php - Paypal IPN 未更新或插入数据库

Question

所以我正在使用 PayPals IPN，但它没有更新数据库。它应该更新用户表，并向交易表中插入一行。这对他们俩都没有好处。它正在将成功的 IPN 发送到 PayPal，但没有更新任何内容。代码如下:

<?php session_start() ?>
<?php require 'connect.php' ?>
<?php
// check if logged into PsychoWars
if(!$id) {
    die('Error: Not Logged In! Contact Us With The Transaction ID!'); 
}

// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
// post back to PayPal system to validate
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);


if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
 $errmsg = '';   // stores errors from fraud checks
// PAYMENT VALIDATED & VERIFIED!
// 1. Make sure the payment status is "Completed" 
    if ($_POST['payment_status'] != 'Completed') { 
        // simply ignore any IPN that is not completed
        exit(0); 
    } 
}

else if (strcmp ($res, "INVALID") == 0) {

$email = $_POST['payer_email'];
$password = mt_rand(1000, 9999);
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];

// Checking email
if($receiver_email != 'bad.karma12323@gmail.com') {
    die('Error: Paypal Email Doesn\'t Match!');
}
// Bought $1
if($payment_amount == '1.00') {
$points_amount = '500';
$points_energy = '500'; 
$points_name = '500 Points And 500 Energy';
// Update Database
$update_user = mysql_query("UPDATE users SET points=(points+".$points_amount."),energy=(energy+".$points_energy.") WHERE id=".$id."");
$add_trans = mysql_query("INSERT INTO transactions (user_id,txn_id,item_name,payment_status,cost,time) VALUES ('$id','$txn_id','$points_name','$payment_status','$payment_amount','".time()."')");  
}
// Bought $5
elseif($payment_amount == '5.00') {
$points_amount = '30';
$points_energy = '500'; 
$points_name = '30 Points And 500 Energy';
// Update Database
$update_user = mysql_query("UPDATE users SET points=(points+".$points_amount."),energy=(energy+".$points_energy.") WHERE id=".$id."");
$add_trans = mysql_query("INSERT INTO transactions (user_id,txn_id,item_name,payment_status,cost,time) VALUES ('$id','$txn_id','$points_name','$payment_status','$payment_amount','".time()."')");  
}
// Bought $10
elseif($payment_amount == '10.00') {
$points_amount = '70';
$points_energy = '1200';    
$points_name = '70 Points And 1,200 Energy';
// Update Database
$update_user = mysql_query("UPDATE users SET points=(points+".$points_amount."),energy=(energy+".$points_energy.") WHERE id=".$id."");
$add_trans = mysql_query("INSERT INTO transactions (user_id,txn_id,item_name,payment_status,cost,time) VALUES ('$id','$txn_id','$points_name','$payment_status','$payment_amount','".time()."')");  
}
// Bought $20
elseif($payment_amount == '20.00') {
$points_amount = '155';
$points_energy = '3000';    
$points_name = '155 Points And 3,000 Energy';
// Update Database
$update_user = mysql_query("UPDATE users SET points=(points+".$points_amount."),energy=(energy+".$points_energy.") WHERE id=".$id."");
$add_trans = mysql_query("INSERT INTO transactions (user_id,txn_id,item_name,payment_status,cost,time) VALUES ('$id','$txn_id','$points_name','$payment_status','$payment_amount','".time()."')");  
}
// Bought $50
elseif($payment_amount == '50.00') {
$points_amount = '320';
$points_energy = '7500';    
$points_name = '320 Points And 7,500 Energy';
// Update Database
$update_user = mysql_query("UPDATE users SET points=(points+".$points_amount."),energy=(energy+".$points_energy.") WHERE id=".$id."");
$add_trans = mysql_query("INSERT INTO transactions (user_id,txn_id,item_name,payment_status,cost,time) VALUES ('$id','$txn_id','$points_name','$payment_status','$payment_amount','".time()."')");  
}
// Bought $100
elseif($payment_amount == '100.00') {
$points_amount = '666';
$points_energy = '20000';   
$points_name = '666 Points And 20,000 Energy';
// Update Database
$update_user = mysql_query("UPDATE users SET points=(points+".$points_amount."),energy=(energy+".$points_energy.") WHERE id=".$id."");
$add_trans = mysql_query("INSERT INTO transactions (user_id,txn_id,item_name,payment_status,cost,time) VALUES ('$id','$txn_id','$points_name','$payment_status','$payment_amount','".time()."')");  
}
}
}
fclose ($fp);
}
?>

更新了代码::

<?php session_start() ?>
<?php require 'connect.php' ?>
<?php
// check if logged into PsychoWars
if(!$id) {
    die('Error: Not Logged In! Contact Us With The Transaction ID!'); 
}

// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
    $value = urlencode(stripslashes($value));
    $req .= "&$key=$value";
}
// post back to PayPal system to validate
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);


if (!$fp) {
    // HTTP ERROR
} 
else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
    $res = fgets ($fp, 1024);
    break;
}
fclose ($fp);

// PAYMENT VALIDATED & VERIFIED!
$payment_status = $_POST['payment_status'];
$txn_id = $_POST['txn_id'];
$payment_amount = $_POST['mc_gross'];
// 1. Make sure the payment status is "Completed"   
if ((strcmp($res, "VERIFIED") == 0) && ($_POST['payment_status'] == 'Completed') && ($receiver_email == 'bad.karma12323@gmail.com')) {
    $errmsg = '';   // stores errors from fraud checks

    $points_amount="";

    switch ($payment_amount){

        case "5.00":
            $points_amount = '30';
            $points_energy = '500'; 
            break;

        case "10.00":
            $points_amount = '70';
            $points_energy = '1200'; 
            break;

        case "20.00":
            $points_amount = '155';
            $points_energy = '3000'; 
            break;  

        case "50.00":
            $points_amount = '320';
            $points_energy = '7500'; 
            break;              

        case "100.00":
            $points_amount = '666';
            $points_energy = '20000'; 
            break;      

    }

    //Only update the database if one of the above conditions is met.
    if (strlen($points_amount)>0){

        //format $points_name
        $points_name=sprintf("%s Points And %s Energy",number_format($points_amount),number_format($points_energy));

        // Update Database
        $update_user = mysql_query("UPDATE users SET points=(points+".$points_amount."),energy=(energy+".$points_energy.") WHERE id=".$id."");
        $add_trans = mysql_query("INSERT INTO transactions (user_id,txn_id,item_name,payment_status,cost,time) VALUES ('$id','$txn_id','$points_name','$payment_status','$payment_amount','".time()."')");   
        $to      = 'bad.karma12323@gmail.com';
        $subject = 'PsychoWars Point Purchase';
        $message = '

        Thank you for your purchase

        -------------------------
        Item :: '.$points_name.'
        Cost :: $'.$payment_amount.'
        -------------------------';

        mail($to, $subject, $message);
    }
    else {
        $to = 'bad.karma12323@gmail.com';
        $subject = 'PsychoWars Point Purchase';
        $message = '

        There was an error with your purchase!

        -------------------------
        Item :: '.$points_name.'
        Cost :: $'.$payment_amount.'
        -------------------------

        Please Contact Customer Support';

        mail($to, $subject, $message);
    }
  }  
}
?>

更新了答案中的代码并修复了其中的 2 个错误。但它仍然无法工作，仍然不想插入数据库，甚至不向我的电子邮件发送电子邮件。

Answer 1

仅当 $res="INVALID"且电子邮件检查有效时，您的代码才会更新数据库。

$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
    $value = urlencode(stripslashes($value));
    $req .= "&$key=$value";
}
// post back to PayPal system to validate
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);


if (!$fp) {
    // HTTP ERROR
} else {
    fputs ($fp, $header . $req);
    while (!feof($fp)) {
        $res = fgets ($fp, 1024);
        if (strcmp ($res, "VERIFIED") == 0) {
            $errmsg = '';   // stores errors from fraud checks
            // PAYMENT VALIDATED & VERIFIED!
            // 1. Make sure the payment status is "Completed" 
            if ($_POST['payment_status'] != 'Completed') { 
                    // simply ignore any IPN that is not completed
                exit(0); 
            } 
        }else if (strcmp ($res, "INVALID") == 0) {

            $email = $_POST['payer_email'];
            $password = mt_rand(1000, 9999);
            $item_name = $_POST['item_name'];
            $item_number = $_POST['item_number'];
            $payment_status = $_POST['payment_status'];
            $payment_amount = $_POST['mc_gross'];
            $payment_currency = $_POST['mc_currency'];

            // Checking email
            if($receiver_email != 'bad.karma12323@gmail.com') {
             die('Error: Paypal Email Doesn\'t Match!');
            }
        } //End of elseif's
    }
    fclose ($fp);
}

这是代码的稍短版本:

<?php session_start() ?>
<?php require 'connect.php' ?>
<?php
// check if logged into PsychoWars
if(!$id) {
    die('Error: Not Logged In! Contact Us With The Transaction ID!'); 
}

// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
    $value = urlencode(stripslashes($value));
    $req .= "&$key=$value";
}
// post back to PayPal system to validate
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);


if (!$fp) {
    // HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
    $res = fgets ($fp, 1024);
    break;
}
fclose ($fp);

// PAYMENT VALIDATED & VERIFIED!
// 1. Make sure the payment status is "Completed"   
if (strcmp ($res, "VERIFIED") == 0 && $_POST['payment_status'] == 'Completed') && $receiver_email == 'bad.karma12323@gmail.com') {
    $errmsg = '';   // stores errors from fraud checks

    $points_amount="";

    switch ($payment_amount){

        case "1.00":
            $points_amount = '500';
            $points_energy = '500'; 
            break;

        case "5.00":
            $points_amount = '30';
            $points_energy = '500'; 
            break;

        case "10.00":
            $points_amount = '70';
            $points_energy = '1200'; 
            break;

        case "20.00":
            $points_amount = '155';
            $points_energy = '3000'; 
            break;  

        case "50.00":
            $points_amount = '320';
            $points_energy = '7500'; 
            break;              

        case "100.00":
            $points_amount = '666';
            $points_energy = '20000'; 
            break;      

    }

    //Only update the database if one of the above conditions is met.
    if (strlen($points_amount)>0){

        //format $points_name
        $points_name=sprintf("%s Points And %s Energy",number_format($points_amount),number_format($points_energy));

        // Update Database
        $update_user = mysql_query("UPDATE users SET points=(points+".$points_amount."),energy=(energy+".$points_energy.") WHERE id=".$id."");
        $add_trans = mysql_query("INSERT INTO transactions (user_id,txn_id,item_name,payment_status,cost,time) VALUES ('$id','$txn_id','$points_name','$payment_status','$payment_amount','".time()."')");          
    }
}

}

希望这有帮助。