<%@Language=VBScript%> <% '// IPN Posting Modes; Choose: 1, 2, 3 or 4 PostMode = "1" '//* 1 = Live Via PayPal Network Non-Secure '//* 2 = Live Via PayPal Network SSL-Secure '//* 3 = Test Via EliteWeaver UK Non-Secure '//* 4 = Test Via EliteWeaver UK SSL-Secure Dim objHttp, IPN dim objErrorMail IF PostMode = "1" THEN '// Live Via PayPal Network Non-Secure WebUrl = "http://www.paypal.com/cgi-bin/webscr" SdHost = "www.paypal.com" ELSEIF PostMode = "2" THEN '// Live Via PayPal Network SSL-Secure WebUrl = "https://www.paypal.com/cgi-bin/webscr" SdHost = "www.paypal.com" ELSEIF PostMode = "3" THEN '// Test Via EliteWeaver UK Non-Secure WebUrl = "http://www.eliteweaver.co.uk/testing/ipntest.php" SdHost = "www.eliteweaver.co.uk" ELSEIF PostMode = "4" THEN '// Test Via EliteWeaver UK SSL-Secure WebUrl = "https://ssl.uksecurewebhosting.net/~elitew/testing/ipntest.php" SdHost = "ssl.uksecurewebhosting.net" ELSE '// Selected PostMode was Probably Not Set to 1, 2, 3 or 4 Response.Write ("PostMode: " &(PostMode) & " is invalid!") END IF IPN = Request.Form IPN = "cmd=_notify-validate&" & IPN Set objHTTP = Server.CreateObject("MSXML2.XMLHTTP") objHTTP.Open "POST", WebUrl, False objHTTP.setRequestHeader "Host", SdHost objHTTP.setRequestHeader "Content-Type", "application/x-www-form-urlencoded" objHTTP.setRequestHeader "Content-Length", Len(IPN) objHTTP.Send IPN Dim Status, Result Status = objHttp.Status Result = objHttp.ResponseText IF (Status <> 200 ) THEN '// Problem: Maybe the Requested url is Unavailable '// Maybe Setup a little email Notification here? 'Response.Write ("Status: " &(Status)) // Remove: ' for Testing set objErrorMail = Server.CreateObject("CDONTS.NewMail") with objErrorMail .From = "undergroundguides@yahoo.com" .To = "chad@doresoftware.com" .Subject = "HTTP Status Message" .body = "HTTP status code was not 200 when verifying an IPN" .Send end with set objErrorMail = Nothing ELSE '// Standard - Instant Payment Notifiction Variables (Localization) Business = Request.Form("business") Receiver_Email = Request.Form("receiver_email") Item_Name = Request.Form("item_name") Item_Number = Request.Form("item_number") Quantity = Request.Form("quantity") Invoice = Request.Form("invoice") Custom = Request.Form("custom") Option_Name1 = Request.Form("option_name1") Option_Selection1 = Request.Form("option_selection1") Option_Name2 = Request.Form("option_name2") Option_Selection2 = Request.Form("option_selection2") Num_Cart_Items = Request.Form("num_cart_items") Payment_Status = Request.Form("payment_status") Pending_Reason = Request.Form("pending_reason") Payment_Date = Request.Form("payment_date") Settle_Amount = Request.Form("settle_amount") Settle_Currency = Request.Form("settle_currency") Exchange_Rate = Request.Form("exchange_rate") Mc_Gross = Request.Form("mc_gross") Mc_Fee = Request.Form("mc_fee") Mc_Currency = Request.Form("mc_currency") Txn_Id = Request.Form("txn_id") Txn_Type = Request.Form("txn_type") First_Name = Request.Form("first_name") Last_Name = Request.Form("last_name") Address_Name = Request.Form("address_name") Address_Street = Request.Form("address_street") Address_City = Request.Form("address_city") Address_State = Request.Form("address_state") Address_Zip = Request.Form("address_zip") Address_Country = Request.Form("address_country") Address_Status = Request.Form("address_status") Payer_Email = Request.Form("payer_email") Payer_Id = Request.Form("payer_id") Payer_Status = Request.Form("payer_status") Payment_Type = Request.Form("payment_type") Notify_Version = Request.Form("notify_version") Verify_Sign = Request.Form("verify_sign") '// Subscription - Instant Payment Notifiction Variables (Localization) '// You must Remove: ' if you are Using the Subscription Variables 'Subscr_Date = Request.Form("subscr_date") 'Period1 = Request.Form("period1") 'Period2 = Request.Form("period2") 'Period3 = Request.Form("period3") 'Amount1 = Request.Form("amount1") 'Amount2 = Request.Form("amount2") 'Amount3 = Request.Form("amount3") 'Recurring = Request.Form("recurring") 'Reattempt = Request.Form("reattempt") 'Retry_At = Request.Form("retry_at") 'Recur_Times = Request.Form("recur_times") 'Username = Request.Form("username") 'Password = Request.Form("password") 'Subscr_Id = Request.Form("subscr_id") IF (Result = "VERIFIED") THEN '// IPN was Confirmed as both Genuine and VERIFIED '// Check that the "payment_status" variable is: Completed '// If it is Pending you may Want to Inform your Customer? if Payment_Status<>"Completed" then set objErrorMail = Server.CreateObject("CDONTS.NewMail") with objErrorMail .From = "undergroundguides@yahoo.com" .To = "chad@doresoftware.com" .Cc = "undergroundguides@yahoo.com" .Subject = "Incomplete Order Notification" .body = "Payment status is : " & Payment_Status & Chr(10) & "Email : " & Payer_Email & Chr(10) & "Pending Reason : " & Pending_Reason & Chr(10) & "This is FYI only, order was still processed." .Send end with set objErrorMail = Nothing end if '// Check your DB to Ensure this "txn_id" is Not a Duplicate sql="SELECT txn_id FROM transactions WHERE txn_id='" & Txn_Id & "'" set rs=conn.Execute(sql) IF rs.EOF then rs.close ELSE rs.close conn.close set objErrorMail = Server.CreateObject("CDONTS.NewMail") with objErrorMail .From = "undergroundguides@yahoo.com" .To = "chad@doresoftware.com" .Subject = "Duplicate Transaction" .body = "A duplicate transaction ID was attempted." & Chr(10) & Payer_Email & Chr(10) & Txn_Id .Send end with set objErrorMail = Nothing Response.Clear Response.End END IF '// You may want to check if the ""mc_gross" matches listed Prices? if (Item_Number=1 and Mc_Gross<>24.98) or (Item_Number=2 and Mc_Gross<>14.98) or (Item_Number=3 and Mc_Gross<>14.98) or (Item_Number=4 and Mc_Gross<>39.98) or (Item_Number=6 and Mc_Gross<>4.95) or (Item_Number=7 and Mc_Gross<>4.95) then conn.close set objErrorMail = Server.CreateObject("CDONTS.NewMail") with objErrorMail .From = "undergroundguides@yahoo.com" .To = "chad@doresoftware.com" .Subject = "Bad Price" .body = "Paid price does not match advertised price" & Chr(10) & "Email : " & Payer_Email & Chr(10) & Item_Name & Chr(10) & Mc_Gross .Send end with set objErrorMail = Nothing Response.Clear Response.End end if '// You definately want to Check the "receiver_email" is yours if Receiver_Email<>"undergroundguides@yahoo.com" then conn.close set objErrorMail = Server.CreateObject("CDONTS.NewMail") with objErrorMail .From = "undergroundguides@yahoo.com" .To = "chad@doresoftware.com" .Subject = "Incorrect Email Address" .body = "Payment sent to incorrect e-mail WTF?!?!" & Chr(10) & "Buyers Email : " & Payer_Email .Send end with set objErrorMail = Nothing Response.Clear Response.End end if '// Update your DB and Process this Payment accordingly sql="INSERT INTO transactions (business,receiver_email,item_name,item_number,quantity,invoice,custom,option_name1,option_selection1,option_name2,option_selection2,num_cart_items,payment_status,pending_reason,payment_date,system_date,settle_amount,settle_currency,exchange_rate,mc_gross,mc_fee,mc_currency,txn_id,txn_type,first_name,last_name,address_name,address_street,address_city,address_state,address_zip,address_country,address_status,payer_email,payer_id,payer_status,payment_type,notify_version,verify_sign)" sql=sql & " VALUES " sql=sql & "('" & Business & "'," sql=sql & "'" & Receiver_Email & "'," sql=sql & """" & Item_Name & """," sql=sql & """" & Item_Number & """," sql=sql & "'" & Quantity & "'," sql=sql & "'" & Invoice & "'," sql=sql & """" & Custom & """," sql=sql & """" & Option_Name1 & """," sql=sql & "'" & Option_Selection1 & "'," sql=sql & """" & Option_Name2 & """," sql=sql & "'" & Option_Selection2 & "'," sql=sql & "'" & Num_Cart_Items & "'," sql=sql & "'" & Payment_Status & "'," sql=sql & "'" & Pending_Reason & "'," sql=sql & "'" & Payment_Date & "'," sql=sql & "'" & Now() & "'," sql=sql & "'" & Settle_Amount & "'," sql=sql & "'" & Settle_Currency & "'," sql=sql & "'" & Exchange_Rate & "'," sql=sql & "'" & Mc_Gross & "'," sql=sql & "'" & Mc_Fee & "'," sql=sql & "'" & Mc_Currency & "'," sql=sql & "'" & Txn_Id & "'," sql=sql & "'" & Txn_Type & "'," sql=sql & """" & First_Name & """," sql=sql & """" & Last_Name & """," sql=sql & """" & Address_Name & """," sql=sql & """" & Address_Street & """," sql=sql & """" & Address_City & """," sql=sql & """" & Address_State & """," sql=sql & "'" & Address_Zip & "'," sql=sql & """" & Address_Country & """," sql=sql & "'" & Address_Status & "'," sql=sql & "'" & Payer_Email & "'," sql=sql & "'" & Payer_Id & "'," sql=sql & "'" & Payer_Status & "'," sql=sql & "'" & Payment_Type & "'," sql=sql & "'" & Notify_Version & "'," sql=sql & "'" & Verify_Sign & "')" on error resume next conn.Execute sql set objErrorMail = Server.CreateObject("CDONTS.NewMail") with objErrorMail .From = "undergroundguides@yahoo.com" .To = "chad@doresoftware.com" .Subject = "Database Response" if err<>0 then .body = "Database update failed with error - " & err.description else .body = "Database updated successfully" & Chr(10) & First_Name & Chr(10) & Last_Name & Chr(10) & Payer_Email & Chr(10) & Item_Name & Chr(10) & Mc_Gross end if .Send end with set objErrorMail = Nothing ' Check to see if Customer Exists sql = "SELECT email FROM users WHERE email='" & Payer_Email & "'" set rs=conn.execute(sql) if rs.EOF then ' Add this new customer to the database CustomerExists=False ' Random Password Generator Randomize Timer For x = 1 to 6 RandChar = Int((26 * Rnd) + 65) NewPass=NewPass & chr(RandChar) next sql = "INSERT INTO users (email,pass_word,first_name,last_name,auth)" sql=sql & " VALUES " sql=sql & "('" & Payer_Email & "'," sql=sql & "'" & NewPass & "'," sql=sql & """" & First_Name & """," sql=sql & """" & Last_Name & """," sql=sql & "True)" rs.close conn.Execute sql else CustomerExists=True end if ' Update Users Authority Based on Guide Purchase select case Item_Number case 1 sql = "UPDATE users SET underground=True WHERE email='" & Payer_Email & "'" case 2 sql = "UPDATE users SET emulated=True WHERE email='" & Payer_Email & "'" case 3 sql = "UPDATE users SET platinum=True WHERE email='" & Payer_Email & "'" case 4 sql = "UPDATE users SET underground=True,emulated=True,platinum=True WHERE email='" & Payer_Email & "'" case 5 sql = "UPDATE users SET porn=True WHERE email='" & Payer_Email & "'" case 6 sql = "UPDATE users SET hamlet=True WHERE email='" & Payer_Email & "'" case 7 sql = "UPDATE users SET tkm=True WHERE email='" & Payer_Email & "'" case else set objErrorMail = Server.CreateObject("CDONTS.NewMail") with objErrorMail .From = "undergroundguides@yahoo.com" .To = "chad@doresoftware.com" .Subject = "Item does not exist" .body = "Customer bought an item that didn't exist." & Chr(10) & "Email:" & Payer_Email & Chr(10) & "Item:" & Item_Number .Send end with set objErrorMail = Nothing Response.Clear Response.End end select conn.Execute sql 'Begin Send an email to us and customer Dim objCDO Set objCDO = Server.CreateObject("CDONTS.NewMail") objCDO.From = Receiver_Email objCDO.To = Payer_Email objCDO.CC = Receiver_Email objCDO.Subject = "Purchase Confirmation" mBody = "Dear " & First_Name & "," & Chr(10) & Chr(10) if CustomerExists=False then mBody = mBody & "Thank you for your purchase, we appreciate your business." & chr(10) mBody = mBody & "In order to download your product you must do the following:" & chr(10) & chr(10) if Item_Number<6 then mBody = mBody & "1) Follow this link - http://www.undergroundguides.com/content" & Chr(10) else mBody = mBody & "1) Follow this link - http://www.redguides.com/content" & Chr(10) end if mBody = mBody & "2) Login with your e-mail address and this password - " & NewPass & Chr(10) mBody = mBody & "3) Download and enjoy your guide!" & Chr(10) & chr(10) else if Item_Number<6 then mBody = mBody & "Thank you for your support of Underground Guides." & chr(10) mBody = mBody & "Your account has been updated to reflect your recent purchase." & chr(10) mBody = mBody & "You may now login to the site to download your new guide." & chr(10) & chr(10) mBody = mBody & "http://www.undergroundguides.com/content" & chr(10) else mBody = mBody & "Thank you for your continued support of Redguides." & chr(10) mBody = mBody & "Your account has been updated to reflect your recent purchase." & chr(10) mBody = mBody & "You may now login to the site to download your new guide." & chr(10) & chr(10) mBody = mBody & "http://www.redguides.com/content" & vbcrlf & vbcrlf end if end if ' if Item_Number=2 or Item_Number=4 then mbody = mbody & "* If you don't want to wait for us to make an EQemu account for you (STEP 5 UNDER EQEMU), do it yourself by clicking here: http://forums.eqemu.net/profile.php?mode=register&agreed=true" & Chr(10) mBody = mBody & "If you need further help, please contact us at undergroundguides@yahoo.com" & chr(10) & chr(10) mBody = mBody & "Have a great day!" & chr(10) & "The Underground Guides Team" & Chr(10) objCDO.Body=mBody objCDO.Send Set objCDO = Nothing 'End Send an email to us and customer conn.close ELSEIF (Result = "INVALID") THEN '// Check your code for any Post back Validation problems '// Investigate the Fact that this Could be a spoofed IPN '// If updating your DB, Ensure this "txn_id" is Not a Duplicate 'Response.Write ("Result: " &(Result)) // Remove: ' for Testing set objErrorMail = Server.CreateObject("CDONTS.NewMail") with objErrorMail .From = "undergroundguides@yahoo.com" .To = "chad@doresoftware.com" .Subject = "INVALID Response" .body = "Paypal returned an invalid response. Check the site." .Send end with set objErrorMail = Nothing ELSE '// Something is Definately not Right END IF END IF Set objHTTP = Nothing %>