<?php
/*******************************************************************************
* PHP Paypal IPN Integration Class
*******************************************************************************
*
* Rewriter: Eric.Wang
* Website: http://www.ericbess.com/ericblog/?p=172
* Version: 1.3.1
*
* Original: Micah Carrick
* Website: http://www.micahcarrick.com
* File: paypal.class.php
* Version: 1.3.0
*
* You are free to use, distribute, and modify this software
* under the terms of the GNU General Public License. See the
* included license.txt file.
*
*******************************************************************************
* VERION HISTORY:
* v1.3.1 [06.25.2008] - more strict ipn validation,ssl fsockopen(),sandbox switch.
*
* v1.3.0 [10.10.2005] - Fixed it so that single quotes are handled the
* right way rather than simple stripping them. This
* was needed because the user could still put in
* quotes.
*
* v1.2.1 [06.05.2005] - Fixed typo from previous fix :)
*
* v1.2.0 [05.31.2005] - Added the optional ability to remove all quotes
* from the paypal posts. The IPN will come back
* invalid sometimes when quotes are used in certian
* fields.
*
* v1.1.0 [05.15.2005] - Revised the form output in the submit_paypal_post
* method to allow non-javascript capable browsers
* to provide a means of manual form submission.
*
* v1.0.0 [04.16.2005] - Initial Version
*
*******************************************************************************
* DESCRIPTION:
*
* This file provides a neat and simple method to interface with paypal and
* The paypal Instant Payment Notification (IPN) interface. This file is
* NOT intended to make the paypal integration "plug 'n' play". It still
* requires the developer (that should be you) to understand the paypal
* process and know the variables you want/need to pass to paypal to
* achieve what you want.
*
* This class handles the submission of an order to paypal aswell as the
* processing an Instant Payment Notification.
*
* This code is based on that of the php-toolkit from paypal. I've taken
* the basic principals and put it in to a class so that it is a little
* easier--at least for me--to use.
*
* To submit an order to paypal, have your order form POST to a file with:
*
* $p = new paypal_class;
* $p->add_field('business', 'somebody@domain.com');
* $p->add_field('first_name', $_POST['first_name']);
* ... (add all your fields in the same manor)
* $p->submit_paypal_post();
*
* To process an IPN, have your IPN processing file contain:
*
* $p = new paypal_class;
* if ($p->validate_ipn()) {
* ... (IPN is verified. Details are in the ipn_data() array)
* }
* $p->ipn_status //get the ipn validation status detial.
*
* In case you are new to paypal, here is some information to help you:
*
* 1. Download and read the Merchant User Manual and Integration Guide from
* http://www.paypal.com/en_US/pdf/integration_guide.pdf. This gives
* you all the information you need including the fields you can pass to
* paypal (using add_field() with this class) aswell as all the fields
* that are returned in an IPN post (stored in the ipn_data() array in
* this class). It also diagrams the entire transaction process.
*
* 2. Create a "sandbox" account for a buyer and a seller. This is just
* a test account(s) that allow you to test your site from both the
* seller and buyer perspective. The instructions for this is available
* at https://developer.paypal.com/ as well as a great forum where you
* can ask all your paypal integration questions. Make sure you follow
* all the directions in setting up a sandbox test environment, including
* the addition of fake bank accounts and credit cards.
* $p = new paypal_class (true); //open sandbox (false) //live use
*
*******************************************************************************
*/
class paypal_class {
var $ipn_status; // holds the last status.
var $ipn_log; // bool: log IPN results to text file?
var $ipn_log_file; // filename of the IPN log
var $ipn_response; // holds the IPN response from paypal
var $ipn_data = array(); // array contains the POST values for IPN
var $fields = array(); // array holds the fields to submit to paypal
function paypal_class($sandbox) {
// initialization constructor. Called when class is created.
$this->sandbox = $sandbox;
if ($this->sandbox) $this->paypal_url = 'https://www.sandbox.paypal.com/cgi-bin/webscr';
else $this->paypal_url = 'https://www.paypal.com/cgi-bin/webscr';
$this->ipn_status = '';
$this->ipn_log_file = '.ipn_results.log';
$this->ipn_log = true;
$this->ipn_response = '';
// populate $fields array with a few default values. See the paypal
// documentation for a list of fields and their data types. These defaul
// values can be overwritten by the calling script.
$this->add_field('rm','2'); // Return method = POST
$this->add_field('cmd','_xclick');
}
function add_field($field, $value) {
// adds a key=>value pair to the fields array, which is what will be
// sent to paypal as POST variables. If the value is already in the
// array, it will be overwritten.
$this->fields["$field"] = $value;
}
function submit_paypal_post() {
// this function actually generates an entire HTML page consisting of
// a form with hidden elements which is submitted to paypal via the
// BODY element's onLoad attribute. We do this so that you can validate
// any POST vars from you custom form before submitting to paypal. So
// basically, you'll have your own form which is submitted to your script
// to validate the data, which in turn calls this function to create
// another hidden form and submit to paypal.
// The user will briefly see a message on the screen that reads:
// "Please wait, your order is being processed..." and then immediately
// is redirected to paypal.
echo "<html>\n";
echo "<head><title>Processing Payment...</title></head>\n";
echo "<body onLoad=\"document.forms['paypal_form'].submit();\">\n";
echo "<center><h2>Please wait, your order is being processed and you";
echo " will be redirected to the paypal website.</h2></center>\n";
echo "<form method=\"post\" name=\"paypal_form\" ";
echo "action=\"".$this->paypal_url."\">\n";
foreach ($this->fields as $name => $value) {
echo "<input type=\"hidden\" name=\"$name\" value=\"$value\"/>\n";
}
echo "<center><br/><br/>If you are not automatically redirected to ";
echo "paypal within 5 seconds...<br/><br/>\n";
echo "<input type=\"submit\" value=\"Click Here\"></center>\n";
echo "</form>\n";
echo "</body></html>\n";
}
function validate_ipn($get_txn) {
// parse the paypal URL
$url_parsed=parse_url($this->paypal_url);
// generate the post string from the _POST vars aswell as load the
// _POST vars into an arry so we can play with them from the calling
// script.
$post_string = '';
foreach ($_POST as $field=>$value) {
$this->ipn_data["$field"] = $value;
$post_string .= $field.'='.urlencode(stripslashes($value)).'&';
}
$post_string.="cmd=_notify-validate"; // append ipn command
// open the connection to paypal