[PHP] Webmall with Paypal & IPN

Page 1 of 3

02/12/2016 09:47 B1Q#1

Buying Items using Paypal
this is my first time using PDO i decided to make something hopefully useful

if you're getting errors i recommend you to use ZendServer 8.5 PHP 5.6 with Z-Ray

Features:
PDO::ODBC Database Connection
easy to understand code
protect against ';select delete fuckbitchhimoron;--'
items stored in a table
logs stored in another table (Thank you Captain Obvious)

if you found any ';select delete fuckbitchhimoron;--' exploits that actually work let me know and i'll fix it

Images

And the Admin Panel

ADMINP

NOTE: Coded in 1 hour if there's anything that doesn't work i'll fix it.

Download is in Attachmeeeents

Sorry forgot to add the Dollar Sign before the item Price you could go to Include\items.php and replace line : 43 with this one

PHP Code:


			
<td>$<? echo $row['itemPrice']; ?></td>

Tables

02/12/2016 09:51 Supportlar#2

useful man

02/12/2016 09:58 Mody13337#3

good job .

02/12/2016 10:09 Goofie#4

Problem with your Paypal IPN is that it can be bypassed and abused Easily.

02/12/2016 10:12 B1Q#5

Quote:

Originally Posted by Goofie

Problem with your Paypal IPN is that it can be bypassed and abused Easily.

PHP Code:


			
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();

foreach($raw_post_array as $keyval)
{
    $keyval = explode('=', $keyval);
    if (count($keyval) == 2) $myPost[$keyval[0]] = urldecode($keyval[1]);
}

// read the IPN message sent from PayPal and prepend 'cmd=_notify-validate'

$req = 'cmd=_notify-validate';

if (function_exists('get_magic_quotes_gpc'))
{
    $get_magic_quotes_exists = true;
}

foreach($myPost as $key => $value)
{
    if ($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1)
    {
        $value = urlencode(stripslashes($value));
    }
    else
    {
        $value = urlencode($value);
    }
    //echo"Key: $key Value: $value";
    $req.= "&$key=$value";
}

// Step 2: POST IPN data back to PayPal to validate

$ch = curl_init('https://www.paypal.com/cgi-bin/webscr');
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '\cacert.pem');
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close', 'User-Agent: TryAgain'));


// In wamp-like environments that do not come bundled with root authority certificates,
// please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set
// the directory path of the certificate as shown below:
// curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');

if (!($res = curl_exec($ch)))
{

    // error_log("Got " . curl_error($ch) . " when processing IPN data");

    curl_close($ch);
    exit;
}
curl_close($ch);
if ($res =="VERIFIED")
{

i guess this is how it works :S

02/12/2016 11:37 ILowe#6

Code:

Connection failed: SQLSTATE[IM002] SQLDriverConnect: 0 [Microsoft][ODBC Driver Manager] 


Warning: include(__DIR__\include\items.php) [function.include]: failed to open stream: No such file or directory in C:\AppServ\www\index.php on line 34

Warning: include() [function.include]: Failed opening '__DIR__\include\items.php' for inclusion (include_path='.;C:\php5\pear') in C:\AppServ\www\index.php on line 34
� This Guy

02/12/2016 11:41 B1Q#7

Quote:

Originally Posted by ILowe

Code:

Connection failed: SQLSTATE[IM002] SQLDriverConnect: 0 [Microsoft][ODBC Driver Manager] 


Warning: include(__DIR__\include\items.php) [function.include]: failed to open stream: No such file or directory in C:\AppServ\www\index.php on line 34

Warning: include() [function.include]: Failed opening '__DIR__\include\items.php' for inclusion (include_path='.;C:\php5\pear') in C:\AppServ\www\index.php on line 34
� This Guy

replace line 34 with this one

PHP Code:


			
<? }  else {include 'include\items.php';} ?>

and make sure php_pdo_odbc.dll is enabled

02/12/2016 12:03 ILowe#8

Quote:

Originally Posted by hazemooking

replace line 34 with this one

PHP Code:

<? } else {include 'include\items.php';} ?>

and make sure php_pdo_odbc.dll is enabled

now error

Fatal error: Call to a member function prepare() on a non-object in C:\AppServ\www\include\SQL.php on line 46

02/12/2016 12:08 B1Q#9

go to your php.ini make sure php_pdo_odbc.dll is uncommented

and replace your SQL.php with this one "it's the same one in the attached rar"

if you're getting errors i recommend you to use ZendServer 8.5 PHP 5.6 with Z-Ray

02/12/2016 16:33 elmagico321#10

looks nice

02/12/2016 18:13 Justin*#11

WebsiteDB where is it?

02/12/2016 21:14 B1Q#12

Quote:

Originally Posted by Justin*

WebsiteDB where is it?

use the 2 tables in the sql folder and create your own database

02/13/2016 06:06 XxGhostSpiriTxX#13

Seed Database Connection failed: SQLSTATE[IM002] SQLDriverConnect:
0 [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified

HelP PLIS

02/13/2016 06:23 B1Q#14

Quote:

Originally Posted by esteve458

Seed Database Connection failed: SQLSTATE[IM002] SQLDriverConnect:
0 [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified

HelP PLIS

make sure your database names are correct in include/config.php

and dont forget to make the websitedb and add the 2 tables in sql folder

02/13/2016 06:39 XxGhostSpiriTxX#15

[Only registered and activated users can see links. Click Here To Register...]

Page 1 of 3