Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 10 of 10
  1. #1
    New to the CF scene
    Join Date
    Mar 2009
    Posts
    6
    Thanks
    1
    Thanked 0 Times in 0 Posts

    if statement help

    Hi, I'm wondering if anyone can help with some code, I can't figure it out.

    What I'm trying to do is have a piece of code only execute when a customer comes from paypal. If you go to that page without coming from paypal the code won't run.

    I'm selling an ebook on my site and I have some code that will generate a unique url to download the item which expires when I want it to, this is so the customer doesn't know where the file is stored and doesn't know the actual file name on the server. That part works fine.

    The problem is after the customer pays for the item on paypals site, paypal will redirect them where I want, so I made a page that tells the customer the purchase is complete and in that page is the code to generate the unique url for downloading the package.

    The real problem is the page the customer lands on from paypal to get the link is always the same so all you need to do is remember that url and you can generate a unique url anytime you want. So I need some kind of "if" statement around the url generating code in that page, that will allow it to only generate a url when the customer comes from paypal. If the customer refreshes the landing page that paypal sent them to then the unique url will be gone and no way to get another unless you rebuy or email me.

    I hope all this makes sense, any ideas would be appreciated.

    Thanks
    Last edited by robsworld; 03-12-2009 at 12:56 AM.

  • #2
    New Coder
    Join Date
    Mar 2009
    Posts
    52
    Thanks
    4
    Thanked 6 Times in 6 Posts
    I think you'll have to look into paypal's API's to see how you can verify that the person is coming from paypal. You can look at the referrer information passed by the browser to see where the person is coming from, but this is not a good idea because the referrer information can easily be spoofed by someone who knows what they are doing.

    If you want to do this the right way, then look into paypal's instant payment notification (IPN) system. I've used this myself a couple times, and it's pretty easy to use (and well documented on paypal's part). In fact, they even provide php code for you to use that does 95% of the verification for you. They way it will work is that when the person buys the item and pays for it on paypal, paypal will notify your server that the item has been purchased and send the person's detail to your server (they will send it in a standard HTTP request, so it will be much the same as if someone had visited one of your pages). You'll have a special script that will receive this request, acknowledge it, and communicate back and forth with paypal to verify the transaction and details (again, they give you code that does this). Once your script verifies the transaction, it can generate the unique download url for that user and store the url in the user's "account", that way when the user goes to the confirmation page they see the unique url, and if they refresh the page or go back later they still see the same url.

    The other thing you could do (and probably the better way to go), is to email the user the download url. When your script receives the payment info from paypal it will also receive the email address associated with the paypal account. So rather than storing the unique download url, you could just go ahead and generate it once and then send an email to the address that paypal sent you with the download url. The landing page coming back from paypal can then just be a generic "Thank you for your purchase! Your download link has been sent to your email address!".

  • #3
    New to the CF scene
    Join Date
    Mar 2009
    Posts
    6
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Hi, thanks for the response, I've tried the IPN thing but couldnt' get anywhere. I actually have a script that handles digital downloads and suppose to work with paypal. There's a file named ipn.php but when it runs it just shows a white screen even if a user comes from paypal. Does this code look like what your talking about? When I use the paypal sandbox IPN checker and enter in the url to that ipn.php file paypal says its valid. Am I missing something simple. Here's the code in the ipn.php file.

    PHP Code:
    <?php
    include('variables.php');

    $connect mysql_connect($host,$username,$password);
    if (!
    $connect) {
       die(
    'Could not connect: ' mysql_error());
    }
    @
    mysql_select_db($database) or die( "Unable to select database");


    function 
    doTheCurl ()
    {
    $req 'cmd=_notify-validate';
    foreach (
    $_POST as $key => $value)
    {
    $value urlencode(stripslashes($value));
    $req .= "&$key=$value";
    }
    $ch curl_init();

    // check to see if this is sandbox or not
    if ($_POST["test_ipn"] == 1)
    {
    curl_setopt($chCURLOPT_URL"https://www.sandbox.paypal.com/cgi-bin/webscr");
    }
    else
    {
    curl_setopt($chCURLOPT_URL"https://www.paypal.com/cgi-bin/webscr");
    }

    curl_setopt($chCURLOPT_POST1);
    curl_setopt($chCURLOPT_POSTFIELDS$req);
    curl_setopt ($chCURLOPT_RETURNTRANSFER1);
    $paypal_response curl_exec ($ch);
    curl_close($ch);
    return 
    $paypal_response;
    }

    function 
    doTheHttp ()
    {
    $req 'cmd=_notify-validate';
    foreach (
    $_POST as $key => $value)
    {
    $value urlencode(stripslashes($value));
    $req .= "&$key=$value";
    }
    // post back to PayPal system to validate
    $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
    $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
    $header .= "Content-Length: " strlen($req) . "\r\n\r\n";

    // check to see if this is sandbox or not.
    if ($_POST["test_ipn"] == 1)
    {
    $paypal_response fsockopen ('www.sandbox.paypal.com'80$errno$errstr30);
    }
    else
    {
    $paypal_response fsockopen ('www.paypal.com'80$errno$errstr30);
    }

    if (!
    $paypal_response) {
    return 
    "ERROR";
    }
    else
    {
    fputs ($paypal_response$header $req);
    while (!
    feof($paypal_response))
    {
    $res fgets ($paypal_response1024);
    if (
    strcmp ($res"VERIFIED") == 0)
    {
    return 
    "VERIFIED";
    }
    else if (
    strcmp ($res"INVALID") == 0)
    {
    return 
    "INVALID";
    }
    }
    fclose ($paypal_response);
    }
    return 
    "ERROR";
    }


    $paypal_response doTheCurl();
    if (!
    $paypal_response)
    {

    $paypal_response doTheHttp();

    }
    else
    {

    }


    //get variables
    $receiver_email $_POST['receiver_email'];
    $first_name $_POST['first_name'];
    $last_name $_POST['last_name'];
    $payer_email $_POST['payer_email'];
    $item_name $_POST['item_name'];
    $amount $_POST['mc_gross'];
    $payment_status $_POST['payment_status'];
    $txn_type $_POST['txn_type'];

    if (
    $first_name != "")
    $message "Customer First Name: " $first_name "\n";
    if (
    $last_name != "")
    $message .= "Customer Last Name: " $last_name "\n";
    if (
    $payer_email != "")
    $message .= "Customer Email: " $payer_email "\n";
    if (
    $item_name != "")
    $message .= "Item: " $item_name "\n";
    if (
    $amount != "")
    $message .= "Amount: " $amount "\n";
    if (
    $txn_type != "")
    $message .= "Transaction Type: " $txn_type "\n";
    if (
    $payer_status != "")
    $message .= "Payment Status: " $payment_status "\n";


    if (
    ereg('VERIFIED',$paypal_response)) {
    $response_verified 1;
    $ipn_result 'VERIFIED';
    if (
    $payment_status == "Completed")
    {

    $checkquery "SELECT * FROM files WHERE paypalname = '$item_name'";
    $checkresult mysql_query($checkquery);

    $checkrow=mysql_fetch_assoc($checkresult);

    $price $checkrow["price"];
    $filename $checkrow["filename"];

    if (
    $price == $amount)
    {
    //send email to buyer
    $random rand();
    $string md5($random);


    $query "INSERT INTO links (getfilename, link, dltimes) VALUES ('$filename', '$string', '3')";
    mysql_query($query);
    mysql_close($connect);



    $to $payer_email;
    $subject $storename " Order";
    $body "Your download url:\n" $scriptpath "send_url.php?q=" $string "\n\nIf you cannot download, please contact us at " $email ".";

    mail($to$subject$body,
        
    "To: " $to "\n" .
        
    "From: "$email ."\n" .
        
    "X-Mailer: PHP 4.x");


    mail($email"Order Received"$message"From: "$email);

    }
    else
    {
    mail($email"Order Payment Amount Invalid"$message"From: "$email);

    }
    }

    } else if (
    ereg('INVALID',$paypal_response)) {
    $response_invalid 1;
    $ipn_result 'INVALID';

    $message .= "IPN returned invalid\n";

    mail($email"Order Received - Invalid IPN"$message"From: "$email);

    $to $payer_email;
    $subject $storename " Order";
    $body "Your download was not completed, please contact us at " $email ".";

    mail($to$subject$body,
        
    "To: " $to "\n" .
        
    "From: " $email "\n" .
        
    "X-Mailer: PHP 4.x");


    } else {
    echo 
    'Error: no valid $paypal_response received.';

    $message .= "No response from Paypal\n";

    mail($email"Order Received - No IPN Response"$message"From: " $email);

    $to $payer_email;
    $subject $storename " Order";
    $body "Your download was not completed, please contact us at " $email ".";

    mail($to$subject$body,
        
    "To: " $to "\n" .
        
    "From: " $email "\n" .
        
    "X-Mailer: PHP 4.x");
    }


    ?>
    Last edited by robsworld; 03-12-2009 at 03:46 AM.

  • #4
    Regular Coder sea4me's Avatar
    Join Date
    Jan 2009
    Location
    Damn, I don't know...
    Posts
    390
    Thanks
    11
    Thanked 28 Times in 27 Posts
    PLEASE WRAP THE CODE USING PHP TAGS!!!

    it's kinda of huge...

    and it helps us see the code better

  • #5
    New to the CF scene
    Join Date
    Mar 2009
    Posts
    6
    Thanks
    1
    Thanked 0 Times in 0 Posts
    yeah that is much easier to read, learning all the time!

  • #6
    New to the CF scene
    Join Date
    Mar 2009
    Posts
    6
    Thanks
    1
    Thanked 0 Times in 0 Posts
    well I manged to get the script working with the IPN which triggers an email to the customer with a unique url to download. Now the problem is the code isn't finding the file on the server, its allowing the user to download the file thats generating the code.

    This is how it all works.

    There's a mysql database which has 2 tables, "files" and "links"

    There's an admin area to upload the file, the file sits on the server but the database holds info about the file. The "files" table has 4 fields, "id" "paypalname" "filename" and "price". The "paypalname" is the title of the download and the filename is the actual filename of the download and price is the of course the price I'm selling it for.

    Once a customer makes a payment the IPN tells the script that payment was made, the script looks to see that $price == $payment_amount is a match ($price is the price I have in the database and $payment_amount is how much was paid through paypal) and if it is a match it will execute the file "send_url.php".

    So I run tests and everything goes as it reads in the script, if the payment amount sent through paypal is different then whats in the database no url is given. When both match it does send an email to the customer using the customers paypal email address with a different url everytime, sounds good.

    Here's the problem, when I click the url thats in the email a download window opens but instead of calling "$filename" like it should it presents the "send_url.php" file for downloading. That's the file that generated the url.

    Once there's a match for price the "ipn.php" file attempts to fill in the "links" table in the database. There's 4 fields in the "links" table. "id" "getfilename" "link" and "dltimes". All the fields are being filled except "getfilename" which must be the reason the link can't point to a specific file so it presents "send_url.php" instead.

    I cannot understand why 3 or the 4 fields in "links" table get filled but "getfilename" doesn't. Here's part of the "ipn.php" file that files the "links" table.

    PHP Code:
    //send email to buyer
    $random rand();
    $string md5($random);

    $query "INSERT INTO links (getfilename, link, dltimes) VALUES ('$filename', '$string', '3')";
    mysql_query($query);
    mysql_close($connect);

    $to $payer_email;
    $subject $storename " Order";
    $body "Your download url:\n" $scriptpath "send_url.php?q=" $string "\n\nIf you cannot download, please contact us at " $email ".";

    mail($to$subject$body,
        
    "To: " $to "\n" .
        
    "From: "$email ."\n" .
        
    "X-Mailer: PHP 4.x");

    mail($email"Order Received"$message"From: "$email);

    }
    else
    {
    mail($email"Order Payment Amount Invalid"$message"From: "$email);


    Last edited by robsworld; 03-12-2009 at 07:58 AM.

  • #7
    New Coder
    Join Date
    Mar 2009
    Posts
    52
    Thanks
    4
    Thanked 6 Times in 6 Posts
    I'm a bit confused, and I want to make sure we're on the same page. Let me describe what I think you're trying to do, and then you can tell me if what I think you want and what you want are the same thing:

    User "buys" the right to download a file on paypal. When purchase is completed, IPN sends your server a notification saying, "hey, this guy bought this item for x dollars". Your server receives this notification and processes it with the script, "ipn.php". ipn.php (which you have posted an excerpt from above) then verifies the transaction, and if good it sends a link to the user that can be used to download the product. This link points to another php script and sends it a unique (and random) identifying code. That download script then takes this unique code, uses it to look up the file that has been purchased, reads in the file in question, and then sends that file to the user for download. Sound about right?

    So here's my confusion:

    Once a customer makes a payment the IPN tells the script that payment was made, the script looks to see that $price == $payment_amount is a match ($price is the price I have in the database and $payment_amount is how much was paid through paypal) and if it is a match it will execute the file "send_url.php".
    I don't see why you have to execute a separate file. You've already generated the unique code in 'ipn.php' (i.e. your $string variable), stored it in the database, and sent it to the user. So why do you need send_url.php to generate the code (which is what you say later)?

    However, when you email the user the url for the download the url is clearly pointing to send_url.php:

    PHP Code:
    $body "Your download url:\n" $scriptpath "send_url.php?q=" $string 
    Which implies that you want send_url.php to be the script that retrieves the file to be downloaded and sends it to the user. So I'm not sure what you want send_url.php to be doing...

    Well, let me just ignore all of that and offer this suggestion. You want a script that can fetch a specified file and allow the user to download it. You don't want the user to know where the file is located, and you want to be able to control just how often or when the file can be downloaded. To do something like that, you want a script like this:

    http://www.zubrag.com/scripts/download.php

    I've actually used this exact script a couple times myself, although I always have to make some substantial changes. The way the above script works is pretty simple. You link to it with just a filename, i.e: http://www.mysite.com/download.php?f=myfile.zip Inside this script you've specified a folder on your server (which doesn't have to be accessible over the internet) where your file resides. So, when someone requests download.php?f=myfile.zip, and you've specified your data directory to be /var/www/docs/, the script looks for the file /var/www/docs/myfile.zip on your server. It then reads in the contents of the file on the server, and passes them through to the user who requested the file in the first place. As a result, the end user has no idea where your file is and has no way of finding out.

    Now you want a little more control over this, so you will have to do some editing of the above script. Instead of passing it a file name, you want to pass it a randomly generated string. So 'ipn.php' generates the string, $string='asdfer' (yeah, I know, not very random). The customer has purchased access to the file, 'expensive_file.zip'. So ipn.php stores inside your link table the values 'expensive_file.zip', 'asdfer', and '3'. Then, ipn.php sends an email to the user that says:

    here's your download link: http://www.mysite.com/download.php?string=asdfer

    Then, when they click on that link, they send the string 'asdfer' to the script download.php. At the moment download.php expects a filename, but it should be fairly simple for you to make it process the string instead. Just have it connect to the database, look up the 'asdfer' entry, and get the filename associated with that entry. If you stick the filename in the right variable, you will only have to do a minimum of editing of the download.php file. I believe if you save the filename to the variable $fname and then comment out the line that says (line 89):

    PHP Code:
    $fname basename($_GET['f']); 
    You should be in business (as long as you've set up all the other configuration stuff properly). Obviously you can then add more stuff to download.php, such that after the download completes you can decrement the 'dltimes' entry in the database, and you can have it refuse to download the file if the person doesn't have any dltimes remaining at all. Hopefully this all makes sense....

  • Users who have thanked cmancone for this post:

    robsworld (03-13-2009)

  • #8
    New to the CF scene
    Join Date
    Mar 2009
    Posts
    6
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Hey, I can't thank-you enough for taking all your time to help me like this, I'll be sure to pass it on!

    You are thinking right in what I want to do however I did confuse you. There is only 1 script, well actually I have 2 scripts, one handles the downloads completely, the other is only for generating unique url's. I tried the complete script first and couldn't get anywhere so I found the 2nd script and starting trying to make it work, at that point I did get farther with script 2 (the url generating one) but it's not really designed for this as you see.

    After more reading and following your advise I decided to put script #2 out of the picture and go back to the original which does look nicely written. The originial time I played with it I didn't realize it was emailing all the info, then I had problems with emails because it appears paypal updated some of there database field names, for instance in the original code it was trying to verify "$price == $amount, which could never happen so it always said wrong amount was purchased. Then I say on paypal that they had $payment_amount so I changed it to that and presto. So maybe it's something like that? This script was written in Feb 07

    I'm glad you offered that other solution but I really want to get this one working and once it is I'll be sure to post it with easy instructions so others can use it, I'm sure something like this is sought after. The instructions that came are easy but something is wrong.

    I'm going to post all the code, there's 3 files that make it work, then there's a very simple admin area and 2 language files.

    This is the "variable.php" file for the database and email info, I definitely have everything in this file set correct.

    PHP Code:
    <?php
    /*set the following variables*/
    /*Database info*/
    $username="username";
    $password="pass";
    $database="dbname";
    $host="localhost";

    $storename "store name";

    /*language options

    use 'nl' for the dutch language file. Add your own language file by copy en.php in the languages directory and change all the variables in your own language. Save it as a logical name and type in that name below. (without the php extension)

    */

    $lang 'en';

    /*path to send_url.php*/
    $scriptpath "http://www.yoursite.com/download/";
    $email "info@yoursite.com";
    $paypalemail "yourpaypalmail@yourpaypalmail.com";
    ?>
    This is the "ipn.php" file for communicating with paypal. I made that one change to "if ($price == $amount)" as mentioned above.

    PHP Code:
    <?php
    include('variables.php');

    $connect mysql_connect($host,$username,$password);
    if (!
    $connect) {
       die(
    'Could not connect: ' mysql_error());
    }
    @
    mysql_select_db($database) or die( "Unable to select database");


    function 
    doTheCurl ()
    {
    $req 'cmd=_notify-validate';
    foreach (
    $_POST as $key => $value)
    {
    $value urlencode(stripslashes($value));
    $req .= "&$key=$value";
    }
    $ch curl_init();

    // check to see if this is sandbox or not
    if ($_POST["test_ipn"] == 1)
    {
    curl_setopt($chCURLOPT_URL"https://www.sandbox.paypal.com/cgi-bin/webscr");
    }
    else
    {
    curl_setopt($chCURLOPT_URL"https://www.paypal.com/cgi-bin/webscr");
    }

    curl_setopt($chCURLOPT_POST1);
    curl_setopt($chCURLOPT_POSTFIELDS$req);
    curl_setopt ($chCURLOPT_RETURNTRANSFER1);
    $paypal_response curl_exec ($ch);
    curl_close($ch);
    return 
    $paypal_response;
    }

    function 
    doTheHttp ()
    {
    $req 'cmd=_notify-validate';
    foreach (
    $_POST as $key => $value)
    {
    $value urlencode(stripslashes($value));
    $req .= "&$key=$value";
    }
    // post back to PayPal system to validate
    $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
    $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
    $header .= "Content-Length: " strlen($req) . "\r\n\r\n";

    // check to see if this is sandbox or not.
    if ($_POST["test_ipn"] == 1)
    {
    $paypal_response fsockopen ('www.sandbox.paypal.com'80$errno$errstr30);
    }
    else
    {
    $paypal_response fsockopen ('www.paypal.com'80$errno$errstr30);
    }

    if (!
    $paypal_response) {
    return 
    "ERROR";
    }
    else
    {
    fputs ($paypal_response$header $req);
    while (!
    feof($paypal_response))
    {
    $res fgets ($paypal_response1024);
    if (
    strcmp ($res"VERIFIED") == 0)
    {
    return 
    "VERIFIED";
    }
    else if (
    strcmp ($res"INVALID") == 0)
    {
    return 
    "INVALID";
    }
    }
    fclose ($paypal_response);
    }
    return 
    "ERROR";
    }


    $paypal_response doTheCurl();
    if (!
    $paypal_response)
    {

    $paypal_response doTheHttp();

    }
    else
    {

    }


    //get variables
    $receiver_email $_POST['receiver_email'];
    $first_name $_POST['first_name'];
    $last_name $_POST['last_name'];
    $payer_email $_POST['payer_email'];
    $item_name $_POST['item_name'];
    $amount $_POST['mc_gross'];
    $payment_status $_POST['payment_status'];
    $txn_type $_POST['txn_type'];

    if (
    $first_name != "")
    $message "Customer First Name: " $first_name "\n";
    if (
    $last_name != "")
    $message .= "Customer Last Name: " $last_name "\n";
    if (
    $payer_email != "")
    $message .= "Customer Email: " $payer_email "\n";
    if (
    $item_name != "")
    $message .= "Item: " $item_name "\n";
    if (
    $amount != "")
    $message .= "Amount: " $amount "\n";
    if (
    $txn_type != "")
    $message .= "Transaction Type: " $txn_type "\n";
    if (
    $payer_status != "")
    $message .= "Payment Status: " $payment_status "\n";


    if (
    ereg('VERIFIED',$paypal_response)) {
    $response_verified 1;
    $ipn_result 'VERIFIED';
    if (
    $payment_status == "Completed")
    {

    $checkquery "SELECT * FROM files WHERE paypalname = '$item_name'";
    $checkresult mysql_query($checkquery);

    $checkrow=mysql_fetch_assoc($checkresult);

    $price $checkrow["price"];
    $filename $checkrow["filename"];

    if (
    $price == $payment_amount)
    {
    //send email to buyer
    $random rand();
    $string md5($random);


    $query "INSERT INTO links (getfilename, link, dltimes) VALUES ('$filename', '$string', '3')";
    mysql_query($query);
    mysql_close($connect);



    $to $payer_email;
    $subject $storename " Order";
    $body "Your download url:\n" $scriptpath "send_url.php?q=" $string "\n\nIf you cannot download, please contact us at " $email ".";

    mail($to$subject$body,
        
    "To: " $to "\n" .
        
    "From: "$email ."\n" .
        
    "X-Mailer: PHP 4.x");


    mail($email"Order Received"$message"From: "$email);

    }
    else
    {
    mail($email"Order Payment Amount Invalid"$message"From: "$email);

    }
    }

    } else if (
    ereg('INVALID',$paypal_response)) {
    $response_invalid 1;
    $ipn_result 'INVALID';

    $message .= "IPN returned invalid\n";

    mail($email"Order Received - Invalid IPN"$message"From: "$email);

    $to $payer_email;
    $subject $storename " Order";
    $body "Your download was not completed, please contact us at " $email ".";

    mail($to$subject$body,
        
    "To: " $to "\n" .
        
    "From: " $email "\n" .
        
    "X-Mailer: PHP 4.x");


    } else {
    echo 
    'Error: no valid $paypal_response received.';

    $message .= "No response from Paypal\n";

    mail($email"Order Received - No IPN Response"$message"From: " $email);

    $to $payer_email;
    $subject $storename " Order";
    $body "Your download was not completed, please contact us at " $email ".";

    mail($to$subject$body,
        
    "To: " $to "\n" .
        
    "From: " $email "\n" .
        
    "X-Mailer: PHP 4.x");
    }


    ?>
    And this is the "send_url.php" file, its purpose is to generate the emails I believe.

    PHP Code:
    <?php
    include('variables.php');

    $connect mysql_connect($host,$username,$password);
    if (!
    $connect) {
       die(
    'Could not connect: ' mysql_error());
    }
    @
    mysql_select_db($database) or die( "Unable to select database");

    $q $_GET[q];
    if (!
    $q)
    {
    $q "0";
    }

    $query "SELECT * FROM links WHERE link = '$q'";
    $result mysql_query($query);

    $nums mysql_num_rows($result);
            if(
    $nums 1)

            {
                echo 
    "Unknown Product. Please contact <a href=\"mailto:$paypalemail\">$paypalemail</a>";
            }
            else
    {

    $row=mysql_fetch_assoc($result);

    $filepath $row["getfilename"];
    $dltimes $row["dltimes"];
    $minusone $dltimes-1;

    if (
    $dltimes>0)
    {

    $location 'myfiles/'$filepath;

    $changequery "UPDATE links SET dltimes = '$minusone' WHERE link = '$q'";
    $changeresult mysql_query($changequery);

               
    $filename 'dummy.zip';
               
    $filename realpath($location);

               
    $file_extension strtolower(substr(strrchr($filename,"."),1));

               switch (
    $file_extension) {
                   case 
    "pdf"$ctype="application/pdf"; break;
                   case 
    "exe"$ctype="application/octet-stream"; break;
                   case 
    "zip"$ctype="application/zip"; break;
               case 
    "rar"$ctype="application/x-rar-compressed"; break;
                   case 
    "doc"$ctype="application/msword"; break;
                   case 
    "xls"$ctype="application/vnd.ms-excel"; break;
                   case 
    "ppt"$ctype="application/vnd.ms-powerpoint"; break;
                   case 
    "gif"$ctype="image/gif"; break;
                   case 
    "png"$ctype="image/png"; break;
                   case 
    "jpe": case "jpeg":
                   case 
    "jpg"$ctype="image/jpg"; break;
                   default: 
    $ctype="application/octet-stream";
               }

               if (!
    file_exists($filename)) {
                   die(
    "NO FILE HERE");
               }

               
    header("Pragma: public");
               
    header("Expires: 0");
               
    header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
               
    header("Cache-Control: private",false);
               
    header("Content-Type: $ctype");


               
    header("Content-Disposition: attachment; filename=\"".$filepath"\";");

               
    header("Content-Transfer-Encoding: binary");
               
    header("Content-Length: ".@filesize($filename));
               
    set_time_limit(0);
               @
    readfile("$filename") or die("File not found.");
               
    }
    else
    {
    echo 
    "No more downloads";
    }
    }          


    ?>
    Here's the installation instructions

    *****************
    Installation:
    *****************
    Be sure to configure all variables in variables.php
    Run sql.txt on selected database

    upload the directory "download" to the server

    Be sure to set the permissions of the following and all files underneath to 777:
    /myfiles

    ******************
    Other Configuration
    ******************
    To edit the emails sent to users they are located at
    ipn.php

    You must protect the admin folder using .htaccess
    or something similar to prevent others from accessing the admin.


    ******************
    Usage
    ******************
    Use download/admin.php to add products
    create paypal buttons to products using this template:
    **note: remove sandbox for normal paypal operation

    <form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
    <input type="hidden" name="cmd" value="_xclick">
    <input type="hidden" name="business" value="yourpaypal@email.com">
    <input type="hidden" name="item_name" value="paypal item name">
    <input type="hidden" name="amount" value="price">
    <input type="hidden" name="no_shipping" value="1">
    <input type="hidden" name="no_note" value="1">
    <input type="hidden" name="currency_code" value="USD">
    <input type="hidden" name="notify_url" value="http://www.yoursite.com/download/ipn.php">

    <input type="hidden" name="bn" value="PP-BuyNowBF">
    <input type="image" src="https://www.sandbox.paypal.com/en_US/i/btn/x-click-but23.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
    <img alt="" border="0" src="https://www.sandbox.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
    </form>
    And here's the "sql.txt" file to build the database, it does it's job.

    CREATE TABLE IF NOT EXISTS `files` (
    `id` smallint(5) unsigned NOT NULL auto_increment,
    `paypalname` text NOT NULL,
    `filename` text NOT NULL,
    `price` double NOT NULL default '0',
    PRIMARY KEY (`id`)
    ) TYPE=MyISAM AUTO_INCREMENT=8 ;


    CREATE TABLE IF NOT EXISTS `links` (
    `id` smallint(5) unsigned NOT NULL auto_increment,
    `getfilename` text NOT NULL,
    `link` text NOT NULL,
    `dltimes` tinyint(1) NOT NULL default '3',
    PRIMARY KEY (`id`)
    ) TYPE=MyISAM AUTO_INCREMENT=3 ;
    Now you see it all it should make more sense, everything works perfectly except for some reason it isn't filling in the "$getfilename" field in the "links" table. So instead of give the proper file it defaults to giving out "send_url.php" This is whats in the "send_url.php" file after it allows the customer to download it.

    <br><table border='1' cellpadding='2' bgcolor='#FFFFDF' bordercolor='#E8B900' align='center'><tr><td><font face='Arial' size='1' color='#000000'><b>PHP Error Message</b></font></td></tr></table><br />
    <b>Warning</b>: set_time_limit() has been disabled for security reasons in <b>/home/a6972032/public_html/download/send_url.php</b> on line <b>77</b><br />
    Last edited by robsworld; 03-13-2009 at 07:10 PM.

  • #9
    New Coder
    Join Date
    Mar 2009
    Posts
    52
    Thanks
    4
    Thanked 6 Times in 6 Posts
    Hmm... I thought I might point out that the two files you posted (ipn.php and send_url.php) are exactly the same except that in one of them $price == $amount hasn't been fixed...

  • #10
    New to the CF scene
    Join Date
    Mar 2009
    Posts
    6
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Wow, I don't know how I managed that. The proper code has now been posted.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •