<?php

	include_once("../config.inc.php");
	include_once(DATEIPFAD . "db.inc.php");
	include_once(DATEIPFAD . "includes/functions.zahlungsart.inc.php");
	include_once(DATEIPFAD . "includes/functions.shopeinstellung.inc.php");
	include_once(DATEIPFAD . "includes/PaypalExpress/CallerService.php");

	// read the post from PayPal system and add 'cmd'
	$req = 'cmd=_notify-validate';
	foreach ($_POST as $key => $value) {
		$value = urlencode(stripslashes($value));
		$req .= "&$key=$value";
	}
	// post back to PayPal system to validate
	$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
	$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
	$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
	
	// Sandbox? 
	if($ZahlungsartEinstellungenObject->ppexpress_use_sandbox)
		$fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);
	else
		$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
	
	
	// assign posted variables to local variables
	$item_name = $_POST['item_name'];
	$business = $_POST['business'];
	$item_number = $_POST['item_number'];
	$payment_status = $_POST['payment_status'];
	$mc_gross = $_POST['mc_gross'];
	$payment_currency = $_POST['mc_currency'];
	$txn_id = $_POST['txn_id'];
	$receiver_email = $_POST['receiver_email'];
	$receiver_id = $_POST['receiver_id'];
	$quantity = $_POST['quantity'];
	$num_cart_items = $_POST['num_cart_items'];
	$payment_date = $_POST['payment_date'];
	$first_name = $_POST['first_name'];
	$last_name = $_POST['last_name'];
	$payment_type = $_POST['payment_type'];
	$payment_status = $_POST['payment_status'];
	$payment_gross = $_POST['payment_gross'];
	$payment_fee = $_POST['payment_fee'];
	$settle_amount = $_POST['settle_amount'];
	$memo = $_POST['memo'];
	$payer_email = $_POST['payer_email'];
	$txn_type = $_POST['txn_type'];
	$payer_status = $_POST['payer_status'];
	$address_street = $_POST['address_street'];
	$address_city = $_POST['address_city'];
	$address_state = $_POST['address_state'];
	$address_zip = $_POST['address_zip'];
	$address_country = $_POST['address_country'];
	$address_status = $_POST['address_status'];
	$item_number = $_POST['item_number'];
	$tax = $_POST['tax'];
	$option_name1 = $_POST['option_name1'];
	$option_selection1 = $_POST['option_selection1'];
	$option_name2 = $_POST['option_name2'];
	$option_selection2 = $_POST['option_selection2'];
	$for_auction = $_POST['for_auction'];
	$invoice = $_POST['invoice'];
	$custom = $_POST['custom'];
	$notify_version = $_POST['notify_version'];
	$verify_sign = $_POST['verify_sign'];
	$payer_business_name = $_POST['payer_business_name'];
	$payer_id =$_POST['payer_id'];
	$mc_currency = $_POST['mc_currency'];
	$mc_fee = $_POST['mc_fee'];
	$exchange_rate = $_POST['exchange_rate'];
	$settle_currency  = $_POST['settle_currency'];
	$parent_txn_id  = $_POST['parent_txn_id'];
	$pending_reason = $_POST['pending_reason'];
	$reason_code = $_POST['reason_code'];
	
	
	// subscription specific vars
	
	$subscr_id = $_POST['subscr_id'];
	$subscr_date = $_POST['subscr_date'];
	$subscr_effective  = $_POST['subscr_effective'];
	$period1 = $_POST['period1'];
	$period2 = $_POST['period2'];
	$period3 = $_POST['period3'];
	$amount1 = $_POST['amount1'];
	$amount2 = $_POST['amount2'];
	$amount3 = $_POST['amount3'];
	$mc_amount1 = $_POST['mc_amount1'];
	$mc_amount2 = $_POST['mc_amount2'];
	$mc_amount3 = $_POST['mcamount3'];
	$recurring = $_POST['recurring'];
	$reattempt = $_POST['reattempt'];
	$retry_at = $_POST['retry_at'];
	$recur_times = $_POST['recur_times'];
	$username = $_POST['username'];
	$password = $_POST['password'];
	
	//auction specific vars
	
	$for_auction = $_POST['for_auction'];
	$auction_closing_date  = $_POST['auction_closing_date'];
	$auction_multi_item  = $_POST['auction_multi_item'];
	$auction_buyer_id  = $_POST['auction_buyer_id'];
	
	if (!$fp) {
	// HTTP ERROR
	} else {
		fputs ($fp, $header . $req);
		while (!feof($fp)) {
			$res = fgets ($fp, 1024);
			if (strcmp ($res, "VERIFIED") == 0) {
			
				$fh_log = fopen(DATEIPFAD . "admin/data/logs/PayPalExpressIPN.log", 'a');
				fwrite($fh_log, date("d.m.Y H.i.s") . " / ");
				fwrite($fh_log, "Session " . $custom . " ");
		
				if($payment_status == 'Completed')
				{
					$SQLString = "SELECT id, waehrung, IF(kundengruppentype=3,gesamtsumme_netto,gesamtsumme_brutto) as gesamtsumme, zahlungsart_id FROM " . TABLE_BESTELLEN . " WHERE session = '" . $custom . "' AND " . TABLE_BESTELLEN . ".status = 0";
					$BestellObject = mysql_fetch_object(mysql_query($SQLString));
					
					// Bestellung speichern
					if ($BestellObject)
					{
						$ShopeinstellungObject = GetShopeinstellungDetail();
						$ZahlungsartObject = GetZahlungsartDetail($BestellObject->zahlungsart_id, "", "");
						$BestellID = $BestellObject->id;
						
						if ($BestellObject->waehrung == $settle_currency && $BestellObject->gesamtsumme == $settle_amount) {
							BestellStatusWechseln($BestellID, $ZahlungsartObject->bestellen_status_id, $ShopeinstellungObject, '');
							fwrite($fh_log, "- BestellID " . $BestellObject->id . " auf Status der Zahlungsart gesetzt");
						}
						else
							fwrite($fh_log, "- Bestellung nicht in Status Offen gesetzt, Währung oder Gesamtsumme weicht ab.");
					}
					else
						fwrite($fh_log, "- Bestellung nicht vorhanden oder nicht in Status Unbestätigt");
				}		
				else
					fwrite($fh_log, "- Status " . $payment_status);
					
				fwrite($fh_log, "\r\n");
				fclose($fh_log);
				
			} else if (strcmp ($res, "INVALID") == 0) {
				
				$fh_log = fopen(DATEIPFAD . "admin/data/logs/PayPalExpressIPNInvalid.log", 'a');
				fwrite($fh_log, date("d.m.Y H.i.s") . " / ");
				foreach($_POST as $key => $value)
				{
					fwrite($fh_log, $key . "=" . $value . " ");
				}
				fwrite($fh_log, "\r\n");
				fclose($fh_log);
			}
		}
		fclose ($fp);
	}
?>