AlertPay Developers Community

<?php

//===============================================================================
// AlertPay Instant Payment Notification (IPN)
//===============================================================================
// THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY
// OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT
// LIMITED TO THE IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE.
//===============================================================================

// Verssion: Advanced IPN - PHPEcono 1.0
// Script: AlertURL.php
// Platform: PHP

// This is a modified version of the normal AlertPay IPN system.

// Modifications
// 1. Added DB connection protocol script
// 2. All AlertPay info are loaded into a string
// 3. All the retrieved info is correctly sanitized before it's used
// 4. All The data can be retrieved using $alertpay_data[0]
// 5. Globals at the bottom are now compatible with PHP4+
// Modification by PHPEcono (Patrick Simard)

// Purpose:
// --------
// The purpose of this code is to help you to understand how to process the Instant Payment Notification 
// variables for Subscription Button and integrate it in your PHP site.

// How to Use: 
// -----------
// Put this code into the page which you have specified as Alert URL.
// The variables being read from the _POST object in the below code are inserted into a string and can be
// retrieved by using $alertpay_data[0]. Replace 0 by the number beside $_POST below that you would like to use.
// $alertpay_data is secured and ready for SQL manipulation.

// Developer Feedback:
// --------------
// If you have any questions about this script or any suggestions, please use:
// http://dev.alertpay.com/forums/p/1653/3502.aspx#3502

// DB Connection
$dbh2=mysql_connect("localhost", "DB_USER", "DB_PASS") or die ('Database connection: '.mysql_error());
mysql_select_db("DB_NAME");

    // All the data is inserted into a string seperated by $$$
    // It will then be sanitized and exploded
    // To retreive the coresponded var use $alertpay_data[0]
    // Replace 0 by the number beside the $_POST
     
    // Security code variable
    $alertpay=$_POST['ap_SecurityCode']; //0

    // Customer info variables
    $alertpay.=$_POST['ap_CustFirstName']."$$$"; //1
    $alertpay.=$_POST['ap_CustLastName']."$$$"; //2
    $alertpay.=$_POST['ap_CustAddress']."$$$"; //3
    $alertpay.=$_POST['ap_CustCity']."$$$"; //4
    $alertpay.=$_POST['ap_CustCountry']."$$$"; //5
    $alertpay.=$_POST['ap_CustZip']."$$$"; //6
    $alertpay.=$_POST['ap_CustEmailAddress']."$$$"; //7

    // Common transaction variables
    $alertpay.=$_POST['ap_ReferenceNumber']."$$$"; //8
    $alertpay.=$_POST['ap_Status']."$$$"; //9
    $alertpay.=$_POST['ap_PurchaseType']."$$$"; //10
    $alertpay.=$_POST['ap_Merchant']."$$$"; //11
    $alertpay.=$_POST['ap_ItemName']."$$$"; //12
    $alertpay.=$_POST['ap_ItemCode']."$$$"; //13
    $alertpay.=$_POST['ap_Description']."$$$"; //14
    $alertpay.=$_POST['ap_Quantity']."$$$"; //15
    $alertpay.=$_POST['ap_Amount']."$$$"; //16
    $alertpay.=$_POST['ap_AdditionalCharges']."$$$"; //17
    $alertpay.=$_POST['ap_ShippingCharges']."$$$"; //18
    $alertpay.=$_POST['ap_TaxAmount']."$$$"; //19
    $alertpay.=$_POST['ap_DiscountAmount']."$$$"; //20
    $alertpay.=$_POST['ap_TotalAmount']."$$$"; //21
    $alertpay.=$_POST['ap_Currency']."$$$"; //22
    $ap_Test=$_POST['ap_Test']."$$$"; //23

    // Custom fields
    $alertpay.=$_POST['ap_Apc_1']."$$$"; //24
    $alertpay.=$_POST['ap_Apc_2']."$$$"; //25
    $alertpay.=$_POST['ap_Apc_3']."$$$"; //26
    $alertpay.=$_POST['ap_Apc_4']."$$$"; //27
    $alertpay.=$_POST['ap_Apc_5']."$$$"; //28
    $alertpay.=$_POST['ap_Apc_6']."$$$"; //29

    // Subscription variables
    $alertpay.=$_POST['ap_SubscriptionReferenceNumber']."$$$"; //30
    $alertpay.=$_POST['ap_TimeUnit']."$$$"; //31
    $alertpay.=$_POST['ap_PeriodLength']."$$$"; //32
    $alertpay.=$_POST['ap_PeriodCount']."$$$"; //33
    $alertpay.=$_POST['ap_NextRunDate']."$$$"; //34
    $alertpay.=$_POST['ap_TrialTimeUnit']."$$$"; //35
    $alertpay.=$_POST['ap_TrialPeriodLength']."$$$"; //36
    $alertpay.=$_POST['ap_TrialAmount']; //37
    
    // SQL Sanitizer
    function sanitize_sql ( $mValue )
    {
        $mValue = (MAGIC_QUOTES) ? $mValue : addslashes($mValue);
        $rPattern = "/;/";
        return preg_replace($rPattern, '', $mValue);
    }
    
    // Sanitizing the string
    sanitize_sql ( $alertpay );
    
    // Exploding the $alertpay var (Use the number next to the var Ex: $alertpay_data[0] for the customer first name)
    $alertpay_data=explode('$$$', $alertpay);

    // Initialize variable
    setSecurityCodeVariable();

        // Inser your alert pay security code you set in your IPN setup page
        if ($ap_SecurityCode != "NOT UNCODED PASSWORD");
        {
            // The Data is NOT sent by AlertPay.
            // Take appropriate action 
            
            echo "Unauthorised Access";
        }
        else
        {
            if ($ap_Test == "1")
            {
                // Your site is currently being integrated with AlertPay IPN for TESTING PURPOSES
                // ONLY. Don't store any information in your Production database and don't process
                // this transaction as a real order.
 
            }
            else
            {
                // Initialize variables
                setCustomerInfoVariables();
                setCommonTransactionVariables();

                // Initialize the custom field variables.
                setCustomFields();

                // If the transaction is subscription-based (recurring payment), initialize the
                // Subscription variables too.
                if ($ap_PurchaseType == "Subscription")
                {
                    setSubscriptionVariables();
                }

                if (strlen($ap_ReferenceNumber) == 0 && $ap_TrialAmount != "0")
                {
                    // Invalid reference number. The reference number is invalid because the ap_ReferenceNumber doesn't
                    // contain a value and the ap_TrialAmount is not equal to 0.
                }
                else
                {
                    if ($ap_Status == "Success")
                    {
                        // Transaction is complete. It means that the amount was paid successfully.
                        // Process the order here.
                        // You can use the $alertpay_data[ to retreive the needed info
                        

                        // Process non-subscription order.
                        if ($ap_PurchaseType != "Subscription")
                        {
                            // NOTE: The subscription variables are not applicable here. Don't use them.
                        }
                        // Process the subscription order. Use ap_SubscriptionReferenceNumber to uniquely identify
                        // this particular subscription transaction.
                        else
                        {
                            // Check whether the trial is free or not
                            if ($ap_TrialAmount == "0")
                            {
                                // Process the free trial here.
                                // NOTE: The ap_ReferenceNumber is always empty for trial periods and therefore you
                                // should not use it.
                            }
                            else
                            {
                                // The is not a free trial and ap_TrialAmount contains some amount and the
                                // ap_ReferenceNumber contains a valid transaction reference number.
                            }
                        }
                    }
                    else
                    {
                        // Transaction cancelled means seller explicitely cancelled the subscription or AlertPay                                 
                        // cancelled or it was cancelled since buyer didnt have enough money after resheduling after two times.
                        // Take Action appropriately
                    }
                }
            }
    }

    // Security code variable
    function setSecurityCodeVariable()
    {
     GLOBAL $_POST;
     
     $ap_SecurityCode = $_POST['ap_securitycode'];
     
     GLOBAL $ap_SecurityCode;
    }
    
    // Customer info variables
    function setCustomerInfoVariables()
    {
     GLOBAL $_POST;
     
      $ap_CustFirstName =$_POST['ap_custfirstname'];
      $ap_CustLastName = $_POST['ap_custlastname'];
      $ap_CustAddress = $_POST['ap_custaddress'];
      $ap_CustCity = $_POST['ap_custcity'];
      $ap_CustCountry = $_POST['ap_custcountry'];
      $ap_CustZip = $_POST['ap_custzip'];
      $ap_CustEmailAddress = $_POST['ap_custemailaddress'];
      $ap_PurchaseType = $_POST['ap_purchasetype'];
      $ap_Merchant = $_POST['ap_merchant'];
      
     GLOBAL $ap_CustFirstName, $ap_CustLastName, $ap_CustAddress, $ap_CustCity, $ap_CustCountry, $ap_CustZip, $ap_CustEmailAddress, $ap_PurchaseType, $ap_Merchant;
    }
    
    // Common transaction variables
    function setCommonTransactionVariables()
    {
     GLOBAL $_POST;
     
     $ap_ItemName = $_POST['ap_itemname'];
     $ap_Description = $_POST['ap_description'];
     $ap_Quantity = $_POST['ap_quantity'];
     $ap_Amount = $_POST['ap_amount'];
     $ap_AdditionalCharges=$_POST['ap_additionalcharges'];
     $ap_ShippingCharges=$_POST['ap_shippingcharges'];
     $ap_TaxAmount=$_POST['ap_taxamount'];
     $ap_DiscountAmount=$_POST['ap_discountamount'];
     $ap_TotalAmount = $_POST['ap_totalamount'];
     $ap_Currency = $_POST['ap_currency'];
     $ap_ReferenceNumber = $_POST['ap_referencenumber'];
     $ap_Status = $_POST['ap_status'];
     $ap_ItemCode = $_POST['ap_itemcode'];
     $ap_Test = $_POST['ap_test'];
     
     GLOBAL $ap_ItemName, $ap_Description, $ap_Quantity, $ap_Amount, $ap_AdditionalCharges, $ap_ShippingCharges, $ap_TaxAmount, $ap_DiscountAmount, $ap_TotalAmount, $ap_Currency, $ap_ReferenceNumber, $ap_Status, $ap_ItemCode, $ap_Test;
    }
    
    // Subscription variables
    function setSubscriptionVariables()
    {
     GLOBAL $_POST;
     
     $ap_SubscriptionReferenceNumber = $_POST['ap_subscriptionreferencenumber'];
     $ap_TimeUnit = $_POST['ap_timeunit'];
     $ap_PeriodLength=$_POST['ap_periodlength'];
     $ap_PeriodCount=$_POST['ap_periodcount'];
     $ap_NextRunDate=$_POST['ap_nextrundate'];
     $ap_TrialTimeUnit=$_POST['ap_trialtimeunit'];
     $ap_TrialPeriodLength=$_POST['ap_trialperiodlength'];
     $ap_TrialAmount=$_POST['ap_trialamount'];
    
     GLOBAL $ap_SubscriptionReferenceNumber, $ap_TimeUnit, $ap_PeriodLength, $ap_PeriodCount, $ap_NextRunDate, $ap_TrialTimeUnit, $ap_TrialPeriodLength, $ap_TrialAmount;
    }

    // Custom fields
    function setCustomFields()
    {
     GLOBAL $_POST;
     
     $ap_Apc_1 = $_POST['apc_1'];
     $ap_Apc_2 = $_POST['apc_2'];
     $ap_Apc_3 = $_POST['apc_3'];
     $ap_Apc_4 = $_POST['apc_4'];
     $ap_Apc_5 = $_POST['apc_5'];
     $ap_Apc_6 = $_POST['apc_6'];
        
     GLOBAL $ap_Apc_1, $ap_Apc_2, $ap_Apc_3, $ap_Apc_4, $ap_Apc_5, $ap_Apc_6;
    }   

?>

Here is what I have done. I am using Advanced Integration and the button code supplied to create a form where the buyer has access to six custom fields that they fill out as part of the order process. I was hoping that these fields would be returned in the payment notification email but they are not. I now see that they are returned as part of the IPN process in the above script.It would be easiest for me if at the end of the script it would simply email an address all of the IPN returned fields. Having them post to a database is fine but its really an unncessary step in my process. What I need is an email sent to someone so they can take followup action on the order.

I understand that everyone may not need this feature but if you could send me a code snippet or modified script that would do this that would be great.

Keep up the great work!

Roger

Hi moresomes ;-)
You should use the 1.1 verssion of this script there has been a few improvements.

To send your self and email use this code in the success or test part of the code.

$email_ipn_result="me@domain.com"; // Your Emails seperated by , and a space
// Ex: me@domain.com, you@domain.com, him@domain.com
$subject = "AlertPay IPN Data";

$message .= "PHPEcono Advanced IPN v1.2 : $seperator "; 
$i=0; foreach ($alertpay_data as $line){$message .= '$alertpay_data['.$i.'] = '."$line "; $i++;}
$message .= " $seperator ";  
       
    PHPEcono_Mailer($subject, $message, $email_ipn_result);

function PHPEcono_Mailer($subject, $message, $to){
    GLOBAL $_SESSION;
    $to = explode(", ", $to);
    while (list ($key, $val) = each ($to)) {
    $mime_boundary = "----PHPEcono Advanced IPN 1.1----".md5(time());
    $headers = "From: AlertPay IPN <$to> ";
    $headers .= "Reply-To: AlertPay IPN <$to> ";
    $headers .= "MIME-Version: 1.0 ";
    $headers .= "Content-Type: multipart/alternative; boundary=\"$mime_boundary\" ";
    $messages .= "--$mime_boundary ";
    $messages .= "Content-Type: text/html; charset=windows-1252 ";
    $messages .= "Content-Transfer-Encoding: 8bit ";
    $messages .= "$message ";
    $messages .= "--$mime_boundary-- ";
    $mail_sent = @mail( $val, $subject, $messages, $headers );
    }
 }

Thanks I'll give that shot!

Roger

Still not working, but I cannot tell what is not working. My account is in test mode. IPN is enables. I have the encryted URL setting turned OFF (is that correct?). My AlertURL appears to be set correctly. Transactions from my site seem to be behaving correctly, proceeding through with successful payment and I am getting the email notifications from Alertpay. However, I dont think the IPN is firing or am I not capturing anything.

I know a while ago Alertpay askedme to put a verification file on the root of the site, does that have to be there (in the same directory) or something? I dont recall seeing anything about it. I am calling the script as a .php file,is that OK?

I inserted the email code as follows into version 1.1, is this OK?

  if ($ap_Status == "Success")
                    {
                      // IF DEBUG MODE -> END Transaction has ended successfuly
                      if ($debug=="1"){fwrite($fh, " Transaction has ended successfuly! $seperator ");}
                        // Transaction is complete. It means that the amount was paid successfully.
                        // Process the order here.
                        // You can use the $alertpay_data[ to retreive the needed info

        $email_ipn_result="info@moresomes.net"; // Your Email
        $subject = "AlertPay IPN Data";

        $message .= "PHPEcono Advanced IPN v1.2 :$seperator";
        $i=0; foreach ($alertpay_data as $line){$message .= '$alertpay_data['.$i.'] = '."$line"; $i++;}
        $message .= "$seperator"; 
      
            PHPEcono_Mailer($subject, $message, $email_ipn_result);

        function PHPEcono_Mailer($subject, $message, $to){
                GLOBAL $_SESSION;
                $to = explode(", ", $to);
                while (list ($key, $val) = each ($to)) {
                $mime_boundary = "----PHPEcono Advanced IPN 1.1----".md5(time());
                $headers = "From: AlertPay IPN <$to>";
                $headers .= "Reply-To: AlertPay IPN <$to>";
                $headers .= "MIME-Version: 1.0";
                $headers .= "Content-Type: multipart/alternative; boundary=\"$mime_boundary\"";
                $messages .= "--$mime_boundary";
                $messages .= "Content-Type: text/html; charset=windows-1252";
                $messages .= "Content-Transfer-Encoding: 8bit";
                $messages .= "$message";
                $messages .= "--$mime_boundary--";
                $mail_sent = @mail( $val, $subject, $messages, $headers );
                }
             }

If I call the script on its own, I get the following error....

Warning: Unexpected character in input: '\' (ASCII=92) state=1 in /home/moresome/public_html/moresomes/ipnprocess3.php on line 3

Parse error: syntax error, unexpected T_STRING in /home/moresome/public_html/moresomes/ipnprocess3.php on line 3

My edit area looks like this currently...

   /**//////////////////////////////////////////////////////////////////////////////////
    /**/// EDIT BOX                                                                    //
    /**//////////////////////////////////////////////////////////////////////////////////
     $test=0; // Test activation
     $debug=1; // Change this to 1 for debug mode (Turn off after and delete debug.txt)
     $debug_file="debug.txt"; // Debug file name (chmod to 777)
     $encrypted_alerurl_pass = "dLvtERshq7htSBWG"; // Encrypted AlertURL pass.
    /**/ $server="localhost"; // Server name (Ex: localhost)
    /**/ $db_name="name"; // Name of the DB
    /**/ $db_username="username"; // username of the db
    /**/ $db_password="password"; // password of the db
    /**//////////////////////////////////////////////////////////////////////////////////

I have the debug file locates in the same directory as the .php script and its CHMOD 777

Thanks in advance for your help!

Roger

If you have the test mode activated you need to add this code in the test mode section (line 202). As for the errors, i am gona need more code. can you attach your alertURL.php file in your nexte reply?

Ecrypted URL is best to be turned off for now since theres no release on how to decrypte it from what i was told.

Can you also activate the debug file from the 1.1 verssion. (create a debug.txt chomoded to 777 where the alerturl.php script is. and post me the result.

PLEASE don't forget to erease your encrypted code from your posts. (I recommend you to change it now that you did.)

Not sure I understand what code to add while in test mode?

Already changed the Security Code.

Will leave encrypted URL off

I had the debug turned on and the file was in the same directory, but the contents of the file were never altered by the transaction process.That is why I question whether my script is ever getting called

What is the best way to send you the entire script?

Theres and error on line 3 of your code so of course your IPN is not working corecly. I will take a look at it. Send me your script by email to p.simard@cameleonmedia.com. I will also integrate the email posting script while at it.

Thanks for the offer I sent you the file. I will look at line 3 and see if I can figure it out. I will also isolate and run the email code to make sure it is working on that server and is not  a source of error. I have confirmed with Alerypay Help Desk that my last test attempt did generate an IPN that was delivered so it seems I am getting closer.

Your code is really currupted ... Theres junk code all over it. What PHP editor are you using?
I recommend you to use PHPDesigner or Dreamweiver.

I am gona start it from fresh but first i need to finish a code for a client. I should be done in an hour or 2.

what are the \par everywhere anyway?