11 years ago · 07d4bc9fba
--- a/Sources/Subscriptions-PayPal.php
+++ b/Sources/Subscriptions-PayPal.php
@@ -17,22 +17,40 @@
 
 if (!defined('SMF'))
 
 	die('Hacking attempt...');
 
 
 
+/**
 
+ * Class for returning available form data for this gateway
 
+ */
 
 class paypal_display
 
 {
 
+	/**
 
+	 * Name of this payment gateway
 
+	 */
 
 	public $title = 'PayPal';
 
 
 
+	/**
 
+	 * Return the admin settings for this gateway
 
+	 *
 
+	 * @return array
 
+	 */
 
 	public function getGatewaySettings()
 
 	{
 
 		global $txt;
 
 
 
 		$setting_data = array(
 
-			array('text', 'paypal_email', 'subtext' => $txt['paypal_email_desc']),
 
+			array(
 
+				'text', 'paypal_email',
 
+				'subtext' => $txt['paypal_email_desc']
 
+			),
 
 		);
 
 
 
 		return $setting_data;
 
 	}
 
 
 
-	// Is this enabled for new payments?
 
+	/**
 
+	 * Is this enabled for new payments?
 
+	 *
 
+	 * @return boolean
 
+	 */
 
 	public function gatewayEnabled()
 
 	{
 
 		global $modSettings;
@@ -40,7 +58,19 @@ class paypal_display
 
 		return !empty($modSettings['paypal_email']);
 
 	}
 
 
 
-	// What do we want?
 
+	/**
 
+	 * What do we want?
 
+	 *
 
+	 * Called from Profile-Actions.php to return a unique set of fields for the given gateway
 
+	 * plus all the standard ones for the subscription form
 
+	 *
 
+	 * @param type $unique_id
 
+	 * @param type $sub_data
 
+	 * @param type $value
 
+	 * @param type $period
 
+	 * @param type $return_url
 
+	 * @return string
 
+	 */
 
 	public function fetchGatewayFields($unique_id, $sub_data, $value, $period, $return_url)
 
 	{
 
 		global $modSettings, $txt, $boardurl;
@@ -99,11 +129,18 @@ class paypal_display
 
 	}
 
 }
 
 
 
+/**
 
+ * Class of functions to validate a IPN response and provide details of the payment
 
+ */
 
 class paypal_payment
 
 {
 
 	private $return_data;
 
 
 
-	// This function returns true/false for whether this gateway thinks the data is intended for it.
 
+	/**
 
+	 * This function returns true/false for whether this gateway thinks the data is intended for it.
 
+	 *
 
+	 * @return boolean
 
+	 */
 
 	public function isValid()
 
 	{
 
 		global $modSettings;
@@ -117,12 +154,22 @@ class paypal_payment
 
 		// Correct email address?
 
 		if (!isset($_POST['business']))
 
 			$_POST['business'] = $_POST['receiver_email'];
 
-		if ($modSettings['paypal_email'] != $_POST['business'] && (empty($modSettings['paypal_additional_emails']) || !in_array($_POST['business'], explode(',', $modSettings['paypal_additional_emails']))))
 
+
 
+		if ($modSettings['paypal_email'] !== $_POST['business'] && (empty($modSettings['paypal_additional_emails']) || !in_array($_POST['business'], explode(',', $modSettings['paypal_additional_emails']))))
 
 			return false;
 
 		return true;
 
 	}
 
 
 
-	// Validate all the data was valid.
 
+	/**
 
+	 * Post the IPN data received back to paypal for validaion
 
+	 * Sends the complete unaltered message back to PayPal. The message must contain the same fields
 
+	 * in the same order and be encoded in the same way as the original message
 
+	 * PayPal will respond back with a single word, which is either VERIFIED if the message originated with PayPal or INVALID
 
+	 *
 
+	 * If valid returns the subscription and member IDs we are going to process if it passes
 
+	 *
 
+	 * @return string
 
+	 */
 
 	public function precheck()
 
 	{
 
 		global $modSettings, $txt;
@@ -134,18 +181,28 @@ class paypal_payment
 
 		// Build the request string - starting with the minimum requirement.
 
 		$requestString = 'cmd=_notify-validate';
 
 
 
-		// Now my dear, add all the posted bits.
 
+		// Now my dear, add all the posted bits in the order we got them
 
 		foreach ($_POST as $k => $v)
 
 			$requestString .= '&' . $k . '=' . urlencode($v);
 
 
 
 		// Can we use curl?
 
-		if (function_exists('curl_init') && $curl = curl_init('http://www.', !empty($modSettings['paidsubs_test']) ? 'sandbox.' : '', 'paypal.com/cgi-bin/webscr'))
 
+		if (function_exists('curl_init') && $curl = curl_init((!empty($modSettings['paidsubs_test']) ? 'https://www.sandbox.' : 'http://www.') . 'paypal.com/cgi-bin/webscr'))
 
 		{
 
 			// Set the post data.
 
 			curl_setopt($curl, CURLOPT_POST, true);
 
 			curl_setopt($curl, CURLOPT_POSTFIELDSIZE, 0);
 
 			curl_setopt($curl, CURLOPT_POSTFIELDS, $requestString);
 
 
 
+			// Set up the headers so paypal will accept the post
 
+			curl_setopt($curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
 
+			curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 1);
 
+			curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
 
+			curl_setopt($curl, CURLOPT_FORBID_REUSE, 1);
 
+			curl_setopt($curl, CURLOPT_HTTPHEADER, array(
 
+				'Host: www.' . (!empty($modSettings['paidsubs_test']) ? 'sandbox.' : '') . 'paypal.com',
 
+				'Connection: close'
 
+			));
 
+
 
 			// Fetch the data returned as a string.
 
 			curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
 
 
@@ -159,12 +216,17 @@ class paypal_payment
 
 		else
 
 		{
 
 			// Setup the headers.
 
-			$header = 'POST /cgi-bin/webscr HTTP/1.0' . "\r\n";
 
+			$header = 'POST /cgi-bin/webscr HTTP/1.1' . "\r\n";
 
 			$header .= 'Content-Type: application/x-www-form-urlencoded' . "\r\n";
 
-			$header .= 'Content-Length: ' . strlen ($requestString) . "\r\n\r\n";
 
+			$header .= 'Host: www.' . (!empty($modSettings['paidsubs_test']) ? 'sandbox.' : '') . 'paypal.com' . "\r\n";
 
+			$header .= 'Content-Length: ' . strlen ($requestString) . "\r\n";
 
+			$header .= 'Connection: close' . "\r\n\r\n";
 
 
 
 			// Open the connection.
 
-			$fp = fsockopen('www.' . (!empty($modSettings['paidsubs_test']) ? 'sandbox.' : '') . 'paypal.com', 80, $errno, $errstr, 30);
 
+			if (!empty($modSettings['paidsubs_test']))
 
+				$fp = fsockopen('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);
 
+			else
 
+				$fp = fsockopen('www.paypal.com', 80, $errno, $errstr, 30);
 
 
 
 			// Did it work?
 
 			if (!$fp)
@@ -177,7 +239,7 @@ class paypal_payment
 
 			while (!feof($fp))
 
 			{
 
 				$this->return_data = fgets($fp, 1024);
 
-				if (strcmp($this->return_data, 'VERIFIED') == 0)
 
+				if (strcmp(trim($this->return_data), 'VERIFIED') === 0)
 
 					break;
 
 			}
 
 
@@ -186,21 +248,20 @@ class paypal_payment
 
 		}
 
 
 
 		// If this isn't verified then give up...
 
-		// !! This contained a comment "send an email", but we don't appear to send any?
 
-		if (strcmp($this->return_data, 'VERIFIED') != 0)
 
+		if (strcmp(trim($this->return_data), 'VERIFIED') !== 0)
 
 			exit;
 
 
 
 		// Check that this is intended for us.
 
-		if ($modSettings['paypal_email'] != $_POST['business'] && (empty($modSettings['paypal_additional_emails']) || !in_array($_POST['business'], explode(',', $modSettings['paypal_additional_emails']))))
 
+		if ($modSettings['paypal_email'] !== $_POST['business'] && (empty($modSettings['paypal_additional_emails']) || !in_array($_POST['business'], explode(',', $modSettings['paypal_additional_emails']))))
 
 			exit;
 
 
 
-		// Is this a subscription - and if so it's it a secondary payment that we need to process?
 
+		// Is this a subscription - and if so is it a secondary payment that we need to process?
 
 		if ($this->isSubscription() && (empty($_POST['item_number']) || strpos($_POST['item_number'], '+') === false))
 
 			// Calculate the subscription it relates to!
 
 			$this->_findSubscription();
 
 
 
 		// Verify the currency!
 
-		if (strtolower($_POST['mc_currency']) != $modSettings['paid_currency_code'])
 
+		if (strtolower($_POST['mc_currency']) !== $modSettings['paid_currency_code'])
 
 			exit;
 
 
 
 		// Can't exist if it doesn't contain anything.
@@ -211,40 +272,59 @@ class paypal_payment
 
 		return explode('+', $_POST['item_number']);
 
 	}
 
 
 
-	// Is this a refund?
 
+	/**
 
+	 * Is this a refund?
 
+	 *
 
+	 * @return boolean
 
+	 */
 
 	public function isRefund()
 
 	{
 
-		if ($_POST['payment_status'] == 'Refunded' || $_POST['payment_status'] == 'Reversed' || $_POST['txn_type'] == 'Refunded' || ($_POST['txn_type'] == 'reversal' && $_POST['payment_status'] == 'Completed'))
 
+		if ($_POST['payment_status'] === 'Refunded' || $_POST['payment_status'] === 'Reversed' || $_POST['txn_type'] === 'Refunded' || ($_POST['txn_type'] === 'reversal' && $_POST['payment_status'] === 'Completed'))
 
 			return true;
 
 		else
 
 			return false;
 
 	}
 
 
 
-	// Is this a subscription?
 
+	/**
 
+	 * Is this a subscription?
 
+	 *
 
+	 * @return boolean
 
+	 */
 
 	public function isSubscription()
 
 	{
 
-		if (substr($_POST['txn_type'], 0, 14) == 'subscr_payment')
 
+		if (substr($_POST['txn_type'], 0, 14) === 'subscr_payment' && $_POST['payment_status'] === 'Completed')
 
 			return true;
 
 		else
 
 			return false;
 
 	}
 
 
 
-	// Is this a normal payment?
 
+	/**
 
+	 * Is this a normal payment?
 
+	 *
 
+	 * @return boolean
 
+	 */
 
 	public function isPayment()
 
 	{
 
-		if ($_POST['payment_status'] == 'Completed' && $_POST['txn_type'] == 'web_accept')
 
+		if ($_POST['payment_status'] === 'Completed' && $_POST['txn_type'] === 'web_accept')
 
 			return true;
 
 		else
 
 			return false;
 
 	}
 
 
 
-	// How much was paid?
 
+	/**
 
+	 * How much was paid?
 
+	 *
 
+	 * @return float
 
+	 */
 
 	public function getCost()
 
 	{
 
-		return $_POST['tax'] + $_POST['mc_gross'];
 
+		return (isset($_POST['tax']) ? $_POST['tax'] : 0) + $_POST['mc_gross'];
 
 	}
 
 
 
-	// exit.
 
+	/**
 
+	 * Record the transaction reference and exit
 
+	 *
 
+	 */
 
 	public function close()
 
 	{
 
 		global $smcFunc, $subscription_id;
@@ -267,7 +347,11 @@ class paypal_payment
 
 		exit();
 
 	}
 
 
 
-	// A private function to find out the subscription details.
 
+	/**
 
+	 * A private function to find out the subscription details.
 
+	 *
 
+	 * @return boolean
 
+	 */
 
 	private function _findSubscription()
 
 	{
 
 		global $smcFunc;
@@ -303,7 +387,7 @@ class paypal_payment
 
 						'payer_email' => $_POST['payer_email'],
 
 					)
 
 				);
 
-				if ($smcFunc['db_num_rows']($request) == 0)
 
+				if ($smcFunc['db_num_rows']($request) === 0)
 
 					return false;
 
 			}
 
 			else
--- a/subscriptions.php
+++ b/subscriptions.php
@@ -3,7 +3,7 @@
 
 /**
 
  * This file is the file which all subscription gateways should call
 
  * when a payment has been received - it sorts out the user status.
 
- * 
 
+ *
 
  * Simple Machines Forum (SMF)
 
  *
 
  * @package SMF
@@ -41,12 +41,14 @@ if (empty($modSettings['paid_enabled']))
 
 // If we have some custom people who find out about problems load them here.
 
 $notify_users = array();
 
 if (!empty($modSettings['paid_email_to']))
 
+{
 
 	foreach (explode(',', $modSettings['paid_email_to']) as $email)
 
 		$notify_users[] = array(
 
 			'email' => $email,
 
 			'name' => $txt['who_member'],
 
 			'id' => 0,
 
 		);
 
+}
 
 
 
 // We need to see whether we can find the correct payment gateway,
 
 // we'll going to go through all our gateway scripts and find out
@@ -67,7 +69,7 @@ if (empty($txnType))
 
 	generateSubscriptionError($txt['paid_unknown_transaction_type']);
 
 
 
 // Get the subscription and member ID amoungst others...
 
-@list ($subscription_id, $member_id) = $gatewayClass->precheck();
 
+@list($subscription_id, $member_id) = $gatewayClass->precheck();
 
 
 
 // Integer these just in case.
 
 $subscription_id = (int) $subscription_id;
@@ -87,7 +89,7 @@ $request = $smcFunc['db_query']('', '
 
 	)
 
 );
 
 // Didn't find them?
 
-if ($smcFunc['db_num_rows']($request) == 0)
 
+if ($smcFunc['db_num_rows']($request) === 0)
 
 	generateSubscriptionError(sprintf($txt['paid_could_not_find_member'], $member_id));
 
 $member_info = $smcFunc['db_fetch_assoc']($request);
 
 $smcFunc['db_free_result']($request);
@@ -103,7 +105,7 @@ $request = $smcFunc['db_query']('', '
 
 );
 
 
 
 // Didn't find it?
 
-if ($smcFunc['db_num_rows']($request) == 0)
 
+if ($smcFunc['db_num_rows']($request) === 0)
 
 	generateSubscriptionError(sprintf($txt['paid_count_not_find_subscription'], $member_id, $subscription_id));
 
 
 
 $subscription_info = $smcFunc['db_fetch_assoc']($request);
@@ -121,7 +123,7 @@ $request = $smcFunc['db_query']('', '
 
 		'current_member' => $member_id,
 
 	)
 
 );
 
-if ($smcFunc['db_num_rows']($request) == 0)
 
+if ($smcFunc['db_num_rows']($request) === 0)
 
 	generateSubscriptionError(sprintf($txt['paid_count_not_find_subscription_log'], $member_id, $subscription_id));
 
 $subscription_info += $smcFunc['db_fetch_assoc']($request);
 
 $smcFunc['db_free_result']($request);
@@ -188,6 +190,7 @@ elseif ($gatewayClass->isPayment() || $gatewayClass->isSubscription())
 
 		$real_details = @unserialize($subscription_info['pending_details']);
 
 		if (empty($real_details))
 
 			generateSubscriptionError(sprintf($txt['paid_count_not_find_outstanding_payment'], $member_id, $subscription_id));
 
+		
 
 		// Now we just try to find anything pending.
 
 		// We don't really care which it is as security happens later.
 
 		foreach ($real_details as $id => $detail)
@@ -197,6 +200,7 @@ elseif ($gatewayClass->isPayment() || $gatewayClass->isSubscription())
 
 				$subscription_info['payments_pending']--;
 
 			break;
 
 		}
 
+		
 
 		$subscription_info['pending_details'] = empty($real_details) ? '' : serialize($real_details);
 
 
 
 		$smcFunc['db_query']('', '
@@ -215,6 +219,7 @@ elseif ($gatewayClass->isPayment() || $gatewayClass->isSubscription())
 
 	if ($subscription_info['length'] == 'F')
 
 	{
 
 		$found_duration = 0;
 
+		
 
 		// This is a little harder, can we find the right duration?
 
 		foreach ($cost as $duration => $value)
 
 		{
@@ -225,7 +230,7 @@ elseif ($gatewayClass->isPayment() || $gatewayClass->isSubscription())
 
 		}
 
 
 
 		// If we have the duration then we're done.
 
-		if ($found_duration!== 0)
 
+		if ($found_duration !== 0)
 
 		{
 
 			$notify = true;
 
 			addSubscription($subscription_id, $member_id, $found_duration);
@@ -234,6 +239,7 @@ elseif ($gatewayClass->isPayment() || $gatewayClass->isSubscription())
 
 	else
 
 	{
 
 		$actual_cost = $cost['fixed'];
 
+		
 
 		// It must be at least the right amount.
 
 		if ($total_cost != 0 && $total_cost >= $actual_cost)
 
 		{
@@ -259,11 +265,31 @@ elseif ($gatewayClass->isPayment() || $gatewayClass->isSubscription())
 
 		emailAdmins('paid_subscription_new', $replacements, $notify_users);
 
 	}
 
 }
 
+else
 
+{
 
+	// Some other "valid" transaction such as:
 
+	//
 
+	// subscr_cancel: This IPN response (txn_type) is sent only when the subscriber cancels his/her
 
+	// current subscription or the merchant cancels the subscribers subscription. In this event according
 
+	// to Paypal rules the subscr_eot (End of Term) IPN response is NEVER sent, and it is upto you to
 
+	// keep the subscription of the subscriber acitve for remaining days of subscription should they cancel
 
+	// their subscription in the middle of the subscription period.
 
+	//
 
+	// subscr_signup: This IPN response (txn_type) is sent only the first time the user signs up for a subscription.
 
+	// It then does not fire in any event later. This response is received somewhere before or after the first payment of
 
+	// subscription is received (txn_type=subscr_payment) which is what we do process
 
+	//
 
+	// Should we log any of these ...
 
+}
 
 
 
 // In case we have anything specific to do.
 
 $gatewayClass->close();
 
 
 
-// Log an error then die.
 
+/**
 
+ * Log an error then exit
 
+ *
 
+ * @param string $text
 
+ */
 
 function generateSubscriptionError($text)
 
 {
 
 	global $modSettings, $notify_users, $smcFunc;
@@ -280,8 +306,10 @@ function generateSubscriptionError($text)
 
 
 
 	// Maybe we can try to give them the post data?
 
 	if (!empty($_POST))
 
+	{
 
 		foreach ($_POST as $key => $val)
 
 			$text .= '<br />' . $smcFunc['htmlspecialchars']($key) . ': ' . $smcFunc['htmlspecialchars']($val);
 
+	}
 
 
 
 	// Then just log and die.
 
 	log_error($text);