Jump to content
Larry Ullman's Book Forums

Ipn.Php Question


Recommended Posts

Hi Larry...

 

A few lines after the database connection is established in ipn.php, the ternary operator sets $uid to either $uid from register.php or zero, depending on whether a user ID comes back from PayPal in the POST array.

 

My questions are, why would you not check for a $uid > 0 before running the query to insert $uid into the orders table? If zero is an invalid entry into the users table, why would it be OK to insert a $uid equal to zero into the orders table? This doesn't make sense to me, what am I missing here?

 

Thank you,

Hacker

Link to comment
Share on other sites

I'm just sort of guessing here, but I would assume it's so that you could have a record of the transaction to manually match up to a user in your database. If the transaction went through, but you left no record of it because an error occurred while obtaining the user id, then you would wind up holding someone's money and being none-the-wiser.

  • Upvote 1
Link to comment
Share on other sites

Let me see if I can get close. The line I think you are looking at is:

 

$uid = (isset($_POST['custom'])) ? (int) $_POST['custom'] : 0;

 

This is part of a conditional execution of IF statements requesting whether or not the transaction_id in the orders table has changed starting with:

 

if (mysqli_num_rows ($r) ==0 {

 

If this statement is TRUE then it will execute the statement that you are asking about.

 

The $uid is set in register.php script for the PAYPAL link and form. the ipn.php script reuses that same $uid. The question mark is being used as a transitional qualifier to verify that the $uid is an integer. The : 0; in that statement is a TRUE/FALSE (as in Zero and One) remark.

 

If this is close then the $_POST will be placing an integer in the orders table, not the zero.

 

Checking the $uid > 0 happens after this step then is set to update the users table if TRUE and trigger_error if FALSE.

 

Hope this helps a bit.

 

Todd

Link to comment
Share on other sites

Thank you all for the replies. I don't recall using or even opening ipn_log.php; however, I'll come back to this issue later in the day. For now, I'm having trouble with the following:

 

After creating a successful PayPal Sandbox transaction and returning to thanks.php I'm greeted with the following message echoed to the viewport:

 

"Thank you for your payment! You may now access all of the site's content for the next year! Note: Your access to the site will automatically be renewed via PayPal each year. To disable this feature, or to cancel your account, see the "My preapproved purchases" section of your PayPal Profile page."

 

However, when I try to view the subscription material without first logging out and then logging back in again, I receive the message:

 

"
Thank you for your interest in this content. Unfortunately your account has expired. Please renew your account in order to view any of the PDFs listed below."

 

I need to figure out why this is happening. Since the buyer is logged in (just after registering) and has just paid, they should be able to immediately view the subscription material.

 

Thanks again,

Hacker

Link to comment
Share on other sites

In the Updating the Registration Page the login information is set via:

 

$_SESSION['use_reg_id'] = $uid

 

and the query just before that line finishes with:

 

VALUE('u','$e','" . get_password_hash($p). "', '$fn','ln',SUBDATE(NOW(),INTERVAL 1 DAY))";

 

this sets the expiration to 24 hours ago. It technically ends the session. After the update from PAYPAL you would need to log out and then log in again to re-set the session so that it reads the new information from the database.

 

This is a function and not a bug. You may try to just refresh the page but i'm thinking that this would not re-set the session.

 

Hope this helps

 

Todd

Link to comment
Share on other sites

That's a good question, I think Larry or Jonathon (as both have been very helpful to me) would be able to write a sub-script that would re-read or re-set the session to update what information is reading so that the end user would not have to log out and then back in.

 

But on the other hand, I have been to several sites that require the user to log out and then back in after the transaction.

Link to comment
Share on other sites

Let me see if I can get close. The line I think you are looking at is:

 

$uid = (isset($_POST['custom'])) ? (int) $_POST['custom'] : 0;

 

 

Well yes but this command either sets $uid to (int) $_POST['custom'] OR zero depending on whether isset($_POST['custom']) is true or false. The next time $uid is used in the script (three lines later) it is placed in the variable "user_id" and stored in the users table.

 

I'm going to create another thread with my testing issue above as the subject.

 

Hacker

Link to comment
Share on other sites

 Share

×
×
  • Create New...