-BRAIDZ- Posted August 21, 2015 Posted August 21, 2015 Okay, so when people donate to my game, they can choose to donate for a property, or a donator pack, but one problem, when they donate for a "31 Day Donator Pack" or "Donator Pack -LTD" it doesn't credit the packs to the user.. But it credits the properties, any help would be great, thank you.. ipn.php <? include('./includes/connections.php'); function in_event($player, $text) { $player = abs(intval($player)); $text = stripslashes($text); mysql_query("INSERT INTO `member_events` VALUES('NULL', '".mysql_real_escape_string($player)."', '".mysql_real_escape_string($text)."', unix_timestamp(), '0')"); mysql_query("UPDATE `city_statistic` SET `cs_value` = `cs_value` + '1' WHERE `cs_id` = '1'"); } // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30); // assign posted variables to local variables $item_name = $_POST['item_name']; $item_number = $_POST['item_number']; $payment_status = $_POST['payment_status']; $payment_amount = $_POST['mc_gross']; $settle_amount = $_POST['settle_amount']; $payment_qty = $_POST['quantity']; $payment_currency = $_POST['mc_currency']; $txn_id = $_POST['txn_id']; $receiver_email = $_POST['receiver_email']; $payer_email = $_POST['payer_email']; $fee=(75*$payment_qty); if (!$fp) { // HTTP ERROR } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res, "VERIFIED") == 0) { // check the payment_status is Completed if($payment_status != "Completed") { fclose ($fp);die(""); } // check that receiver_email is your Primary PayPal email if($receiver_email != '[email protected]') { fclose ($fp);die(""); } // check that payment_amount/payment_currency are correct if($payment_currency != 'USD') { fclose ($fp);die(""); } // check that domain is correct if($_SERVER['HTTP_HOST'] != 'www.reunited-city.com') { fclose($fp); die(""); } // check that item_name is correct if(in_array($item_name,array('Chalet','Villa','Pen thouse','Mansion','Ranch','Palace','Castle','Priva te_Island','Hotel','President_Bunker'))) { // check that mc_gross is correct $chp[Chalet] = 0.50*$payment_qty; $chp[Villa] = 1.00*$payment_qty; $chp[Penthouse] = 1.50*$payment_qty; $chp[Mansion] = 2.00*$payment_qty; $chp[Ranch] = 4.00*$payment_qty; $chp[Palace] = 7.00*$payment_qty; $chp[Castle] = 15.00*$payment_qty; $chp[Private_Island] = 20.00*$payment_qty; $chp[Hotel] = 30.00*$payment_qty; $chp[President_Bunker] = 40.00*$payment_qty; if($chp[$item_name] != $payment_amount) { fclose ($fp);die(""); } $hinfo = array('Chalet'=>'7|350','Villa'=>'8|400','Penthous e'=>'9|450','Mansion'=>'10|500','Ranch'=>'11|600', 'Palace'=>'12|1000','Castle'=>'13|1500','Private_I sland'=>'14|2000','Hotel'=>'15|3000','President_Bu nker'=>'16|4500'); $info = explode("|", $hinfo[$item_name]); $q_ry = "INSERT INTO `members_properties` (`p_id`, `p_playerid`, `p_property`,`p_happy`) VALUES ('NULL', '".mysql_real_escape_string($item_number)."', '".mysql_real_escape_string($info[0])."', '".mysql_real_escape_string($info[1])."')"; mysql_query($q_ry); $item_name = str_replace('_', '', $item_name); in_event($item_number, 'Thank you for your donation of \$'.$payment_amount.'. Your '.$item_name.' is now in your properties page!'); in_event(1,'User['.$item_number.'] has donated for the property <b>'.$item_name.'</b> for a total of '.$settle_amount.'USD!'); $mess = "User[".$item_number."] has donated for the property <b>'.$item_name.'</b> for a total of ".$settle_amount."USD!"; mail('[email protected]', "Donation", $mess, "From: [email protected]"); $q_ry = array(); $q_ry = "INSERT INTO `donations_accepted` VALUES('NULL', '".mysql_real_escape_string($item_number)."', '".mysql_real_escape_string($payment_amount)."' , unix_timestamp(), '0')"; mysql_query($q_ry); fclose($fp);die(""); } if($item_name != "31 Day Donator Pack" && $item_name != "10 Credit Card" && $item_name != "Special Energy Pack" && $item_name != "Charity To Homeless" && $item_name != "Charity To Homeless Small" && $item_name != "Donator Pack - LTD" && $item_name != "Refill Pack") { fclose($fp);die(""); } else { $check_amnt1 = (0*$payment_qty) . ".01"; $check_amnt2 = (7*$payment_qty) . ".00"; $check_amnt3 = (7*$payment_qty) . ".00"; $check_amnt4 = (7*$payment_qty) . ".00"; $check_amnt5 = (30*$payment_qty) . ".00"; $check_amnt6 = (10*$payment_qty) . ".00"; $check_amnt7 = (3*$payment_qty) . ".00"; if($item_name == "31 Day Donator Pack" && $payment_amount != "$check_amnt1") { fclose ($fp);die(""); } if($item_name == "10 Credit Card" && $payment_amount != "$check_amnt2") { fclose ($fp);die(""); } if($item_name == "Donator Pack - LTD" && $payment_amount != "$check_amnt3") { fclose ($fp);die(""); } if($item_name == "VIP Pack" && $payment_amount != "$check_amnt4") { fclose ($fp);die(""); } if($item_name == "Charity To Homeless" && $payment_amount != "$check_amnt5") { fclose ($fp);die(""); } if($item_name == "Charity To Homeless Small" && $payment_amount != "$check_amnt6") { fclose ($fp);die(""); } if($item_name == "Refill Pack" && $payment_amount != "$check_amnt7") { fclose ($fp);die(""); } // all seems to be in order, credit it. if($item_name == '10 Credit Card') { //Credit Card - 10 $origqty = $payment_qty; //$payment_qty*=2; //$two = 0; //for($i = 1; $i<=50; $i++) //{ //$two=$two+2; //if($origqty == $two) { $payment_qty+=($origqty/2)*3; break; } //} $q_ry = array(); $q_ry = "SELECT `it_ID` FROM `members_items` WHERE `it_itemid` = '126' AND `it_playerid` = '".mysql_real_escape_string($item_number)."'"; $doi = array(); $doi = mysql_query($q_ry); if(!mysql_num_rows($doi)) { $q_ry = array(); $q_ry = "INSERT INTO `members_items` VALUES ('NULL', '".mysql_real_escape_string($item_number)."', '126', '".mysql_real_escape_string($payment_qty)."')"; mysql_query($q_ry); } else { $do = array(); $do = mysql_fetch_array($doi); $q_ry = array(); $q_ry = "UPDATE `members_items` SET `it_qty` = `it_qty` + '".mysql_real_escape_string($payment_qty)."' WHERE `it_ID` = '".mysql_real_escape_string($do['it_ID'])."'"; mysql_query($q_ry); } in_event($item_number, 'Thank you for your donation of \$'.$payment_amount.'. '.$payment_qty.' credit card(s) has been credited to you.'); in_event(1,'User['.$item_number.'] has donated '.$origqty.' x $10 Credits Card for a total of '.$settle_amount.'USD!'); $mess = "User[".$item_number."] has donated ".$origqty." x $10 Credits Card for a total of ".$settle_amount."USD!"; mail('[email protected]', "Donation", $mess, "From: [email protected]"); $q_ry = array(); $q_ry = "INSERT INTO `donations_accepted` VALUES('NULL', '".mysql_real_escape_string($item_number)."', '".mysql_real_escape_string($payment_amount)."' , unix_timestamp(), '0')"; mysql_query($q_ry); } if($item_name == 'VIP Pack') { //Special Energy Pack $origqty = $payment_qty; //$payment_qty*=2; //$two = 0; //for($i = 1; $i<=50; $i++) //{ //$two=$two+2; //if($origqty == $two) { $payment_qty+=($origqty/2)*3; break; } //} $q_ry = array(); $q_ry = "SELECT `it_ID` FROM `members_items` WHERE `it_itemid` = '152' AND `it_playerid` = '".mysql_real_escape_string($item_number)."'"; $doi = array(); $doi = mysql_query($q_ry); if(!mysql_num_rows($doi)) { $q_ry = array(); $q_ry = "INSERT INTO `members_items` VALUES ('NULL', '".mysql_real_escape_string($item_number)."', '152', '".mysql_real_escape_string($payment_qty)."')"; mysql_query($q_ry); } else { $do = array(); $do = mysql_fetch_array($doi); $q_ry = array(); $q_ry = "UPDATE `members_items` SET `it_qty` = `it_qty` + '".mysql_real_escape_string($payment_qty)."' WHERE `it_ID` = '".mysql_real_escape_string($do['it_ID'])."'"; mysql_query($q_ry); } in_event($item_number, 'Thank you for your donation of \$'.$payment_amount.'. '.$payment_qty.' VIP Pack(s) has been credited to you.'); in_event(1,'User['.$item_number.'] has donated '.$origqty.' x VIP Pack for a total of '.$settle_amount.'USD!'); $mess = "User[".$item_number."] has donated ".$origqty." x VIP Pack for a total of ".$settle_amount."USD!"; mail('[email protected]', "Donation", $mess, "From: [email protected]"); $q_ry = array(); $q_ry = "INSERT INTO `donations_accepted` VALUES('NULL', '".mysql_real_escape_string($item_number)."', '".mysql_real_escape_string($payment_amount)."' , unix_timestamp(), '0')"; mysql_query($q_ry); } if($item_name == 'Refill Pack') { //Refill Pack $origqty = $payment_qty; //$payment_qty*=2; //$two = 0; //for($i = 1; $i<=50; $i++) //{ //$two=$two+2; //if($origqty == $two) { $payment_qty+=($origqty/2)*3; break; } //} $q_ry = array(); $q_ry = "SELECT `it_ID` FROM `members_items` WHERE `it_itemid` = '158' AND `it_playerid` = '".mysql_real_escape_string($item_number)."'"; $doi = array(); $doi = mysql_query($q_ry); if(!mysql_num_rows($doi)) { $q_ry = array(); $q_ry = "INSERT INTO `members_items` VALUES ('NULL', '".mysql_real_escape_string($item_number)."', '158', '".mysql_real_escape_string($payment_qty)."')"; mysql_query($q_ry); } else { $do = array(); $do = mysql_fetch_array($doi); $q_ry = array(); $q_ry = "UPDATE `members_items` SET `it_qty` = `it_qty` + '".mysql_real_escape_string($payment_qty)."' WHERE `it_ID` = '".mysql_real_escape_string($do['it_ID'])."'"; mysql_query($q_ry); } in_event($item_number, 'Thank you for your donation of \$'.$payment_amount.'. '.$payment_qty.' Refill Pack(s) has been credited to you.'); in_event(1,'User['.$item_number.'] has donated '.$origqty.' x Refill Pack for a total of '.$settle_amount.'USD!'); $mess = "User[".$item_number."] has donated ".$origqty." x Refill Pack for a total of ".$settle_amount."USD!"; mail('[email protected]', "Donation", $mess, "From: [email protected]"); $q_ry = array(); $q_ry = "INSERT INTO `donations_accepted` VALUES('NULL', '".mysql_real_escape_string($item_number)."', '".mysql_real_escape_string($payment_amount)."' , unix_timestamp(), '0')"; mysql_query($q_ry); } if($item_name == 'Charity To Homeless') { //Charity To Homeless $origqty = $payment_qty; //$payment_qty*=2; //$two = 0; //for($i = 1; $i<=50; $i++) //{ //$two=$two+2; //if($origqty == $two) { $payment_qty+=($origqty/2)*3; break; } //} $q_ry = array(); $q_ry = "SELECT `it_ID` FROM `members_items` WHERE `it_itemid` = '156' AND `it_playerid` = '".mysql_real_escape_string($item_number)."'"; $doi = array(); $doi = mysql_query($q_ry); if(!mysql_num_rows($doi)) { $q_ry = array(); $q_ry = "INSERT INTO `members_items` VALUES ('NULL', '".mysql_real_escape_string($item_number)."', '156', '".mysql_real_escape_string($payment_qty)."')"; mysql_query($q_ry); } else { $do = array(); $do = mysql_fetch_array($doi); $q_ry = array(); $q_ry = "UPDATE `members_items` SET `it_qty` = `it_qty` + '".mysql_real_escape_string($payment_qty)."' WHERE `it_ID` = '".mysql_real_escape_string($do['it_ID'])."'"; mysql_query($q_ry); } in_event($item_number, 'Thank you for your donation of \$'.$payment_amount.'. '.$payment_qty.' Charity Present has been credited to you.'); in_event(1,'User['.$item_number.'] has donated '.$origqty.' x Charity Present for a total of '.$settle_amount.'USD!'); $mess = "User[".$item_number."] has donated ".$origqty." x Charity Present for a total of ".$settle_amount."USD!"; mail('[email protected]', "Donation", $mess, "From: [email protected]"); $q_ry = array(); $q_ry = "INSERT INTO `donations_accepted` VALUES('NULL', '".mysql_real_escape_string($item_number)."', '".mysql_real_escape_string($payment_amount)."' , unix_timestamp(), '0')"; mysql_query($q_ry); } if($item_name == 'Charity To Homeless Small') { //Charity To Homeless Small $origqty = $payment_qty; //$payment_qty*=2; //$two = 0; //for($i = 1; $i<=50; $i++) //{ //$two=$two+2; //if($origqty == $two) { $payment_qty+=($origqty/2)*3; break; } //} $q_ry = array(); $q_ry = "SELECT `it_ID` FROM `members_items` WHERE `it_itemid` = '157' AND `it_playerid` = '".mysql_real_escape_string($item_number)."'"; $doi = array(); $doi = mysql_query($q_ry); if(!mysql_num_rows($doi)) { $q_ry = array(); $q_ry = "INSERT INTO `members_items`(it_playerid,) VALUES ('NULL', '".mysql_real_escape_string($item_number)."', '157', '".mysql_real_escape_string($payment_qty)."')"; mysql_query($q_ry); } else { $do = array(); $do = mysql_fetch_array($doi); $q_ry = array(); $q_ry = "UPDATE `members_items` SET `it_qty` = `it_qty` + '".mysql_real_escape_string($payment_qty)."' WHERE `it_ID` = '".mysql_real_escape_string($do['it_ID'])."'"; mysql_query($q_ry); } in_event($item_number, 'Thank you for your donation of \$'.$payment_amount.'. '.$payment_qty.' Charity Present Small has been credited to you.'); in_event(1,'User['.$item_number.'] has donated '.$origqty.' x Charity Present Small for a total of '.$settle_amount.'USD!'); $mess = "User[".$item_number."] has donated ".$origqty." x Charity Present Small for a total of ".$settle_amount."USD!"; mail('[email protected]', "Donation", $mess, "From: [email protected]"); $q_ry = array(); $q_ry = "INSERT INTO `donations_accepted` VALUES('NULL', '".mysql_real_escape_string($item_number)."', '".mysql_real_escape_string($payment_amount)."' , unix_timestamp(), '0')"; mysql_query($q_ry); } if($item_name == 'Donator Pack - LTD') { //Donator Pack - LTD $origqty = $payment_qty; //$payment_qty*=2; //$two = 0; //for($i = 1; $i<=50; $i++) //{ //$two=$two+2; //if($origqty == $two) { $payment_qty+=($origqty/2)*3; break; } //} $q_ry = array(); $q_ry = "SELECT `it_ID` FROM `members_items` WHERE `it_itemid` = '96' AND `it_playerid` = '".mysql_real_escape_string($_SESSION['playerid'])."'"; $doi = array(); $doi = mysql_query($q_ry); if(!mysql_num_rows($doi)) { $q_ry = array(); $q_ry = "INSERT INTO `members_items`(it_playerid, it_itemid, it_qty) VALUES('".$_SESSION['playerid']."', '96', '".$payment_qty."')"; mysql_query($q_ry); } else { $do = array(); $do = mysql_fetch_array($doi); $q_ry = array(); $q_ry = "UPDATE `members_items` SET `it_qty` = `it_qty` + '".$payment_qty."' WHERE `it_playerid` = '".mysql_real_escape_string($do['it_ID'])."'"; mysql_query($q_ry); } in_event($item_number, 'Thank you for your donation of \$'.$payment_amount.'. '.$payment_qty.' Donator Pack - LTD(s) has been credited to you.'); in_event(1,'User['.$item_number.'] has donated '.$origqty.' x Donator Pack - LTD for a total of '.$settle_amount.'USD!'); $mess = "User[".$item_number."] has donated ".$origqty." x Donator Pack - LTD for a total of ".$settle_amount."USD!"; mail('[email protected]', "Donation", $mess, "From: [email protected]"); $q_ry = array(); $q_ry = "INSERT INTO `donations_accepted` VALUES('NULL', '".$_SESSION['playerid']."', '".$payment_amount."' , unix_timestamp(), '0')"; mysql_query($q_ry); } if($item_name == '31 Day Donator Pack') { $origqty = $payment_qty; //$payment_qty*=2; //$two = 0; //for($i = 1; $i<=50; $i++) //{ //$two=$two+2; //if($origqty == $two) { $payment_qty+=($origqty/2)*3; break; } //} $q_ry = array(); $q_ry = "SELECT `it_ID` FROM `members_items` WHERE `it_itemid` = '57' AND `it_playerid` = '".mysql_real_escape_string($_SESSION['playerid'])."'"; $doi = array(); $doi = mysql_query($q_ry); if(!mysql_num_rows($doi)) { $q_ry = array(); $q_ry = "INSERT INTO `members_items`(it_playerid, it_itemid, it_qty) VALUES('".$_SESSION['playerid']."', '57', '".$payment_qty."')"; mysql_query($q_ry); } else { $do = array(); $do = mysql_fetch_array($doi); $q_ry = array(); $q_ry = "UPDATE `members_items` SET `it_qty` = `it_qty` + '".mysql_real_escape_string($payment_qty)."' WHERE `it_playerid` = '".mysql_real_escape_string($do['it_ID'])."'"; mysql_query($q_ry); } in_event($item_number, 'Thank you for your donation of \$'.$payment_amount.'. '.$payment_qty.' donator pack(s) has been credited to you.'); in_event(1,'User['.$item_number.'] has donated '.$origqty.' x Donator Pack for a total of '.$settle_amount.'USD!'); $mess = "User[".$item_number."] has donated ".$origqty." x Donator Pack for a total of ".$settle_amount."USD!"; mail('[email protected]', "Donation", $mess, "From: [email protected]"); $q_ry = array(); $q_ry = "INSERT INTO `donations_accepted` VALUES('NULL', '".mysql_real_escape_string($item_number)."', '".mysql_real_escape_string($payment_amount)."' , unix_timestamp(), '0')"; mysql_query($q_ry); // process payment } } } if (strcmp ($res, "INVALID") == 0) { } } } fclose ($fp); ?> Quote
-BRAIDZ- Posted August 21, 2015 Author Posted August 21, 2015 And I am also wondering, how can I make my game mobile friendly? Quote
-BRAIDZ- Posted August 21, 2015 Author Posted August 21, 2015 I got it working, thank you though everyone, I ended up using my old ipn :) <? include('./includes/connections.php'); function in_event($player, $text) { $player = abs(intval($player)); $text = stripslashes($text); mysql_query("INSERT INTO `member_events` VALUES('NULL', '".mysql_real_escape_string($player)."', '".mysql_real_escape_string($text)."', unix_timestamp(), '0')"); mysql_query("UPDATE `city_statistic` SET `cs_value` = `cs_value` + '1' WHERE `cs_id` = '1'"); } // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30); // assign posted variables to local variables $item_name = $_POST['item_name']; $item_number = $_POST['item_number']; $payment_status = $_POST['payment_status']; $payment_amount = $_POST['mc_gross']; $settle_amount = $_POST['settle_amount']; $payment_qty = $_POST['quantity']; $payment_currency = $_POST['mc_currency']; $txn_id = $_POST['txn_id']; $receiver_email = $_POST['receiver_email']; $payer_email = $_POST['payer_email']; if (!$fp) { // HTTP ERROR } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res, "VERIFIED") == 0) { // check the payment_status is Completed if($payment_status != "Completed") { fclose ($fp);die(""); } // check that receiver_email is your Primary PayPal email if($receiver_email != '[email protected]') { fclose ($fp);die(""); } // check that payment_amount/payment_currency are correct if($payment_currency != 'USD') { fclose ($fp);die(""); } // check that domain is correct if($_SERVER['HTTP_HOST'] != 'www.reunited-city.com') { fclose($fp); die(""); } // check that item_name is correct if(in_array($item_name,array('Chalet','Villa','Penthouse','Mansion','Ranch','Palace','Castle','Private_Island','Hotel'))) { // check that mc_gross is correct $chp[Chalet] = 0.50*$payment_qty; $chp[Villa] = 1.00*$payment_qty; $chp[Penthouse] = 1.50*$payment_qty; $chp[Mansion] = 2.00*$payment_qty; $chp[Ranch] = 4.00*$payment_qty; $chp[Palace] = 7.00*$payment_qty; $chp[Castle] = 15.00*$payment_qty; $chp[Private_Island] = 20.00*$payment_qty; $chp[Hotel] = 30.00*$payment_qty; $chp[President_Bunker] = 40.00*$payment_qty; if($chp[$item_name] != $payment_amount) { fclose ($fp);die(""); } $hinfo = array('Chalet'=>'7|350','Villa'=>'8|400','Penthouse'=>'9|450','Mansion'=>'10|500','Ranch'=>'11|600','Palace'=>'12|1000','Castle'=>'13|1500','Private_Island'=>'14|2000','Hotel'=>'15|3000'); $info = explode("|", $hinfo[$item_name]); $q_ry = "INSERT INTO `members_properties` (`p_id`, `p_playerid`, `p_property`,`p_happy`) VALUES ('NULL', '".mysql_real_escape_string($item_number)."', '".mysql_real_escape_string($info[0])."', '".mysql_real_escape_string($info[1])."')"; mysql_query($q_ry); $item_name = str_replace('_', '', $item_name); in_event($item_number, 'Thank you for your donation of \$'.$payment_amount.'. Your '.$item_name.' is now in your properties page!'); in_event(1,'User['.$item_number.'] has donated for the property <b>'.$item_name.'</b> for a total of '.$settle_amount.'GBP!'); $mess = "User[".$item_number."] has donated for the property <b>'.$item_name.'</b> for a total of ".$settle_amount."GBP!"; mail('[email protected]', "Donation", $mess, "From: [email protected]"); $q_ry = array(); $q_ry = "INSERT INTO `donations_accepted` VALUES('NULL', '".mysql_real_escape_string($item_number)."', '".mysql_real_escape_string($payment_amount)."', unix_timestamp(), '0')"; mysql_query($q_ry); fclose($fp);die(""); } if($item_name != "31 Day Donator Pack" && $item_name != "Donator Pack - LTD") { fclose($fp);die(""); } else { $check_amnt1 = (3*$payment_qty) . ".00"; $check_amnt2 = (7*$payment_qty) . ".00"; if($item_name == "31 Day Donator Pack" && $payment_amount != "$check_amnt1") { fclose ($fp);die(""); } if($item_name == "Donator Pack - LTD" && $payment_amount != "$check_amnt2") { fclose ($fp);die(""); } // all seems to be in order, credit it. if($item_name == 'Donator Pack - LTD') { //Donator Pack - LTD $origqty = $payment_qty; //$payment_qty*=2; //$two = 0; //for($i = 1; $i<=50; $i++) //{ //$two=$two+2; //if($origqty == $two) { $payment_qty+=($origqty/2)*3; break; } //} $q_ry = array(); $q_ry = "SELECT `it_ID` FROM `members_items` WHERE `it_itemid` = '96' AND `it_playerid` = '".mysql_real_escape_string($item_number)."'"; $doi = array(); $doi = mysql_query($q_ry); if(!mysql_num_rows($doi)) { $q_ry = array(); $q_ry = "INSERT INTO `members_items` VALUES ('NULL', '".mysql_real_escape_string($item_number)."', '96', '".mysql_real_escape_string($payment_qty)."')"; mysql_query($q_ry); } else { $do = array(); $do = mysql_fetch_array($doi); $q_ry = array(); $q_ry = "UPDATE `members_items` SET `it_qty` = `it_qty` + '".mysql_real_escape_string($payment_qty)."' WHERE `it_ID` = '".mysql_real_escape_string($do['it_ID'])."'"; mysql_query($q_ry); } in_event($item_number, 'Thank you for your donation of \$'.$payment_amount.'. '.$payment_qty.' limited edition donator pack(s) has been credited to you.'); in_event(1,'User['.$item_number.'] has donated x '.$origqty.' for a total of '.$settle_amount.'GBP!'); $mess = "User[".$item_number."] has donated x ".$origqty." for a total of ".$settle_amount."GBP!"; mail('[email protected]', "Donation", $mess, "From: [email protected]"); $q_ry = array(); $q_ry = "INSERT INTO `donations_accepted` VALUES('NULL', '".mysql_real_escape_string($item_number)."', '".mysql_real_escape_string($payment_amount)."', unix_timestamp(), '0')"; mysql_query($q_ry); } else { $origqty = $payment_qty; //$payment_qty*=2; //$two = 0; //for($i = 1; $i<=50; $i++) //{ //$two=$two+2; //if($origqty == $two) { $payment_qty+=($origqty/2)*3; break; } //} $q_ry = array(); $q_ry = "SELECT `it_ID` FROM `members_items` WHERE `it_itemid` = '57' AND `it_playerid` = '".mysql_real_escape_string($item_number)."'"; $doi = array(); $doi = mysql_query($q_ry); if(!mysql_num_rows($doi)) { $q_ry = array(); $q_ry = "INSERT INTO `members_items` VALUES ('NULL', '".mysql_real_escape_string($item_number)."', '57', '".mysql_real_escape_string($payment_qty)."')"; mysql_query($q_ry); } else { $do = array(); $do = mysql_fetch_array($doi); $q_ry = array(); $q_ry = "UPDATE `members_items` SET `it_qty` = `it_qty` + '".mysql_real_escape_string($payment_qty)."' WHERE `it_ID` = '".mysql_real_escape_string($do['it_ID'])."'"; mysql_query($q_ry); } in_event($item_number, 'Thank you for your donation of \$'.$payment_amount.'. '.$payment_qty.' donator pack(s) has been credited to you.'); in_event(1,'User['.$item_number.'] has donated x '.$origqty.' for a total of '.$settle_amount.'GBP!'); $mess = "User[".$item_number."] has donated x ".$origqty." for a total of ".$settle_amount."GBP!"; mail('[email protected]', "Donation", $mess, "From: [email protected]"); $q_ry = array(); $q_ry = "INSERT INTO `donations_accepted` VALUES('NULL', '".mysql_real_escape_string($item_number)."', '".mysql_real_escape_string($payment_amount)."', unix_timestamp(), '0')"; mysql_query($q_ry); // process payment } } } else if (strcmp ($res, "INVALID") == 0) { } } fclose ($fp); } ?> Quote
NonStopCoding Posted August 21, 2015 Posted August 21, 2015 I think being able to donate for houses is silly they should be earned by hard work Quote
~Rob0t Posted August 21, 2015 Posted August 21, 2015 I think being able to donate for houses is silly they should be earned by hard work ... But let's address the real issues... I got it working, thank you though everyone, I ended up using my old ipn :) <? include('./includes/connections.php'); function in_event($player, $text) { $player = abs(intval($player)); $text = stripslashes($text); mysql_query("INSERT INTO `member_events` VALUES('NULL', '".mysql_real_escape_string($player)."', '".mysql_real_escape_string($text)."', unix_timestamp(), '0')"); mysql_query("UPDATE `city_statistic` SET `cs_value` = `cs_value` + '1' WHERE `cs_id` = '1'"); } // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30); // assign posted variables to local variables $item_name = $_POST['item_name']; $item_number = $_POST['item_number']; $payment_status = $_POST['payment_status']; $payment_amount = $_POST['mc_gross']; $settle_amount = $_POST['settle_amount']; $payment_qty = $_POST['quantity']; $payment_currency = $_POST['mc_currency']; $txn_id = $_POST['txn_id']; $receiver_email = $_POST['receiver_email']; $payer_email = $_POST['payer_email']; if (!$fp) { // HTTP ERROR } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res, "VERIFIED") == 0) { // check the payment_status is Completed if($payment_status != "Completed") { fclose ($fp);die(""); } // check that receiver_email is your Primary PayPal email if($receiver_email != '[email protected]') { fclose ($fp);die(""); } // check that payment_amount/payment_currency are correct if($payment_currency != 'USD') { fclose ($fp);die(""); } // check that domain is correct if($_SERVER['HTTP_HOST'] != 'www.reunited-city.com') { fclose($fp); die(""); } // check that item_name is correct if(in_array($item_name,array('Chalet','Villa','Penthouse','Mansion','Ranch','Palace','Castle','Private_Island','Hotel'))) { // check that mc_gross is correct $chp[Chalet] = 0.50*$payment_qty; $chp[Villa] = 1.00*$payment_qty; $chp[Penthouse] = 1.50*$payment_qty; $chp[Mansion] = 2.00*$payment_qty; $chp[Ranch] = 4.00*$payment_qty; $chp[Palace] = 7.00*$payment_qty; $chp[Castle] = 15.00*$payment_qty; $chp[Private_Island] = 20.00*$payment_qty; $chp[Hotel] = 30.00*$payment_qty; $chp[President_Bunker] = 40.00*$payment_qty; if($chp[$item_name] != $payment_amount) { fclose ($fp);die(""); } $hinfo = array('Chalet'=>'7|350','Villa'=>'8|400','Penthouse'=>'9|450','Mansion'=>'10|500','Ranch'=>'11|600','Palace'=>'12|1000','Castle'=>'13|1500','Private_Island'=>'14|2000','Hotel'=>'15|3000'); $info = explode("|", $hinfo[$item_name]); $q_ry = "INSERT INTO `members_properties` (`p_id`, `p_playerid`, `p_property`,`p_happy`) VALUES ('NULL', '".mysql_real_escape_string($item_number)."', '".mysql_real_escape_string($info[0])."', '".mysql_real_escape_string($info[1])."')"; mysql_query($q_ry); $item_name = str_replace('_', '', $item_name); in_event($item_number, 'Thank you for your donation of \$'.$payment_amount.'. Your '.$item_name.' is now in your properties page!'); in_event(1,'User['.$item_number.'] has donated for the property <b>'.$item_name.'</b> for a total of '.$settle_amount.'GBP!'); $mess = "User[".$item_number."] has donated for the property <b>'.$item_name.'</b> for a total of ".$settle_amount."GBP!"; mail('[email protected]', "Donation", $mess, "From: [email protected]"); $q_ry = array(); $q_ry = "INSERT INTO `donations_accepted` VALUES('NULL', '".mysql_real_escape_string($item_number)."', '".mysql_real_escape_string($payment_amount)."', unix_timestamp(), '0')"; mysql_query($q_ry); fclose($fp);die(""); } if($item_name != "31 Day Donator Pack" && $item_name != "Donator Pack - LTD") { fclose($fp);die(""); } else { $check_amnt1 = (3*$payment_qty) . ".00"; $check_amnt2 = (7*$payment_qty) . ".00"; if($item_name == "31 Day Donator Pack" && $payment_amount != "$check_amnt1") { fclose ($fp);die(""); } if($item_name == "Donator Pack - LTD" && $payment_amount != "$check_amnt2") { fclose ($fp);die(""); } // all seems to be in order, credit it. if($item_name == 'Donator Pack - LTD') { //Donator Pack - LTD $origqty = $payment_qty; //$payment_qty*=2; //$two = 0; //for($i = 1; $i<=50; $i++) //{ //$two=$two+2; //if($origqty == $two) { $payment_qty+=($origqty/2)*3; break; } //} $q_ry = array(); $q_ry = "SELECT `it_ID` FROM `members_items` WHERE `it_itemid` = '96' AND `it_playerid` = '".mysql_real_escape_string($item_number)."'"; $doi = array(); $doi = mysql_query($q_ry); if(!mysql_num_rows($doi)) { $q_ry = array(); $q_ry = "INSERT INTO `members_items` VALUES ('NULL', '".mysql_real_escape_string($item_number)."', '96', '".mysql_real_escape_string($payment_qty)."')"; mysql_query($q_ry); } else { $do = array(); $do = mysql_fetch_array($doi); $q_ry = array(); $q_ry = "UPDATE `members_items` SET `it_qty` = `it_qty` + '".mysql_real_escape_string($payment_qty)."' WHERE `it_ID` = '".mysql_real_escape_string($do['it_ID'])."'"; mysql_query($q_ry); } in_event($item_number, 'Thank you for your donation of \$'.$payment_amount.'. '.$payment_qty.' limited edition donator pack(s) has been credited to you.'); in_event(1,'User['.$item_number.'] has donated x '.$origqty.' for a total of '.$settle_amount.'GBP!'); $mess = "User[".$item_number."] has donated x ".$origqty." for a total of ".$settle_amount."GBP!"; mail('[email protected]', "Donation", $mess, "From: [email protected]"); $q_ry = array(); $q_ry = "INSERT INTO `donations_accepted` VALUES('NULL', '".mysql_real_escape_string($item_number)."', '".mysql_real_escape_string($payment_amount)."', unix_timestamp(), '0')"; mysql_query($q_ry); } else { $origqty = $payment_qty; //$payment_qty*=2; //$two = 0; //for($i = 1; $i<=50; $i++) //{ //$two=$two+2; //if($origqty == $two) { $payment_qty+=($origqty/2)*3; break; } //} $q_ry = array(); $q_ry = "SELECT `it_ID` FROM `members_items` WHERE `it_itemid` = '57' AND `it_playerid` = '".mysql_real_escape_string($item_number)."'"; $doi = array(); $doi = mysql_query($q_ry); if(!mysql_num_rows($doi)) { $q_ry = array(); $q_ry = "INSERT INTO `members_items` VALUES ('NULL', '".mysql_real_escape_string($item_number)."', '57', '".mysql_real_escape_string($payment_qty)."')"; mysql_query($q_ry); } else { $do = array(); $do = mysql_fetch_array($doi); $q_ry = array(); $q_ry = "UPDATE `members_items` SET `it_qty` = `it_qty` + '".mysql_real_escape_string($payment_qty)."' WHERE `it_ID` = '".mysql_real_escape_string($do['it_ID'])."'"; mysql_query($q_ry); } in_event($item_number, 'Thank you for your donation of \$'.$payment_amount.'. '.$payment_qty.' donator pack(s) has been credited to you.'); in_event(1,'User['.$item_number.'] has donated x '.$origqty.' for a total of '.$settle_amount.'GBP!'); $mess = "User[".$item_number."] has donated x ".$origqty." for a total of ".$settle_amount."GBP!"; mail('[email protected]', "Donation", $mess, "From: [email protected]"); $q_ry = array(); $q_ry = "INSERT INTO `donations_accepted` VALUES('NULL', '".mysql_real_escape_string($item_number)."', '".mysql_real_escape_string($payment_amount)."', unix_timestamp(), '0')"; mysql_query($q_ry); // process payment } } } else if (strcmp ($res, "INVALID") == 0) { } } fclose ($fp); } ?> Short tags - no thanks Using a deprecated database api (mysql_*) - no thanks No reporting on failed requests - such line 52 (if($payment_status != "Completed") { /* ... */ } - good luck with player support on cash transactions (not everything will go smoothly 100% of the time - log everything you get from a 3rd party. (headers and post body - along with a timestamp - unless you hate yourself and want to make things difficult in the future)) Hard-coded property values - why make things harder for yourself? Collect this data from the database!Ew, hardcoded item names and pricing [*]Using mysql_real_escape_string() on integers for "security" - uh-huh, okay [*]You don't actually check a query is successful before you continue logic - you should definitely make sure the query is successful [*]Code is super messy - no thanks Redo your script - don't use this in a professional production environment! Quote
NonStopCoding Posted August 21, 2015 Posted August 21, 2015 ... But let's address the real issues... Short tags - no thanks Using a deprecated database api (mysql_*) - no thanks No reporting on failed requests - such line 52 (if($payment_status != "Completed") { /* ... */ } - good luck with player support on cash transactions (not everything will go smoothly 100% of the time - log everything you get from a 3rd party. (headers and post body - along with a timestamp - unless you hate yourself and want to make things difficult in the future)) Hard-coded property values - why make things harder for yourself? Collect this data from the database!Ew, hardcoded item names and pricing [*]Using mysql_real_escape_string() on integers for "security" - uh-huh, okay [*]You don't actually check a query is successful before you continue logic - you should definitely make sure the query is successful [*]Code is super messy - no thanks Redo your script - don't use this in a professional production environment! Yea i was not even going to go there its been discussed tons about how poorly the engine has been coded it uses mres on every query that uses the session['playerid] the whole engine needs recoded and done properly Quote
jcvenom Posted August 21, 2015 Posted August 21, 2015 Yea i was not even going to go there its been discussed tons about how poorly the engine has been coded it uses mres on every query that uses the session['playerid] the whole engine needs recoded and done properly Whats wrong with escaping the session? fair enough its mres and not mysqli thats one issue but as for that issue i don't see anything wrong with escaping the session Quote
~Rob0t Posted August 21, 2015 Posted August 21, 2015 Whats wrong with escaping the session? fair enough its mres and not mysqli thats one issue but as for that issue i don't see anything wrong with escaping the session Generally, this particular session value is set by the application. The application would - generally speaking - fetch from a database that is explicitly set to type INT (ie: it holds a numerical value - nothing that can harm the application if always treated as an integer). Nothing is wrong with escaping the session value per se, it's the reasoning behind it - there is no reason to. Using "MRES because it's not MySQLi" isn't a fair argument to start escaping integers and treat them as strings because your application doesn't know the value - it does, and it's an integer. Also, I've seen a lot of people just wrapping values in MRES thinking it's their silver bullet; it's not. Quote
NonStopCoding Posted August 21, 2015 Posted August 21, 2015 Whats wrong with escaping the session? fair enough its mres and not mysqli thats one issue but as for that issue i don't see anything wrong with escaping the session i never said there was me personally i don't do and don't see a point its used to escape special characters. As robot mentioned above the session id is set automatic and is a number Quote
jcvenom Posted August 21, 2015 Posted August 21, 2015 Generally, this particular session value is set by the application. The application would - generally speaking - fetch from a database that is explicitly set to type INT (ie: it holds a numerical value - nothing that can harm the application if always treated as an integer). Nothing is wrong with escaping the session value per se, it's the reasoning behind it - there is no reason to. Using "MRES because it's not MySQLi" isn't a fair argument to start escaping integers and treat them as strings because your application doesn't know the value - it does, and it's an integer. Also, I've seen a lot of people just wrapping values in MRES thinking it's their silver bullet; it's not. OK i see your point, but when using mysqli i always escape the value when using queries but if im coding i always assign the session to an INT abs((int)) Quote
~Rob0t Posted August 21, 2015 Posted August 21, 2015 (edited) OK i see your point, but when using mysqli i always escape the value when using queries but if im coding i always assign the session to an INT abs((int)) You should look into prepared statements. There's no need to run your session value - that is holding an id - with abs() - unless of course it can be modified by the user (and I don't mean by session poisoning or local file inclusion (LFI Link 2)) Edited August 21, 2015 by ~Rob0t Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.