Avoid SQL Injection

lapterchow · Mar 23, 2019 · 7995be2 · 7995be2
1 parent 9791c9d
commit 7995be2
Showing 1 changed file with 36 additions and 16 deletions.
diff --git a/plugin/PayPalYPT/ipn.php b/plugin/PayPalYPT/ipn.php
@@ -9,26 +9,46 @@
 require_once $global['systemRootPath'] . 'objects/user.php';
 error_log("PayPalIPN Start");
 $plugin = YouPHPTubePlugin::loadPluginIfEnabled("YPTWallet");
+$walletObject = YouPHPTubePlugin::getObjectData("YPTWallet");
 $paypal = YouPHPTubePlugin::loadPluginIfEnabled("PayPalYPT");
-$users_id = User::getId();
-
-$invoiceNumber = uniqid();
 
-$payment = $paypal->execute();
-//var_dump($amount);
-$obj= new stdClass();
-$obj->error = true;
-if (!empty($payment)) {
-    $amount = PayPalYPT::getAmountFromPayment($payment);
-    $plugin->addBalance($users_id, $amount->total, "Paypal payment", "PayPalIPN");
-    $obj->error = false;
-    error_log("PayPalIPN: Executed ".json_encode($payment));
-    //header("Location: {$global['webSiteRootURL']}plugin/YPTWallet/view/addFunds.php?status=success");
-}else{
-    error_log("PayPalIPN: Fail");
-    //header("Location: {$global['webSiteRootURL']}plugin/YPTWallet/view/addFunds.php?status=fail");
+$ipn = PayPalYPT::IPNcheck();
+if(!$ipn){
+    die("IPN Fail");
 }
 
+if(empty($_POST["recurring_payment_id"])){
+    $users_id = User::getId();
+
+    $invoiceNumber = uniqid();
+
+    $payment = $paypal->execute();
+    //var_dump($amount);
+    $obj= new stdClass();
+    $obj->error = true;
+    if (!empty($payment)) {
+        $amount = PayPalYPT::getAmountFromPayment($payment);
+        $plugin->addBalance($users_id, $amount->total, "Paypal payment", "PayPalIPN");
+        $obj->error = false;
+        error_log("PayPalIPN: Executed ".json_encode($payment));
+        //header("Location: {$global['webSiteRootURL']}plugin/YPTWallet/view/addFunds.php?status=success");
+    }else{
+        error_log("PayPalIPN: Fail");
+        //header("Location: {$global['webSiteRootURL']}plugin/YPTWallet/view/addFunds.php?status=fail");
+    }
+}else{
+    // check for the recurrement payment
+    $subscription = YouPHPTubePlugin::loadPluginIfEnabled("Subscription");
+    if(!empty($subscription)){
+        $row = Subscription::getFromAgreement($_POST["recurring_payment_id"]);
+        $users_id = $row['users_id']; 
+        $payment_amount = $_POST['mc_gross'];
+        $payment_currency = $_POST['mc_currency'];
+        if($walletObject->currency===$payment_currency){
+            $plugin->addBalance($users_id, $payment_amount, "Paypal recurrent", json_encode($_POST));
+        }
+    }
+}
 
 error_log("PayPalIPN: ".json_encode($obj));
 error_log("PayPalIPN: POST ".json_encode($_POST));