Jump to content
MakeWebGames

RC Engine - Donation Problem


-BRAIDZ-

Recommended Posts

Okay, so when people donate to my game, they can choose to donate for a property, or a donator pack, but one problem, when they donate for a "31 Day Donator Pack" or "Donator Pack -LTD" it doesn't credit the packs to the user..

But it credits the properties, any help would be great, thank you..

ipn.php

<?
include('./includes/connections.php');
  function in_event($player, $text)
                                  {
                                   $player = abs(intval($player));
                                   $text = stripslashes($text);
                                   mysql_query("INSERT INTO `member_events` 
                                                VALUES('NULL', 
                                                       '".mysql_real_escape_string($player)."', 
                                                       '".mysql_real_escape_string($text)."',
                                                       unix_timestamp(), 
                                                       '0')");
                                   mysql_query("UPDATE `city_statistic` 
                                                SET `cs_value` = `cs_value` + '1'
                                                WHERE `cs_id` = '1'");
                                  }
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);

// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$settle_amount = $_POST['settle_amount'];
$payment_qty = $_POST['quantity'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$fee=(75*$payment_qty);


if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
// check the payment_status is Completed
if($payment_status != "Completed") { fclose ($fp);die(""); }
// check that receiver_email is your Primary PayPal email
if($receiver_email != '[email protected]') { fclose ($fp);die(""); }
// check that payment_amount/payment_currency are correct
if($payment_currency != 'USD') { fclose ($fp);die(""); }
// check that domain is correct
if($_SERVER['HTTP_HOST'] != 'www.reunited-city.com') { fclose($fp); die(""); }
// check that item_name is correct


if(in_array($item_name,array('Chalet','Villa','Pen  thouse','Mansion','Ranch','Palace','Castle','Priva  te_Island','Hotel','President_Bunker'))) {
// check that mc_gross is correct
$chp[Chalet] = 0.50*$payment_qty;
$chp[Villa] = 1.00*$payment_qty;
$chp[Penthouse] = 1.50*$payment_qty;
$chp[Mansion] = 2.00*$payment_qty;
$chp[Ranch] = 4.00*$payment_qty;
$chp[Palace] = 7.00*$payment_qty;
$chp[Castle] = 15.00*$payment_qty;
$chp[Private_Island] = 20.00*$payment_qty;
$chp[Hotel] = 30.00*$payment_qty;
$chp[President_Bunker] = 40.00*$payment_qty;
if($chp[$item_name] != $payment_amount) { fclose ($fp);die(""); }
$hinfo = array('Chalet'=>'7|350','Villa'=>'8|400','Penthous  e'=>'9|450','Mansion'=>'10|500','Ranch'=>'11|600',  'Palace'=>'12|1000','Castle'=>'13|1500','Private_I  sland'=>'14|2000','Hotel'=>'15|3000','President_Bu  nker'=>'16|4500');
$info = explode("|", $hinfo[$item_name]);
               $q_ry = "INSERT INTO `members_properties` 
                        (`p_id`, `p_playerid`, `p_property`,`p_happy`)
                        VALUES ('NULL',
                                '".mysql_real_escape_string($item_number)."',
                                '".mysql_real_escape_string($info[0])."',
                                '".mysql_real_escape_string($info[1])."')";
               mysql_query($q_ry);
               $item_name = str_replace('_', '', $item_name);
in_event($item_number, 'Thank you for your donation of \$'.$payment_amount.'. Your '.$item_name.' is now in your properties page!');
in_event(1,'User['.$item_number.'] has donated for the property <b>'.$item_name.'</b> for a total of '.$settle_amount.'USD!');
$mess = "User[".$item_number."] has donated for the property <b>'.$item_name.'</b> for a total of ".$settle_amount."USD!";
mail('[email protected]', "Donation", $mess, "From: [email protected]");
$q_ry = array();
$q_ry = "INSERT INTO `donations_accepted`
        VALUES('NULL',
               '".mysql_real_escape_string($item_number)."',
               '".mysql_real_escape_string($payment_amount)."'  ,
               unix_timestamp(),
               '0')";
mysql_query($q_ry);
fclose($fp);die(""); 
}


if($item_name != "31 Day Donator Pack" && $item_name != "10 Credit Card" && $item_name != "Special Energy Pack" && $item_name != "Charity To Homeless" && $item_name != "Charity To Homeless Small" && $item_name != "Donator Pack - LTD" && $item_name != "Refill Pack") { fclose($fp);die(""); 
}
else
{
$check_amnt1 = (0*$payment_qty) . ".01";
$check_amnt2 = (7*$payment_qty) . ".00";
$check_amnt3 = (7*$payment_qty) . ".00";
$check_amnt4 = (7*$payment_qty) . ".00";
$check_amnt5 = (30*$payment_qty) . ".00";
$check_amnt6 = (10*$payment_qty) . ".00";
$check_amnt7 = (3*$payment_qty) . ".00";
if($item_name == "31 Day Donator Pack" && $payment_amount != "$check_amnt1") { fclose ($fp);die(""); }
if($item_name == "10 Credit Card" && $payment_amount != "$check_amnt2") { fclose ($fp);die(""); }
if($item_name == "Donator Pack - LTD" && $payment_amount != "$check_amnt3") { fclose ($fp);die(""); }
if($item_name == "VIP Pack" && $payment_amount != "$check_amnt4") { fclose ($fp);die(""); }
if($item_name == "Charity To Homeless" && $payment_amount != "$check_amnt5") { fclose ($fp);die(""); }
if($item_name == "Charity To Homeless Small" && $payment_amount != "$check_amnt6") { fclose ($fp);die(""); }
if($item_name == "Refill Pack" && $payment_amount != "$check_amnt7") { fclose ($fp);die(""); }

// all seems to be in order, credit it.

if($item_name == '10 Credit Card')
{
 //Credit Card - 10
$origqty = $payment_qty;
//$payment_qty*=2;
//$two = 0;
//for($i = 1; $i<=50; $i++)
//{
//$two=$two+2;
//if($origqty == $two) { $payment_qty+=($origqty/2)*3; break; }
//}
$q_ry = array();
$q_ry = "SELECT `it_ID`
        FROM `members_items`
        WHERE `it_itemid` = '126'
        AND `it_playerid` = '".mysql_real_escape_string($item_number)."'";
$doi = array();
$doi = mysql_query($q_ry);
if(!mysql_num_rows($doi))
{
$q_ry = array();
$q_ry = "INSERT INTO `members_items`
        VALUES ('NULL',
                '".mysql_real_escape_string($item_number)."',
                '126',
                '".mysql_real_escape_string($payment_qty)."')";
mysql_query($q_ry);
}
else
{
$do = array();
$do = mysql_fetch_array($doi);
$q_ry = array();
$q_ry = "UPDATE `members_items`
        SET `it_qty` = `it_qty` + '".mysql_real_escape_string($payment_qty)."'
        WHERE `it_ID` = '".mysql_real_escape_string($do['it_ID'])."'";
mysql_query($q_ry);
}
in_event($item_number, 'Thank you for your donation of \$'.$payment_amount.'. '.$payment_qty.' credit card(s) has been credited to you.');
in_event(1,'User['.$item_number.'] has donated '.$origqty.'  x $10 Credits Card for a total of '.$settle_amount.'USD!');
$mess = "User[".$item_number."] has donated ".$origqty." x $10 Credits Card for a total of ".$settle_amount."USD!";
mail('[email protected]', "Donation", $mess, "From: [email protected]");
$q_ry = array();
$q_ry = "INSERT INTO `donations_accepted`
        VALUES('NULL',
               '".mysql_real_escape_string($item_number)."',
               '".mysql_real_escape_string($payment_amount)."'  ,
               unix_timestamp(),
               '0')";
mysql_query($q_ry);
}

if($item_name == 'VIP Pack')
{
 //Special Energy Pack
$origqty = $payment_qty;
//$payment_qty*=2;
//$two = 0;
//for($i = 1; $i<=50; $i++)
//{
//$two=$two+2;
//if($origqty == $two) { $payment_qty+=($origqty/2)*3; break; }
//}
$q_ry = array();
$q_ry = "SELECT `it_ID`
        FROM `members_items`
        WHERE `it_itemid` = '152'
        AND `it_playerid` = '".mysql_real_escape_string($item_number)."'";
$doi = array();
$doi = mysql_query($q_ry);
if(!mysql_num_rows($doi))
{
$q_ry = array();
$q_ry = "INSERT INTO `members_items`
        VALUES ('NULL',
                '".mysql_real_escape_string($item_number)."',
                '152',
                '".mysql_real_escape_string($payment_qty)."')";
mysql_query($q_ry);
}
else
{
$do = array();
$do = mysql_fetch_array($doi);
$q_ry = array();
$q_ry = "UPDATE `members_items`
        SET `it_qty` = `it_qty` + '".mysql_real_escape_string($payment_qty)."'
        WHERE `it_ID` = '".mysql_real_escape_string($do['it_ID'])."'";
mysql_query($q_ry);
}
in_event($item_number, 'Thank you for your donation of \$'.$payment_amount.'. '.$payment_qty.' VIP Pack(s) has been credited to you.');
in_event(1,'User['.$item_number.'] has donated '.$origqty.'  x VIP Pack for a total of '.$settle_amount.'USD!');
$mess = "User[".$item_number."] has donated ".$origqty." x VIP Pack for a total of ".$settle_amount."USD!";
mail('[email protected]', "Donation", $mess, "From: [email protected]");
$q_ry = array();
$q_ry = "INSERT INTO `donations_accepted`
        VALUES('NULL',
               '".mysql_real_escape_string($item_number)."',
               '".mysql_real_escape_string($payment_amount)."'  ,
               unix_timestamp(),
               '0')";
mysql_query($q_ry);
}

if($item_name == 'Refill Pack')
{
 //Refill Pack
$origqty = $payment_qty;
//$payment_qty*=2;
//$two = 0;
//for($i = 1; $i<=50; $i++)
//{
//$two=$two+2;
//if($origqty == $two) { $payment_qty+=($origqty/2)*3; break; }
//}
$q_ry = array();
$q_ry = "SELECT `it_ID`
        FROM `members_items`
        WHERE `it_itemid` = '158'
        AND `it_playerid` = '".mysql_real_escape_string($item_number)."'";
$doi = array();
$doi = mysql_query($q_ry);
if(!mysql_num_rows($doi))
{
$q_ry = array();
$q_ry = "INSERT INTO `members_items`
        VALUES ('NULL',
                '".mysql_real_escape_string($item_number)."',
                '158',
                '".mysql_real_escape_string($payment_qty)."')";
mysql_query($q_ry);
}
else
{
$do = array();
$do = mysql_fetch_array($doi);
$q_ry = array();
$q_ry = "UPDATE `members_items`
        SET `it_qty` = `it_qty` + '".mysql_real_escape_string($payment_qty)."'
        WHERE `it_ID` = '".mysql_real_escape_string($do['it_ID'])."'";
mysql_query($q_ry);
}
in_event($item_number, 'Thank you for your donation of \$'.$payment_amount.'. '.$payment_qty.' Refill Pack(s) has been credited to you.');
in_event(1,'User['.$item_number.'] has donated '.$origqty.'  x Refill Pack for a total of '.$settle_amount.'USD!');
$mess = "User[".$item_number."] has donated ".$origqty." x Refill Pack for a total of ".$settle_amount."USD!";
mail('[email protected]', "Donation", $mess, "From: [email protected]");
$q_ry = array();
$q_ry = "INSERT INTO `donations_accepted`
        VALUES('NULL',
               '".mysql_real_escape_string($item_number)."',
               '".mysql_real_escape_string($payment_amount)."'  ,
               unix_timestamp(),
               '0')";
mysql_query($q_ry);
}

if($item_name == 'Charity To Homeless')
{
 //Charity To Homeless
$origqty = $payment_qty;
//$payment_qty*=2;
//$two = 0;
//for($i = 1; $i<=50; $i++)
//{
//$two=$two+2;
//if($origqty == $two) { $payment_qty+=($origqty/2)*3; break; }
//}
$q_ry = array();
$q_ry = "SELECT `it_ID`
        FROM `members_items`
        WHERE `it_itemid` = '156'
        AND `it_playerid` = '".mysql_real_escape_string($item_number)."'";
$doi = array();
$doi = mysql_query($q_ry);
if(!mysql_num_rows($doi))
{
$q_ry = array();
$q_ry = "INSERT INTO `members_items`
        VALUES ('NULL',
                '".mysql_real_escape_string($item_number)."',
                '156',
                '".mysql_real_escape_string($payment_qty)."')";
mysql_query($q_ry);
}
else
{
$do = array();
$do = mysql_fetch_array($doi);
$q_ry = array();
$q_ry = "UPDATE `members_items`
        SET `it_qty` = `it_qty` + '".mysql_real_escape_string($payment_qty)."'
        WHERE `it_ID` = '".mysql_real_escape_string($do['it_ID'])."'";
mysql_query($q_ry);
}
in_event($item_number, 'Thank you for your donation of \$'.$payment_amount.'. '.$payment_qty.' Charity Present has been credited to you.');
in_event(1,'User['.$item_number.'] has donated '.$origqty.'  x Charity Present for a total of '.$settle_amount.'USD!');
$mess = "User[".$item_number."] has donated ".$origqty." x Charity Present for a total of ".$settle_amount."USD!";
mail('[email protected]', "Donation", $mess, "From: [email protected]");
$q_ry = array();
$q_ry = "INSERT INTO `donations_accepted`
        VALUES('NULL',
               '".mysql_real_escape_string($item_number)."',
               '".mysql_real_escape_string($payment_amount)."'  ,
               unix_timestamp(),
               '0')";
mysql_query($q_ry);
}

if($item_name == 'Charity To Homeless Small')
{
 //Charity To Homeless Small
$origqty = $payment_qty;
//$payment_qty*=2;
//$two = 0;
//for($i = 1; $i<=50; $i++)
//{
//$two=$two+2;
//if($origqty == $two) { $payment_qty+=($origqty/2)*3; break; }
//}
$q_ry = array();
$q_ry = "SELECT `it_ID`
        FROM `members_items`
        WHERE `it_itemid` = '157'
        AND `it_playerid` = '".mysql_real_escape_string($item_number)."'";
$doi = array();
$doi = mysql_query($q_ry);
if(!mysql_num_rows($doi))
{
$q_ry = array();
$q_ry = "INSERT INTO `members_items`(it_playerid,)
        VALUES ('NULL',
                '".mysql_real_escape_string($item_number)."',
                '157',
                '".mysql_real_escape_string($payment_qty)."')";
mysql_query($q_ry);
}
else
{
$do = array();
$do = mysql_fetch_array($doi);
$q_ry = array();
$q_ry = "UPDATE `members_items`
        SET `it_qty` = `it_qty` + '".mysql_real_escape_string($payment_qty)."'
        WHERE `it_ID` = '".mysql_real_escape_string($do['it_ID'])."'";
mysql_query($q_ry);
}
in_event($item_number, 'Thank you for your donation of \$'.$payment_amount.'. '.$payment_qty.' Charity Present Small has been credited to you.');
in_event(1,'User['.$item_number.'] has donated '.$origqty.'  x Charity Present Small for a total of '.$settle_amount.'USD!');
$mess = "User[".$item_number."] has donated ".$origqty." x Charity Present Small for a total of ".$settle_amount."USD!";
mail('[email protected]', "Donation", $mess, "From: [email protected]");
$q_ry = array();
$q_ry = "INSERT INTO `donations_accepted`
        VALUES('NULL',
               '".mysql_real_escape_string($item_number)."',
               '".mysql_real_escape_string($payment_amount)."'  ,
               unix_timestamp(),
               '0')";
mysql_query($q_ry);
}


if($item_name == 'Donator Pack - LTD')
{
 //Donator Pack - LTD
$origqty = $payment_qty;
//$payment_qty*=2;
//$two = 0;
//for($i = 1; $i<=50; $i++)
//{
//$two=$two+2;
//if($origqty == $two) { $payment_qty+=($origqty/2)*3; break; }
//}
$q_ry = array();
$q_ry = "SELECT `it_ID`
        FROM `members_items`
        WHERE `it_itemid` = '96'
        AND `it_playerid` = '".mysql_real_escape_string($_SESSION['playerid'])."'";
$doi = array();
$doi = mysql_query($q_ry);
if(!mysql_num_rows($doi))
{
$q_ry = array();
$q_ry = "INSERT INTO `members_items`(it_playerid, it_itemid, it_qty) VALUES('".$_SESSION['playerid']."', '96', '".$payment_qty."')"; 

mysql_query($q_ry);
}
else
{
$do = array();
$do = mysql_fetch_array($doi);
$q_ry = array();
$q_ry = "UPDATE `members_items`
        SET `it_qty` = `it_qty` + '".$payment_qty."'
        WHERE `it_playerid` = '".mysql_real_escape_string($do['it_ID'])."'";
mysql_query($q_ry);
}
in_event($item_number, 'Thank you for your donation of \$'.$payment_amount.'. '.$payment_qty.' Donator Pack - LTD(s) has been credited to you.');
in_event(1,'User['.$item_number.'] has donated '.$origqty.' x Donator Pack - LTD for a total of '.$settle_amount.'USD!');
$mess = "User[".$item_number."] has donated ".$origqty." x Donator Pack - LTD for a total of ".$settle_amount."USD!";
mail('[email protected]', "Donation", $mess, "From: [email protected]");
$q_ry = array();
$q_ry = "INSERT INTO `donations_accepted`
        VALUES('NULL',
               '".$_SESSION['playerid']."',
               '".$payment_amount."'  ,
               unix_timestamp(),
               '0')";
mysql_query($q_ry);
}

if($item_name == '31 Day Donator Pack')
{
$origqty = $payment_qty;
//$payment_qty*=2;
//$two = 0;
//for($i = 1; $i<=50; $i++)
//{
//$two=$two+2;
//if($origqty == $two) { $payment_qty+=($origqty/2)*3; break; }
//}
$q_ry = array();
$q_ry = "SELECT `it_ID`
        FROM `members_items`
        WHERE `it_itemid` = '57'
        AND `it_playerid` = '".mysql_real_escape_string($_SESSION['playerid'])."'";
$doi = array();
$doi = mysql_query($q_ry);
if(!mysql_num_rows($doi))
{
$q_ry = array();
$q_ry = "INSERT INTO `members_items`(it_playerid, it_itemid, it_qty) VALUES('".$_SESSION['playerid']."', '57', '".$payment_qty."')"; 
mysql_query($q_ry);
}
else
{
$do = array();
$do = mysql_fetch_array($doi);
$q_ry = array();
$q_ry = "UPDATE `members_items`
        SET `it_qty` = `it_qty` + '".mysql_real_escape_string($payment_qty)."'
        WHERE `it_playerid` = '".mysql_real_escape_string($do['it_ID'])."'";
mysql_query($q_ry);
}



in_event($item_number, 'Thank you for your donation of \$'.$payment_amount.'. '.$payment_qty.' donator pack(s) has been credited to you.');
in_event(1,'User['.$item_number.'] has donated '.$origqty.' x Donator Pack for a total of '.$settle_amount.'USD!');
$mess = "User[".$item_number."] has donated ".$origqty." x Donator Pack for a total of ".$settle_amount."USD!";
mail('[email protected]', "Donation", $mess, "From: [email protected]");
$q_ry = array();
$q_ry = "INSERT INTO `donations_accepted`
        VALUES('NULL',
               '".mysql_real_escape_string($item_number)."',
               '".mysql_real_escape_string($payment_amount)."'  ,
               unix_timestamp(),
               '0')";
mysql_query($q_ry);
// process payment
}
}
}
if (strcmp ($res, "INVALID") == 0) {
}
}
}

fclose ($fp);

?>
Link to comment
Share on other sites

I got it working, thank you though everyone, I ended up using my old ipn :)

 

<?
include('./includes/connections.php');
  function in_event($player, $text)
                                  {
                                   $player = abs(intval($player));
                                   $text = stripslashes($text);
                                   mysql_query("INSERT INTO `member_events` 
                                                VALUES('NULL', 
                                                       '".mysql_real_escape_string($player)."', 
                                                       '".mysql_real_escape_string($text)."',
                                                       unix_timestamp(), 
                                                       '0')");
                                   mysql_query("UPDATE `city_statistic` 
                                                SET `cs_value` = `cs_value` + '1'
                                                WHERE `cs_id` = '1'");
                                  }
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);

// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$settle_amount = $_POST['settle_amount'];
$payment_qty = $_POST['quantity'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];


if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
// check the payment_status is Completed
if($payment_status != "Completed") { fclose ($fp);die(""); }
// check that receiver_email is your Primary PayPal email
if($receiver_email != '[email protected]') { fclose ($fp);die(""); }
// check that payment_amount/payment_currency are correct
if($payment_currency != 'USD') { fclose ($fp);die(""); }
// check that domain is correct
if($_SERVER['HTTP_HOST'] != 'www.reunited-city.com') { fclose($fp); die(""); }
// check that item_name is correct


if(in_array($item_name,array('Chalet','Villa','Penthouse','Mansion','Ranch','Palace','Castle','Private_Island','Hotel'))) {
// check that mc_gross is correct
$chp[Chalet] = 0.50*$payment_qty;
$chp[Villa] = 1.00*$payment_qty;
$chp[Penthouse] = 1.50*$payment_qty;
$chp[Mansion] = 2.00*$payment_qty;
$chp[Ranch] = 4.00*$payment_qty;
$chp[Palace] = 7.00*$payment_qty;
$chp[Castle] = 15.00*$payment_qty;
$chp[Private_Island] = 20.00*$payment_qty;
$chp[Hotel] = 30.00*$payment_qty;
$chp[President_Bunker] = 40.00*$payment_qty;
if($chp[$item_name] != $payment_amount) { fclose ($fp);die(""); }
$hinfo = array('Chalet'=>'7|350','Villa'=>'8|400','Penthouse'=>'9|450','Mansion'=>'10|500','Ranch'=>'11|600','Palace'=>'12|1000','Castle'=>'13|1500','Private_Island'=>'14|2000','Hotel'=>'15|3000');
$info = explode("|", $hinfo[$item_name]);
               $q_ry = "INSERT INTO `members_properties` 
                        (`p_id`, `p_playerid`, `p_property`,`p_happy`)
                        VALUES ('NULL',
                                '".mysql_real_escape_string($item_number)."',
                                '".mysql_real_escape_string($info[0])."',
                                '".mysql_real_escape_string($info[1])."')";
               mysql_query($q_ry);
               $item_name = str_replace('_', '', $item_name);
in_event($item_number, 'Thank you for your donation of \$'.$payment_amount.'. Your '.$item_name.' is now in your properties page!');
in_event(1,'User['.$item_number.'] has donated for the property <b>'.$item_name.'</b> for a total of '.$settle_amount.'GBP!');
$mess = "User[".$item_number."] has donated for the property <b>'.$item_name.'</b> for a total of ".$settle_amount."GBP!";
mail('[email protected]', "Donation", $mess, "From: [email protected]");
$q_ry = array();
$q_ry = "INSERT INTO `donations_accepted`
        VALUES('NULL',
               '".mysql_real_escape_string($item_number)."',
               '".mysql_real_escape_string($payment_amount)."',
               unix_timestamp(),
               '0')";
mysql_query($q_ry);
fclose($fp);die(""); 
}


if($item_name != "31 Day Donator Pack" && $item_name != "Donator Pack - LTD") { fclose($fp);die(""); 
}
else
{
$check_amnt1 = (3*$payment_qty) . ".00";
$check_amnt2 = (7*$payment_qty) . ".00";
if($item_name == "31 Day Donator Pack" && $payment_amount != "$check_amnt1") { fclose ($fp);die(""); }
if($item_name == "Donator Pack - LTD" && $payment_amount != "$check_amnt2") { fclose ($fp);die(""); }
// all seems to be in order, credit it.

if($item_name == 'Donator Pack - LTD')
{
 //Donator Pack - LTD
$origqty = $payment_qty;
//$payment_qty*=2;
//$two = 0;
//for($i = 1; $i<=50; $i++)
//{
//$two=$two+2;
//if($origqty == $two) { $payment_qty+=($origqty/2)*3; break; }
//}
$q_ry = array();
$q_ry = "SELECT `it_ID`
        FROM `members_items`
        WHERE `it_itemid` = '96'
        AND `it_playerid` = '".mysql_real_escape_string($item_number)."'";
$doi = array();
$doi = mysql_query($q_ry);
if(!mysql_num_rows($doi))
{
$q_ry = array();
$q_ry = "INSERT INTO `members_items`
        VALUES ('NULL',
                '".mysql_real_escape_string($item_number)."',
                '96',
                '".mysql_real_escape_string($payment_qty)."')";
mysql_query($q_ry);
}
else
{
$do = array();
$do = mysql_fetch_array($doi);
$q_ry = array();
$q_ry = "UPDATE `members_items`
        SET `it_qty` = `it_qty` + '".mysql_real_escape_string($payment_qty)."'
        WHERE `it_ID` = '".mysql_real_escape_string($do['it_ID'])."'";
mysql_query($q_ry);
}
in_event($item_number, 'Thank you for your donation of \$'.$payment_amount.'. '.$payment_qty.' limited edition donator pack(s) has been credited to you.');
in_event(1,'User['.$item_number.'] has donated x '.$origqty.' for a total of '.$settle_amount.'GBP!');
$mess = "User[".$item_number."] has donated x ".$origqty." for a total of ".$settle_amount."GBP!";
mail('[email protected]', "Donation", $mess, "From: [email protected]");
$q_ry = array();
$q_ry = "INSERT INTO `donations_accepted`
        VALUES('NULL',
               '".mysql_real_escape_string($item_number)."',
               '".mysql_real_escape_string($payment_amount)."',
               unix_timestamp(),
               '0')";
mysql_query($q_ry);
}
else
{
$origqty = $payment_qty;
//$payment_qty*=2;
//$two = 0;
//for($i = 1; $i<=50; $i++)
//{
//$two=$two+2;
//if($origqty == $two) { $payment_qty+=($origqty/2)*3; break; }
//}
$q_ry = array();
$q_ry = "SELECT `it_ID`
        FROM `members_items`
        WHERE `it_itemid` = '57'
        AND `it_playerid` = '".mysql_real_escape_string($item_number)."'";
$doi = array();
$doi = mysql_query($q_ry);
if(!mysql_num_rows($doi))
{
$q_ry = array();
$q_ry = "INSERT INTO `members_items`
        VALUES ('NULL',
                '".mysql_real_escape_string($item_number)."',
                '57',
                '".mysql_real_escape_string($payment_qty)."')";
mysql_query($q_ry);
}
else
{
$do = array();
$do = mysql_fetch_array($doi);
$q_ry = array();
$q_ry = "UPDATE `members_items`
        SET `it_qty` = `it_qty` + '".mysql_real_escape_string($payment_qty)."'
        WHERE `it_ID` = '".mysql_real_escape_string($do['it_ID'])."'";
mysql_query($q_ry);
}



in_event($item_number, 'Thank you for your donation of \$'.$payment_amount.'. '.$payment_qty.' donator pack(s) has been credited to you.');
in_event(1,'User['.$item_number.'] has donated x '.$origqty.' for a total of '.$settle_amount.'GBP!');
$mess = "User[".$item_number."] has donated x ".$origqty." for a total of ".$settle_amount."GBP!";
mail('[email protected]', "Donation", $mess, "From: [email protected]");
$q_ry = array();
$q_ry = "INSERT INTO `donations_accepted`
        VALUES('NULL',
               '".mysql_real_escape_string($item_number)."',
               '".mysql_real_escape_string($payment_amount)."',
               unix_timestamp(),
               '0')";
mysql_query($q_ry);
// process payment
}



















}
}
else if (strcmp ($res, "INVALID") == 0) {
}
}

fclose ($fp);
}
?>
Link to comment
Share on other sites

I think being able to donate for houses is silly they should be earned by hard work

... But let's address the real issues...

 

I got it working, thank you though everyone, I ended up using my old ipn :)

 

<?
include('./includes/connections.php');
  function in_event($player, $text)
                                  {
                                   $player = abs(intval($player));
                                   $text = stripslashes($text);
                                   mysql_query("INSERT INTO `member_events` 
                                                VALUES('NULL', 
                                                       '".mysql_real_escape_string($player)."', 
                                                       '".mysql_real_escape_string($text)."',
                                                       unix_timestamp(), 
                                                       '0')");
                                   mysql_query("UPDATE `city_statistic` 
                                                SET `cs_value` = `cs_value` + '1'
                                                WHERE `cs_id` = '1'");
                                  }
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);

// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$settle_amount = $_POST['settle_amount'];
$payment_qty = $_POST['quantity'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];


if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
// check the payment_status is Completed
if($payment_status != "Completed") { fclose ($fp);die(""); }
// check that receiver_email is your Primary PayPal email
if($receiver_email != '[email protected]') { fclose ($fp);die(""); }
// check that payment_amount/payment_currency are correct
if($payment_currency != 'USD') { fclose ($fp);die(""); }
// check that domain is correct
if($_SERVER['HTTP_HOST'] != 'www.reunited-city.com') { fclose($fp); die(""); }
// check that item_name is correct


if(in_array($item_name,array('Chalet','Villa','Penthouse','Mansion','Ranch','Palace','Castle','Private_Island','Hotel'))) {
// check that mc_gross is correct
$chp[Chalet] = 0.50*$payment_qty;
$chp[Villa] = 1.00*$payment_qty;
$chp[Penthouse] = 1.50*$payment_qty;
$chp[Mansion] = 2.00*$payment_qty;
$chp[Ranch] = 4.00*$payment_qty;
$chp[Palace] = 7.00*$payment_qty;
$chp[Castle] = 15.00*$payment_qty;
$chp[Private_Island] = 20.00*$payment_qty;
$chp[Hotel] = 30.00*$payment_qty;
$chp[President_Bunker] = 40.00*$payment_qty;
if($chp[$item_name] != $payment_amount) { fclose ($fp);die(""); }
$hinfo = array('Chalet'=>'7|350','Villa'=>'8|400','Penthouse'=>'9|450','Mansion'=>'10|500','Ranch'=>'11|600','Palace'=>'12|1000','Castle'=>'13|1500','Private_Island'=>'14|2000','Hotel'=>'15|3000');
$info = explode("|", $hinfo[$item_name]);
               $q_ry = "INSERT INTO `members_properties` 
                        (`p_id`, `p_playerid`, `p_property`,`p_happy`)
                        VALUES ('NULL',
                                '".mysql_real_escape_string($item_number)."',
                                '".mysql_real_escape_string($info[0])."',
                                '".mysql_real_escape_string($info[1])."')";
               mysql_query($q_ry);
               $item_name = str_replace('_', '', $item_name);
in_event($item_number, 'Thank you for your donation of \$'.$payment_amount.'. Your '.$item_name.' is now in your properties page!');
in_event(1,'User['.$item_number.'] has donated for the property <b>'.$item_name.'</b> for a total of '.$settle_amount.'GBP!');
$mess = "User[".$item_number."] has donated for the property <b>'.$item_name.'</b> for a total of ".$settle_amount."GBP!";
mail('[email protected]', "Donation", $mess, "From: [email protected]");
$q_ry = array();
$q_ry = "INSERT INTO `donations_accepted`
        VALUES('NULL',
               '".mysql_real_escape_string($item_number)."',
               '".mysql_real_escape_string($payment_amount)."',
               unix_timestamp(),
               '0')";
mysql_query($q_ry);
fclose($fp);die(""); 
}


if($item_name != "31 Day Donator Pack" && $item_name != "Donator Pack - LTD") { fclose($fp);die(""); 
}
else
{
$check_amnt1 = (3*$payment_qty) . ".00";
$check_amnt2 = (7*$payment_qty) . ".00";
if($item_name == "31 Day Donator Pack" && $payment_amount != "$check_amnt1") { fclose ($fp);die(""); }
if($item_name == "Donator Pack - LTD" && $payment_amount != "$check_amnt2") { fclose ($fp);die(""); }
// all seems to be in order, credit it.

if($item_name == 'Donator Pack - LTD')
{
 //Donator Pack - LTD
$origqty = $payment_qty;
//$payment_qty*=2;
//$two = 0;
//for($i = 1; $i<=50; $i++)
//{
//$two=$two+2;
//if($origqty == $two) { $payment_qty+=($origqty/2)*3; break; }
//}
$q_ry = array();
$q_ry = "SELECT `it_ID`
        FROM `members_items`
        WHERE `it_itemid` = '96'
        AND `it_playerid` = '".mysql_real_escape_string($item_number)."'";
$doi = array();
$doi = mysql_query($q_ry);
if(!mysql_num_rows($doi))
{
$q_ry = array();
$q_ry = "INSERT INTO `members_items`
        VALUES ('NULL',
                '".mysql_real_escape_string($item_number)."',
                '96',
                '".mysql_real_escape_string($payment_qty)."')";
mysql_query($q_ry);
}
else
{
$do = array();
$do = mysql_fetch_array($doi);
$q_ry = array();
$q_ry = "UPDATE `members_items`
        SET `it_qty` = `it_qty` + '".mysql_real_escape_string($payment_qty)."'
        WHERE `it_ID` = '".mysql_real_escape_string($do['it_ID'])."'";
mysql_query($q_ry);
}
in_event($item_number, 'Thank you for your donation of \$'.$payment_amount.'. '.$payment_qty.' limited edition donator pack(s) has been credited to you.');
in_event(1,'User['.$item_number.'] has donated x '.$origqty.' for a total of '.$settle_amount.'GBP!');
$mess = "User[".$item_number."] has donated x ".$origqty." for a total of ".$settle_amount."GBP!";
mail('[email protected]', "Donation", $mess, "From: [email protected]");
$q_ry = array();
$q_ry = "INSERT INTO `donations_accepted`
        VALUES('NULL',
               '".mysql_real_escape_string($item_number)."',
               '".mysql_real_escape_string($payment_amount)."',
               unix_timestamp(),
               '0')";
mysql_query($q_ry);
}
else
{
$origqty = $payment_qty;
//$payment_qty*=2;
//$two = 0;
//for($i = 1; $i<=50; $i++)
//{
//$two=$two+2;
//if($origqty == $two) { $payment_qty+=($origqty/2)*3; break; }
//}
$q_ry = array();
$q_ry = "SELECT `it_ID`
        FROM `members_items`
        WHERE `it_itemid` = '57'
        AND `it_playerid` = '".mysql_real_escape_string($item_number)."'";
$doi = array();
$doi = mysql_query($q_ry);
if(!mysql_num_rows($doi))
{
$q_ry = array();
$q_ry = "INSERT INTO `members_items`
        VALUES ('NULL',
                '".mysql_real_escape_string($item_number)."',
                '57',
                '".mysql_real_escape_string($payment_qty)."')";
mysql_query($q_ry);
}
else
{
$do = array();
$do = mysql_fetch_array($doi);
$q_ry = array();
$q_ry = "UPDATE `members_items`
        SET `it_qty` = `it_qty` + '".mysql_real_escape_string($payment_qty)."'
        WHERE `it_ID` = '".mysql_real_escape_string($do['it_ID'])."'";
mysql_query($q_ry);
}



in_event($item_number, 'Thank you for your donation of \$'.$payment_amount.'. '.$payment_qty.' donator pack(s) has been credited to you.');
in_event(1,'User['.$item_number.'] has donated x '.$origqty.' for a total of '.$settle_amount.'GBP!');
$mess = "User[".$item_number."] has donated x ".$origqty." for a total of ".$settle_amount."GBP!";
mail('[email protected]', "Donation", $mess, "From: [email protected]");
$q_ry = array();
$q_ry = "INSERT INTO `donations_accepted`
        VALUES('NULL',
               '".mysql_real_escape_string($item_number)."',
               '".mysql_real_escape_string($payment_amount)."',
               unix_timestamp(),
               '0')";
mysql_query($q_ry);
// process payment
}



















}
}
else if (strcmp ($res, "INVALID") == 0) {
}
}

fclose ($fp);
}
?>

 

  • Short tags - no thanks
  • Using a deprecated database api (mysql_*) - no thanks
  • No reporting on failed requests - such line 52 (if($payment_status != "Completed") { /* ... */ } - good luck with player support on cash transactions (not everything will go smoothly 100% of the time - log everything you get from a 3rd party. (headers and post body - along with a timestamp - unless you hate yourself and want to make things difficult in the future))
  • Hard-coded property values - why make things harder for yourself? Collect this data from the database!
    • Ew, hardcoded item names and pricing

    [*]Using mysql_real_escape_string() on integers for "security" - uh-huh, okay

    [*]You don't actually check a query is successful before you continue logic - you should definitely make sure the query is successful

    [*]Code is super messy - no thanks

 

Redo your script - don't use this in a professional production environment!

Link to comment
Share on other sites

... But let's address the real issues...

 

 

  • Short tags - no thanks
  • Using a deprecated database api (mysql_*) - no thanks
  • No reporting on failed requests - such line 52 (if($payment_status != "Completed") { /* ... */ } - good luck with player support on cash transactions (not everything will go smoothly 100% of the time - log everything you get from a 3rd party. (headers and post body - along with a timestamp - unless you hate yourself and want to make things difficult in the future))
  • Hard-coded property values - why make things harder for yourself? Collect this data from the database!
    • Ew, hardcoded item names and pricing

    [*]Using mysql_real_escape_string() on integers for "security" - uh-huh, okay

    [*]You don't actually check a query is successful before you continue logic - you should definitely make sure the query is successful

    [*]Code is super messy - no thanks

 

Redo your script - don't use this in a professional production environment!

Yea i was not even going to go there its been discussed tons about how poorly the engine has been coded it uses mres on every query that uses the session['playerid] the whole engine needs recoded and done properly

Link to comment
Share on other sites

Yea i was not even going to go there its been discussed tons about how poorly the engine has been coded it uses mres on every query that uses the session['playerid] the whole engine needs recoded and done properly

Whats wrong with escaping the session? fair enough its mres and not mysqli thats one issue but as for that issue i don't see anything wrong with escaping the session

Link to comment
Share on other sites

Whats wrong with escaping the session? fair enough its mres and not mysqli thats one issue but as for that issue i don't see anything wrong with escaping the session

Generally, this particular session value is set by the application. The application would - generally speaking - fetch from a database that is explicitly set to type INT (ie: it holds a numerical value - nothing that can harm the application if always treated as an integer).

Nothing is wrong with escaping the session value per se, it's the reasoning behind it - there is no reason to. Using "MRES because it's not MySQLi" isn't a fair argument to start escaping integers and treat them as strings because your application doesn't know the value - it does, and it's an integer.

Also, I've seen a lot of people just wrapping values in MRES thinking it's their silver bullet; it's not.

Link to comment
Share on other sites

Whats wrong with escaping the session? fair enough its mres and not mysqli thats one issue but as for that issue i don't see anything wrong with escaping the session

i never said there was me personally i don't do and don't see a point its used to escape special characters. As robot mentioned above the session id is set automatic and is a number

Link to comment
Share on other sites

Generally, this particular session value is set by the application. The application would - generally speaking - fetch from a database that is explicitly set to type INT (ie: it holds a numerical value - nothing that can harm the application if always treated as an integer).

Nothing is wrong with escaping the session value per se, it's the reasoning behind it - there is no reason to. Using "MRES because it's not MySQLi" isn't a fair argument to start escaping integers and treat them as strings because your application doesn't know the value - it does, and it's an integer.

Also, I've seen a lot of people just wrapping values in MRES thinking it's their silver bullet; it's not.

OK i see your point, but when using mysqli i always escape the value when using queries but if im coding i always assign the session to an INT abs((int))

Link to comment
Share on other sites

OK i see your point, but when using mysqli i always escape the value when using queries but if im coding i always assign the session to an INT abs((int))

You should look into prepared statements. There's no need to run your session value - that is holding an id - with abs() - unless of course it can be modified by the user (and I don't mean by session poisoning or local file inclusion (LFI Link 2))

Edited by ~Rob0t
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...