<?php
/*
Copyright, 2014 Magictallguy
This file, and all files linked to it, are to be used at Magictallguy's discretion only.
If the file is removed by, or at the request of Magictallguy; then it should not be re-uploaded.
If the file is re-uploaded, or not removed; Magictallguy reserves the right to have it removed by the authorities available at the time
*/
// tell PHP to log errors to ipn_errors.log in this directory
// include(DIRNAME(__DIR__) . '/includes/dbcon.php');
// (DIRNAME(__DIR__) . '/includes/classes.php');
// initiate the IPN listener
//(__DIR__ . '/ipnlistener.php');
$listener = new IpnListener();
// tell the IPN listener not to use the PayPal test sandbox
$listener->use_sandbox = true;
// try to process the IPN POST
try {
$listener->requirePostMethod();
$verified = $listener->processIpn();
} catch (Exception $e) {
error_log($e->getMessage());
exit;
}
$errorMail = 'errors@convict-conflict.com';
// mail($errorMail, 'Payment details: everything', $listener->getTextReport());
if($verified) {
if(!ctype_digit($_POST['item_number']) || !$_POST['item_number']) {
mail($errorMail, 'Payment failed: no pack ID', $listener->getTextReport());
exit;
}
if($_POST['payment_status'] != 'Completed') {
mail($errorMail, 'Payment failed: invalid status', $listener->getTextReport());
exit;
}
// if(!in_array(strtolower($_POST['receiver_email']), array('magictallguy_card@hotmail.co.uk', 'heres_chrissie@hotmail.co.uk'))) {
if(strtolower($_POST['receiver_email']) != 'mtg@magictallguy.tk') {
mail($errorMail, 'Payment failed: invalid receiver email', $listener->getTextReport());
exit;
}
if($_POST['mc_currency'] != 'USD') {
mail($errorMail, 'Payment failed: invalid currency', $listener->getTextReport());
exit;
}
if($_POST['payment_type'] != 'instant') {
mail($errorMail, 'Payment failed: invalid payment type', $listener->getTextReport());
exit;
}
if($_POST['txn_type'] != 'web_accept') {
mail($errorMail, 'Payment failed: invalid transaction type', $listener->getTextReport());
exit;
}
$query = $mtgdb->query("SELECT `id_purchase` FROM `paypal_ipn` WHERE `ipn_data` = '".$mtgdb->escape($_POST['txn_id'])."'");
if($mtgdb->num_rows($query)) {
mail($errorMail, 'Payment failed: double submission', $listener->getTextReport());
exit("You've already submitted this payment");
}
$select = $mtgdb->query("SELECT * FROM `pcstore` WHERE `pack_id` = ".$_POST['item_number']);
if(!$mtgdb->num_rows($select)) {
mail($errorMail, 'Payment failed: Invalid Pack ID', $listener->getTextReport());
exit("Invalid pack ID");
}
$row = $mtgdb->fetch_row($select);
$discount = $mtgdb->fetch_single($mtgdb->query("SELECT `discount` FROM `serverconfig`"));
if($discount)
$row['pack_cost'] -= ($row['pack_cost'] / 100 * $discount);
$custom = explode('|', $_POST['custom']);
$donator = new User($custom[0], $mtgdb);
if(!empty($custom[2]) && $custom[2] != '0.00') {
$_POST['mc_gross'] += $custom[2];
if($donator->storeCredit < $custom[2] || $row['pack_cost'] != $_POST['mc_gross']) {
mail($errorMail, 'Payment failed: Tried to cheat the Store Credit System', $listener->getTextReport());
exit;
}
$mtgdb->query("UPDATE `users` SET `storeCredit` = `storeCredit` - ".$custom[2]." WHERE `id` = ".$donator->id);
} else {
if($_POST['mc_gross'] != $row['pack_cost']) {
mail($errorMail, 'Payment failed: Amount paid doesn\'t match pack: Gross: '.$_POST['mc_gross'].' | Cost: '.$row['pack_cost'], $listener->getTextReport());
exit;
}
}
$mtgdb->query("INSERT INTO `paypal_ipn` VALUES ('', ".$donator->id.", ".time().", '".$mtgdb->escape($_POST['txn_id'])."', '".$row['pack_details']."', '".$custom[1]."', ".$_POST['mc_gross'].", '".$mtgdb->escape($_POST['payer_email'])."')");
if($row['pack_type'] == 'query') {
$sql = "UPDATE `users` SET ".$row['pack_query']." WHERE `id` = ".$donator->id;
mail($errorMail, 'Credit details: query check', $sql, 'From: support@convict-conflict.com');
$mtgdb->query($sql);
if(preg_match('/\`bank\` ?\+ ?[0-9]+/', $row['pack_query'], $match))
translog_add($_SESSION['who'], 'rp store', 'money', preg_replace('/\`bank\` ?\+ ?/', '', $match[0]));
if(preg_match('/\`points\` ?\+ ?[0-9]+/', $row['pack_query'], $match))
translog_add($_SESSION['who'], 'rp store', 'points', preg_replace('/\`points\` ?\+ ?/', '', $match[0]));
if(preg_match('/\`rmdays\` ?\+ ?[0-9]+/', $row['pack_query'], $match))
translog_add($_SESSION['who'], 'rp store', 'rp days', preg_replace('/\`rmdays\` ?\+ ?/', '', $match[0]));
} else if($row['pack_type'] == 'item') {
$items = explode('|', $row['pack_query']);
mail($errorMail, 'Credit details: queryItem/sql', print_r($items, true)."\r\n\r\n".$sql, 'From: support@convict-conflict.com');
foreach($items as $itemQty) {
$item = explode(',', $itemQty);
$selectItem = $mtgdb->query("SELECT `id` FROM `items` WHERE `id` = ".$item[0]);
if($mtgdb->num_rows($selectItem)) {
Give_Item($item[0], $donator->id, $item[1]);
translog_add($donator->id, 'rp store', 'item', $item[0], $item[1]);
}
}
mail($errorMail, 'Payment details: item check', $sql."\r\n\r\n\r\n".$listener->getTextReport());
} else {
$queryItem = explode('.', $row['pack_query']); //$queryItem[0] = [The query] | $queryItem[1] = [the items/qty]
$sql = "UPDATE `users` SET ".str_replace(array('[', ']'), '', $queryItem[0])." WHERE `id` = ".$donator->id;
$mtgdb->query($sql);
mail($errorMail, 'Credit details: queryItem/sql', print_r($queryItem, true)."\r\n\r\n".$sql, 'From: support@convict-conflict.com');
if(preg_match('/\`bank\` ?\+ ?[0-9]+/', str_replace(array('[', ']'), '', $queryItem[0]), $match))
translog_add($_SESSION['who'], 'rp store', 'money', preg_replace('/\`bank\` ?\+ ?/', '', $match[0]));
if(preg_match('/\`points\` ?\+ ?[0-9]+/', str_replace(array('[', ']'), '', $queryItem[0]), $match))
translog_add($_SESSION['who'], 'rp store', 'points', preg_replace('/\`points\` ?\+ ?/', '', $match[0]));
if(preg_match('/\`rmdays\` ?\+ ?[0-9]+/', str_replace(array('[', ']'), '', $queryItem[0]), $match))
translog_add($_SESSION['who'], 'rp store', 'rp days', preg_replace('/\`rmdays\` ?\+ ?/', '', $match[0]));
$items = explode('|', str_replace(array('[', ']'), '', $queryItem[1]));
foreach($items as $itemQty) {
$item = explode(',', $itemQty);
$selectItem = $mtgdb->query("SELECT `id` FROM `items` WHERE `id` = ".$item[0]);
if($mtgdb->num_rows($selectItem)) {
Give_Item($item[0], $donator->id, $item[1]);
translog_add($donator->id, 'rp store', 'item', $item[0], $item[1]);
}
}
mail($errorMail, 'Payment details: both check', $sql."\r\n\r\n\r\n".$listener->getTextReport());
}
Send_Event(1, $donator->formattedname." [".$donator->id."] paid for ".$row['pack_name'], 'donations');
Send_Event(2, $donator->formattedname." [".$donator->id."] paid for ".$row['pack_name'], 'donations');
$selectReferral = $mtgdb->query("SELECT `referrer` FROM `referrals` WHERE `referred` = ".$donator->id);
if($mtgdb->num_rows($selectReferral)) {
$referrer = $mtgdb->fetch_single($selectReferral);
$mtgdb->query("UPDATE `users` SET `storeCredit` = `storeCredit` + ".$mtg->formatMoney($_POST['mc_gross'] / 10, false)." WHERE `id` = ".$referrer);
Send_Event($referrer, $donator->formattedname." just upgraded their account. You receive ".$mtg->formatMoney($_POST['mc_gross'] / 10)." as RP Store Credit", 'donations');
}
Send_Event($donator->id, "Your ".$row['pack_name']." has been credited to you. Thank you!", 'donations');
mail($errorMail, 'Valid payment processed', $listener->getTextReport());
$selectDonCount = $mtgdb->query("SELECT `id` FROM `top_donators` WHERE `userid` = ".$donator->id);
if(!$mtgdb->num_rows($selectDonCount))
$mtgdb->query("INSERT INTO `top_donators` (`userid`, `donCount`) VALUES (".$donator->id.", ".$_POST['mc_gross'].")");
else
$mtgdb->query("UPDATE `top_donators` SET `donCount` = `donCount` + ".$_POST['mc_gross']." WHERE `userid` = ".$donator->id);
} else {
mail($errorMail, 'Invalid IPN', $listener->getTextReport());
$donator = new User($donator->id, $mtgdb);
Send_Event(1, $donator->formattedname." [".$donator->id."] failed to pay for ".$row['pack_name'], 'donations');
Send_Event(2, $donator->formattedname." [".$donator->id."] failed to pay for ".$row['pack_name'], 'donations');
exit("Payment failed<br /><a href='http://convict-conflict.com'>Return to ".$mtg->gameSet('game_name')."</a>");
}
preferences:
33.63 ms | 402 KiB | 5 Q