finish paypal integration

Author: cheesea3

backend/listener.php

@@ -0,0 +1,87 @@
+<?php
+// STEP 1: read POST data
+// Reading POSTed data directly from $_POST causes serialization issues with array data in the POST.
+// Instead, read raw POST data from the input stream.
+$raw_post_data = file_get_contents('php://input');
+$raw_post_array = explode('&', $raw_post_data);
+$myPost = array();
+foreach ($raw_post_array as $keyval) {
+  $keyval = explode ('=', $keyval);
+  if (count($keyval) == 2)
+    $myPost[$keyval[0]] = urldecode($keyval[1]);
+}
+// read the IPN message sent from PayPal and prepend 'cmd=_notify-validate'
+$req = 'cmd=_notify-validate';
+if (function_exists('get_magic_quotes_gpc')) {
+  $get_magic_quotes_exists = true;
+}
+foreach ($myPost as $key => $value) {
+  if ($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
+    $value = urlencode(stripslashes($value));
+  } else {
+    $value = urlencode($value);
+  }
+  $req .= "&$key=$value";
+}
+
+// Step 2: POST IPN data back to PayPal to validate
+$ch = curl_init('https://ipnpb.paypal.com/cgi-bin/webscr');
+curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
+curl_setopt($ch, CURLOPT_POST, 1);
+curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
+curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
+curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
+curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
+curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
+curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
+// In wamp-like environments that do not come bundled with root authority certificates,
+// please download 'cacert.pem' from "https://curl.haxx.se/docs/caextract.html" and set
+// the directory path of the certificate as shown below:
+// curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
+if ( !($res = curl_exec($ch)) ) {
+  // error_log("Got " . curl_error($ch) . " when processing IPN data");
+  curl_close($ch);
+  exit;
+}
+curl_close($ch);
+
+
+
+// inspect IPN validation result and act accordingly
+if (strcmp ($res, "VERIFIED") == 0) {
+  // The IPN is verified, process it:
+  // check whether the payment_status is Completed
+  // check that txn_id has not been previously processed
+  // check that receiver_email is your Primary PayPal email
+  // check that payment_amount/payment_currency are correct
+  // process the notification
+  // assign posted variables to local variables
+  $item_name = $_POST['item_name'];
+  $item_number = $_POST['item_number'];
+  $payment_status = $_POST['payment_status'];
+  $payment_amount = $_POST['mc_gross'];
+  $payment_currency = $_POST['mc_currency'];
+  $txn_id = $_POST['txn_id'];
+  $receiver_email = $_POST['receiver_email'];
+  $payer_email = $_POST['payer_email'];
+  
+  order::completeSuccessfulOrder($item_number, $txn_id);
+  
+
+  
+  
+} else if (strcmp ($res, "INVALID") == 0) {
+  // IPN invalid, log for manual investigation
+  echo "The response from IPN was: <b>" .$res ."</b>";
+
+
+
+
+
+}
+
+
+
+
+
+?> 

backend/orders.php

@@ -14,6 +14,78 @@ function imgConvert($blob){
 return 'data:image/jpeg;base64,'.base64_encode($blob);
 }
 
+$protocol = ((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') || $_SERVER['SERVER_PORT'] == 443) ? "https://" : "http://";
+
+function getUrl($protocol){
+$url = $protocol . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
+return $url;
+}
+
+/*
+getUrl()
+http://localhost/nft/public_html/orders?checkout=id?action=boolean
+
+<?php echo "".getUrl()."?checkout=#?cancel=true"; ?>
+<?php echo "".getUrl()."?checkout=#?ipn_listener=paypal"; ?>
+<?php echo "".getUrl()."?checkout=#?success=true"; ?>
+*/
+
+
+//testmode enables sandbox
+$testmode = true;
+$paypalurl = $testmode ? 'https://ipnpb.sandbox.paypal.com/cgi-bin/webscr' : 'https://ipnpb.paypal.com/cgi-bin/webscr';
+$cancelurl = "".getUrl($protocol)."?checkout=#?cancel=true";
+$ipnurl = $protocol . $_SERVER['HTTP_HOST'] . "/nft/".$GLOBALS["url_loc"][0]."/listener";
+$successurl = "".getUrl($protocol)."?checkout=#?success=true";
+
+
+if(isset($_POST["placeorder"]) || isset($_POST["paypal"])){
+
+    $data = array(
+        'cmd'			=> '_cart',
+        'upload'        => '1',
+        'lc'			=> 'EN',
+        'business' 		=> 'payments@imperfectandcompany.com',
+        'cancel_return'	=> ''.$cancelurl.'',
+        'notify_url'	=> ''.$ipnurl.'',
+        'currency_code'	=> 'USD',
+        'return'        => ''.$successurl.'',
+    );
+	
+	$cartOrders = Order::getOrderDetails($_POST["itemid"]);
+	
+    for ($i = 0; $i < count($cartOrders); $i++) {
+		//order_id
+        $data['item_number_' . ($i+1)] = $cartOrders[$i]['o_id'];
+		//item name
+        $data['item_name_' . ($i+1)] = $cartOrders[$i]['i_name'];
+		//current price
+        $data['amount_' . ($i+1)] = $cartOrders[$i]['current_price'];
+    }
+	
+	header('location:' . $paypalurl . '?' . http_build_query($data));
+    // End script
+    exit;
+	}
+
+if($_SERVER['REQUEST_METHOD'] == "GET"){
+	if (isset($_GET['ipn_listener']) && $_GET['ipn_listener'] == 'paypal') {
+    // Get all input variables and convert them all to URL string variables
+    $raw_data = file_get_contents('php://input');
+    $raw_array = explode('&', $raw_data);
+    $myPost = [];
+	
+	
+	
+	
+echo $myData;
+echo var_dump($myData);
+	}
+}
+
+
+	
+
 //if id is specified after operation as string is given
 if($GLOBALS['url_loc'][2]){
 	    try{

classes/class.order.php

@@ -114,6 +114,17 @@ public static function getUsersOrdersAsBuyer()
 		return DatabaseConnector::query('SELECT o_id, o_item_id, o_seller_id, o_status, i_name, i_image FROM orders o JOIN item as i on o_item_id=i_id WHERE o_buyer_id=:userid', array(':userid'=>$userid));
 	}	
 
+	public static function completeSuccessfulOrder($item_number, $txn_id)
+   {
+		DatabaseConnector::query('UPDATE orders SET o_transaction_id=:taxid, o_status="fulfilled" WHERE o_id=:orderid AND o_status="pending" AND o_buyer_id IS NOT NULL AND o_seller_id IS NOT NULL', array(':orderid'=>$item_number, ':taxid'=>$txn_id));
+    }
+	
+	//gets order id, price, and name of an item that the user is intending to buy
+	public static function getOrderDetails($itemid)
+		{
+			$userid = User::isLoggedIn();
+			return DatabaseConnector::query('SELECT o_id, current_price, i_name FROM orders o JOIN item as i on o_item_id=i_id WHERE o_buyer_id=:userid and o_item_id=:itemid', array(':itemid'=>$itemid, ':userid'=>$userid));
+		}			
 }
 
 ?>

config.php

@@ -51,6 +51,11 @@
         $PAGE_TITLE = "Sign In";
         $FRONTEND = "signin";
         break;
+    case "listener":
+        $BACKEND = "listener";
+        $PAGE_TITLE = "Sign In";
+        $FRONTEND = "listener";
+        break;	
     case "orders":
         $BACKEND = "orders";
         $PAGE_TITLE = "Orders";

frontend/orders.php

@@ -92,9 +92,16 @@ class="absolute inset-0 bg-<?php echo $result["o_status"]==="pending" ? "yellow"
 								</td>
 								<td class="px-5 py-5 text-center border-b border-gray-200 bg-white text-sm">
 								<?php if($result["o_status"]==="pending"): ?>
-								<a href="./orders/remove_from_cart/<?php echo $result["o_item_id"] ?>" class="bg-indigo-600 px-4 py-2 rounded-md text-white font-semibold tracking-wide cursor-pointer">Remove</a>
-								<?php endif;?>
-								<a href="./orders/remove_from_cart/<?php echo $result["o_item_id"] ?>" class="bg-indigo-600 px-4 py-2 rounded-md text-white font-semibold tracking-wide cursor-pointer">Checkout</a>
+								<div><a href="./orders/remove_from_cart/<?php echo $result["o_item_id"]; ?>"><div class="bg-indigo-600 px-4 py-2 rounded-md text-white font-semibold tracking-wide cursor-pointer">Remove</div></a>
+								</div>
+								<div>
+								<form method="post">
+								  <input name="placeorder" type="hidden"></input>  
+								  <input name="itemid" type="hidden" value="<?php echo $result["o_item_id"]; ?>"></input>  
+								<button onclick="this.disabled=true;this.value='Sending, please wait...';this.form.submit();" class="bg-indigo-600 px-4 py-2 rounded-md text-white font-semibold tracking-wide cursor-pointer">Checkout</button>
+								</form>
+								</div>
+
 								<?php endif;?>
 								</td>
 							</tr>