0

Trying to get a script to add a user to a database. But after the script is loaded there is a blank page. Anyone see what I am doing wrong? I am testing it in the pay pal sandbox. I have tried the database code with a form and it works. I was hoping for at least some errors so I could figure out what I am doing wrong.

<?php
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-synch';

$tx_token = $_GET['tx'];
$auth_token = "<your identity token>";
$req .= "&tx=$tx_token&at=$auth_token";

// post back to PayPal system to validate
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Host: http://www.sandbox.paypal.com\r\n";
// $header .= "Host: http://www.paypal.com\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

// url for paypal sandbox
$fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);  

// url for payal
// $fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);
// If possible, securely post back to paypal using HTTPS
// Your PHP server will need to be SSL enabled
// $fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);

if (!$fp) {
  // HTTP ERROR
} else {
fputs ($fp, $header . $req);
// read the body data
$res = '';
$headerdone = false;
while (!feof($fp)) {
  $line = fgets ($fp, 1024);
  if (strcmp($line, "\r\n") == 0) {
    // read the header
    $headerdone = true;
  }
  else if ($headerdone) {
    // header has been read. now read the contents
    $res .= $line;
  }
}

// parse the data
$lines = explode("\n", $res);
$keyarray = array();
if (strcmp ($lines[0], "SUCCESS") == 0) {
  for ($i=1; $i<count($lines);$i++){
    list($key,$val) = explode("=", $lines[$i]);
    $keyarray[urldecode($key)] = urldecode($val);
  }
// PAYMENT VALIDATED & VERIFIED!

echo"Verified!";

     // include mysql connection information
     include 'mysql_info.php';

     // connect to mysql
     $conn = mysqli_connect(DBHOST,DBUSER,DBPASS,DBNAME);

     // Check if the connection failed
     if( !$conn ) {
        die('Failed to connect '.mysqli_connect_error());

     // Hash the password to prevent knowing what it is
     // we use the username as a salt so we can recreate the hash on login
     // using strtolower on the user name so only the password is case sensitive
 $email = $_POST['payer_email'];
 $username = $_POST['os0'];
     $pass = hash('sha256',strtolower($_POST['username']).$_POST['os1']);

    // prepare data for database
     $username = mysqli_real_escape_string($conn,$_POST['username']);
     $email = mysqli_real_escape_string($conn,$_POST['email']);

     // Create the insert query, using real_escape_string to prevent SQL Injection
     $query = sprintf("INSERT INTO `users` (`username`,`email`,`password`) VALUES ('%s','%s','%s')",
                      $username, $email, $pass);

     // Attempt insert the new user
     if( mysqli_query($conn,$query) ) {
        die('You have successfully registered as '.$_POST['username'].'<br /><a href="/login.php">Click here</a> to log in.');
     } else {
        // Insert failed, set error message
        $errors[] = 'Error adding user to database, MySQL said:<br>
           ('.mysqli_errno($conn).') '.mysqli_error($conn).'</span>';
     }

}
}
else if (strcmp ($lines[0], "FAIL") == 0) {
  // log for manual investigation
  echo "Fail!";
}
}
fclose ($fp);

?>
rrolleston
  • 11
  • 2
  • Try activating proper error reporting: http://stackoverflow.com/questions/5438060/showing-all-errors-and-warnings – Zwirbelbart Feb 22 '14 at 16:38
  • I added this to my script and still no errors show. error_reporting(E_ALL); ini_set('display_errors', 1); – rrolleston Feb 22 '14 at 16:52
  • Are there any errors shown? What about $errors? Does it contain an error? – Zwirbelbart Feb 22 '14 at 16:55
  • $erros is not set because the script never makes it to that part of the script. It should at least echo Verified! or Failed! from the script. I was wondering if I am just missing something simple. Really confused. – rrolleston Feb 22 '14 at 17:03
  • IPN isn't something that runs in the browser. It's a silent POST to a listener script you have sitting somewhere. You'll need to check web server logs or add txt file, database, or email logging to see the result of the script when it loads. – Drew Angell Feb 23 '14 at 04:27

0 Answers0