-
-
Notifications
You must be signed in to change notification settings - Fork 126
/
pagseguro_ipn.php
114 lines (94 loc) · 3.99 KB
/
pagseguro_ipn.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
<?php
// Require the functions to fetch config values
require 'config.php';
$pagseguro = $config['pagseguro'];
$notificationCode = $_POST['notificationCode'];
$notificationType = $_POST['notificationType'];
// Require the functions to connect to database
require 'engine/database/connect.php';
// Fetch and sanitize POST and GET values
function getValue($value) {
return (!empty($value)) ? sanitize($value) : false;
}
function sanitize($data) {
return htmlentities(strip_tags(mysql_znote_escape_string($data)));
}
// Util function to insert log
function report($code, $details = '') {
$connectedIp = $_SERVER['REMOTE_ADDR'];
$details = getValue($details);
$details .= '\nConnection from IP: '. $connectedIp;
mysql_insert('INSERT INTO `znote_pagseguro_notifications` VALUES (null, \'' . getValue($code) . '\', \'' . $details . '\', CURRENT_TIMESTAMP)');
}
function VerifyPagseguroIPN($code) {
global $pagseguro;
$url = $pagseguro['urls']['ws'];
$cURL = curl_init();
curl_setopt($cURL, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($cURL, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($cURL, CURLOPT_URL, 'https://' . $url . '/v3/transactions/notifications/' . $code . '?email=' . $pagseguro['email'] . '&token=' . $pagseguro['token']);
curl_setopt($cURL, CURLOPT_HEADER, false);
curl_setopt($cURL, CURLOPT_RETURNTRANSFER, true);
curl_setopt($cURL, CURLOPT_FORBID_REUSE, true);
curl_setopt($cURL, CURLOPT_FRESH_CONNECT, true);
curl_setopt($cURL, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($cURL, CURLOPT_TIMEOUT, 60);
curl_setopt($cURL, CURLINFO_HEADER_OUT, true);
curl_setopt($cURL, CURLOPT_HTTPHEADER, array(
'Connection: close',
'Expect: ',
));
$Response = curl_exec($cURL);
$Status = (int)curl_getinfo($cURL, CURLINFO_HTTP_CODE);
curl_close($cURL);
$output = print_r($Response, true);
if(empty($Response) OR !$Status){
return null;
}
if(intval($Status / 100) != 2){
return false;
}
return trim($Response);
}
// Send an empty HTTP 200 OK response to acknowledge receipt of the notification
header('HTTP/1.1 200 OK');
if(empty($notificationCode) || empty($notificationType)){
report($notificationCode, 'notificationCode or notificationType is empty. Type: ' . $notificationType . ', Code: ' . $notificationCode);
exit();
}
if ($notificationType !== 'transaction') {
report($notificationCode, 'Unknown ' . $notificationType . ' notificationType');
exit();
}
$rawPayment = VerifyPagseguroIPN($notificationCode);
$payment = simplexml_load_string($rawPayment);
$paymentStatus = (int) $payment->status;
$paymentCode = sanitize($payment->code);
report($notificationCode, $rawPayment);
// Updating Payment Status
mysql_update('UPDATE `znote_pagseguro` SET `payment_status` = ' . $paymentStatus . ' WHERE `transaction` = \'' . $paymentCode . '\' ');
// Check that the payment_status is Completed
if ($paymentStatus == 3) {
// Check that transaction has not been previously processed
$transaction = mysql_select_single('SELECT `transaction`, `completed` FROM `znote_pagseguro` WHERE `transaction`= \'' . $paymentCode .'\'');
$status = true;
$custom = (int) $payment->reference;
if ($transaction['completed'] == '1') {
$status = false;
}
if ($payment->grossAmount == 0.0) $status = false; // Wrong ammount of money
$item = $payment->items->item[0];
if ($item->amount != ($pagseguro['price'] / 100)) $status = false;
if ($status) {
// transaction log
mysql_update('UPDATE `znote_pagseguro` SET `completed` = 1 WHERE `transaction` = \'' . $paymentCode . '\'');
// Process payment
$data = mysql_select_single("SELECT `points` AS `old_points` FROM `znote_accounts` WHERE `account_id`='$custom';");
// Give points to user
$new_points = $data['old_points'] + $item->quantity;
mysql_update("UPDATE `znote_accounts` SET `points`='$new_points' WHERE `account_id`='$custom'");
}
} else if ($paymentStatus == 7) {
mysql_update('UPDATE `znote_pagseguro` SET `completed` = 1 WHERE `transaction` = \'' . $paymentCode . '\' ');
}
?>