问题描述
我正在尝试从 vBulletin 产品更新旧的付款脚本。我设法使所有款项都付清了。我能够完成购买,但是当我单击"Return to merchant" PayPal按钮时,它不会执行购买验证。购买的商品确实存储在我的数据库中的"ma_purchases"表下,但其他信息一旦经过验证就应插入其他表中,并且不会插入。然后,(如果正确地阅读了此脚本)一旦购买返回经过验证,就应该切换用户的用户组并将购买详细信息插入其他位置。
<?PHP
// ####################### SET PHP ENVIRONMENT ###########################
error_reporting(E_ALL & ~ E_NOTICE);
// #################### DEFINE IMPORTANT CONSTANTS #######################
define('THIS_SCRIPT','mem_payment');
define('CSRF_PROTECTION',false);
define('SKIP_SESSIONCREATE',1);
// #################### PRE-CACHE TEMPLATES AND DATA ######################
// get special phrase groups
$phrasegroups = array('subscription');
// get special data templates from the datastore
$specialtemplates = array();
// pre-cache templates used by all actions
$globaltemplates = array();
// pre-cache templates used by specific actions
$actiontemplates = array();
// ######################### REQUIRE BACK-END ############################
define('VB_AREA','Subscriptions');
define('CWD',(($getcwd = getcwd()) ? $getcwd : '.'));
require_once (CWD . '/includes/init.PHP');
require_once (CWD . '/includes/class_vbma.PHP');
$vbma = new vbma($vbulletin,$vbphrase);
$vbulletin->input->clean_array_gpc('p',array(
'item_number' => TYPE_STR,'business' => TYPE_STR,'receiver_email' => TYPE_STR,'tax' => TYPE_STR,'txn_type' => TYPE_STR,'payment_status' => TYPE_STR,'mc_currency' => TYPE_STR,'mc_gross' => TYPE_STR,'txn_id' => TYPE_STR
));
$transaction_id = $vbulletin->GPC['txn_id'];
$id = $vbulletin->GPC['item_number'];
$mc_gross = doubleval($vbulletin->GPC['mc_gross']);
$tax = doubleval($vbulletin->GPC['tax']);
$query = 'cmd=_notify-validate';
foreach ($_POST as $key => $value)
{
$value = urlencode(stripslashes($value));
$query .= "&$key=$value";
}
$used_curl = false;
//If you are ever messing around with Paypal it's a good idea to use the sandBox.
$usesandBox = false;
if ($usesandBox)
{
$script = 'www.sandBox.paypal.com';
}
else
{
$script = 'www.paypal.com';
}
if (function_exists('curl_init') and $ch = curl_init())
{
curl_setopt($ch,CURLOPT_URL,'https://' . $script . '/cgi-bin/webscr');
curl_setopt($ch,CURLOPT_TIMEOUT,15);
curl_setopt($ch,CURLOPT_POST,true);
curl_setopt($ch,CURLOPT_POSTFIELDSIZE,0);
curl_setopt($ch,CURLOPT_POSTFIELDS,$query);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,CURLOPT_USERAGENT,'vBulletin via cURL/PHP');
$result = curl_exec($ch);
curl_close($ch);
if ($result !== false)
{
$used_curl = true;
}
}
if (!$used_curl)
{
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Host: " . $script . "\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($query) . "\r\n\r\n";
if ($fp = fsockopen($script,80,$errno,$errstr,15))
{
socket_set_timeout($fp,15);
fwrite($fp,$header . $query);
while (!feof($fp))
{
$result = fgets($fp,1024);
if (strcmp($result,'VERIFIED') == 0)
{
break;
}
}
fclose($fp);
}
}
if ($result == 'VERIFIED')
{
$purchase = $vbulletin->db->query_first("SELECT * FROM " . TABLE_PREFIX .
"ma_purchases WHERE id = '" . $id . "'");
$order = unserialize($purchase['order']);
if ($order[0] !== $vbulletin->GPC['business'])
{
$status_code = '503 Service Unavailable';
// Paypal likes to get told its message has been received
if (SAPI_NAME == 'cgi' or SAPI_NAME == 'cgi-fcgi')
{
header('Status: ' . $status_code);
}
else
{
header('HTTP/1.1 ' . $status_code);
}
}
unset($order[0]);
if ($purchase and !in_array($order[1],array('renew','upgrade')))
{
$product = $vbulletin->db->query_read("SELECT pur_group FROM " . TABLE_PREFIX .
"ma_products WHERE id = '" . $order[1] . "'");
$userinfo = fetch_userinfo($purchase['userid']);
$vbma->setCustomerNumber(unserialize($purchase['info']),$product['pur_group'],false,$userinfo);
$rand = rand($vbulletin->options['memarea_numstart'],$vbulletin->options['memarea_numend']);
$licnum = substr(md5($prodid . rand(0,20000) . $rand . $rand),rand(10,$vbulletin->
options['memarea_custnumleng']));
$licensedm = datamanager_init('License',$vbulletin,ERRTYPE_ARRAY);
$licensedm->setr('userid',$userinfo['userid']);
$licensedm->setr('productid',$order[1]);
$licensedm->setr('licensenum',$licnum);
$licensedm->set('dateline',TIMENow);
$licensedm->set('status',2);
$licensedm->pre_save();
if (!empty($licensedm->errors))
{
var_dump($licensedm->errors);
}
else
{
$licensedm->save();
}
} elseif ($purchase and $order[1] == 'renew')
{
$licenseinfo = $vbma->getLicense($order[2],'',false);
$licensedm = datamanager_init('License',ERRTYPE_ARRAY);
$licensedm->set_existing($licenseinfo);
$licensedm->set('dateline',2);
$licensedm->pre_save();
if (!empty($licensedm->errors))
{
var_dump($licensedm->errors);
}
else
{
$licensedm->save();
}
} elseif ($purchase and $order[1] == 'upgrade')
{
$licenseinfo = $vbma->getLicense($order[2],ERRTYPE_ARRAY);
$licensedm->set_existing($licenseinfo);
$licensedm->set('upgrades',serialize($order[3]));
$licensedm->pre_save();
if (!empty($licensedm->errors))
{
var_dump($licensedm->errors);
}
else
{
$licensedm->save();
}
}
$vbma->sendOutNewSaleEmail();
$vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX .
"ma_purchases WHERE id = '" . $id . "'");
$status_code = '200 OK';
// Paypal likes to get told its message has been received
if (SAPI_NAME == 'cgi' or SAPI_NAME == 'cgi-fcgi')
{
header('Status: ' . $status_code);
}
else
{
header('HTTP/1.1 ' . $status_code);
}
exit;
}
$status_code = '503 Service Unavailable';
// Paypal likes to get told its message has been received
if (SAPI_NAME == 'cgi' or SAPI_NAME == 'cgi-fcgi')
{
header('Status: ' . $status_code);
}
else
{
header('HTTP/1.1 ' . $status_code);
}
?>
可能需要更多帮助来解决这个问题,但我只是想问问,自2008年编写以来,有人认为该付款脚本有任何冲突。
解决方法
- 您需要使用HTTP / 1.1
- URL to post back to现在为https://ipnpb.paypal.com/cgi-bin/webscr,基本上是ipnpb代替了www
- 您的服务器/环境可能没有最新的根证书,因此无法验证paypal.com的主机并形成用于回发的安全HTTPS SSL连接,因此无法启动连接并收到“已验证”回应
- 您的服务器/环境还必须具有TLS 1.2功能
由于理智,请尽快停止使用IPN并升级到基于v2/orders/checkout APIs(设置/捕获交易)和server approval flow的版本。