Page coming up blank!

[liam_d]

I have a script that basically checks paypal for a payment, then does a few queries, mails me and then should include the index page, but it doesn't, it does everything but include my index page

I will give all my NP$ and the domain prxa.info to anyone who can fix it.

Here is my code

<?php
error_reporting(E_ALL);

include("vars.php");

include("dbconnect.php");


session_start();

$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) 
{
	$value = urlencode(stripslashes($value));
	$req .= "&$key=$value";
}

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.sandbox.paypal.com', 80, $errno, $errstr, 30);

// assign posted variables to local variables
$memo = $_POST['item_name'];
$userid = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$amount = $_POST['mc_gross'];
$currency = $_POST['mc_currency'];
$batch = $_POST['txn_id'];
$payee = $_POST['receiver_email'];
$business = $_POST['business'];
$payer = $_POST['payer_email'];
$payment_date = $_POST['payment_date'];

if (!$fp) 
{
	$menu='invalidbuy';

	include("index.php");

	mysql_close;

	exit;
}

else 
{
	fputs ($fp, $header . $req);
	while (!feof($fp)) 
	{
		$res = fgets ($fp, 1024);
		if (strcmp ($res, "VERIFIED") == 0) 
		{
			// make sure we are using the correct paypal and currency!
			if ($business != $site_paypal || $currency!="USD") 
			{
				$menu='invalidbuy';

				include("index.php");

				mysql_close;

				exit;
			}
			
			// Get info from the buylog, which is set from buyscript.php
			$eredm = mysql_query('SELECT * FROM `buylog` WHERE `bid` = "' . $userid . '"') or die(mysql_error());

			$buylog = mysql_fetch_array($eredm);
			
			// Get the scripts main information

			$eredm = mysql_query('SELECT * FROM `scripts` WHERE `scriptid` = "' . $buylog['bscript'] . '"') or die(mysql_error());

			$script = mysql_fetch_array($eredm);
			
			// Set commission to the price using the price from the buyrights (1,2 or 3)

			if ($buylog['brights']==1) 
			{
				$commission = $script['price'];
			}
			

			if ($buylog['brights']==2) 
			{
				$commission = $script['priceresell'];
			}
			

			if ($buylog['brights']==3) 
			{
				$commission = $script['pricemaster'];

			}
			
			// If there is a reseller, set reseller to the resellers ID

			if (isset($_SESSION['reseller']))
			{
				$resell = $_SESSION["reseller"];
			}
			
			// If no reseller set, then comission per this sale is just the coder comission	
			if ($resell=="")
			{
				$comperc = $coder_com;

			} 
				
			else 
			{ 
				$comperc = $coder_com-$reseller_com; 
			}
				

	 		$com = $commission * ($comperc/100);

			
			// Update members and add to the balance of the author of the script.
			$sql = 'UPDATE `members` SET `balance` = "(balance + ' . $com . ')" WHERE `username` = "' . $script['author'] . '"';
			
			// Do the above query

			$eredm = mysql_query($sql) or die(mysql_error());

			
			// Make sure people are not conning us out of monies!

			if ($amount != $commission)
			{
				$menu = 'invalidbuy';

				include("index.php");

				mysql_close;

				exit;

			}
			
			// Update the buylog for this item, and set bdone (buying done) to 1 and add the batch number to show paypal transaction
			$sql = 'UPDATE `buylog` SET `bbatch` = "' . $batch . '", `bdone` = "1" WHERE `bid` = "' . $userid . '"';
			
			// Do the above query

			$eredm = mysql_query($sql) or die(mysql_error());
			
			// Add a row to selling history table, to show this sale of script (this is show in admin)
			$sql = 'INSERT INTO `selling_history` SET `sscript` = "' . $buylog['bscript'] . '", `sdate` = "' . date("Y-m-d") . '", `sreseller` = "' . $resell . '", `sprice` = "' . $commission . '", `sstatus` = "0"';
			
			// Do the above query

			$eredm = mysql_query($sql) or die(mysql_error());
			

			// Mail the admin to let him/her know a script has been sold
			$mailcont = 'Script has been sold!';
			mail($adminmail,'Script Sold',$mailcont,"From: $adminmail");

			
			// Set the page (menu) to buydone

			$menu = 'buydone';

			$script = $buylog['bscript'];

			$buyid = $userid;

			include("index.php");
   
		}
	}
}
fclose ($fp);

// Close the connection!
mysql_close;

exit;
?>

 

[dhscott]

Related, but not an answer: Why don't you use PayPal's IPN?

 

[liam_d]

What exactly is IPN? How does it work?

And the site i purchased uses this, so i wish to work with this...everything works perfectly, just not including my page again

 

[Peter]

Paypal IPN sends a request to a page with the payment details which you then return back to paypal to ensure they are genuine. If a positive response is returned then you have 100% got a transaction that is genuine. If you rely on someone being returned to a web page then you run the risk of either the person never coming back the address or someone finding out the address and trying to create fraudulent/non existant transactions and passing them off as genuine.

 

[dhscott]

Paypal IPN sends a request to a page with the payment details which you then return back to paypal to ensure they are genuine. If a positive response is returned then you have 100% got a transaction that is genuine. If you rely on someone being returned to a web page then you run the risk of either the person never coming back the address or someone finding out the address and trying to create fraudulent/non existant transactions and passing them off as genuine.

Yea, what peter said ^

Basically, PayPal sends a notice to your script and your script can automatically approve the purchase in your database and what-not. A lot of companies have similar systems, they're mainly used in Commerce Systems like osCommerce, BossCart, Zen Cart etc.

It's not too hard to program and integrate into existing scripts for the most part.

 

[liam_d]

If that is the case, that is exactly what my script does, and it works, and if you look on it checks things to make sure it is all genuine.

It just doesn't want to include the index at the end.

 

[Peter]

Did not look at the script last night when i posted but that script does indeed use the IPN service.

1 thing however you do realize it is using the sandbox and not the live system? Any real transactions will not work when testing with the sandbox. Also to be able to test with the sandbox the system that is connecting to the sandbox IPN will have to be logged into the sandbox interface (not the user, the actual server so you cannot login on your own PC and test the script with your server).

Also it is worth while you are testing to email yourself the post vars that the script received. If you do this it will be easier to diagnose why it may not be working (or you can call the script manually if need be and see what happens).

Also why are you wanting it to display a page on success. The point of an IPN script is for paypal to call this script and not for a user to visit it so output is unnecessary.

 

[liam_d]

I know it is using sandbox, the script isn't working fully, so why would i keep it up there using the real paypal :P, it is so i can test it.

Everything works but including the index.php at the end, and no one seems to be able to come up with an answer as to why, i've tried error reporting E_ALL and i only get uninitialized variables, no runtime errors, ARGH!

 

[Peter]

do you know the exact point where your script is stopping ie which if statements are being caught etc?

 

[liam_d]

Well it works right up to the end, see the "mail" part of it where it send me an email saying a script has been sold, even that works, it just won't include the bit after

 

[Peter]

change include("index.php") too require_once("index.php") this will trigger an error message if there is a problem.

 

[liam_d]

That didn't do anything

 

[Peter]

ok then it seems the page is being included fine. I would then conclude that there is something wrong with the index page.

A couple of things, ensure it is 100% definitely including the correct index.php file (I for example put dummy index pages in folders to help stop people snooping). Also as the first thing in the index page get it to echo something out as a test.

 

[liam_d]

It is including the correct PHP file, i have testing blank out things in ppthanks.php using "//" and when i blank out a few things from ppthanks.php it seems to include index.php fine, this is really really wierd and annoying!


I will give all my NP$ and the domain prxa.info to anyone who can fix it.

 

[Peter]

what are the lines you comment out that enables it to work? also it might help to see the coding in ppthanks.php and index.php

 

[liam_d]

ppthanks is the code posted up the top, here is the index code. (the commented out code to let index.php be included is below).

<?php
// Catch all errors
error_reporting(E_ALL);


session_start();


extract($_GET);

extract($_POST);


$sd = session_id();

// If we are comming from a reseller set the reseller session id

if (isset($reseller))
{

	$_SESSION["reseller"] = $reseller;

}

// Get all the needed files
include("dbconnect.php");

include("funcs.php");

include("vars.php");
include('header.php');

echo '
<title>AlterCoder - Find your perfect php partner</title>
</head>

<body>

	<div class="content">

		<div class="header_right">

			<div class="top_info">

				<div class="top_info_right">

					<p></p>					

				</div>		

			</div>

					

			<div class="bar"><br />

				<ul>'; include('topmenu.php'); echo '</ul>

			</div>

		</div>

			

		<div class="logo">

			<img src="images/sitemini.jpg" alt="altercoder logo" />

		</div>

		

		<div class="search_field">

			<form method="post" action="index.php">

				<p><span class="grey">Subscribe for Newsletter:</span>   
				<input type="hidden" name="menu" value="newsletter" /> 
				<input type="text" name="newmail" class="search" /> 
				<input type="submit" value="Go!" name="subscribe" class="button" />
				</p>

			</form>

		</div>';

?>



		

		<div class="newsletter">

			<p>For your perfect PHP Partner!</p>

		</div>

		

		<div class="subheader">

			<p><a href="http://www.altercoder.com">AlterCoder</a> is one of the leading PHP script resource sites since 2002. Please take a moment to check out our quality unique products. If you are looking for a custom work just <a href="index.php?menu=contact">Contact Us</a>.</p>

		</div>

		

		<div class="left">

			<div class="left_articles">

<?php
$pages = array(
"home",
"showcat",
"addproduct",
"addproduct_2",
"buyscript",
"buyscriptt",
"invalidbuy",
"buydone",
"download",
"login",
"register",
"dologin",
"doregister",
"contact",
"aboutus",
"members",
"newsletter"
);


if (!isset($menu)) 
{
	$menu = 'home';
}

if ( in_array($menu, $pages) )
{
	include($menu . '.php');
}

else
{
	errormess('Cannot find that page!');
}
 	        

include("footer.php");

?>

This below is ppthanks.php working with lines commented out, so it must be those lines that are making it not work, can anyone take a look?

<?php
error_reporting(E_ALL);

include("vars.php");

include("dbconnect.php");


session_start();

$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) 
{
	$value = urlencode(stripslashes($value));
	$req .= "&$key=$value";
}

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.sandbox.paypal.com', 80, $errno, $errstr, 30);

// assign posted variables to local variables
$memo = $_POST['item_name'];
$userid = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$amount = $_POST['mc_gross'];
$currency = $_POST['mc_currency'];
$batch = $_POST['txn_id'];
$payee = $_POST['receiver_email'];
$business = $_POST['business'];
$payer = $_POST['payer_email'];
$payment_date = $_POST['payment_date'];

if (!$fp) 
{
	$menu='invalidbuy';

	include("index.php");

	mysql_close;

	exit;
}

else 
{
	//fputs ($fp, $header . $req);
	//while (!feof($fp)) 
	//{
		//$res = fgets ($fp, 1024);
		//if (strcmp ($res, "VERIFIED") == 0) 
		//{
			// make sure we are using the correct paypal and currency!
			if ($business != $site_paypal || $currency!="USD") 
			{
				$menu='invalidbuy';

				include("index.php");

				mysql_close;

				exit;
			}
			
			// Get info from the buylog, which is set from buyscript.php
			$eredm = mysql_query('SELECT * FROM `buylog` WHERE `bid` = "' . $userid . '"') or die(mysql_error());

			$buylog = mysql_fetch_array($eredm);
			
			// Get the scripts main information

			$eredm = mysql_query('SELECT * FROM `scripts` WHERE `scriptid` = "' . $buylog['bscript'] . '"') or die(mysql_error());

			$script = mysql_fetch_array($eredm);
			
			// Set commission to the price using the price from the buyrights (1,2 or 3)

			if ($buylog['brights']==1) 
			{
				$commission = $script['price'];
			}
			

			if ($buylog['brights']==2) 
			{
				$commission = $script['priceresell'];
			}
			

			if ($buylog['brights']==3) 
			{
				$commission = $script['pricemaster'];

			}
			
			// If there is a reseller, set reseller to the resellers ID

			if (isset($_SESSION['reseller']))
			{
				$resell = $_SESSION["reseller"];
			}
			
			// If no reseller set, then comission per this sale is just the coder comission	
			if ($resell=="")
			{
				$comperc = $coder_com;

			} 
				
			else 
			{ 
				$comperc = $coder_com-$reseller_com; 
			}
				

	 		$com = $commission * ($comperc/100);

			
			// Update members and add to the balance of the author of the script.
			$sql = 'UPDATE `members` SET `balance` = "(balance + ' . $com . ')" WHERE `username` = "' . $script['author'] . '"';
			
			// Do the above query

			$eredm = mysql_query($sql) or die(mysql_error());

			
			// Make sure people are not conning us out of monies!

			if ($amount != $commission)
			{
				$menu = 'invalidbuy';

				include("index.php");

				mysql_close;

				exit;

			}
			
			// Update the buylog for this item, and set bdone (buying done) to 1 and add the batch number to show paypal transaction
			$sql = 'UPDATE `buylog` SET `bbatch` = "' . $batch . '", `bdone` = "1" WHERE `bid` = "' . $userid . '"';
			
			// Do the above query

			$eredm = mysql_query($sql) or die(mysql_error());
			
			// Add a row to selling history table, to show this sale of script (this is show in admin)
			$sql = 'INSERT INTO `selling_history` SET `sscript` = "' . $buylog['bscript'] . '", `sdate` = "' . date("Y-m-d") . '", `sreseller` = "' . $resell . '", `sprice` = "' . $commission . '", `sstatus` = "0"';
			
			// Do the above query

			$eredm = mysql_query($sql) or die(mysql_error());
			

			// Mail the admin to let him/her know a script has been sold
			$mailcont = 'Script has been sold!';
			mail($adminmail,'Script Sold',$mailcont,"From: $adminmail");

			
			// Set the page (menu) to buydone

			$menu = 'buydone';

			$script = $buylog['bscript'];

			$buyid = $userid;

			include("index.php");
   
		//}
	//}
}
fclose ($fp);

// Close the connection!
mysql_close;

exit;
?>

 

[eagle12]

try moving your session_start to the very top.

 

[liam_d]

try moving your session_start to the very top.

session start has nothing to do with it, sessions won't interfere with including files, i have posted in my reply above yours the code that i can comment out to make it include the index...

 

[Peter]

looking quickly through the script I notice that you are calling vars.php and dbconnect.php in both scripts. This can cause problems, if there is a potential that an included file will include a file already included you should use include_once instead.

 

[liam_d]

looking quickly through the script I notice that you are calling vars.php and dbconnect.php in both scripts. This can cause problems, if there is a potential that an included file will include a file already included you should use include_once instead.

If you actually look i posted code that comments out a few lines and it includes index.php fine, so it must be those lines that bugger it up.

And yes i use include because i have to send it to a certain page with variables and such passed to it, and header puts out errors unless you use it before any html or php output. That is why.

 

[Peter]

I must have started the post before you edited yours so didn't see it before I posted. I see it is actually the paypal check that you comment out that makes it work. Are you 100% sure that the email you receive is from within those specific if statements. Also as mentioned you are including vars.php and dbconnect.php twice which can be causing you problems. If you for example try to use your query results after including the file then you will not receive the proper results as you no longer have the connection in which the result was made.

Also I notice (however probably not the cause of this problem) that you are using extract. In my opinion this is no better than having register globals enabled which can be a very bad thing indeed.

 

[liam_d]

Well i have proved with the code above and i am saying this twice now :P that it includes fine even with having double includes, i have tested, and it includes index.php.

I know about the extract, the code was not created by me, i gradually moving it away from extract.

 

[Peter]

The problem I have Liam is that I of course am only seeing half of the code because for example I do not see what is in the included files. There could quite possibly be something within these that is causing the problem. It does seem extremely strange that the included file is not running yet the email is being sent. Not doing the paypal check should not make any difference at all unless for example some of the variable names were conflicting etc.

 

[liam_d]

Well the database_connect.php is just a simple database connection, nothing fancy, connection and selecting database, vars.php just puts my email, paypal email and site address into variables, nothing fancy there either...

A guy on devshed said this:

find out where it dies. start at the top of the script and place a
PHP Code:
die('got here');
run the script. move it down below the next statement. rinse, later, and repeat until you don't get the message. the line above the die statement is causing the problem.

I tried it and so according to that the problem is this line:

if (strcmp ($res, "VERIFIED") == 0)

if you have any ideas why it would be great!

 

[eagle12]

If you echo $res what do you get?