseid)) { // Check that course exists
3d970777 90 email_paypal_error_to_admin("Course $data->courseid doesn't exist", $data);;
91 die;
04f47a89 92 }
93
3d970777 94 // Check that amount paid is the correct amount
95 if ( (float) $course->cost < 0 ) {
96 $cost = (float) $CFG->enrol_cost;
97 } else {
98 $cost = (float) $course->cost;
99 }
100 $cost = format_float($cost, 2);
101
102 if ($data->payment_gross < $cost) {
103 email_paypal_error_to_admin("Amount paid is not enough ($data->payment_gross < $cost))", $data);
104 die;
04f47a89 105
106 }
107
108 // ALL CLEAR !
109
110 if (!insert_record("enrol_paypal", $data)) { // Insert a transaction record
111 email_paypal_error_to_admin("Error while trying to insert valid transaction", $data);
112 }
113
114 if (!enrol_student($user->id, $course->id)) { // Enrol the student
115 email_paypal_error_to_admin("Error while trying to enrol ".fullname($user)." in '$course->fullname'", $data);
3d970777 116 die;
04f47a89 117 } else {
70beecd4 118 $teacher = get_teacher($course->id);
119
120 if (!empty($CFG->enrol_paypalmailstudents)) {
121 $a->coursename = "$course->fullname";
631cba64 122 $a->profileurl = "$CFG->wwwroot/user/view.php?id=$user->id";
70beecd4 123 email_to_user($user, $teacher, get_string("enrolmentnew"), get_string('welcometocoursetext', '', $a));
124 }
125
126 if (!empty($CFG->enrol_paypalmailteachers)) {
04f47a89 127 email_to_user($teacher, $user, get_string("enrolmentnew"), "I have enrolled in your class via Paypal");
04f47a89 128 }
129 }
130
131
132 } else if (strcmp ($result, "INVALID") == 0) { // ERROR
133 insert_record("enrol_paypal", $data);
134 email_paypal_error_to_admin("Received an invalid payment notification!! (Fake payment?)", $data);
135 }
136 }
137
138 fclose($fp);
139 exit;
140
141
142
143/// FUNCTIONS //////////////////////////////////////////////////////////////////
144
145
146function email_paypal_error_to_admin($subject, $data) {
147 $admin = get_admin();
148 $site = get_admin();
149
150 $message = "$site->fullname: Transaction failed.\n\n$subject\n\n";
151
152 foreach ($data as $key => $value) {
153 $message .= "$key => $value\n";
154 }
155
156 email_to_user($admin, $admin, "PAYPAL ERROR: ".$subject, $message);
157
158}
159
160?>