<%@ page import="java.util.*"%>
<%@ page import="java.net.*"%>
<%@ page import="java.io.*"%>
<%@page import="java.sql.DriverManager"%>
<%@page import="java.sql.SQLException"%>
<%@page import="java.sql.Connection"%>
<%@page import="java.sql.Statement"%>
<%@page import="java.sql.ResultSet"%>
<%@page import="mk.webapps.xxx.server.DBAccess"%>
<%@page import="java.util.Date"%>
<%@ page import="java.text.SimpleDateFormat"%>
<%
// read post from PayPal system and add 'cmd'
Enumeration en = request.getParameterNames();
String str = "cmd=_notify-validate";
while (en.hasMoreElements()) {
String paramName = (String) en.nextElement();
String paramValue = request.getParameter(paramName);
str = str + "&" + paramName + "=" + URLEncoder.encode(paramValue);
}
// post back to PayPal system to validate
// NOTE: change http: to https: in the following URL to verify using SSL (for increased security).
// using HTTPS requires either Java 1.4 or greater, or Java Secure Socket Extension (JSSE)
// and configured for older versions.
//URL u = new URL("https://www.paypal.com/cgi-bin/webscr");
URL u = new URL("https://www.sandbox.paypal.com/cgi-bin/webscr");
URLConnection uc = u.openConnection();
uc.setDoOutput(true);
uc.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
uc.setRequestProperty("Host", "www.sandbox.paypal.com");
PrintWriter pw = new PrintWriter(uc.getOutputStream());
pw.println(str);
pw.close();
BufferedReader in = new BufferedReader(new InputStreamReader(uc.getInputStream()));
String res = in.readLine();
in.close();
// assign posted variables to local variables
String itemName = request.getParameter("item_name");
String itemNumber = request.getParameter("item_number");
String paymentStatus = request.getParameter("payment_status");
String paymentAmount = request.getParameter("mc_gross");
String paymentCurrency = request.getParameter("mc_currency");
String txnId = request.getParameter("txn_id");
String txnType = request.getParameter("txn_type");
String receiverEmail = request.getParameter("receiver_email");
String payerEmail = request.getParameter("payer_email");
String custom = request.getParameter("custom");
// String dbprefix = session.getAttribute("db_prefix").toString(); // For production systems
String dbprefix = "dev_"; // For paypal testing
Connection conn = null;
Statement select = null;
ResultSet result = null;
try
{
DBAccess dba = new DBAccess(request);
conn = dba.getDBConn();
// String sql = "";
select = conn.createStatement();
}
catch(Exception e)
{
}
select.executeUpdate("insert into dev_xxx.garbage values ('" + res + "');");
//check notification validation
if (res.equals("VERIFIED")) {
// Connection conn = null;
// Statement select = null;
// ResultSet result = null;
try {
// DBAccess dba = new DBAccess(request);
// conn = dba.getDBConn();
String sql = "";
// select = conn.createStatement();
Date dDate = new Date();
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
String sDate = sdf.format(dDate);
dDate.setMonth(dDate.getMonth() + 1);
String sDateMes = sdf.format(dDate);
select.executeUpdate("insert into dev_xxx.garbage values ('" + paymentStatus + "');");
select.executeUpdate("insert into dev_xxx.garbage values ('" + txnType + "');");
if (paymentStatus.equals("Completed") && txnType.equals("subscr_payment")) {//pago completado y periódico
if (paymentAmount.equals("9.90")) {
sql = "insert into "+ dbprefix + "xxx.UserPremium (IdUser, MailPaypal, IdPromo, IdUserType, IdPremium, FirstDate, EndDate) values("+ custom + ",'" + payerEmail + "', null, 2, 2, '"+ sDate + "', '" + sDateMes + "')";
select.executeUpdate(sql);
} else if (paymentAmount.equals("99.00")) {
dDate.setMonth(dDate.getMonth() - 1);
dDate.setYear(dDate.getYear() + 1);
String sDateYear = sdf.format(dDate);
sql = "insert into "+ dbprefix + "xxx.UserPremium (IdUser, MailPaypal, IdPromo, IdUserType, IdPremium, FirstDate, EndDate) values("+ custom + ",'" + payerEmail + "', null, 2, 2, '"+ sDate + "', '" + sDateYear + "')";
select.executeUpdate(sql);
}
else{
select.executeUpdate("insert into dev_xxx.garbage values ('" + paymentAmount + "');");
}
}
else if (txnType.equals("subscr_eot") || txnType.equals("subscr_cancel")){//suscripcion cancelada
String [] datos = custom.split(";");
sql = "insert into "+ dbprefix + "xxx.UserPremium (IdUser, MailPaypal, IdPromo, IdUserType, IdPremium, FirstDate, EndDate) values("+ datos[0] + ",'" + payerEmail + "', null, 2, 3, '"+ sDate + "', '" + sDateMes + "')";
select.executeUpdate(sql);
if (datos[1].equals("avanzado")){
sql = "insert into "+ dbprefix + "xxx.UserPremium (IdUser, MailPaypal, IdPromo, IdUserType, IdPremium, FirstDate, EndDate) values("+ datos[0] + ",'" + payerEmail + "', null, 1, 3, '"+ sDate + "', '" + sDateMes + "')";
select.executeUpdate(sql);
sql = "update "+ dbprefix +"xxx.Users set Valid=-1 WHERE Id=" + datos[0] ;
select.executeUpdate(sql);
}
// check that paymentStatus=Completed
// check that txnId has not been previously processed
// check that receiverEmail is your Primary PayPal email
// check that paymentAmount/paymentCurrency are correct
// process payment
}
} catch (Exception e) {
conn.rollback();
}
finally{
select.close();
result.close();
conn.close();
}
}
else if (res.equals("INVALID"))
{
select.executeUpdate("insert into dev_xxx.garbage values ('##INVALID##');");
// log for investigation
} else {
// error
select.executeUpdate("insert into dev_xxx.garbage values ('#"+res+"#');");
}
%>