PHP, Paypal, and Safari Issue

Hello.

It would help if you could see the code you use to record the data.

Hello.

It would help if you could see the code you use to record the data.

No problem. Here is my code:

<?php session_start();


   
    include ("includes/connect.php");
   
?>

<html>
    <head>
        <title>Confirmation</title>
        <link rel="stylesheet" type="text/css" href="css/styles.css" />
        <link rel="stylesheet" type="text/css" href="css/styles.css" />
    <LINK REL="SHORTCUT ICON"
       HREF="logo.ico">
       <link rel="icon" type="image/vnd.microsoft.icon" href="logo.ico" />

    </head>

    <body>
        <h1>Your purchase was successful!</h1>
        <p>Thank you for your payment. Your transaction has been completed, and a receipt for your purchase has been emailed to you. You may log into your account at [url]www.paypal.com/us[/url] to view details of this transaction.</p>
        <h2>You have requested the following seats. Your tickets will be held for you at Will Call.  Please bring either a printout of this order or identification to collect the tickets.</h2>
        In rare circumstances, the actual seat assigments may be changed slightly. If so, we will inform you.
        <br/><br/>

        <?php

             foreach ($_SESSION['tickets'] as $key => $event){
                foreach ($_SESSION['tickets'][$key] as $seat=>$price){
                echo "<div id='ticket-info'>";
                echo "<img src='images/logo.jpg' width='136px' height='45'/><br/>";
                 echo "Seat: ".$seat."-".$_SESSION['events'][$key][$seat]."<br/>";
                 echo "Price: \$".$price."<br/><br/>";
                
                echo "<p align='center'>$_SESSION[name]</p>";
                echo "<p align='center'>Enjoy the show!</p>";
                  $confirmation=rand(0,10000000);
                echo "<br/>Confirmation# ".$confirmation."<br/>";
                echo "</div><br/><br/>";
                $_SESSION['name']=str_replace("'", "'", $_SESSION['name']);
              
              
                mysql_query("INSERT INTO tickets (price, seat, event, confirmation, name) VALUES ($price, '$seat', ".$key.", $confirmation, '$_SESSION[name]')") or die (mysql_error());
            }
             }
             
             
            // }
			
            
        ?>
        <input type="button"
            onClick="window.print()"
            value="Print This Page"/>
        <input type="button"
            onClick="window.location='index.php'"
            value="Home"/>
    </body>

</html>

hmm. interesting.

Is this a page set as the PayPal return page?
For PayPal payments i use an IPN script (instant payment notification) which paypal sends data to securely.

hmm. interesting.

Is this a page set as the PayPal return page?
For PayPal payments i use an IPN script (instant payment notification) which paypal sends data to securely.

Yeah. This is the page that Paypal returns to.

Ok. I can see a few problems with this. First, i think the problem you are having with Mac users is with the session cookies. Secondly, anyone can visit this page.

A secure way you could do this is by using an IPN script.
So, the user would donate via the website (the url of the ipn script is set in the form as a hidden field). Once they have completed the transaction, PayPal sends data to the script which then could then enter their details into a database and email the user. Using this method requires no session variables and is much more secure.

If you would like me to help with the IPN script then i can.

Ok. I can see a few problems with this. First, i think the problem you are having with Mac users is with the session cookies. Secondly, anyone can visit this page.

A secure way you could do this is by using an IPN script.
So, the user would donate via the website (the url of the ipn script is set in the form as a hidden field). Once they have completed the transaction, PayPal sends data to the script which then could then enter their details into a database and email the user. Using this method requires no session variables and is much more secure.

If you would like me to help with the IPN script then i can.

I appreciate that. If you could help me with that, I would be very grateful as the whole Paypal process mystifies me.

Thanks.

Ok. Could i also see the code for the paypal form you have. It will help me with the script.

Ok. Could i also see the code for the paypal form you have. It will help me with the script.

Sure. I believe this is what you need.

<form target="_self" action="https://www.paypal.com/cgi-bin/webscr" target="_self" method="post">
                    <input type="hidden" name="cmd" value="_xclick" />
                    <input type="hidden" name="business" value="tickets@example.com" />
                    <input type="hidden" name="lc" value="US" />
                    <input type="hidden" name="item_name" value="<?php echo $tseat; ?>" />
                    <input type="hidden" name="item_name2" value="Tickets - <?php echo $tseat; ?>" />
                    <input type="hidden" name="amount" value="<?php echo $total ?>" />
                    <input type="hidden" name="currency_code" value="USD" />
                    <input type="hidden" name="button_subtype" value="products" />
                    <input type="hidden" name="no_note" value="0" />
                    <input type="hidden" name="quantity" value="1" />
                    <input type="hidden" name="redirect_cmd" value="_xclick" />
                    <input type="hidden" name="no_shipping" value="1" />
                    <input type="hidden" name="image_url" value="https://static.e-junkie.com/sslpic/example.jpg"/>
                    <input type="hidden" name="return" value="http://www.example.com/tickets/success.php" />
                    <input type="hidden" name="cancel_return" value="http://www.example.com/tickets/" />
                    <input type="hidden" name="add" value="1" />
                    <input type="hidden" name="cn" value="Be sure to click on the 'Return to BAMtheatre LLC' link to finalize the purchase and print your ticket." />
                    <input type="hidden" name="bn" value="PP-ShopCartBF:btn_cart_LG.gif:NonHostedGuest" />
                    <input type="image" src="https://www.paypal.com/en_US/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!" />
                    <img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1" />
                </form>

Ok. I have done the basics of the IPN for you. You may need to change things in it such as email addresses etc. Also, you may need to add more rows to your database to handle the extra data, especially a row called txn_id. if you read through the code it will become clear.

Here is the code:

<?php
//Include connection file//
include ("connect.php");

//Check if there is no data being posted (a user visits the page)//
if(sizeof($_POST) == 0)
{
	//User should not be visiting this page//
	echo '<html><body><legend><font style="color:#F00"><h1>Restricted Area</h1></font>
		<p>You are not permitted to access this page.</p></legend></body></html>';
}
else
{
//The script is reciving data//
$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}

$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30); //Open a connection to paypal//

		//Payment Details//
			$Amount = $_POST['mc_gross'];
			$PayPalFee = $_POST['payment_fee']; 
			$txn_id = $_POST['txn_id'];
		//Address Data - Address registered to paypal account//
			$UserCountry = $_POST['address_country'];
			$UserCity = $_POST['address_city'];
			$UserState = $_POST['address_state'];
			$UserStreet = $_POST['address_street'];
			$UserZip = $_POST['address_zip'];
		//Users Details - Details registered to paypal account//
			$UserFirstName = $_POST['first_name'];
			$UserLastName = $_POST['last_name']; 
			$UserPhoneNumber = $_POST['contact_phone'];
			$UserEmail = $_POST['payer_email'];
		//Item Names//
			$Item1 = $_POST['item_name1'];
			$Item2 = $_POST['item_name2'];

if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
// See if the payment was completed//
if (strcmp ($res, "VERIFIED") == 0) {
//Payment complete //

			//Check for duplicate payment//
			$txnQuery = mysql_query("SELECT txn_id FROM tickets WHERE txn_id='$txn_id'") or die(mysql_error());
			$numrows = mysql_num_rows($txnQuery);
			mysql_free_result($txnQuery); 
			if($numrows == 0)//No duplicate//
			{
			//Update database//
			mysql_query("INSERT INTO tickets (price, seat, event, confirmation, name) VALUES ($price, '$seat', ".$key.", $confirmation, '$_SESSION[name]')") or die (mysql_error());
				
			//Email User//
				
				$subject = 'Bam Theatre Tickets';
				$message = '
				
				Dear ' . $UserFirstName . ' ' . $UserLastName . '

				Thank you for your purchase of ' . $Item2 . '.

				Tickets will be send to: ' . $UserStreet. ', ' . $UserCity . ', ' . $UserZip . '
				
				Thank you.
				
				Regards
				Bam Theatre';

				$headers = 	'From: tickets@bamtheatre.com' . "\r\n" .
    						'Reply-To: support@bamtheatre.com' . "\r\n" .

				mail($UserEmail, $subject, $message, $headers);
			
			}
			else
			{	//Payment has been repeated//
				$to = 'admin@bamtheatre.com';
				$subject = 'Bam Theatre | Repeated Payment';
				$message = '
				
				Dear Administrator,
				
				A payment has been made but is flagged as Repeated.
				Please verify the payment manualy and contact the buyer.
				
				User Detials:
				
				Email: '.$UserEmail.'
				Name: ' . $UserFirstName . ' ' . $UserLastName . '
				Amount: ' . $Amount . '
				';
				$headers = 'From: tickets@bamtheatre.com' . "\r\n";
				
				mail($to, $subject, $message, $headers);
			
			}

}
else if (strcmp ($res, "INVALID") == 0) {//Invalid paymeant//

	$to = 'admin@bamtheatre.com';
	$subject = 'Bam Theatre | Invalid Payment';
	$message = '
	
	Dear Administrator,
	
	A payment has been made but is flagged as INVALID.
	Please verify the payment manualy and contact the buyer.
	
	Email: '.$UserEmail.'
	Name: ' . $UserFirstName . ' ' . $UserLastName . '
	Amount: ' . $Amount . '
	';
	$headers = 'From: tickets@bamtheatre.com' . "\r\n";
	
	mail($to, $subject, $message, $headers);

	}
}
fclose ($fp);//Close connection//
}
}
?>

Put this is a php document called ipn.php and put it in the includes folder.

Also, you need to add the following line to the paypal form:

<input type="hidden" name="notify_url" value="http://bamtheatre.com/includes/ipn.php">

You probably will no longer need the 'Enter your name' bit on the ticket process since it isn't used by paypal unless it is entered into a database.

Hope this is what you are looking for.

Thank you so much! Much appreciation!

Hello metropolisiii.

How are you getting on with the script?

Hello metropolisiii.

How are you getting on with the script?

I was able to get it working. Definitely, a much better solution. Thank you for helping me understand IPN. I haven't been able to get it forever and now it just clicks.

Glad I could help :D. If it is all okay now, mark the thread as 'solved' :)