<?php
function mssql_escape_string($string_to_escape) { $replaced_string = str_replace("'","''",$string_to_escape); return $replaced_string; } 
function write2LogFile( $message, $file = "paypalipn_log.txt" ) { $file = fopen($file, "a"); fputs($file, "[".date('d-m-Y')."] ".$message."\n"); fclose($file); }
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value)
{
	$value = urlencode(stripslashes($value));
	$req .= "&$key=$value";
}
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);
if (!$fp) {
	write2LogFile( "ERROR Can not connect to paypal!" );
}
else
{
	fputs ($fp, $header . $req);
	while (!feof($fp))
	{
		$res = fgets ($fp, 1024);
		if (strcmp ($res, "VERIFIED") == 0)
		{
			$payment_status = $_POST['payment_status'];

			if (($payment_status == 'Completed'))
			{			
				$mssql_link = @mssql_connect( 'STORMY-PC\SQLEXPRESS', 'sa', 'Mitek2011' );
				$checkAccount = mssql_query( "SELECT * FROM Account..tUser WHERE nUserNo = ".mssql_escape_string( $_POST['custom'] ).";" );
				
				if ( mssql_num_rows( $checkAccount ) == 1 )
				{
					$selectPoints = mssql_query( "SELECT cash FROM Account..tCash WHERE userNo = ".mssql_escape_string( $_POST['custom'] ).";" );
					$paymentAmount = mssql_escape_string( $_POST['mc_gross'] );
					$addPoints = ( $paymentAmount * 1000 );
					if ( mssql_num_rows( $selectPoints ) == 1 )
					{
					$newCash = $selectPoints + $addPoints;
						$insertPointsSQL = "UPDATE Account..tCash SET cash = ".$newCash." WHERE userNo = ".mssql_escape_string( $_POST['custom'] );
						$insertPoints = mssql_query( $insertPointsSQL );
						if ( $insertPoints )
						{
							write2LogFile( "SUCCESS1 ".$addPoints." points added to ".mssql_escape_string( $_POST['custom'] )." (".$_POST['txn_id'].")" );
						}
						else
						{
							write2LogFile( "ERROR1 ".$addPoints." points was not added to ".mssql_escape_string( $_POST['custom'] )." (".$insertPointsSQL.") (".$_POST['txn_id'].")" );
						}
					}
					elseif ( mssql_num_rows( $selectPoints ) == 0 ) //create cash row (new user)
					{
						$insertPoints = mssql_query( "INSERT INTO Account..tCash VALUES(".mssql_escape_string( $_POST['custom'] ).",0,".$addPoints.",0);" );
						if ( $insertPoints )
						{
							write2LogFile( "SUCCESS2 ".$addPoints." points added (new row) ".mssql_escape_string( $_POST['custom'] )." (".$_POST['txn_id'].")" );
						}
						else
						{
							write2LogFile( "ERROR2 ".$addPoints." points was not added (new row) to ".mssql_escape_string( $_POST['custom'] )." (".$_POST['txn_id'].")" );
						}
					}
					else
					{
						write2LogFile( "ERROR '".mssql_escape_string( $_POST['custom'] )."' MORE THAN 1 Entries" );
					}
				}
				else
				{
					write2LogFile( "ERROR '".mssql_escape_string( $_POST['custom'] )."' NOT FOUND" );
				}
			}
		}
	}
	fclose ($fp);
}
?>