What is wrong with the code

Hey I’m having a few problems here, I have an mmorpg where users are able to donate in exchange for I game credits, the problem I’m having is once they have donated the credits are not automatically put in to their account, can anyone help me please? Any help is appreciated

how are they donating, through paypal?

If through paypal use the IPN process

Thanks guys, really appreciate it, this is what I have at the minute… And it’s not working
[php]<?
include(“funcs.php”);
$site_Paypal = $site[paypal];

// read the post from PayPal system and add ‘cmd’
$req = ‘cmd=_notify-validate’;

foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= “&$key=$value”;
}

// post back to PayPal system to validate
$header .= “POST /cgi-bin/webscr HTTP/1.0\r\n”;
$header .= “Content-Type: application/x-www-form-urlencoded\r\n”;
$header .= 'Content-Length: ’ . strlen($req) . “\r\n\r\n”;
$fp = fsockopen (‘www.paypal.com’, 80, $errno, $errstr, 30);

// assign posted variables to local variables
// note: additional IPN variables also available – see IPN documentation
/*$item_name = $_POST[‘item_name’];
$receiver_email = $_POST[‘receiver_email’];
$item_number = $_POST[‘item_number’];
$invoice = $_POST[‘invoice’];
$payment_status = $_POST[‘payment_status’];
$payment_gross = $_POST[‘payment_gross’];
$txn_id = $_POST[‘txn_id’];
$payer_email = $_POST[‘payer_email’];
*/
if (!$fp) {
// ERROR
echo “$errstr ($errno)”;
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, “VERIFIED”) == 0) {
echo “

”;

print_r($_POST);

if($_POST[payment_status]==“Completed”) {
if ((!fetch(“SELECT tranid FROM $tab[paypal] WHERE tranid=’$txn_id’;”)) && ($business == “$site_Paypal”))

{
//BUG FIX 8.22.09

if($payment_gross < ‘5.00’){

mysql_query(“UPDATE $tab[user] SET status=‘banned’, reason=‘Attempting money glitch.’ WHERE username=’$custom’;”);}
else{
//BUG FIX 3.9.10

$thecredits = mysql_fetch_array(mysql_query(“SELECT res FROM credits_main WHERE id=’$item_number’”));

$thecheck = mysql_fetch_array(mysql_query(“SELECT res FROM credits_main WHERE cost=’$payment_gross’”));
if($thecredits[0]!=$thecheck[0])
{
die();
}

$turns=$thecredits[res];

$crewturns=($thecredits[res]*0.5);
    $total=$payment_gross-$payment_fee;

$the_game = mysql_fetch_array(mysql_query(“SELECT round FROM $tab[game] WHERE ends>’$time’ AND type=‘publicround’;”));

//FELLON-- UPDATE JACKPOT PER ROUND
$thenewpot=($payment_gross-$payment_fee)*.60;
mysql_query(“UPDATE $tab[game] SET startjackpot=startjackpot+$thenewpot WHERE round=’$the_game[round]’”);

$expires=$time+864000;//10 days

$total=$payment_gross-$payment_fee;
//END
mysql_query(“UPDATE r$the_game[round]_$tab[pimp] SET res=res+$fulldeal WHERE user=’$custom’”);

//END
if($fam_res == ‘yes’){
//FELLON-- GIVE FAMILY PERCENTAGE

$round_info = mysql_fetch_array(mysql_query(“SELECT id,pimp,user,crew FROM r$the_game[round]_$tab[pimp] WHERE user=’$custom’;”));
if($round_info[crew] != ‘0’){

mysql_query(“UPDATE r$the_game[round]$tab[pimp] SET res=res+$crewturns  WHERE user!=’$custom’ AND crew=’$round_info[crew]’");

//FELLON-- POST TO BOARD

mysql_query("INSERT INTO r$the_game[round]$tab[board] (time,who,msg,del,board) VALUES (’$time’,’$round_info[id]’,‘I just purchased credits, and generously everyone in the family each got $crewturns reserves each. Use them wisely!’,‘no’,’$round_info[crew]’);”);

mysql_query(“UPDATE r$the_game[round]_$tab[pimp] SET cmsg=cmsg+1 WHERE crew=’$round_info[crew]’”);
mysql_query(“UPDATE r$the_game[round]_$tab[pimp] SET res=res+$turns , main_packs=main_packs+1 WHERE main_packs<$main_packs AND user=’$custom’”);

}
	mysql_query("UPDATE $tab[user] SET status='supporter', statusexpire='$expires' WHERE username='$custom'");

//END
}
    mysql_query("INSERT INTO $tab[paypal] (tranid,amount,fee,user,datebought,type) VALUES ('$txn_id','$payment_gross','$payment_fee','$custom','$time','$item_number');");

    mail_2("A Family Pack Was Bought!","\nDear Admin,\n\nYou just received a payment from $custom for $turns reserves\n\nCost: $$payment_gross\nFee: $$payment_fee\n----------\nTotal: $$total","[email protected]");

}
}else{echo"Cannot refresh transaction!";}
    }
  // check the payment_status is Completed
  // check that txn_id has not been previously processed
  // check that receiver_email is an email address in your PayPal account
  // process payment
  }
  else if (strcmp ($res, "INVALID") == 0) {
  // log for manual investigation
  }

}

fclose ($fp);

}

?>

[/php]

I will donate to who ever helps me crack this, I appreciate it very much, the game is growing at a rapid pace and people are spending left right and centre.

You can test paypals IPN @ https://developer.paypal.com/webapps/developer/applications/ipn_simulator
When testing sandbox
$fp = fsockopen (‘ssl://www.sandbox.paypal.com’, 443, $errno, $errstr, 30);

When real deal
$fp = fsockopen (‘ssl://ipnpb.paypal.com’, 443, $errno, $errstr, 30);

This is to test only though right?

When the turns are bought the paypal goes through fine, I get funds etc but in exchange for the payment the turns that they purchase are not automatically placed in the the buyers online game account…

sandbox = testing only (simulator gives u a success or issue text on paypal website)

Basically, IPN sends the receipt information to your PHP page and then you do the transaction processing.
So linked email addresses with paypal payment and game email or what ever you want to link the transaction to the persons in game account as.

Also, I think you need to change your paypal account details to a “business” account (they may have changed the name) it costs you nothing to change but I think they charge a tiny bit more for transaction processes.

1. Person pays through paypal.
2. Paypal IPN sents information through to your PHP page
3. You process that information if transaction successful
4. Person gets the credits in game or what ever

Ok, quick update, I spoke to the guy who owned the website, he as had this working on the system for a while and has never had any problems with it, people have bought and received on this piece of code before, so that leads me to think… Could it be possible that something messed up when I changed the prices of the donations??

I noticed that you have $payment_gross and other details commented out.
[php]/*$item_name = $_POST[‘item_name’];
$receiver_email = $_POST[‘receiver_email’];
$item_number = $_POST[‘item_number’];
$invoice = $_POST[‘invoice’];
$payment_status = $_POST[‘payment_status’];
$payment_gross = $_POST[‘payment_gross’];
$txn_id = $_POST[‘txn_id’];
$payer_email = $_POST[‘payer_email’];
*/[/php]

I still can’t figure this out, it’s driving me insane… Really

I have a couple of questions,

is this supposed to be a constant as the array key?
[php]$site_Paypal = $site[paypal];[/php]
or should it be quoted?
[php]$site_Paypal = $site[‘paypal’];[/php]

As mentioned already, are these supposed to be commented out?
[php] // assign posted variables to local variables
// note: additional IPN variables also available – see IPN documentation
/*$item_name = $_POST[‘item_name’];
$receiver_email = $_POST[‘receiver_email’];
$item_number = $_POST[‘item_number’];
$invoice = $_POST[‘invoice’];
$payment_status = $_POST[‘payment_status’];
$payment_gross = $_POST[‘payment_gross’];
$txn_id = $_POST[‘txn_id’];
$payer_email = $_POST[‘payer_email’];
*/[/php]

Same as first question on this line;
[php]$_POST[payment_status][/php]
should it be?
[php]$_POST[‘payment_status’][/php]

In your email statement, why are you referencing passing variables by reference?
[php]mail_2(“A Family Pack Was Bought!”,"\nDear Admin,\n\nYou just received a payment from $custom for $turns reserves\n\nCost: $$payment_gross\nFee: $$payment_fee\n----------\nTotal: $$total","[email protected]");[/php]
Notice the double $$, I’m guessing that’s a typo and there should only be one $ on each variable.

The biggest thing i notice about this code though is the use of mysql_blah.
If you want this site to become (more) successful and carry on into the future i suggest you change your code asap using mysqli or PDO - Urgently!!

Hope that helps,
Red

You have a lot wrong in your code. Focus on your data handling and database queries.
You have variable names that seem to come from nowhere.
Remove the comments from the paypal variables so they can actually be set.
Move top down and ensure all variables are being set before they are called.

Thanks guys I’m still new to coding I’ll let you know how it goes once changed

If not will this be a big job for you red? How much for it all sorting out, obviously you will be a damn site faster than me, ps like your website

I am crazy busy at the moment but feel free to send me the files (either zip them and pm me here or send them to my email address.) When i get a spare 15 mins i’ll take a nosey.

I have no idea till i take a look.

Once i’ve looked i’ll know more - if it’s only tweaks needed and don’t take too long i’ll probably do it for free.

Thanks (it does need updating though… …when i get time…)

Red

Assuming that all your personal variables are correct within funcs.php
[php]<?
include(“funcs.php”);
$site_Paypal = $site[paypal];

// read the post from PayPal system and add ‘cmd’
$req = ‘cmd=_notify-validate’;

foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= “&$key=$value”;
}

// post back to PayPal system to validate
$header .= “POST /cgi-bin/webscr HTTP/1.0\r\n”;
$header .= “Content-Type: application/x-www-form-urlencoded\r\n”;
$header .= 'Content-Length: ’ . strlen($req) . “\r\n\r\n”;
$fp = fsockopen (‘www.paypal.com’, 80, $errno, $errstr, 30);

// assign posted variables to local variables
// note: additional IPN variables also available – see IPN documentation
$item_name = $_POST[‘item_name’];
$receiver_email = $_POST[‘receiver_email’];
$item_number = $_POST[‘item_number’];
$invoice = $_POST[‘invoice’];
$payment_status = $_POST[‘payment_status’];
$payment_gross = $_POST[‘payment_gross’];
$txn_id = $_POST[‘txn_id’];
$payer_email = $_POST[‘payer_email’];
$payment_fee = $_POST[‘payment_fee’];
$custom = $_POST[‘custom’];

if (!$fp) {
// ERROR
echo “$errstr ($errno)”;
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, “VERIFIED”) == 0) {
echo “

”;

print_r($_POST);

if($payment_status==“Completed”) {
if (!fetch(“SELECT tranid FROM $tab[paypal] WHERE tranid=’$txn_id’”) && ($business == “$site_Paypal”))

{
//BUG FIX 8.22.09

if($payment_gross < 5){

mysql_query(“UPDATE $tab[user] SET status=‘banned’, reason=‘Attempting money glitch.’ WHERE username=’$custom’”);

}
else{
//BUG FIX 3.9.10

$thecredits = mysql_fetch_array(mysql_query(“SELECT res FROM credits_main WHERE id=’$item_number’”));

$thecheck = mysql_fetch_array(mysql_query(“SELECT res FROM credits_main WHERE cost=’$payment_gross’”));
if($thecredits[0]!=$thecheck[0])
{
die();
}

$turns=$thecredits[res];

$crewturns=($thecredits[res]*0.5);
      $total=$payment_gross-$payment_fee;

$the_game = mysql_fetch_array(mysql_query(“SELECT round FROM $tab[game] WHERE ends>’$time’ AND type=‘publicround’”));

//FELLON-- UPDATE JACKPOT PER ROUND
$thenewpot=($payment_gross-$payment_fee)*.60;
mysql_query(“UPDATE $tab[game] SET startjackpot=startjackpot+$thenewpot WHERE round=’$the_game[round]’”);

$expires=$time+864000;//10 days

$total=$payment_gross-$payment_fee;
//END
mysql_query(“UPDATE r$the_game[round]_$tab[pimp] SET res=res+$fulldeal WHERE user=’$custom’”);

//END
if($fam_res == ‘yes’){
//FELLON-- GIVE FAMILY PERCENTAGE

$round_info = mysql_fetch_array(mysql_query(“SELECT id,pimp,user,crew FROM r$the_game[round]_$tab[pimp] WHERE user=’$custom’”));
if($round_info[crew] != ‘0’){

mysql_query(“UPDATE r$the_game[round]$tab[pimp] SET res=res+$crewturns  WHERE user!=’$custom’ AND crew=’$round_info[crew]’");

//FELLON-- POST TO BOARD

mysql_query("INSERT INTO r$the_game[round]$tab[board] (time,who,msg,del,board) VALUES (’$time’,’$round_info[id]’,‘I just purchased credits, and generously everyone in the family each got $crewturns reserves each. Use them wisely!’,‘no’,’$round_info[crew]’)”);

mysql_query(“UPDATE r$the_game[round]_$tab[pimp] SET cmsg=cmsg+1 WHERE crew=’$round_info[crew]’”);
mysql_query(“UPDATE r$the_game[round]_$tab[pimp] SET res=res+$turns , main_packs=main_packs+1 WHERE main_packs<$main_packs AND user=’$custom’”);

}
	mysql_query("UPDATE $tab[user] SET status='supporter', statusexpire='$expires' WHERE username='$custom'");

//END
}
     mysql_query("INSERT INTO $tab[paypal] (tranid,amount,fee,user,datebought,type) VALUES ('$txn_id','$payment_gross','$payment_fee','$custom','$time','$item_number')");

     mail_2("A Family Pack Was Bought!","\nDear Admin,\n\nYou just received a payment from $custom for $turns reserves\n\nCost: $$payment_gross\nFee: $$payment_fee\n----------\nTotal: $$total","[email protected]");

}
}else{echo"Cannot refresh transaction!";}

     }
   // check the payment_status is Completed
   // check that txn_id has not been previously processed
   // check that receiver_email is an email address in your PayPal account
   // process payment
   }
   else if (strcmp ($res, "INVALID") == 0) {
   // log for manual investigation
   }

}

fclose ($fp);

}

?> [/php]
And if your interested in checking more IPN variables
$item_name = (isset($_POST['item_name'])) ? $_POST['item_name'] : '';
$business = (isset($_POST['business'])) ? $_POST['business'] : '';
$item_number = (isset($_POST['item_number'])) ? $_POST['item_number'] : '';
$payment_status = (isset($_POST['payment_status'])) ? $_POST['payment_status'] : '';
$mc_gross = (isset($_POST['mc_gross'])) ? $_POST['mc_gross'] : '';
$payment_currency = (isset($_POST['mc_currency'])) ? $_POST['mc_currency'] : '';
$txn_id = (isset($_POST['txn_id'])) ? $_POST['txn_id'] : '';
$receiver_email = (isset($_POST['receiver_email'])) ? $_POST['receiver_email'] : '';
$receiver_id = (isset($_POST['receiver_id'])) ? $_POST['receiver_id'] : '';
$quantity = (isset($_POST['quantity'])) ? $_POST['quantity'] : '';
$num_cart_items = (isset($_POST['num_cart_items'])) ? $_POST['num_cart_items'] : '';
$payment_date = (isset($_POST['payment_date'])) ? $_POST['payment_date'] : '';
$first_name = (isset($_POST['first_name'])) ? $_POST['first_name'] : '';
$last_name = (isset($_POST['last_name'])) ? $_POST['last_name'] : '';
$payment_type = (isset($_POST['payment_type'])) ? $_POST['payment_type'] : '';
$payment_status = (isset($_POST['payment_status'])) ? $_POST['payment_status'] : '';
$payment_gross = (isset($_POST['payment_gross'])) ? $_POST['payment_gross'] : '';
$payment_fee = (isset($_POST['payment_fee'])) ? $_POST['payment_fee'] : '';
$settle_amount = (isset($_POST['settle_amount'])) ? $_POST['settle_amount'] : '';
$memo = (isset($_POST['memo'])) ? $_POST['memo'] : '';
$payer_email = (isset($_POST['payer_email'])) ? $_POST['payer_email'] : '';
$txn_type = (isset($_POST['txn_type'])) ? $_POST['txn_type'] : '';
$payer_status = (isset($_POST['payer_status'])) ? $_POST['payer_status'] : '';
$address_street = (isset($_POST['address_street'])) ? $_POST['address_street'] : '';
$address_city = (isset($_POST['address_city'])) ? $_POST['address_city'] : '';
$address_state = (isset($_POST['address_state'])) ? $_POST['address_state'] : '';
$address_zip = (isset($_POST['address_zip'])) ? $_POST['address_zip'] : '';
$address_country = (isset($_POST['address_country'])) ? $_POST['address_country'] : '';
$address_status = (isset($_POST['address_status'])) ? $_POST['address_status'] : '';
$item_number = (isset($_POST['item_number'])) ? $_POST['item_number'] : '';
$tax = (isset($_POST['tax'])) ? $_POST['tax'] : '';
$option_name1 = (isset($_POST['option_name1'])) ? $_POST['option_name1'] : '';
$option_selection1 = (isset($_POST['option_selection1'])) ? $_POST['option_selection1'] : '';
$option_name2 = (isset($_POST['option_name2'])) ? $_POST['option_name2'] : '';
$option_selection2 = (isset($_POST['option_selection2'])) ? $_POST['option_selection2'] : '';
$for_auction = (isset($_POST['for_auction'])) ? $_POST['for_auction'] : '';
$invoice = (isset($_POST['invoice'])) ? $_POST['invoice'] : '';
$custom = (isset($_POST['custom'])) ? $_POST['custom'] : '';
$notify_version = (isset($_POST['notify_version'])) ? $_POST['notify_version'] : '';
$verify_sign = (isset($_POST['verify_sign'])) ? $_POST['verify_sign'] : '';
$payer_business_name = (isset($_POST['payer_business_name'])) ? $_POST['payer_business_name'] : '';
$payer_id = (isset($_POST['payer_id'])) ? $_POST['payer_id'] : '';
$mc_currency = (isset($_POST['mc_currency'])) ? $_POST['mc_currency'] : '';
$mc_fee = (isset($_POST['mc_fee'])) ? $_POST['mc_fee'] : '';
$exchange_rate = (isset($_POST['exchange_rate'])) ? $_POST['exchange_rate'] : '';
$settle_currency  = (isset($_POST['settle_currency'])) ? $_POST['settle_currency'] : '';
$parent_txn_id  = (isset($_POST['parent_txn_id'])) ? $_POST['parent_txn_id'] : '';
$pending_reason = (isset($_POST['pending_reason'])) ? $_POST['pending_reason'] : '';
$reason_code = (isset($_POST['reason_code'])) ? $_POST['reason_code'] : '';
$user_id = (isset($_POST['option_selection1'])) ? $_POST['option_selection1'] : '';

Thanks lothop, saved me a few mins and the OP a lot of stress, have some karma on me

NP

Scott, I still highly recommend you run the sandbox to test your code.
Setup a fake user in your database and run a fake payment through paypals IPN.