$value) { if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) { $value = urlencode(stripslashes($value)); } else { $value = urlencode($value); } $req .= "&$key=$value"; } // STEP 2: POST IPN data back to PayPal to validate //$ch = curl_init('https://www.paypal.com/cgi-bin/webscr'); $ch = curl_init($paypal_link); curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_POSTFIELDS, $req); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($ch, CURLOPT_FORBID_REUSE, 1); curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close')); // In wamp-like environments that do not come bundled with root authority certificates, // please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set // the directory path of the certificate as shown below: // curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem'); if( !($res = curl_exec($ch)) ) { // error_log("Got " . curl_error($ch) . " when processing IPN data"); curl_close($ch); exit; } curl_close($ch); // STEP 3: Inspect IPN validation result and act accordingly if (strcmp ($res, "VERIFIED") == 0) { // The IPN is verified, process it: // check whether the payment_status is Completed // check that txn_id has not been previously processed // check that receiver_email is your Primary PayPal email // check that payment_amount/payment_currency are correct // process the notification // assign posted variables to local variables $item_name = $_POST['item_name']; $item_number = $_POST['item_number']; $payment_status = $_POST['payment_status']; $payment_amount = $_POST['mc_gross']; $payment_currency = $_POST['mc_currency']; $txn_id = $_POST['txn_id']; $receiver_email = $_POST['receiver_email']; $payer_email = $_POST['payer_email']; $custom = $_POST['custom']; $sql = "UPDATE `tb_order_list` SET status='Paid',`payment_date` = NOW(), `paypal_id` = '".$txn_id."' WHERE id='".escapeit($custom)."'"; //$sql = "UPDATE `order_item` SET order_id='".$order_id."' WHERE order_id='".escapeit($custom)."'"; $db->query($sql); //order item $small_amount = '0'; $n = 1; $item_list = ""; $sql = "SELECT `tb_order_item_list`.*, `tb_product_list`.name FROM `tb_order_item_list` LEFT JOIN `tb_product_list` ON `tb_order_item_list`.product_id = `tb_product_list`.id where `tb_order_item_list`.order_id='".$custom."'"; $sql .= " ORDER BY `tb_order_item_list`.id"; $rs = $db->query($sql); while($row = $db->fetch_array($rs)) { $item_list .= ''; $item_list .= ''.$n.''; $item_list .= ''.$row["name"].''; $item_list .= ''.$currency.' '.$row["unit_price"].''; $item_list .= ''.$row["quantity"].''; $item_list .= ''.$currency.' '.$row["unit_price"]*$row["quantity"].''; $small_amount += ($row["unit_price"]*$row["quantity"]); $n++; } $sql = 'select * from tb_order_list where id = "'.$custom.'"'; $row = $db->getrow($sql); if($row['member_id'] != 0){ $small_amount = htmlspecialchars(number_format($small_amount, 2)); $email_title = "Message from Dcspares: We have received your order."; $email_content = '

Dear '.$row['firstname'].' '.$row['lastname'].',

We have received your order.

Your first name: '.$row['firstname'].'

Your last name: '.$row['lastname'].'

Your shipping country: '.$row['country'].'

Your shipping province: '.$row['province'].'

Your shipping city: '.$row['city'].'

Your address: '.$row['address'].'

'.$row['address2'].'

Contact number: '.$row['phone'].'

Payment date: '.$row['payment_date'].'

Order Details
'.$item_list.'

Item No.	Item name	Unit price	Quantity	Price
Sub-price:				'.$row['currency'].' '.$small_amount.'
Shipping:				'.$row['currency'].' '.number_format($row['shipping'],2).'
tax:				'.$row['currency'].' '.number_format($row['tax'],2).'
Duties:				'.$row['currency'].' '.number_format($row['duties'],2).'
Total price:				'.$row['currency'].' '.number_format($row['total_price'],2).'

'; $sql = 'select email from tb_member_list where id = "'.$row['member_id'].'"'; $sqlemail = $db->getrow($sql); sendemail("Message@Dcspares", $sqlemail['email'], ADMIN_EMAIL, $email_title, $email_content); } /*$sql = "UPDATE order_record SET payment_status='1' WHERE id='".escapeit($custom)."'"; $db->query($sql);*/ // IPN message values depend upon the type of notification sent. // To loop through the &_POST array and print the NV pairs to the screen: /* foreach($_POST as $key => $value) { echo $key." = ". $value."
"; }*/ } else if (strcmp ($res, "INVALID") == 0) { // IPN invalid, log for manual investigation // echo "The response from IPN was: " .$res .""; } ?>