Home Explore Help
Register Sign In
NSHkD
/
Gazelle
forked from Oppaitime/Gazelle
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Oppaitime's version of Gazelle
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
212 Commits
1 Branch
Tree: 268f9f3627
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '268f9f3627'
${ noResults }
Gazelle/sections/donate/ipn.php

ipn.php 6.5KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140 
  1. <?

  2. // Paypal hits this page once a donation has gone through.

  3. // This may appear to be light on the input validation, but the vast majority of that is handled through paypal confirmation

  4. // $_POST['txn_id'] centains the unique identifier if anyone ever needs it

  5. if (!is_number($_POST['custom'])) {

  6.   die(); //Seems too stupid a mistake to bother banning

  7. }

  8. 

  9. // Create request to return to paypal

  10. $Request = 'cmd=_notify-validate';

  11. foreach ($_POST as $Key => $Value) {

  12.   $Value = urlencode(stripslashes($Value));

  13.   $Request .= "&$Key=$Value";

  14. }

  15. 

  16. // Headers

  17. $Headers = "POST /cgi-bin/webscr HTTP/1.1\r\n";

  18. $Headers .= "Host: www.paypal.com\r\n";

  19. $Headers .= "Content-Type: application/x-www-form-urlencoded\r\n";

  20. $Headers .= "Content-Length: ".strlen($Request)."\r\n";

  21. $Headers .= "Connection: close\r\n\r\n";

  22. 

  23. // Socket

  24. $Socket = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);

  25. 

  26. // Send and process reply

  27. fwrite ($Socket, $Headers.$Request);

  28. $Result = '';

  29. while (!feof($Socket)) {

  30.   $Result .= fgets ($Socket, 1024);

  31. }

  32. 

  33. if (strpos($Result, 'VERIFIED') !== false || check_perms('site_debug')) {

  34.   if ($_POST['mc_gross'] >= PAYPAL_MINIMUM) {

  35.     if ($_POST['mc_currency'] == PAYPAL_CURRENCY) {

  36.       if ($_POST['business'] == PAYPAL_ADDRESS) {

  37.         if (($_POST['payment_status'] == 'Completed') || ($_POST['payment_status'] == 'Pending')) {

  38.           $DB->query('

  39.             SELECT Donor

  40.             FROM users_info

  41.             WHERE UserID = \''.$_POST['custom'].'\'');

  42.           list($Donor) = $DB->next_record();

  43.           if ($Donor == 0) {

  44.             //First time donor

  45.             $DB->query('

  46.               UPDATE users_main

  47.               SET Invites = Invites + \''.DONOR_INVITES.'\'

  48.               WHERE ID = \''.$_POST['custom'].'\'');

  49.             $DB->query('

  50.               UPDATE users_info

  51.               SET Donor = \'1\'

  52.               WHERE UserID = \''.$_POST['custom'].'\'');

  53.             $DB->query('

  54.               SELECT Invites

  55.               FROM users_main

  56.               WHERE ID = \''.$_POST['custom'].'\'');

  57.             list($Invites) = $DB->next_record();

  58.             $Cache->begin_transaction('user_info_'.$_POST['custom']);

  59.             $Cache->update_row(false, array('Donor' => 1));

  60.             $Cache->commit_transaction(0);

  61.             $Cache->begin_transaction('user_info_heavy_'.$_POST['custom']);

  62.             $Cache->update_row(false, array('Invites' => $Invites));

  63.             $Cache->commit_transaction(0);

  64.             Misc::send_pm($_POST['custom'], 0, 'Thank you for your donation', 'Your donation from '.$_POST['payer_email'].' of '.$_POST['mc_gross'].' '.PAYPAL_CURRENCY.' has been successfully processed. Because this is your first time donating, you have now been awarded Donor status as represented by the <3 found on your profile and next to your username where it appears. This has entitled you to a additional site features which you can now explore, and has granted you '.DONOR_INVITES.' invitations to share with others. Thank you for supporting '.SITE_NAME.'.');

  65.           } else {

  66.             //Repeat donor

  67.             Misc::send_pm($_POST['custom'], 0, 'Thank you for your donation', 'Your donation from '.$_POST['payer_email'].' of '.$_POST['mc_gross'].' '.PAYPAL_CURRENCY.' has been successfully processed. Your continued support is highly appreciated and helps to make this place possible.');

  68.           }

  69. 

  70. 

  71.         }

  72.       }

  73.     }

  74.   } else {

  75.     if ($_POST['mc_gross'] > 0) {

  76.       //Donation less than minimum

  77.       Misc::send_pm($_POST['custom'], 0, 'Thank you for your donation', 'Your donation from '.$_POST['payer_email'].' of '.$_POST['mc_gross'].' '.PAYPAL_CURRENCY.' has been successfully processed. Unfortunately however this donation was less than the specified minimum donation of '.PAYPAL_MINIMUM.' '.PAYPAL_CURRENCY.' and while we are grateful, no special privileges have been awarded to you.');

  78.     } else {

  79.       //Failed pending donation

  80.       $Message = "User ".site_url()."user.php?id=".$_POST['custom']." had donation of $TotalDonated ".PAYPAL_CURRENCY." at $DonationTime UTC from ".$_POST['payer_email'].' returned.';

  81.       $DB->query('

  82.         SELECT SUM(Amount), MIN(Time)

  83.         FROM donations

  84.         WHERE UserID = \''.$_POST['custom'].'\';');

  85.       list($TotalDonated, $DonationTime) = $DB->next_record();

  86.       if ($TotalDonated + $_POST['mc_gross'] == 0) {

  87.         $DB->query("

  88.           SELECT Invites

  89.           FROM users_main

  90.           WHERE ID = '".$_POST['custom']."'");

  91.         list($Invites) = $DB->next_record();

  92.         if (($Invites - DONOR_INVITES) >= 0) {

  93.           $NewInvites = $Invites - DONOR_INVITES;

  94.         } else {

  95.           $NewInvites = 0;

  96.           $Message .= ' They had already used at least one of their donation gained invites.';

  97.         }

  98.         $DB->query("

  99.           UPDATE users_main

  100.           SET Invites = $NewInvites

  101.           WHERE ID = '".$_POST['custom']."'");

  102.         $DB->query('

  103.           UPDATE users_info

  104.           SET Donor = \'0\'

  105.           WHERE UserID = \''.$_POST['custom'].'\'');

  106.         $Cache->begin_transaction('user_info_'.$_POST['custom']);

  107.         $Cache->update_row(false, array('Donor' => 0));

  108.         $Cache->commit_transaction(0);

  109.         $Cache->begin_transaction('user_info_heavy_'.$_POST['custom']);

  110.         $Cache->update_row(false, array('Invites' => $Invites));

  111.         $Cache->commit_transaction(0);

  112.         Misc::send_pm($_POST['custom'], 0, 'Notice of donation failure', 'PapPal has just notified us that the donation you sent from '.$_POST['payer_email'].' of '.$TotalDonated.' '.PAYPAL_CURRENCY.' at '.$DonationTime.' UTC has been revoked. Because of this your special privileges have been revoked, and your invites removed.');

  113. 

  114. 

  115.         send_irc("PRIVMSG ".BOT_REPORT_CHAN." :$Message");

  116.       }

  117.     }

  118.   }

  119.   $DB->query("

  120.     UPDATE users_info

  121.     SET AdminComment = CONCAT('".sqltime()." - User donated ".db_string($_POST['mc_gross'])." ".db_string(PAYPAL_CURRENCY)." from ".db_string($_POST['payer_email']).".\n',AdminComment)

  122.     WHERE UserID = '".$_POST['custom']."'");

  123.   $DB->query("

  124.     INSERT INTO donations

  125.       (UserID, Amount, Email, Time)

  126.     VALUES

  127.       ('".$_POST['custom']."', '".db_string($_POST['mc_gross'])."', '".db_string($_POST['payer_email'])."', '".sqltime()."')");

  128. } else {

  129.   $DB->query("

  130.     INSERT INTO ip_bans

  131.       (FromIP, ToIP, Reason)

  132.     VALUES

  133.       ('".Tools::ip_to_unsigned($_SERVER['REMOTE_ADDR'])."', '".ip2long($_SERVER['REMOTE_ADDR'])."', 'Attempted to exploit donation system.')");

  134. }

  135. fclose ($Socket);

  136. if (check_perms('site_debug')) {

  137.   include(SERVER_ROOT.'/sections/donate/donate.php');

  138. }

  139. $Cache->cache_value('debug_donate', array($Result, $_POST), 0);

  140. ?>