Page coming up blank!

[liam_d]

I have a script that basically checks paypal for a payment, then does a few queries, mails me and then should include the index page, but it doesn't, it does everything but include my index page

I will give all my NP$ and the domain prxa.info to anyone who can fix it.

Here is my code

<?php
error_reporting(E_ALL);

include("vars.php");

include("dbconnect.php");


session_start();

$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) 
{
	$value = urlencode(stripslashes($value));
	$req .= "&$key=$value";
}

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.sandbox.paypal.com', 80, $errno, $errstr, 30);

// assign posted variables to local variables
$memo = $_POST['item_name'];
$userid = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$amount = $_POST['mc_gross'];
$currency = $_POST['mc_currency'];
$batch = $_POST['txn_id'];
$payee = $_POST['receiver_email'];
$business = $_POST['business'];
$payer = $_POST['payer_email'];
$payment_date = $_POST['payment_date'];

if (!$fp) 
{
	$menu='invalidbuy';

	include("index.php");

	mysql_close;

	exit;
}

else 
{
	fputs ($fp, $header . $req);
	while (!feof($fp)) 
	{
		$res = fgets ($fp, 1024);
		if (strcmp ($res, "VERIFIED") == 0) 
		{
			// make sure we are using the correct paypal and currency!
			if ($business != $site_paypal || $currency!="USD") 
			{
				$menu='invalidbuy';

				include("index.php");

				mysql_close;

				exit;
			}
			
			// Get info from the buylog, which is set from buyscript.php
			$eredm = mysql_query('SELECT * FROM `buylog` WHERE `bid` = "' . $userid . '"') or die(mysql_error());

			$buylog = mysql_fetch_array($eredm);
			
			// Get the scripts main information

			$eredm = mysql_query('SELECT * FROM `scripts` WHERE `scriptid` = "' . $buylog['bscript'] . '"') or die(mysql_error());

			$script = mysql_fetch_array($eredm);
			
			// Set commission to the price using the price from the buyrights (1,2 or 3)

			if ($buylog['brights']==1) 
			{
				$commission = $script['price'];
			}
			

			if ($buylog['brights']==2) 
			{
				$commission = $script['priceresell'];
			}
			

			if ($buylog['brights']==3) 
			{
				$commission = $script['pricemaster'];

			}
			
			// If there is a reseller, set reseller to the resellers ID

			if (isset($_SESSION['reseller']))
			{
				$resell = $_SESSION["reseller"];
			}
			
			// If no reseller set, then comission per this sale is just the coder comission	
			if ($resell=="")
			{
				$comperc = $coder_com;

			} 
				
			else 
			{ 
				$comperc = $coder_com-$reseller_com; 
			}
				

	 		$com = $commission * ($comperc/100);

			
			// Update members and add to the balance of the author of the script.
			$sql = 'UPDATE `members` SET `balance` = "(balance + ' . $com . ')" WHERE `username` = "' . $script['author'] . '"';
			
			// Do the above query

			$eredm = mysql_query($sql) or die(mysql_error());

			
			// Make sure people are not conning us out of monies!

			if ($amount != $commission)
			{
				$menu = 'invalidbuy';

				include("index.php");

				mysql_close;

				exit;

			}
			
			// Update the buylog for this item, and set bdone (buying done) to 1 and add the batch number to show paypal transaction
			$sql = 'UPDATE `buylog` SET `bbatch` = "' . $batch . '", `bdone` = "1" WHERE `bid` = "' . $userid . '"';
			
			// Do the above query

			$eredm = mysql_query($sql) or die(mysql_error());
			
			// Add a row to selling history table, to show this sale of script (this is show in admin)
			$sql = 'INSERT INTO `selling_history` SET `sscript` = "' . $buylog['bscript'] . '", `sdate` = "' . date("Y-m-d") . '", `sreseller` = "' . $resell . '", `sprice` = "' . $commission . '", `sstatus` = "0"';
			
			// Do the above query

			$eredm = mysql_query($sql) or die(mysql_error());
			

			// Mail the admin to let him/her know a script has been sold
			$mailcont = 'Script has been sold!';
			mail($adminmail,'Script Sold',$mailcont,"From: $adminmail");

			
			// Set the page (menu) to buydone

			$menu = 'buydone';

			$script = $buylog['bscript'];

			$buyid = $userid;

			include("index.php");
   
		}
	}
}
fclose ($fp);

// Close the connection!
mysql_close;

exit;
?>

 

[TwistMyArm]

OK, I really have to ask... this is IPN, so why do you even need to include the index.php file?

IPN is ONLY used by PayPal to 'ping' your server so that you know that something has been processed. The CLIENT in this HTTP 'transaction' is PayPal and they ignore any output anyway... so why are you even trying to show them the index.php output?

If you're wanting to show something to the user after they make a purchase, then you need to be doing a PDT transaction, not an IPN one.

 

[liam_d]

Your right in a way.

It is used so i know when something is processed. I know they ignore any output, everything is already sent to them when someone makes a purchase, that is the way paypal works.

I am not showing paypal the output, if you even read the script and know how php and paypal works they are sent to that page after they make payment so i can update the database and let them download what they purchased. Which is the whole point of IPN.

 

[TwistMyArm]

I know how PayPal works. I've written a working interface for both PDT and IPN for a Joomla component. At the moment, between you and I, I'm the one with a working interface to PayPal that uses both IPN and PDT. You aren't.

As I said: "If you're wanting to show something to the user after they make a purchase, then you need to be doing a PDT transaction, not an IPN one."

Maybe you need to know how PHP and PayPal works, right? Not that this is a PHP issue as such...

1) You send your user to PayPal to complete a payment.
2) At the end of the payment, you want the user to come back to your site and get stuff, right?

Step (2) is a PDT transaction. Once the user makes the payment, PayPal will make an IPN request to your server for itself if you requested one. This is asynchronous to the entire process (IPN can happen a day after the fact sometimes) and totally disconnected from the end-user experience. After the user makes the payment and they click the 'return to merchant' button, the URL they go to has some data in it. This data is for use with PDT. Not IPN.

Like I said: I know how PayPal works. Apparently you don't. No offence. I'm not normally that blunt, but hey...

 

[liam_d]

What exactly is PDT? Do you mean ADT?

You must excuse how blunt i am being as well, spent nearly 4 days racking my brain as to why this script doesn't work (also note I didn't create this script, it was integrated into a website i purchased).

All i want is a script that once they come back from paying me on paypal, it checks if payment was received by me, and then sends them to download page. Is that really this "PDT", i haven't even heard of "PDT" ?

 

[Peter]

http://www.paypal.com/cgi-bin/webscr?cmd=p/xcl/rec/pdt-intro-outside

 

[liam_d]

I really don't see why it is a big deal using IPN over this PDT?

 

[TwistMyArm]

PDT is 'Payment Data Transfer'. That's probably what you want. Follow the links from https://www.paypal.com/IntegrationCenter/ic_home.html to read up on the difference.

The key difference is that IPN is asynchronous: it happens when it happens. For example, if a user pays for something in a different currency, you may have to accept that payment before the payment actually goes through. You accepting it may not happen for hours, naturally. In this situation, the user would go back to your site straight after the payment, then you would fire off a PDT request. That request would come back as saying something like "no".

However, as soon as you log in to PayPal you may see that you need to accept that payment... as soon as you do accept it, PayPal will then fire off an IPN request to your server so that your code can deal with it then.

Normally, by the time you make a PDT request everything would be done. Under strange circumstances, the IPN is the only way to get the payment. Other things that IPN are used for are processing things like chargebacks and automatic payments which obviously are totally disconnected from the usual user experience.

For what it's worth, I don't have a problem with 'blunt' (in fact, it's my preference). I do have a problem with implications that I don't know how "php and paypal works" when clearly you're the one struggling (especially after I had already mentioned PDT...). Anyway, c'est la vie.

So yeah, read up on PDT: that's what you're really after.

By the way... 4 days? I feel your pain, but it took me over 3 weeks to finally work out the problems with my code (which turned out to just be undocumented restrictions placed on the IPN URLs).

Hopefully this is another way of putting it:
IPN is PAYPAL telling YOU "hey, this is just what happened... it's between you and me... the payer has no idea that we're even talking and never will!".

PDT is the USER telling YOU: "hey, I just paid you and here's a transaction number. Why don't you ask PayPal about it and confirm it with them so you can then interact with me?"

 

[liam_d]

Well with PDT can i do this:

Send them to paypal where they make payment, paypal sends them back to a php page which checks that payment went through, then sends them to my download page?

As that is what IPN seems to do pretty well.

 

[eagle12]

echo out the $res variable, so that we can see what paypal is sending back to you.

 

[TwistMyArm]

I don't know if I can make it any clearer: THAT IS EXACTLY WHAT PDT IS FOR.

IPN is NOT for what you are trying to do. Simple as that.

Let me try and make things a little clearer: I'm going to GUESS that the reason this seems to work is because your IPN script is WORKING. The problem is NOT the IPN it's the fact that you have no PDT handler.

Look at it this way:
1) User makes a payment...
2) PayPal sends the IPN request (ignores all output)
3) ... user is shown a 'go back to the merchant' link
4) User follows link. Nothing happens because you have no PDT handler.

The problem is that you think the IPN is being called and all that processing is happening when the user clicks the 'go back to the merchant'. It's more than likely not.

This is really simple to check. You obviously know how to confirm that the code is running on your server: why don't you process a payment, but DON'T click that link to go back to the merchant. Without clicking that link (but after making the payment on PayPal), check your database. Dollars to donuts you'll find that the database has been updated. That's the IPN working.

 

[TwistMyArm]

Now that I've been able to sleep on it: one other thing that you could show us is the actual HTML form that you are using to send the user to PayPal in the first place.

That will at least let us confirm whether or not my theory above is possible (depending on whether or not you have defined an IPN URL and/or a PDT URL as they are set in different form variables).

Either way, like I said before, by testing the processing of a payment WITHOUT using the 'return to merchant' link you should know pretty quickly if the IPN code you have is called via IPN or PDT (which is what you want: though you should have both).

 

[liam_d]

I have had another guy from this forum help me out, he has sorted me out with some code using PDT which works :D (i took out the auth_token btw that is why it is empty )

Any comments on the code below?

<?php
// get the variables needed
include('vars.php');

// get the database connection
include('dbconnect.php');

// get the functions
include('funcs.php');

// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-synch';

$tx_token = $_GET['tx'];
$auth_token = "";
$req .= "&tx=$tx_token&at=$auth_token";

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.sandbox.paypal.com', 80, $errno, $errstr, 30);

if (!$fp) 
{
	errormess('Sorry cannot connect with paypal for that!');
	

	mysql_close;

	exit;
} 

else 
{
	fputs ($fp, $header . $req);
	// read the body data
	$res = '';
	$headerdone = false;
	while (!feof($fp)) 
	{
		$line = fgets ($fp, 1024);
		if (strcmp($line, "\r\n") == 0)
		{
			// read the header
			$headerdone = true;
		}
		
		else if ($headerdone)
		{
			// header has been read. now read the contents
			$res .= $line;
		}
	}

	// parse the data as $keyarray
	$lines = explode("\n", $res);
	$keyarray = array();
	if (strcmp ($lines[0], "SUCCESS") == 0) 
	{
		for ($i=1; $i<count($lines);$i++)
		{
			list($key,$val) = explode("=", $lines[$i]);
			$keyarray[urldecode($key)] = urldecode($val);
		}

		if ($keyarray['payment_status'] == 'Completed')
		{
			// check that txn_id has not been previously processed
			$sql = 'SELECT * FROM `buylog` WHERE `batch` = "' . $keyarray['txn_id'] . '"';
			$query = mysql_query($sql) or die(mysql_error());
			
			if (mysql_num_rows($query) >= 1)
			{
				errormess('Sorry that transaction ID has already been processed!');
				
				mysql_close;
				exit;
			}
			
			else
			{
				// get the buylog information
				$sql = 'SELECT * FROM `buylog` WHERE `id` = "' . $keyarray['item_number'] . '"';
				$query = mysql_query($sql) or die(mysql_error());
				$buylog = mysql_fetch_array($query);
				
				// get the script information
				$sql = 'SELECT * FROM `scripts` WHERE `scriptid` = "' . $buylog['script'] . '"';
				$query = mysql_query($sql) or die(mysql_error());
				$script = mysql_fetch_array($query);
				
				// set the script price
				if ($buylog['rights'] == 1)
				{
					$price = $script['price'];
				}
				
				else if ($buylog['rights'] == 2)
				{
					$price = $script['priceresell'];
				}
				
				else if ($buylog['rights'] == 3)
				{
					$price = $script['pricemaster'];
				}
				
				// make sure the amount is correct
				if ($keyarray['mc_gross'] != $price)
				{
					errormess('Incorrect price!');
					
					mysql_close;
					exit;
				}
			
				// make sure we are using correct currency
				if ($keyarray['mc_currency'] != "USD")
				{
					errormess('Incorrect currency used!');
					
					mysql_close;
					exit;
				}
			
				// make sure we are using the correct paypal
				if ($keyarray['business'] != $site_paypal) 
				{
					errormess('Incorrect business address used!');
					
					mysql_close;
					exit;
				}
			
				// Print they $keyarray for debug
				print_r($keyarray);
				
				// process payment into database
				// update the buylog for this item to show the transaction id, and update the buying to done
				$sql = 'UPDATE `buylog` SET `batch` = "' . $keyarray['txn_id'] . '", `done` = "1" WHERE `id` = "' . $keyarray['item_number'] . '"';
				$query = mysql_query($sql) or die(mysql_error());
				
				$date = date('Y-m-d');
				
				// update the selling history
				$sql = 'INSERT INTO `selling_history` SET `sscript` = "' . $script['scriptid'] . '", `sdate` = "' . $date . '", `sreseller` = "' . $buylog['reseller'] . '", `sprice` = "' . $keyarray['mc_gross'] . '"';
				$query = mysql_query($sql) or die(mysql_error());
		
				$firstname = $keyarray['first_name'];
				$lastname = $keyarray['last_name'];
				$itemname = $keyarray['item_name'];
				$amount = $keyarray['payment_gross'];

				echo "<p><h3>Thank you for your purchase!</h3></p>
				<strong>Payment Details</strong><br>
				<li>Name: $firstname $lastname</li>
				<li>Item: $itemname</li>
				<li>Amount: $amount</li>
				<li>Sent to {$keyarray['business']}</li><br />
				<br />
				You will receive an email with your goods once payment has been completely verified!";
				
				mysql_close;
				exit;
			}
		}

	}

	else if (strcmp ($lines[0], "FAIL") == 0)
	{
		echo "<p><h3>Thank you for your purchase!</h3></p>
		<strong>Unfortunatly the payment failed! Please check paypal as to why.</strong>";
		
		mysql_close;
		exit;
	}

}

fclose ($fp);
?>

 

[TwistMyArm]

Well, good to hear it's all sorted then (and just quietly, I'm glad to hear that I was right, seeing as no-one else seems to willing to say it )...

My only comment is that, as I've mentioned and alluded to a number of times and depending on your setup, you REALLY need to support both forms of notification.

Assuming your setup is that a user logs in to your site and can see what things he has available "still to download" then using PDT won't always work. The reason for this is that if the user decides to shut the new browser window or for whatever reason DOES NOT follow the 'return to merchant' link, that payment information is lost forever.

Also, if for some reason the payment is delayed, again, it's lost unless you use IPN.

Having said all that: if your site is only offering a "make your payment, click 'return to merchant', make your download right now or lose it forever" type situation, then there's really no point to worrying about IPN.

 

[liam_d]

At the moment my website only offers payment, get the script kinda thing, so as you said i don't need IPN

Thanks for your help anyway.