更新vBulletin产品的旧支付脚本

Question

我正在尝试从vBulletin产品中更新一个旧的支付脚本。我设法使所有的事情都达到了付款的水平。我能够完成购买，但是当我单击"Return to merchant" PayPal按钮时，它不会执行对购买的验证。采购确实存储在我的数据库中的"ma_purchases"表下，但是其他信息应该在验证后插入到其他表中，而不是插入。然后(如果正确地阅读此脚本)，一旦购买结果经过验证，它应该切换用户的用户组，并在其他地方插入购买详细信息。

    <?php
// ####################### SET PHP ENVIRONMENT ###########################
error_reporting(E_ALL & ~ E_NOTICE);

// #################### DEFINE IMPORTANT CONSTANTS #######################
define('THIS_SCRIPT', 'mem_payment');
define('CSRF_PROTECTION', false);
define('SKIP_SESSIONCREATE', 1);

// #################### PRE-CACHE TEMPLATES AND DATA ######################
// get special phrase groups
$phrasegroups = array('subscription');

// get special data templates from the datastore
$specialtemplates = array();

// pre-cache templates used by all actions
$globaltemplates = array();

// pre-cache templates used by specific actions
$actiontemplates = array();

// ######################### REQUIRE BACK-END ############################
define('VB_AREA', 'Subscriptions');
define('CWD', (($getcwd = getcwd()) ? $getcwd : '.'));
require_once (CWD . '/includes/init.php');
require_once (CWD . '/includes/class_vbma.php');
$vbma = new vbma($vbulletin, $vbphrase);
$vbulletin->input->clean_array_gpc('p', array(
    'item_number'    => TYPE_STR,
    'business'       => TYPE_STR,
    'receiver_email' => TYPE_STR,
    'tax'            => TYPE_STR,
    'txn_type'       => TYPE_STR,
    'payment_status' => TYPE_STR,
    'mc_currency'    => TYPE_STR,
    'mc_gross'       => TYPE_STR,
    'txn_id'         => TYPE_STR    
));
$transaction_id = $vbulletin->GPC['txn_id'];
$id = $vbulletin->GPC['item_number'];
$mc_gross = doubleval($vbulletin->GPC['mc_gross']);
$tax = doubleval($vbulletin->GPC['tax']);

$query = 'cmd=_notify-validate';
foreach ($_POST as $key => $value)
{
    $value = urlencode(stripslashes($value));
    $query .= "&$key=$value";
}

$used_curl = false;
//If you are ever messing around with Paypal it's a good idea to use the sandbox.
$usesandbox = false;
if ($usesandbox)
{
    $script = 'www.sandbox.paypal.com';
}
else
{
    $script = 'www.paypal.com';
}
if (function_exists('curl_init') and $ch = curl_init())
{
    curl_setopt($ch, CURLOPT_URL, 'https://' . $script . '/cgi-bin/webscr');
    curl_setopt($ch, CURLOPT_TIMEOUT, 15);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDSIZE, 0);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $query);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_USERAGENT, 'vBulletin via cURL/PHP');
    $result = curl_exec($ch);
    curl_close($ch);
    if ($result !== false)
    {
        $used_curl = true;
    }
}
if (!$used_curl)
{
    $header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
    $header .= "Host: " . $script . "\r\n";
    $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
    $header .= "Content-Length: " . strlen($query) . "\r\n\r\n";
    if ($fp = fsockopen($script, 80, $errno, $errstr, 15))
    {
        socket_set_timeout($fp, 15);
        fwrite($fp, $header . $query);
        while (!feof($fp))
        {
            $result = fgets($fp, 1024);
            if (strcmp($result, 'VERIFIED') == 0)
            {
                break;
            }
        }
        fclose($fp);
    }
}
if ($result == 'VERIFIED')
{
    $purchase = $vbulletin->db->query_first("SELECT * FROM " . TABLE_PREFIX .
        "ma_purchases WHERE id = '" . $id . "'");
    $order = unserialize($purchase['order']);
    if ($order[0] !== $vbulletin->GPC['business'])
    {
        $status_code = '503 Service Unavailable';
        // Paypal likes to get told its message has been received
        if (SAPI_NAME == 'cgi' or SAPI_NAME == 'cgi-fcgi')
        {
            header('Status: ' . $status_code);
        }
        else
        {
            header('HTTP/1.1 ' . $status_code);
        }
    }
    unset($order[0]);
    if ($purchase and !in_array($order[1], array('renew', 'upgrade')))
    {
        $product = $vbulletin->db->query_read("SELECT pur_group FROM " . TABLE_PREFIX .
            "ma_products WHERE id = '" . $order[1] . "'");
        $userinfo = fetch_userinfo($purchase['userid']);
        $vbma->setCustomerNumber(unserialize($purchase['info']), $product['pur_group'], false,
            $userinfo);
        $rand = rand($vbulletin->options['memarea_numstart'], $vbulletin->options['memarea_numend']);
        $licnum = substr(md5($prodid . rand(0, 20000) . $rand . $rand), 0, rand(10, $vbulletin->
            options['memarea_custnumleng']));
        $licensedm = datamanager_init('License', $vbulletin, ERRTYPE_ARRAY);
        $licensedm->setr('userid', $userinfo['userid']);
        $licensedm->setr('productid', $order[1]);
        $licensedm->setr('licensenum', $licnum);
        $licensedm->set('dateline', TIMENOW);
        $licensedm->set('status', 2);
        $licensedm->pre_save();
        if (!empty($licensedm->errors))
        {
            var_dump($licensedm->errors);
        }
        else
        {
            $licensedm->save();
        }
    } elseif ($purchase and $order[1] == 'renew')
    {
        $licenseinfo = $vbma->getLicense($order[2], false, false, '', false, false);
        $licensedm = datamanager_init('License', $vbulletin, ERRTYPE_ARRAY);
        $licensedm->set_existing($licenseinfo);
        $licensedm->set('dateline', TIMENOW);
        $licensedm->set('status', 2);
        $licensedm->pre_save();
        if (!empty($licensedm->errors))
        {
            var_dump($licensedm->errors);
        }
        else
        {
            $licensedm->save();
        }
    } elseif ($purchase and $order[1] == 'upgrade')
    {
        $licenseinfo = $vbma->getLicense($order[2], false, false, '', false, false);
        $licensedm = datamanager_init('License', $vbulletin, ERRTYPE_ARRAY);
        $licensedm->set_existing($licenseinfo);
        $licensedm->set('upgrades', serialize($order[3]));
        $licensedm->pre_save();
        if (!empty($licensedm->errors))
        {
            var_dump($licensedm->errors);
        }
        else
        {
            $licensedm->save();
        }
    }
    $vbma->sendOutNewSaleEmail();
    $vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX .
        "ma_purchases WHERE id = '" . $id . "'");
    $status_code = '200 OK';
    // Paypal likes to get told its message has been received
    if (SAPI_NAME == 'cgi' or SAPI_NAME == 'cgi-fcgi')
    {
        header('Status: ' . $status_code);
    }
    else
    {
        header('HTTP/1.1 ' . $status_code);
    }
    exit;
}
$status_code = '503 Service Unavailable';
// Paypal likes to get told its message has been received
if (SAPI_NAME == 'cgi' or SAPI_NAME == 'cgi-fcgi')
{
    header('Status: ' . $status_code);
}
else
{
    header('HTTP/1.1 ' . $status_code);
}
?>

也许还需要更多的帮助来帮助我，但我只是想问，自从2008年这个支付脚本被写出来以来，是否有人看到与它有任何冲突。

Answer 1

• 您需要使用HTTP/1.1
• 要回发的URL现在是https://ipnpb.paypal.com/cgi-bin/webscr，基本上是ipnpb代替www。
• 您的服务器/环境可能没有最新的根证书来验证paypal.com主机并为回发形成安全的HTTPS SSL连接，因此无法启动连接并接收“验证的”响应。
• 您的服务器/环境还需要具备TLS 1.2功能

一有机会就停止使用IPN，升级到基于V2/订单/结帐API (设置/捕获事务)和服务器批准流程的东西，因为它是正确的。