Damn. Just as I thought it was all working ok
Just did a real test, and its coming up with the last 'else' message (wrong referer). Anyoe who has programmed Perl for PayPal, could you have a look please? Even better would be a PHP alternative
Code:
#!/usr/bin/perl
eval {
use CGI::Carp qw(fatalsToBrowser);
use CGI qw(:standard);
use LWP::UserAgent;
};
if ($@) { &error("$@"); }
$input = new CGI;
###################################################
# read the post from PayPal system and add 'cmd'
read (STDIN, $query, $ENV{'CONTENT_LENGTH'});
$query .= '&cmd=_notify-validate';
# post back to PayPal system to validate
$ua = new LWP::UserAgent;
$req = new HTTP::Request 'POST','https://www.paypal.com/cgi-bin/webscr';
$req->content_type('application/x-www-form-urlencoded');
$req->content($query);
$res = $ua->request($req);
# split posted variables into pairs
@pairs = split(/&/, $query);
$count = 0;
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$variable{$name} = $value;
$count++;
}
# assign posted variables to local variables
$receiver_email = $variable{'receiver_email'};
$item_name = $variable{'item_name'};
$item_number = $variable{'item_number'};
$payment_status = $variable{'payment_status'};
$payment_date = $variable{'payment_date'};
$payment_gross = $variable{'payment_gross'};
$payment_fee = $variable{'payment_fee'};
$txn_id = $variable{'txn_id'};
$first_name = $variable{'first_name'};
$last_name = $variable{'last_name'};
$address_street = $variable{'address_street'};
$address_city = $variable{'address_city'};
$address_state = $variable{'address_state'};
$address_zip = $variable{'address_zip'};
$address_country = $variable{'address_country'};
$payer_email = $variable{'payer_email'};
if ($res->content eq 'VERIFIED') {
# check transaction for uniqueness
$vars = "receiver_email=$receiver_email";
$vars .= "&item_name=$item_name";
$vars .= "&item_number=$item_number";
$vars .= "&custom=$custom";
$vars .= "&payment_status=$payment_status";
$vars .= "&payment_date=$payment_date";
$vars .= "&payment_gross=$payment_gross";
$vars .= "&payment_fee=$payment_fee";
$vars .= "&txn_id=$txn_id";
$vars .= "&first_name=$first_name";
$vars .= "&last_name=$last_name";
$vars .= "&address_country=$address_country";
$vars .= "&payer_email=$payer_email";
$urlredirect = "buy.php?" . $vars;
print "Content-type: text/html \n\n";
print "Would have sent to $urltest";
#print "Location: $urlredirect \n\n";
}
elsif ($res->content eq 'INVALID') {
# possible fraud...
print "Content-type: text/html \n\n";
print "You don't appear to have been sent from a valied URL. If you feel this is an error please feel free to email webmaster\@wwwtemplates.com if you feel this is an error.";
}
else {
# error
print "Content-type: text/html \n\n";
print "You don't appear to have been sent from a valied URL.<BR> If you feel this is an error please feel free to<BR>email webmaster\@wwwtemplates.com if you feel this is an error.";
}
##################################################