PayPal IPN -> MySql DB

[iNod]

Hello All,

Well this is a very basic PayPal IPN script which can be changed to make a very nice Automated Paypal Signup Script.

SQL.SQL (MySql SQL Dump)

/*------------------------------------*/
/* Sales - Order received via Paypal  */
/*------------------------------------*/
CREATE TABLE sales (
  invoice          INT UNSIGNED AUTO_INCREMENT,
  receiver_email   VARCHAR(60),
  item_name        VARCHAR(100),
  item_number      VARCHAR(10),
  quantity         VARCHAR(6),
  payment_status   VARCHAR(10),
  pending_reason   VARCHAR(10),
  payment_date     VARCHAR(20),
  mc_gross         VARCHAR(20),
  mc_fee           VARCHAR(20),
  tax              VARCHAR(20),
  mc_currency      VARCHAR(3),
  txn_id           VARCHAR(20),
  txn_type         VARCHAR(10),
  first_name       VARCHAR(30),
  last_name        VARCHAR(40),
  address_street   VARCHAR(50),
  address_city     VARCHAR(30),
  address_state    VARCHAR(30),
  address_zip      VARCHAR(20),
  address_country  VARCHAR(30),
  address_status   VARCHAR(10),
  payer_email      VARCHAR(60),
  payer_status     VARCHAR(10),
  payment_type     VARCHAR(10),
  notify_version   VARCHAR(10),
  verify_sign      VARCHAR(10),
  referrer_id      VARCHAR(10),
  PRIMARY KEY (invoice)
  );

PHP.PHP (PHP Code)

<?php
//Lets do MySql connection stuff
$mysql_host='localhost'; //Leave at localhost
$mysql_user='blah'; //DB User
$mysql_pass='blah'; //DB Pass
$mysql_db='blah'; //DB Name

//------------------------------------------------------------------
// Open log file (in append mode) and write the current time into it.
// Open the DB Connection. Open the actual database.
//-------------------------------------------------------------------
$log = fopen("ipn.log", "a");
fwrite($log, "\n\nipn - " . gmstrftime ("%b %d %Y %H:%M:%S", time()) . "\n");
$db = mysql_connect($mysql_host, $mysql_user, $mysql_pass);
mysql_select_db($mysql_db,$db);
//------------------------------------------------
// Read post from PayPal system and create reply
// starting with: 'cmd=_notify-validate'...
// then repeating all values sent - VALIDATION.
//------------------------------------------------
$postvars = array();
while (list ($key, $value) = each ($HTTP_POST_VARS)) {
$postvars[] = $key;
}
$req = 'cmd=_notify-validate';
for ($var = 0; $var < count ($postvars); $var++) {
$postvar_key = $postvars[$var];
$postvar_value = $$postvars[$var];
$req .= "&" . $postvar_key . "=" . urlencode ($postvar_value);
}
//--------------------------------------------
// Create message to post back to PayPal...
// Open a socket to the PayPal server...
//--------------------------------------------
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen ($req) . "\r\n\r\n";
$fp = fsockopen ("www.paypal.com", 80, $errno, $errstr, 30);

//---------------------------------------------
fwrite($log, "Vals: ". $invoice." ". $receiver_email." ". $item_name." ". $item_ number." ". $quantity." ". $payment_status." ". $pending_reason." ".$payment_dat e." ". $payment_gross." ". $payment_fee." ". $txn_id." ". $txn_type." ". $first_ name." ". $last_name." ". $address_street." ". $address_city." ". $address_state . " ".$address_zip." ". $address_country." ". $address_status." ". $payer_email. " ". $payer_status." ". $payment_type." ". $notify_version." ". $verify_sign. "\ n"); 

// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];

//----------------------------------------------------------------------
// Check HTTP connection made to PayPal OK, If not, print an error msg
//----------------------------------------------------------------------
if (!$fp) {
echo "$errstr ($errno)";
fwrite($log, "Failed to open HTTP connection!");
$res = "FAILED";
}//--------------------------------------------------------
// If connected OK, write the posted values back, then...
//--------------------------------------------------------
else {
fputs ($fp, $header . $req);
//-------------------------------------------
// ...read the results of the verification...
// If VERIFIED = continue to process the TX...
//-------------------------------------------
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {

//--------------------------------------
// Insert Transaction details into DB.
//--------------------------------------
$qry = "INSERT into psales (
invoice, receiver_email, item_name, item_number, quantity, payment_status, pendi ng_reason, payment_date, payment_gross, payment_fee, txn_id, txn_type, first_nam e, last_name, address_street, address_city, address_state, address_zip, address_ country, address_status, payer_email, payer_status, payment_type, notify_version , verify_sign )
VALUES
( \"$invoice\", \"$receiver_email\", \"$item_name\", \"$item_number\", \"$quanti ty\", \"$payment_status\", \"$pending_reason\", \"$payment_date\", \"$payment_gr oss\", \"$payment_fee\", \"$txn_id\", \"$txn_type\", \"$first_name\", \"$last_na me\", \"$address_street\", \"$address_city\", \"$address_state\", \"$address_zip \", \"$address_country\", \"$address_status\", \"$payer_email\", \"$payer_status \", \"$payment_type\", \"$notify_version\", \"$verify_sign\" ) ";

$result = mysql_query($qry,$db);
}
}
}
//-------------------------------------------
// Close PayPal Connection, Log File and DB.
//-------------------------------------------
fclose ($fp);
fclose ($log);
mysql_close($db);
?>

I never tested this so it may be buggy. If it is post bug and I will fix it up.

Thanks,
iNod

 

[SiKing]

Thanks, very useful. There are a few errors in the following, I believe but I may be wrong:

$qry = "INSERT into psales (
invoice, receiver_email, item_name, item_number, quantity, payment_status, pendi ng_reason, payment_date, payment_gross, payment_fee, txn_id, txn_type, first_nam e, last_name, address_street, address_city, address_state, address_zip, address_ country, address_status, payer_email, payer_status, payment_type, notify_version , verify_sign )
VALUES
( \"$invoice\", \"$receiver_email\", \"$item_name\", \"$item_number\", \"$quanti ty\", \"$payment_status\", \"$pending_reason\", \"$payment_date\", \"$payment_gr oss\", \"$payment_fee\", \"$txn_id\", \"$txn_type\", \"$first_name\", \"$last_na me\", \"$address_street\", \"$address_city\", \"$address_state\", \"$address_zip \", \"$address_country\", \"$address_status\", \"$payer_email\", \"$payer_status \", \"$payment_type\", \"$notify_version\", \"$verify_sign\" ) ";

"psales" - top line
"$quanti ty" "$last_na me" and "$payment_gr oss" on the other hand, they may be intentional, I haven't read it thoroughly yet

 

[axilant]

Did you make this code... cause i could have sworn i saw something like this in an opensource project? On sourceforge

 

[Eric]

Fixed a bug or two, spaced things out so it's easier to read.. (If you don't mind)

<?php

//Lets do MySql connection stuff
$mysql_host = 'localhost'; //Leave at localhost
$mysql_user = 'blah'; //DB User
$mysql_pass = 'blah'; //DB Pass
$mysql_db = 'blah'; //DB Name

//------------------------------------------------------------------
// Open log file (in append mode) and write the current time into it.
// Open the DB Connection. Open the actual database.
//-------------------------------------------------------------------
$log = fopen("ipn.log", "a");
fwrite($log, "\n\nipn - ".gmstrftime("%b %d %Y %H:%M:%S", time())."\n");
$db = mysql_connect($mysql_host, $mysql_user, $mysql_pass);
mysql_select_db($mysql_db, $db);

//------------------------------------------------
// Read post from PayPal system and create reply
// starting with: 'cmd=_notify-validate'...
// then repeating all values sent - VALIDATION.
//------------------------------------------------
$postvars = array();

while(list($key, $value) = each($_POST))
{
  $postvars[] = $key;
}
$req = 'cmd=_notify-validate';

for($var = 0; $var < count($postvars); $var++)
{
  $postvar_key = $postvars[$var];
  $postvar_value = $$postvars[$var];
  $req .= "&".$postvar_key."=".urlencode($postvar_value);
}

//--------------------------------------------
// Create message to post back to PayPal...
// Open a socket to the PayPal server...
//--------------------------------------------
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: ".strlen($req)."\r\n\r\n";
$fp = fsockopen("www.paypal.com", 80, $errno, $errstr, 30);

//---------------------------------------------
fwrite($log, "Vals: ".$invoice." ".$receiver_email." ".$item_name." ".$item_ number." ".$quantity." ".$payment_status." ".$pending_reason." ".$payment_date." ".$payment_gross." ".$payment_fee." ".$txn_id." ".$txn_type." ".$first_name." ".$last_name." ".$address_street." ".$address_city." ".$address_state." ".$address_zip." ".$address_country." ".$address_status." ".$payer_email." ".$payer_status." ".$payment_type." ".$notify_version." ".$verify_sign."\n");

// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];

//----------------------------------------------------------------------
// Check HTTP connection made to PayPal OK, If not, print an error msg
//----------------------------------------------------------------------
if(!$fp)
{
  echo $errstr."(".$errno.")";
  fwrite($log, "Failed to open HTTP connection!");
  $res = "FAILED";
}
//--------------------------------------------------------
// If connected OK, write the posted values back, then...
//--------------------------------------------------------
else
{
  fputs($fp, $header . $req);
  //-------------------------------------------
  // ...read the results of the verification...
  // If VERIFIED = continue to process the TX...
  //-------------------------------------------
  while(!feof($fp))
  {
    $res = fgets($fp, 1024);
    if(strcmp($res, "VERIFIED") == 0)
    {
      //--------------------------------------
      // Insert Transaction details into DB.
      //--------------------------------------
      $qry = "INSERT INTO sales (invoice, receiver_email, item_name, item_number, quantity, payment_status, pendi ng_reason, payment_date, payment_gross, payment_fee, txn_id, txn_type, first_nam e, last_name, address_street, address_city, address_state, address_zip, address_ country, address_status, payer_email, payer_status, payment_type, notify_version, verify_sign) VALUES('$invoice', '$receiver_email', '$item_name', '$item_number', '$quantity', '$payment_status', '$pending_reason', '$payment_date', '$payment_gross', '$payment_fee', '$txn_id', '$txn_type', '$first_name', '$last_name', '$address_street', '$address_city', '$address_state', '$address_zip ', '$address_country', '$address_status', '$payer_email', '$payer_status ', '$payment_type', '$notify_version', '$verify_sign')";
      $result = mysql_query($qry);
    }
  }
}
//-------------------------------------------
// Close PayPal Connection, Log File and DB.
//-------------------------------------------
fclose($fp);
fclose($log);
mysql_close($db);

?>

 

[nick-8318]

Im not meaning anything by this, but its amazing what a google search does and finds many similiarties to this code...

 

[gamex]

Yea, like here: http://paypaldev.org/post.asp?method=TopicQuote&TOPIC_ID=3380&FORUM_ID=17, but I dont remember iNod saying that he wrote it, for all we know he could just be posting some code that others may find useful.

 

[axilant]

Yea, like here: http://paypaldev.org/post.asp?method=TopicQuote&TOPIC_ID=3380&FORUM_ID=17, but I dont remember iNod saying that he wrote it, for all we know he could just be posting some code that others may find useful.

He didnt claim it.

But.

Its obvious he tried to change some of the code, and made a few mistakes, so thats where i got the assumtion that he was claiming it

 

[iNod]

Im not meaning anything by this, but its amazing what a google search does and finds many similiarties to this code...

Amazing too how I can say I never coded it and you guys claim that because I post it for others to use and see you bash me.

Hrm.. Intresting.

 

[cbr600]

Thanks, its exactly what i was looking for. I understand the php/sql but the paypal stuff confuses me a little ya know. Its hard to test out your code w/o spending $$ buying your product through paypal ya know?

 

[nick-8318]

Amazing too how I can say I never coded it and you guys claim that because I post it for others to use and see you bash me.

Hrm.. Intresting.

Nobody is bashing, but when someone just posts code and not showing the source...people are going to assume that the person wrote

and also, in most cases, you can't just grab or copy and paste someone elses code/script and post it elsewhere

 

[hanzo]

This is also a nice one if you're doing automated Paypal Payments: http://paypaltech.com/Patrick/content/phptoolkit/

 

[bbalegere]

Excellent