' . // 不能省略 "" . // 不能省略 "" . // 贝宝帐号 "" . // payment for "" . // 订单金额 "" . // 货币 "" . // 付款后页面 "" . // 订单号 "" . // 字符集 "" . // 不要求客户提供收货地址 "" . // 付款说明 "" . "" . "" . "" . // 按钮 "

"; return $def_url; } /** * 响应操作 */ function callback($data) { include_once(BASE_PATH.'helpers/payment_helper.php'); $payment = get_payment($data['code']); $merchant_id = $payment['paypal_account']; ///获取商户编号 // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) ."\r\n\r\n"; $fp = stream_socket_client("tcp://www.paypal.com:80", $errno, $errstr, 5); // assign posted variables to local variables $item_name = $_POST['item_name']; $item_number = $_POST['item_number']; $payment_status = $_POST['payment_status']; $payment_amount = $_POST['mc_gross']; $payment_currency = $_POST['mc_currency']; $txn_id = $_POST['txn_id']; $receiver_email = $_POST['receiver_email']; $payer_email = $_POST['payer_email']; $order_sn = $_POST['invoice']; $memo = !empty($_POST['memo']) ? $_POST['memo'] : ''; $action_note = $txn_id . '（' . L('paypal_txn_id') . '）' . $memo; // check that txn_id has not been previously processed $count = $GLOBALS['db']->getOne('SELECT count(*) FROM {pre}order_action WHERE action_note LIKE "'. mysql_like_quote($txn_id).'"%'); if($count > 0){ fclose($fp); return true; } if ($fp) { fputs($fp, $header . $req); while (!feof($fp)) { $res = fgets($fp, 1024); if (strcmp($res, 'VERIFIED') == 0) { // check the payment_status is Completed if ($payment_status != 'Completed' && $payment_status != 'Pending') { fclose($fp); return false; } // check that receiver_email is your Primary PayPal email if ($receiver_email != $merchant_id) { fclose($fp); return false; } // check that payment_amount/payment_currency are correct $order_amount = model()->table('pay_log')->field('order_amount')->where(array('log_id'=>$order_sn))->one(); if ($order_amount != $payment_amount){ fclose($fp); return false; } if ($payment['paypal_currency'] != $payment_currency) { fclose($fp); return false; } // process payment order_paid($order_sn, PS_PAYED, $action_note); fclose($fp); return true; } elseif (strcmp($res, 'INVALID') == 0) { // log for manual investigation fclose($fp); return false; } } }else{ fclose($fp); return false; } } /** * Paypal异步通知 * * @return string */ public function notify($data) { $this->callback($data); } } ?>