[PHP] Webmall with Paypal & IPN

B1Q · 02/12/2016, 09:47

Buying Items using Paypal
this is my first time using PDO i decided to make something hopefully useful

if you're getting errors i recommend you to use ZendServer 8.5 PHP 5.6 with Z-Ray

Features:
PDO::ODBC Database Connection
easy to understand code
protect against ';select delete fuckbitchhimoron;--'
items stored in a table
logs stored in another table (Thank you Captain Obvious)

if you found any ';select delete fuckbitchhimoron;--' exploits that actually work let me know and i'll fix it

Images

And the Admin Panel

ADMINP

NOTE: Coded in 1 hour if there's anything that doesn't work i'll fix it.

Download is in Attachmeeeents

Sorry forgot to add the Dollar Sign before the item Price you could go to Include\items.php and replace line : 43 with this one

PHP Code:



<td>$<? echo $row['itemPrice']; ?></td>

Tables

~~Supportlar~~ · 02/12/2016, 09:51

useful man

~~Mody13337~~ · 02/12/2016, 09:58

good job .

~~Goofie~~ · 02/12/2016, 10:09

Problem with your Paypal IPN is that it can be bypassed and abused Easily.

B1Q · 02/12/2016, 10:12

Quote:

Originally Posted by Goofie

Problem with your Paypal IPN is that it can be bypassed and abused Easily.

PHP Code:



$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();

foreach($raw_post_array as $keyval)
{
    $keyval = explode('=', $keyval);
    if (count($keyval) == 2) $myPost[$keyval[0]] = urldecode($keyval[1]);
}

// read the IPN message sent from PayPal and prepend 'cmd=_notify-validate'

$req = 'cmd=_notify-validate';

if (function_exists('get_magic_quotes_gpc'))
{
    $get_magic_quotes_exists = true;
}

foreach($myPost as $key => $value)
{
    if ($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1)
    {
        $value = urlencode(stripslashes($value));
    }
    else
    {
        $value = urlencode($value);
    }
    //echo"Key: $key Value: $value";
    $req.= "&$key=$value";
}

// Step 2: POST IPN data back to PayPal to validate

$ch = curl_init('https://www.paypal.com/cgi-bin/webscr');
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '\cacert.pem');
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close', 'User-Agent: TryAgain'));


// In wamp-like environments that do not come bundled with root authority certificates,
// please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set
// the directory path of the certificate as shown below:
// curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');

if (!($res = curl_exec($ch)))
{

    // error_log("Got " . curl_error($ch) . " when processing IPN data");

    curl_close($ch);
    exit;
}
curl_close($ch);
if ($res =="VERIFIED")
{

i guess this is how it works :S

ILowe · 02/12/2016, 11:37

Code:

Connection failed: SQLSTATE[IM002] SQLDriverConnect: 0 [Microsoft][ODBC Driver Manager] 


Warning: include(__DIR__\include\items.php) [function.include]: failed to open stream: No such file or directory in C:\AppServ\www\index.php on line 34

Warning: include() [function.include]: Failed opening '__DIR__\include\items.php' for inclusion (include_path='.;C:\php5\pear') in C:\AppServ\www\index.php on line 34
© This Guy

B1Q · 02/12/2016, 11:41

Quote:

Originally Posted by ILowe

Code:

Connection failed: SQLSTATE[IM002] SQLDriverConnect: 0 [Microsoft][ODBC Driver Manager] 


Warning: include(__DIR__\include\items.php) [function.include]: failed to open stream: No such file or directory in C:\AppServ\www\index.php on line 34

Warning: include() [function.include]: Failed opening '__DIR__\include\items.php' for inclusion (include_path='.;C:\php5\pear') in C:\AppServ\www\index.php on line 34
© This Guy

replace line 34 with this one

PHP Code:



<? }  else {include 'include\items.php';} ?>

and make sure php_pdo_odbc.dll is enabled

ILowe · 02/12/2016, 12:03

Quote:

Originally Posted by hazemooking

replace line 34 with this one

PHP Code:

<? } else {include 'include\items.php';} ?>

and make sure php_pdo_odbc.dll is enabled

now error

Fatal error: Call to a member function prepare() on a non-object in C:\AppServ\www\include\SQL.php on line 46

B1Q · 02/12/2016, 12:08

go to your php.ini make sure php_pdo_odbc.dll is uncommented

and replace your SQL.php with this one "it's the same one in the attached rar"

if you're getting errors i recommend you to use ZendServer 8.5 PHP 5.6 with Z-Ray

elmagico321 · 02/12/2016, 16:33

looks nice

Justin* · 02/12/2016, 18:13

WebsiteDB where is it?

B1Q · 02/12/2016, 21:14

Quote:

Originally Posted by Justin*

WebsiteDB where is it?

use the 2 tables in the sql folder and create your own database

XxGhostSpiriTxX · 02/13/2016, 06:06

Seed Database Connection failed: SQLSTATE[IM002] SQLDriverConnect:
0 [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified

HelP PLIS

B1Q · 02/13/2016, 06:23

Quote:

Originally Posted by esteve458

Seed Database Connection failed: SQLSTATE[IM002] SQLDriverConnect:
0 [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified

HelP PLIS

make sure your database names are correct in include/config.php

and dont forget to make the websitedb and add the 2 tables in sql folder

XxGhostSpiriTxX · 02/13/2016, 06:39