forked from verekia/initializr-website
-
Notifications
You must be signed in to change notification settings - Fork 20
/
btcipn.php
executable file
·148 lines (112 loc) · 5.23 KB
/
btcipn.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
<?php
// Fill these in with the information from your CoinPayments.net account.
$cp_merchant_id = 'CoinPayment.net Merchant ID';
$cp_ipn_secret = 'Your Instant Payment Notification Secret';
$cp_debug_email = 'Your Debug Email';
$email_to = 'Your Email';
$headers = 'From NXT IPN Script'; $headers = 'From BTC IPN Script';
function clean_string($string) {
$bad = array('content-type','bcc:','to:','cc:','href');
return str_replace($bad,'',$string);
}
//These would normally be loaded from your database, the most common way is to pass the Order ID through the 'custom' POST field.
$order_currency = 'BTC';
$order_minimum = 0.005;
function errorAndDie($error_msg) {
global $cp_debug_email;
if (!empty($cp_debug_email)) {
$report = 'Error: '.$error_msg."\n\n";
$report .= "POST Data\n\n";
foreach ($_POST as $k => $v) {
$report .= "|$k| = |$v|\n";
}
mail($cp_debug_email, 'CoinPayments IPN Error', $report);
}
die('IPN Error: '.$error_msg);
}
if (!isset($_POST['ipn_mode']) || $_POST['ipn_mode'] != 'hmac') {
errorAndDie('IPN Mode is not HMAC');
}
if (!isset($_SERVER['HTTP_HMAC']) || empty($_SERVER['HTTP_HMAC'])) {
errorAndDie('No HMAC signature sent.');
}
$request = file_get_contents('php://input');
if ($request === FALSE || empty($request)) {
errorAndDie('Error reading POST data');
}
if (!isset($_POST['merchant']) || $_POST['merchant'] != trim($cp_merchant_id)) {
errorAndDie('No or incorrect Merchant ID passed');
}
$hmac = hash_hmac("sha512", $request, trim($cp_ipn_secret));
if ($hmac != $_SERVER['HTTP_HMAC']) {
errorAndDie('HMAC signature does not match');
}
if (!isset($_POST['custom']) || empty($_POST['custom'])) {
errorAndDie('No ripple address sent.');
}
/* VALIDATE RIPPLE ADDRESS */
$rippleRegex = '/^r[rpshnaf39wBUDNEGHJKLM4PQRST7VWXYZ2bcdeCg65jkm8oFqi1tuvAxyz]{27,35}$/';
if (preg_match($rippleRegex, $_POST['custom'], $matches) == 0 || FALSE){
errorAndDie('Ripple address invalid');
}
// HMAC Signature verified at this point, load some variables.
$txn_id = $_POST['txn_id'];
$item_name = $_POST['item_name'];
//$item_number = $_POST['item_number'];
$amount1 = floatval($_POST['amount1']);
$amount2 = floatval($_POST['amount2']);
$currency1 = $_POST['currency1'];
$currency2 = $_POST['currency2'];
$status = intval($_POST['status']);
$status_text = $_POST['status_text'];
$receivedAmount = $_POST['received_amount'];
$ripple = $_POST['custom'];
$SF = floatval(0.00025);
//depending on the API of your system, you may want to check and see if the transaction ID,
//$txn_id, has already been handled before at this point
//check if the currently incoming IPN is passing a completed transaction from this list, die if so
//else the transaction has not been handled yet and the script can continue
$lines = file('https://xagate.com/completedtxns.out');
// Loop through our array to check for already processed payments
foreach ($lines as $line_num => $line) {
echo "Line #<b>{$line_num}</b> : " . htmlspecialchars($line) . "<br />\n";
if ($txn_id == trim((string)$line)) {
echo "<b>Found a match!</b><br />";
echo "Line variable is set to $line<br />";
echo "Equal! ".$txn_id."<br />";
die('This TXN_ID has already been confirmed! DO NOT SEND ANOTHER PAYMENT!!');
}
}
// Then continue on with the original file from here...
if ($currency1 != $order_currency) {
errorAndDie('Original currency mismatch!');
}
// Check amount against order total
if ($amount1 < $order_minimum) {
errorAndDie('Amount is less than order total!');
}
if ($status == 100) {
/*
This next section builds the command for executing the ruby script on the server
This ruby script will take in the ripple address, the amount of IOUs to issue, a currency, and the txn_id
*/
$sendAmount = $amount1 - $SF;
$data = $ripple." ".$sendAmount." ".$currency1." ".$txn_id;
$command = "ruby submit.rb"." ".$data;
$output = shell_exec("ruby /full_path_to/submit.rb"." ".$data);//executes the command, receives an array and integer for the return values
echo "<pre>$output</pre>";
$email_message = 'An BTC deposit has been confirmed! ';
$email_message .= ' Ripple: '.clean_string($ripple).' ';
$email_message .= ' Currency1 '.clean_string($currency1).' ';
$email_message .= ' BTC Amount: '.clean_string(($amount1 - $SF)).' ';
$email_message .= ' Transaction ID: '.clean_string($txn_id).' ';
$email_message .= 'Received Amount: '.clean_string($receivedAmount).' ';
$email_message .= 'Currency2: '.clean_string($currency2).' ';
$email_message .= ' The script has completed. If anything went wrong, the client will be refunded in 6 hours or contact support.';
$email_message .= ' The output from submit.rb follows: '.$output.' ';
$subject = "BTC IPN: Script Completed";
'X-Mailer: PHP/' . phpversion();
@mail($email_to, $subject, $email_message, $headers);
die("IPN OK. Hit end of success block.");
}
?>