1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
|
<?php
/********************************************
* ReviewOrder.php
*
* This file is called after the user clicks on a button during
* the checkout process to use PayPal's Express Checkout. The
* user logs in to their PayPal account.
*
* This file is called twice.
*
* On the first pass, the code executes the if statement:
*
* if (! isset ($token))
*
* The code collects transaction parameters from the form
* displayed by SetExpressCheckout.html then constructs and
* sends a SetExpressCheckout request string to the PayPal
* server. The paymentType variable becomes the PAYMENTACTION
* parameter of the request string. The RETURNURL parameter
* is set to this file; this is how ReviewOrder.php is called
* twice.
*
* On the second pass, the code executes the else statement.
*
* On the first pass, the buyer completed the authorization in
* their PayPal account; now the code gets the payer details
* by sending a GetExpressCheckoutDetails request to the PayPal
* server. Then the code calls GetExpressCheckoutDetails.php.
*
* Note: Be sure to check the value of PAYPAL_URL. The buyer is
* sent to this URL to authorize payment with their PayPal
* account. For testing purposes, this should be set to the
* PayPal sandbox.
*
* Called by SetExpressCheckout.html.
*
* Calls GetExpressCheckoutDetails.php, CallerService.php,
* and APIError.php.
********************************************/
require_once 'CallerService.php';
// require_once 'payease_api.php';
//require_once '../webadmin/configure.php';
session_start();
$session_id = session_id();
$langcode = "en";
$subtotal = 0;
$nvpstr = "";
$i = 0;
$nvpstr .= "&L_NAME$i=" . urlencode(123); //HKD
$nvpstr .= "&L_AMT$i=" . urlencode(123); //HKD
$nvpstr .= "&L_QTY$i=" . urlencode(1);
$nvpstr .= "&L_NUMBER$i=" . urlencode(123);
$nvpstr .= "&L_DESC$i=" . urlencode(123);
$subtotal += 123;
$i++;
//$v_total = $order_info{"totalamount"};
$v_total = 123;
$email_location = "order_email.php";
$cancelurl = "/checkout.php";
//}
$token = $_REQUEST['token'];
if (!isset($token)) {
/* The servername and serverport tells PayPal where the buyer
should be directed back to after authorizing payment.
In this case, its the local webserver that is running this script
Using the servername and serverport, the return URL is the first
portion of the URL that buyers will return to after authorizing payment
*/
$serverName = $_SERVER['SERVER_NAME'];
$serverPort = $_SERVER['SERVER_PORT'];
$url = dirname('http://' . $serverName . ':' . $serverPort . $_SERVER['REQUEST_URI']);
$nvpstr .= "&LOCALECODE=" . urlencode($LOCALECODE);
$currency = "HKD";
$nvpstr .= "&CURRENCYCODE=" . urlencode($currency);
//$nvpstr .= "&SHIPTOCOUNTRY=" . urlencode("C2");
$nvpstr .= "&ITEMAMT=" . urlencode($subtotal);
if ($order_info{"shipping_fee"} > 0) {
$nvpstr .= "&SHIPPINGAMT=" . urlencode((float)$order_info{"shipping_fee"});
} else {
$nvpstr .= "&NOSHIPPING=1";
}
/*if (!empty($order_info{"coupon_code"}) && $order_info{"coupon_deduct"} > 0) {
$v_total -= $order_info{"coupon_deduct"};
}
if ($order_info{"member_deduct"} > 0) {
$v_total -= $order_info{"member_deduct"};
}*/
$nvpstr .= "&AMT=" . urlencode($v_total);
$nvpstr .= "&ReturnUrl=" . urlencode($url . "/ReviewOrder.php");
$nvpstr .= "&cancelURL=" . urlencode($url . $cancelurl);
$nvpstr .= "&PAYMENTACTION=Sale";
/**
* Invalid request
*/
//TODO: process order with zero amount
/*if ( $v_total<0.1 ) {
//header( "Location: checkout.php?error=1" );
exit;
}*/
/* Make the call to PayPal to set the Express Checkout token
If the API call succeded, then redirect the buyer to PayPal
to begin to authorize payment. If an error occured, show the
resulting errors
*/
$resArray = hash_call("SetExpressCheckout", $nvpstr);
$_SESSION['reshash'] = $resArray;
$ack = strtoupper($resArray["ACK"]);
if ($ack == "SUCCESS") {
// Store checkout info to DB
//$sessionid = mysql_real_escape_string($sessionid);
$sql = "insert into paypal_record (session_id, order_id, nvpstr, createdate) values (?, ?, ?, ?)";
$parameters = array($session_id, $order_info{"order_id"}, $nvpstr, $nowdate);
if (!($sth = $dbh->prepare($sql))) {
throw new Exception('[' . $sth->errorCode() . ']: ' . print_r($sth->errorInfo()));
}
if (!$sth->execute($parameters)) {
throw new Exception('[' . $sth->errorCode() . ']: ' . print_r($sth->errorInfo()));
}
$_SESSION['paypalid'] = $dbh->lastInsertId();
if (isset($_SESSION['paypalid']) && !empty($_SESSION['paypalid'])) {
// Redirect to paypal.com here
$token = urldecode($resArray["TOKEN"]);
$payPalURL = PAYPAL_URL . $token;
header("Location: " . $payPalURL);
} else {
$_SESSION['my_error_no'] = 'Unexpected SQL error in paypalRecord_insert';
header("Location: APIError.php");
exit;
}
} else {
$_SESSION['my_error_no'] = 'Unexpected ACK in SetExpressCheckout';
header("Location: APIError.php");
exit;
}
} else {
/* At this point, the buyer has completed in authorizing payment
at PayPal. The script will now call PayPal with the details
of the authorization, incuding any shipping information of the
buyer. Remember, the authorization is not a completed transaction
at this state - the buyer still needs an additional step to finalize
the transaction
*/
if (empty($_SESSION['paypalid'])) {
exit('Shopping cart not found. Please enable cookies in your internet web browser.');
}
$token = urlencode($_REQUEST['token']);
/* Build a second API request to PayPal, using the token as the
ID to get the details on the payment authorization
*/
$nvpstr = "&TOKEN=" . $token;
//$nvpstr = $nvpHeader.$nvpstr;
/* Make the API call and store the results in an array. If the
call was a success, show the authorization details, and provide
an action to complete the payment. If failed, show the error
*/
$resArray = hash_call("GetExpressCheckoutDetails", $nvpstr);
$_SESSION['reshash'] = $resArray;
$ack = strtoupper($resArray["ACK"]);
if ($ack == 'SUCCESS' || $ack == 'SUCCESSWITHWARNING') {
$_SESSION['token'] = $_REQUEST['token'];
$_SESSION['payer_id'] = $_REQUEST['PayerID'];
ini_set('session.bug_compat_42', 0);
ini_set('session.bug_compat_warn', 0);
$serverName = $_SERVER['SERVER_NAME'];
$resArray = $_SESSION['reshash'];
$nvpstr .= "&ITEMAMT=" . urlencode($resArray['ITEMAMT']);
/*if ($order_info{"shipping_method"} == "送貨服務") {
$nvpstr .= "&SHIPPINGAMT=" . urlencode($resArray['SHIPPINGAMT']);
} else if ($order_info{"shipping_method"} == "個人提取") {
$nvpstr .= "&NOSHIPPING=" . urlencode($resArray['NOSHIPPING']);
} else {
}*/
if ($order_info{"shipping_fee"} > 0) {
$nvpstr .= "&SHIPPINGAMT=" . urlencode((float)$order_info{"shipping_fee"});
} else {
$nvpstr .= "&NOSHIPPING=" . urlencode($resArray['NOSHIPPING']);
}
$nvpstr .= "&AMT=" . urlencode($resArray['AMT']);
$nvpstr .= "&TOKEN=" . urlencode($resArray['TOKEN']);
$nvpstr .= "&PAYERID=" . urlencode($resArray['PAYERID']);
$nvpstr .= "&PAYMENTACTION=" . urlencode("Sale");
$nvpstr .= "&CURRENCYCODE=" . urlencode($resArray['CURRENCYCODE']);
$nvpstr .= "&IPADDRESS=" . urlencode($serverName);
//TODO: process order with zero amount
/*if ( $resArray['AMT']<0.1 && $v_total<0.1 ) {
//header( "Location: checkout.php?error=1" );
exit;
}*/
$resArray_str = var_export($resArray, true);
$resArray = hash_call("DoExpressCheckoutPayment", $nvpstr);
$ack = strtoupper($resArray["ACK"]);
if ($ack != 'SUCCESS' && $ack != 'SUCCESSWITHWARNING') {
$resArray["PassVar"] = $nvpstr;
$_SESSION['reshash'] = $resArray;
$_SESSION['my_error_no'] = 'Unexpected ACK in DoExpressCheckoutPayment';
header("Location: APIError.php");
}
//paypal successful
// Update DB record
$sql = "update paypal_record set paystatus = ?, nvpstr2 = ? where paypal_id=?";
$parameters = array("1", $resArray_str, $_SESSION['paypalid']);
if (!($sth = $dbh->prepare($sql))) {
throw new Exception('[' . $sth->errorCode() . ']: ' . print_r($sth->errorInfo()));
}
if (!$sth->execute($parameters)) {
throw new Exception('[' . $sth->errorCode() . ']: ' . print_r($sth->errorInfo()));
} else {
$_SESSION["paystatus"] = 1;
header("Location: " . $email_location);
exit;
}
} else {
//Redirecting to APIError.php to display errors.
$_SESSION['my_error_no'] = 'Unexpected ACK in GetExpressCheckoutDetails';
header("Location: APIError.php");
}
}
|