[Help] import username

Started by xmagex, March 29, 2011, 05:18:07 PM

Previous topic - Next topic

xmagex

Hello,

I have a script that if an user do a payment with Paypal it sends a query on my database.

Now i want that the query increase "donation point" with the amout of the donation on his account.

Like, i donate 10 EUR, script adds to you Account SMF 10 Donation Points.

Then the query can be:

UPDATE smf_members
SET points=points + amout
WHERE id_member=$id_member;

Now what file i must import to have the "$id_member" of the SMF's Account? This is my question :)

Thank you,
Bye

Matthew K.

If it's for the user...you could do.
$id_member = $user_info['id'];

xmagex

Sorry, maybe i didn't explain good.

I must import the file php, like require_once 'config.php';
Settings.php
SSI.php
...

Arantor

Import SSI.php (and only SSI.php from SMF; that deals with Settings.php) and that will deal with the user being authenticated and will look for the currently logged in user - and will define $user_info['id'] as their user id.

xmagex

The problem is that i'm using the the ICM paypal, then the users can't do the login. But they click from the forum on the buttom of paypal.

i'm using:

require_once 'http://www.site.com/SSI.php';

But $user_info['id'] not works.

Arantor

You can't use a URL, you have to use the actual path.

As in require_once('../forum/SSI.php') or similar.

xmagex

The link works, however for security now i changed it with /forum/...

But the problem persist, with the query on DB when i use $user_info[id] the field is empty.

xmagex

require_once '/home/xxx/SSI.php';

I'm using a query:

$sql = "INSERT INTO utenti
                (nome,cognome,email,username,password,idTransazione)
                VALUES ('$user_info[id]','$_POST[last_name]','$_POST[payer_email]','$_POST[payer_email]','$md5password','$_POST[txn_id]')";




As you can see the field "nome" is empty.

Arantor

So when that page is being run, who's calling it? If it's being called by the *user* it should have their user id. If it's being called any other way, it can't and won't have their user id (since there's no way a third party service is going to be submitting an SMF style cookie and identifier)

xmagex

- Guest enters on my forum SMF.
- He Logs on Forum.
- Then User click on Paypal Button.
- He do the Payment.
- Paypal ICM send to my forum the file php.
- The file php contain the import SSI.php
- After payment the query is sent.

Arantor

Unless the PayPal request contains some id by which you can tie it to a user, there's no way to do it - since SSI.php only works for getting it when the *user* requests it - not when PayPal does.

You might try looking at the Subscriptions code in 2.0 to see how that does it.

xmagex

it uses this query:

// Verify the member.
$request = $smcFunc['db_query']('', '
   SELECT id_member, member_name, real_name, email_address
   FROM {db_prefix}members
   WHERE id_member = {int:current_member}',
   array(
      'current_member' => $member_id,
   )
);

xmagex

up, If anyone have other advices.

(thank Arantor for help)

Arantor

You need to look *earlier* in the file for how it gets $member_id. Since it's called by PayPal and only PayPal, it doesn't have cookies or anything else to rely on.

See where it sets $member_id.

xmagex

// Integer these just in case.
$subscription_id = (int) $subscription_id;
$member_id = (int) $member_id;

But is only a declaration...

Maybe is an import.

This is subscription.php


<?php
/**********************************************************************************
* subscriptions.php                                                               *
***********************************************************************************
* SMF: Simple Machines Forum                                                      *
* Open-Source Project Inspired by Zef Hemel ([email protected])                    *
* =============================================================================== *
* Software Version:           SMF 2.0 RC4                                         *
* Software by:                Simple Machines (http://www.simplemachines.org)     *
* Copyright 2006-2010 by:     Simple Machines LLC (http://www.simplemachines.org) *
*           2001-2006 by:     Lewis Media (http://www.lewismedia.com)             *
* Support, News, Updates at:  http://www.simplemachines.org                       *
***********************************************************************************
* This program is free software; you may redistribute it and/or modify it under   *
* the terms of the provided license as published by Simple Machines LLC.          *
*                                                                                 *
* This program is distributed in the hope that it is and will be useful, but      *
* WITHOUT ANY WARRANTIES; without even any implied warranty of MERCHANTABILITY    *
* or FITNESS FOR A PARTICULAR PURPOSE.                                            *
*                                                                                 *
* See the "license.txt" file for details of the Simple Machines license.          *
* The latest version can always be found at http://www.simplemachines.org.        *
**********************************************************************************/

/*
This file is the file which all subscription gateways should call
when a payment has been received - it sorts out the user status.

void generateSubscriptionError()
// log the error for posterity
*/

// Start things rolling by getting SMF alive...
if (!file_exists(dirname(__FILE__) . '/SSI.php'))
die('Cannot find SSI.php');

require_once(
dirname(__FILE__) . '/SSI.php');
require_once(
$sourcedir '/ManagePaid.php');

// For any admin emailing.
require_once($sourcedir '/Subs-Admin.php');

loadLanguage('ManagePaid');

// If there's literally nothing coming in, let's take flight!
if (empty($_POST))
die($txt['paid_no_data']);

// I assume we're even active?
if (empty($modSettings['paid_enabled']))
exit;

// If we have some custom people who find out about problems load them here.
$notify_users = array();
if (!empty(
$modSettings['paid_email_to']))
foreach (explode(','$modSettings['paid_email_to']) as $email)
$notify_users[] = array(
'email' => $email,
'name' => $txt['who_member'],
'id' => 0,
);

// We need to see whether we can find the correct payment gateway,
// we'll going to go through all our gateway scripts and find out
// if they are happy with what we have.
$txnType '';
$gatewayHandles loadPaymentGateways();
foreach (
$gatewayHandles as $gateway)
{
$gatewayClass = new $gateway['payment_class']();
if ($gatewayClass->isValid())
{
$txnType $gateway['code'];
break;
}
}

if (empty(
$txnType))
generateSubscriptionError($txt['paid_unknown_transaction_type']);

// Get the subscription and member ID amoungst others...
@list ($subscription_id$member_id) = $gatewayClass->precheck();

// Integer these just in case.
$subscription_id = (int) $subscription_id;
$member_id = (int) $member_id;

// This would be bad...
if (empty($member_id))
generateSubscriptionError($txt['paid_empty_member']);

// Verify the member.
$request $smcFunc['db_query']('''
SELECT id_member, member_name, real_name, email_address
FROM {db_prefix}members
WHERE id_member = {int:current_member}'
,
array(
'current_member' => $member_id,
)
);
// Didn't find them?
if ($smcFunc['db_num_rows']($request) == 0)
generateSubscriptionError(sprintf($txt['paid_could_not_find_member'], $member_id));
$member_info $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);

// Get the subscription details.
$request $smcFunc['db_query']('''
SELECT cost, length, name
FROM {db_prefix}subscriptions
WHERE id_subscribe = {int:current_subscription}'
,
array(
'current_subscription' => $subscription_id,
)
);

// Didn't find it?
if ($smcFunc['db_num_rows']($request) == 0)
generateSubscriptionError(sprintf($txt['paid_count_not_find_subscription'], $member_id$subscription_id));

$subscription_info $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);

// We wish to check the pending payments to make sure we are expecting this.
$request $smcFunc['db_query']('''
SELECT id_sublog, payments_pending, pending_details, end_time
FROM {db_prefix}log_subscribed
WHERE id_subscribe = {int:current_subscription}
AND id_member = {int:current_member}
LIMIT 1'
,
array(
'current_subscription' => $subscription_id,
'current_member' => $member_id,
)
);
if (
$smcFunc['db_num_rows']($request) == 0)
generateSubscriptionError(sprintf($txt['paid_count_not_find_subscription_log'], $member_id$subscription_id));
$subscription_info += $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);

// Is this a refund etc?
if ($gatewayClass->isRefund())
{
// If the end time subtracted by current time, is not greater
// than the duration (ie length of subscription), then we close it.
if ($subscription_info['end_time'] - time() < $subscription_info['length'])
{
// Delete user subscription.
removeSubscription($subscription_id$member_id);
$subscription_act time();
$status 0;
}
else
{
loadSubscriptions();
$subscription_act $subscription_info['end_time'] - $context['subscriptions'][$subscription_id]['num_length'];
$status 1;
}

// Mark it as complete so we have a record.
$smcFunc['db_query']('''
UPDATE {db_prefix}log_subscribed
SET end_time = {int:current_time}
WHERE id_subscribe = {int:current_subscription}
AND id_member = {int:current_member}
AND status = {int:status}'
,
array(
'current_time' => $subscription_act,
'current_subscription' => $subscription_id,
'current_member' => $member_id,
'status' => $status,
)
);

// Receipt?
if (!empty($modSettings['paid_email']) && $modSettings['paid_email'] == 2)
{
$replacements = array(
'NAME' => $subscription_info['name'],
'REFUNDNAME' => $member_info['member_name'],
'REFUNDUSER' => $member_info['real_name'],
'PROFILELINK' => $scripturl '?action=profile;u=' $member_id,
'DATE' => timeformat(time(), false),
);

emailAdmins('paid_subscription_refund'$replacements$notify_users);
}

}
// Otherwise is it what we want, a purchase?
elseif ($gatewayClass->isPayment() || $gatewayClass->isSubscription())
{
$cost unserialize($subscription_info['cost']);
$total_cost $gatewayClass->getCost();
$notify false;

// For one off's we want to only capture them once!
if (!$gatewayClass->isSubscription())
{
$real_details = @unserialize($subscription_info['pending_details']);
if (empty($real_details))
generateSubscriptionError(sprintf($txt['paid_count_not_find_outstanding_payment'], $member_id$subscription_id));
// Now we just try to find anything pending.
// We don't really care which it is as security happens later.
foreach ($real_details as $id => $detail)
{
unset($real_details[$id]);
if ($detail[3] == 'payback' && $subscription_info['payments_pending'])
$subscription_info['payments_pending']--;
break;
}
$subscription_info['pending_details'] = empty($real_details) ? '' serialize($real_details);

$smcFunc['db_query']('''
UPDATE {db_prefix}log_subscribed
SET payments_pending = {int:payments_pending}, pending_details = {string:pending_details}
WHERE id_sublog = {int:current_subscription_item}'
,
array(
'payments_pending' => $subscription_info['payments_pending'],
'current_subscription_item' => $subscription_info['id_sublog'],
'pending_details' => $subscription_info['pending_details'],
)
);
}

// Is this flexible?
if ($subscription_info['length'] == 'F')
{
$found_duration 0;
// This is a little harder, can we find the right duration?
foreach ($cost as $duration => $value)
{
if ($duration == 'fixed')
continue;
elseif ((float) $value == (float) $total_cost)
$found_duration strtoupper(substr($duration01));
}

// If we have the duration then we're done.
if ($found_duration!== 0)
{
$notify true;
addSubscription($subscription_id$member_id$found_duration);
}
}
else
{
$actual_cost $cost['fixed'];
// It must be at least the right amount.
if ($total_cost != && $total_cost >= $actual_cost)
{
// Add the subscription.
$notify true;
addSubscription($subscription_id$member_id);
}
}

// Send a receipt?
if (!empty($modSettings['paid_email']) && $modSettings['paid_email'] == && $notify)
{
$replacements = array(
'NAME' => $subscription_info['name'],
'SUBNAME' => $member_info['member_name'],
'SUBUSER' => $member_info['real_name'],
'SUBEMAIL' => $member_info['email_address'],
'PRICE' => sprintf($modSettings['paid_currency_symbol'], $total_cost),
'PROFILELINK' => $scripturl '?action=profile;u=' $member_id,
'DATE' => timeformat(time(), false),
);

emailAdmins('paid_subscription_new'$replacements$notify_users);
}
}

// In case we have anything specific to do.
$gatewayClass->close();

// Log an error then die.
function generateSubscriptionError($text)
{
global $modSettings$notify_users$smcFunc;

// Send an email?
if (!empty($modSettings['paid_email']))
{
$replacements = array(
'ERROR' => $text,
);

emailAdmins('paid_subscription_error'$replacements$notify_users);
}

// Maybe we can try to give them the post data?
if (!empty($_POST))
foreach ($_POST as $key => $val)
$text .= '<br />' $smcFunc['htmlspecialchars']($key) . ': ' $smcFunc['htmlspecialchars']($val);

// Then just log and die.
log_error($text);

exit;
}

?>



Arantor

It's before that, in fact, to its original declaration:

@list ($subscription_id, $member_id) = $gatewayClass->precheck();

That's declared in the Subscriptions-Paypal file in Sources/ so that's the next place to look...

xmagex

I think that here is the part that i need:


private function _findSubscription()
{
global $smcFunc;

// Assume we have this?
if (empty($_POST['subscr_id']))
return false;

// Do we have this in the database?
$request = $smcFunc['db_query']('', '
SELECT id_member, id_subscribe
FROM {db_prefix}log_subscribed
WHERE vendor_ref = {string:vendor_ref}
LIMIT 1',
array(
'vendor_ref' => $_POST['subscr_id'],
)
);
// No joy?
if ($smcFunc['db_num_rows']($request) == 0)
{
// Can we identify them by email?
if (!empty($_POST['payer_email']))
{
$smcFunc['db_free_result']($request);
$request = $smcFunc['db_query']('', '
SELECT ls.id_member, ls.id_subscribe
FROM {db_prefix}log_subscribed AS ls
INNER JOIN {db_prefix}members AS mem ON (mem.id_member = ls.id_member)
WHERE mem.email_address = {string:payer_email}
LIMIT 1',
array(
'payer_email' => $_POST['payer_email'],
)
);
if ($smcFunc['db_num_rows']($request) == 0)
return false;
}
else
return false;
}
list ($member_id, $subscription_id) = $smcFunc['db_fetch_row']($request);
$_POST['item_number'] = $member_id . '+' . $subscription_id;
$smcFunc['db_free_result']($request);
}


But i don't know how use it, "list"  ::)

This is all the file Substrinction-paypal


<?php
/**********************************************************************************
* Subscriptions-PayPal.php                                                        *
***********************************************************************************
* SMF: Simple Machines Forum                                                      *
* Open-Source Project Inspired by Zef Hemel ([email protected])                    *
* =============================================================================== *
* Software Version:           SMF 2.0 RC4                                         *
* Software by:                Simple Machines (http://www.simplemachines.org)     *
* Copyright 2006-2010 by:     Simple Machines LLC (http://www.simplemachines.org) *
*           2001-2006 by:     Lewis Media (http://www.lewismedia.com)             *
* Support, News, Updates at:  http://www.simplemachines.org                       *
***********************************************************************************
* This program is free software; you may redistribute it and/or modify it under   *
* the terms of the provided license as published by Simple Machines LLC.          *
*                                                                                 *
* This program is distributed in the hope that it is and will be useful, but      *
* WITHOUT ANY WARRANTIES; without even any implied warranty of MERCHANTABILITY    *
* or FITNESS FOR A PARTICULAR PURPOSE.                                            *
*                                                                                 *
* See the "license.txt" file for details of the Simple Machines license.          *
* The latest version can always be found at http://www.simplemachines.org.        *
**********************************************************************************/

// This won't be dedicated without this - this must exist in each gateway!
// SMF Payment Gateway: paypal

class paypal_display
{
public $title 'PayPal';

public function getGatewaySettings()
{
global $txt;

$setting_data = array(
array('text''paypal_email''subtext' => $txt['paypal_email_desc']),
);

return $setting_data;
}

// Is this enabled for new payments?
public function gatewayEnabled()
{
global $modSettings;

return !empty($modSettings['paypal_email']);
}

// What do we want?
public function fetchGatewayFields($unique_id$sub_data$value$period$return_url)
{
global $modSettings$txt$boardurl;

$return_data = array(
'form' => 'https://www.' . (!empty($modSettings['paidsubs_test']) ? 'sandbox.' '') . 'paypal.com/cgi-bin/webscr',
'id' => 'paypal',
'hidden' => array(),
'title' => $txt['paypal'],
'desc' => $txt['paid_confirm_paypal'],
'submit' => $txt['paid_paypal_order'],
'javascript' => '',
);

// All the standard bits.
$return_data['hidden']['business'] = $modSettings['paypal_email'];
$return_data['hidden']['item_name'] = $sub_data['name'] . ' ' $txt['subscription'];
$return_data['hidden']['item_number'] = $unique_id;
$return_data['hidden']['currency_code'] = strtoupper($modSettings['paid_currency_code']);
$return_data['hidden']['no_shipping'] = 1;
$return_data['hidden']['no_note'] = 1;
$return_data['hidden']['amount'] = $value;
$return_data['hidden']['cmd'] = !$sub_data['repeatable'] ? '_xclick' '_xclick-subscriptions';
$return_data['hidden']['return'] = $return_url;
$return_data['hidden']['a3'] = $value;
$return_data['hidden']['src'] = 1;
$return_data['hidden']['notify_url'] = $boardurl '/subscriptions.php';

// Now stuff dependant on what we're doing.
if ($sub_data['flexible'])
{
$return_data['hidden']['p3'] = 1;
$return_data['hidden']['t3'] = strtoupper(substr($period01));
}
else
{
preg_match('~(\d*)(\w)~'$sub_data['real_length'], $match);
$unit $match[1];
$period $match[2];

$return_data['hidden']['p3'] = $unit;
$return_data['hidden']['t3'] = $period;
}

// If it's repeatable do soem javascript to respect this idea.
if (!empty($sub_data['repeatable']))
$return_data['javascript'] = '
document.write(\'<label for="do_paypal_recur"><input type="checkbox" name="do_paypal_recur" id="do_paypal_recur" checked="checked" onclick="switchPaypalRecur();" class="input_check" />' 
$txt['paid_make_recurring'] . '</label><br />\');

function switchPaypalRecur()
{
document.getElementById("paypal_cmd").value = document.getElementById("do_paypal_recur").checked ? "_xclick-subscriptions" : "_xclick";
}'
;

return $return_data;
}
}

class 
paypal_payment
{
private $return_data;

// This function returns true/false for whether this gateway thinks the data is intended for it.
public function isValid()
{
global $modSettings;

// Has the user set up an email address?
if (empty($modSettings['paypal_email']))
return false;
// Check the correct transaction types are even here.
if ((!isset($_POST['txn_type']) && !isset($_POST['payment_status'])) || (!isset($_POST['business']) && !isset($_POST['receiver_email'])))
return false;
// Correct email address?
if (!isset($_POST['business']))
$_POST['business'] = $_POST['receiver_email'];
if ($modSettings['paypal_email'] != $_POST['business'] && (empty($modSettings['paypal_additional_emails']) || !in_array($_POST['business'], explode(','$modSettings['paypal_additional_emails']))))
return false;
return true;
}

// Validate all the data was valid.
public function precheck()
{
global $modSettings$txt;

// Put this to some default value.
if (!isset($_POST['txn_type']))
$_POST['txn_type'] = '';

// Build the request string - starting with the minimum requirement.
$requestString 'cmd=_notify-validate';

// Now my dear, add all the posted bits.
foreach ($_POST as $k => $v)
$requestString .= '&' $k '=' urlencode($v);

// Can we use curl?
if (function_exists('curl_init') && $curl curl_init('http://www.', !empty($modSettings['paidsubs_test']) ? 'sandbox.' '''paypal.com/cgi-bin/webscr'))
{
// Set the post data.
curl_setopt($curlCURLOPT_POSTtrue);
curl_setopt($curlCURLOPT_POSTFIELDSIZE0);
curl_setopt($curlCURLOPT_POSTFIELDS$requestString);

// Fetch the data returned as a string.
curl_setopt($curlCURLOPT_RETURNTRANSFERtrue);

// Fetch the data.
$this->return_data curl_exec($curl);

// Close the session.
curl_close($curl);
}
// Otherwise good old HTTP.
else
{
// Setup the headers.
$header 'POST /cgi-bin/webscr HTTP/1.0' "\r\n";
$header .= 'Content-Type: application/x-www-form-urlencoded' "\r\n";
$header .= 'Content-Length: ' strlen ($requestString) . "\r\n\r\n";

// Open the connection.
$fp fsockopen('www.' . (!empty($modSettings['paidsubs_test']) ? 'sandbox.' '') . 'paypal.com'80$errno$errstr30);

// Did it work?
if (!$fp)
generateSubscriptionError($txt['paypal_could_not_connect']);

// Put the data to the port.
fputs($fp$header $requestString);

// Get the data back...
while (!feof($fp))
{
$this->return_data fgets($fp1024);
if (strcmp($this->return_data'VERIFIED') == 0)
break;
}

// Clean up.
fclose($fp);
}

// If this isn't verified then give up...
// !! This contained a comment "send an email", but we don't appear to send any?
if (strcmp($this->return_data'VERIFIED') != 0)
exit;

// Check that this is intended for us.
if ($modSettings['paypal_email'] != $_POST['business'] && (empty($modSettings['paypal_additional_emails']) || !in_array($_POST['business'], explode(','$modSettings['paypal_additional_emails']))))
exit;

// Is this a subscription - and if so it's it a secondary payment that we need to process?
if ($this->isSubscription() && (empty($_POST['item_number']) || strpos($_POST['item_number'], '+') === false))
// Calculate the subscription it relates to!
$this->_findSubscription();

// Verify the currency!
if (strtolower($_POST['mc_currency']) != $modSettings['paid_currency_code'])
exit;

// Can't exist if it doesn't contain anything.
if (empty($_POST['item_number']))
exit;

// Return the id_sub and id_member
return explode('+'$_POST['item_number']);
}

// Is this a refund?
public function isRefund()
{
if ($_POST['payment_status'] == 'Refunded' || $_POST['payment_status'] == 'Reversed' || $_POST['txn_type'] == 'Refunded' || ($_POST['txn_type'] == 'reversal' && $_POST['payment_status'] == 'Completed'))
return true;
else
return false;
}

// Is this a subscription?
public function isSubscription()
{
if (substr($_POST['txn_type'], 014) == 'subscr_payment')
return true;
else
return false;
}

// Is this a normal payment?
public function isPayment()
{
if ($_POST['payment_status'] == 'Completed' && $_POST['txn_type'] == 'web_accept')
return true;
else
return false;
}

// How much was paid?
public function getCost()
{
return $_POST['tax'] + $_POST['mc_gross'];
}

// exit.
public function close()
{
global $smcFunc$subscription_id;

// If it's a subscription record the reference.
if ($_POST['txn_type'] == 'subscr_payment' && !empty($_POST['subscr_id']))
{
$_POST['subscr_id'] = $_POST['subscr_id'];
$smcFunc['db_query']('''
UPDATE {db_prefix}log_subscribed
SET vendor_ref = {string:vendor_ref}
WHERE id_sublog = {int:current_subscription}'
,
array(
'current_subscription' => $subscription_id,
'vendor_ref' => $_POST['subscr_id'],
)
);
}

exit();
}

// A private function to find out the subscription details.
private function _findSubscription()
{
global $smcFunc;

// Assume we have this?
if (empty($_POST['subscr_id']))
return false;

// Do we have this in the database?
$request $smcFunc['db_query']('''
SELECT id_member, id_subscribe
FROM {db_prefix}log_subscribed
WHERE vendor_ref = {string:vendor_ref}
LIMIT 1'
,
array(
'vendor_ref' => $_POST['subscr_id'],
)
);
// No joy?
if ($smcFunc['db_num_rows']($request) == 0)
{
// Can we identify them by email?
if (!empty($_POST['payer_email']))
{
$smcFunc['db_free_result']($request);
$request $smcFunc['db_query']('''
SELECT ls.id_member, ls.id_subscribe
FROM {db_prefix}log_subscribed AS ls
INNER JOIN {db_prefix}members AS mem ON (mem.id_member = ls.id_member)
WHERE mem.email_address = {string:payer_email}
LIMIT 1'
,
array(
'payer_email' => $_POST['payer_email'],
)
);
if ($smcFunc['db_num_rows']($request) == 0)
return false;
}
else
return false;
}
list ($member_id$subscription_id) = $smcFunc['db_fetch_row']($request);
$_POST['item_number'] = $member_id '+' $subscription_id;
$smcFunc['db_free_result']($request);
}
}

?>


Arantor

QuoteBut i don't know how use it, "list"

list() is very straightforward. Let's say we have an array, $myvariable = array('first item', 'second item');
We can go: list($first, $second) = $myvariable;

This gives us $first = 'first item', $second = 'second item';

(Don't forget the PHP manual does have all this and plenty more)


Anyway, so let's follow it through. PayPal supplies a subscription ID in the POST body of the message it sends, specifically in to $_POST['subscr_id'] and we look to find it from there assuming it's in the database in the main table.

Failing that, it tries to find details based on email address and other information. Assuming it finds it, it populates the member id and subscription id and returns.

As in, the message that comes back from PayPal contains information that can be used to identify the purchaser. Presumably the page that *goes* to PayPal includes some of these details...

xmagex

Quote from: Arantor on March 30, 2011, 10:32:53 AM
As in, the message that comes back from PayPal contains information that can be used to identify the purchaser. Presumably the page that *goes* to PayPal includes some of these details...

Thank you for the lesson  :D This is the main part.

I'm using this php script that works very well.


<?php
require_once 'IPNListener.php';
require_once 
'/xxx/SSI.php';
require_once(
$sourcedir '/ManagePaid.php');
require_once(
$sourcedir '/Subs-Admin.php');


class 
YIIListener extends IPNListener
{
    protected 
$conn;
 
        protected function 
isVerifiedAmmount()
        {
            if(
$_POST['mc_gross'] == AMMOUNT)
            {
                return 
TRUE;
            }
 
            return 
FALSE;
        }
 
        protected function 
isNotProcessed()
        {
            
$this->dbConnect();
            
$sql "SELECT * FROM utenti WHERE idTransazione='$_POST[txn_id]'";
            
$res mysql_query($sql$this->conn);
            if(
mysql_num_rows($res))
            {
                return 
FALSE;
            }
            return 
TRUE;
        }
 
        protected function 
dbConnect()
        {
            
$this->conn = @mysql_connect(HOST,DB_USER,DB_PASSWORD) OR die();
            @
mysql_select_db(DB_NAME,$this->conn) OR die();
        }
 
        protected function 
getRandPassword()
        {
            
$result "";
            for(
$i 0;$i 10$i++)
            {
                
$chr rand(40,126);
                
$result .= chr($chr);
            }
            return 
$result;
        }
 
        protected function 
sendLoginData($password)
        {
            if(
SIMULATION)
            {
                
$to ADMIN_MAIL;
                
$add "- SIMULAZIONE -";
            }
            else
            {
                
$to $_POST['payer_email'];
                
$add "";
            }
 
            
$subject "$add Attivazione account su Your Inspiration Images";
            
$from NO_REPLY;
            
$message "Ciao $_POST[first_name] e benvenuto su YII\r\n";
            
$message .= "Ecco i tuoi dati di autenticazione:\r\n\r\n";
            
$message .= "Nome utente: $_POST[payer_email] \r\n";
            
$message .= "Password: $password \r\n\r\n";
            
$message .= "Your Inspiration Images Team";
 
            
mail($to,$subject,$message,"From: noreply<$from>");
        }
 
        public function 
insertNewUser()
        {
            if(
$this->isReadyTransaction())
            {
                
$password $this->getRandPassword();
                
$md5password md5($password);

                
$sql "INSERT INTO utenti
                (nome,cognome,email,username,password,idTransazione)
                VALUES ('
$member_id','$_POST[last_name]','$_POST[payer_email]','$_POST[payer_email]','$md5password','$_POST[txn_id]')";
 
                
mysql_query($sql,$this->conn);
                
$this->sendLoginData($password);
            }
        }
}
$ipn = new YIIListener();
$ipn->insertNewUser();
?>



this is the part that i'm modifing:


<?php
 
public function insertNewUser()
        {
            if(
$this->isReadyTransaction())
            {
                
$password $this->getRandPassword();
                
$md5password md5($password);

                
$sql "INSERT INTO utenti
                (nome,cognome,email,username,password,idTransazione)
                VALUES ('
$member_id','$_POST[last_name]','$_POST[payer_email]','$_POST[payer_email]','$md5password','$_POST[txn_id]')";
 
                
mysql_query($sql,$this->conn);
                
$this->sendLoginData($password);
            }
        }
?>



When a buyer pay the order, then the query is sent. But only the field $member_id not works, because isn't declarate.

Now i must find a system to find the ID/Name of SMF User.

Arantor

When the subscriptions module in SMF gets an IPN notification, the IPN notification ITSELF contains enough information for SMF to look up the member id. It's not magic, it's not voodoo, SMF supplies information TO THE IPN IN THE FIRST PLACE, so that the IPN CAN RETURN IT BACK.

You need to look at the form you're sending to PayPal and send a subscription or payment ID OF YOUR OWN to PayPal, PayPal handles the payment and notifies you that the payment whose ID you gave them has completed.

Advertisement: