
<%@Language=VBScript%>

<%
strDB="DBQ=" & Server.Mappath("database/ipn.mdb") & ";Driver={Microsoft Access Driver (*.mdb)};"

'// IPN Posting Modes; Choose: 1, 2, 3 or 4

PostMode = "2"

           '//* 1 = Live Via PayPal Network Non-Secure
           '//* 2 = Live Via PayPal Network SSL-Secure
           '//* 3 = Test Via EliteWeaver UK Non-Secure
           '//* 4 = Test Via EliteWeaver UK SSL-Secure


Dim objHttp, IPN

IF PostMode = "1" THEN

'// Live Via PayPal Network Non-Secure
WebUrl = "http://www.paypal.com/cgi-bin/webscr"
SdHost = "www.paypal.com"

ELSEIF PostMode = "2" THEN

'// Live Via PayPal Network SSL-Secure
WebUrl = "https://www.paypal.com/cgi-bin/webscr"
SdHost = "www.paypal.com"

ELSEIF PostMode = "3" THEN

'// Test Via EliteWeaver UK Non-Secure
WebUrl = "http://www.eliteweaver.co.uk/testing/ipntest.php"
SdHost = "www.eliteweaver.co.uk"

ELSEIF PostMode = "4" THEN

'// Test Via EliteWeaver UK SSL-Secure
WebUrl = "https://ssl.uksecurewebhosting.net/~elitew/testing/ipntest.php"
SdHost = "ssl.uksecurewebhosting.net"

ELSE

'// Selected PostMode was Probably Not Set to 1, 2, 3 or 4
Response.Write ("PostMode: " &(PostMode) & " is invalid!")

END IF

IPN = Request.Form
IPN = "cmd=_notify-validate&" & IPN

Set objHTTP = Server.CreateObject("MSXML2.XMLHTTP")
objHTTP.Open "POST", WebUrl, False
objHTTP.setRequestHeader "Host", SdHost
objHTTP.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
objHTTP.setRequestHeader "Content-Length", Len(IPN)
objHTTP.Send IPN

Dim Status, Result

Status = objHttp.Status
Result = objHttp.ResponseText


IF (Status <> 200 ) THEN

'// Problem: Maybe the Requested url is Unavailable
'// Maybe Setup a little email Notification here?
'Response.Write ("Status: " &(Status)) // Remove: ' for Testing

ELSE

'// Standard - Instant Payment Notifiction Variables (Localization)

Receiver_Email = Request.Form("receiver_email")
Item_Name = Request.Form("item_name")
Item_Number = Request.Form("item_number")
Quantity = Request.Form("quantity")
Invoice = Request.Form("txn_id")
Custom = Request.Form("custom")
Option_Name1 = Request.Form("option_name1")
Option_Selection1 = Request.Form("option_selection1")
Option_Name2 = Request.Form("option_name2")
Option_Selection2 = Request.Form("option_selection2")
Num_Cart_Items = Request.Form("num_cart_items")
Payment_Status = Request.Form("payment_status")
Pending_Reason = Request.Form("pending_reason")
Payment_Date = Request.Form("payment_date")
Settle_Amount = Request.Form("settle_amount")
Settle_Currency = Request.Form("settle_currency")
Exchange_Rate = Request.Form("exchange_rate")
Payment_Gross = Request.Form("payment_gross")
Payment_Fee = Request.Form("payment_fee")
Mc_Gross = Request.Form("mc_gross")
Mc_Fee = Request.Form("mc_fee")
Mc_Currency = Request.Form("mc_currency")
'Txn_Id = Request.Form("txn_id")
Txn_Type = Request.Form("txn_type")
First_Name = Request.Form("first_name")
Last_Name = Request.Form("last_name")
Address_Street = Request.Form("address_street")
Address_City = Request.Form("address_city")
Address_State = Request.Form("address_state")
Address_Zip = Request.Form("address_zip")
Address_Country = Request.Form("address_country")
Address_Status = Request.Form("address_status")
Payer_Email = Request.Form("payer_email")
Payer_Id = Request.Form("payer_id")
Payer_Status = Request.Form("payer_status")
Payment_Type = Request.Form("payment_type")
Notify_Version = Request.Form("notify_version")
Verify_Sign = Request.Form("verify_sign")

set rsProducts = Server.CreateObject("ADODB.Recordset")
rsProducts.ActiveConnection = strDB
rsProducts.Source = "SELECT * From Products WHERE Item_Number = " & Item_Number
rsProducts.CursorType = 0
rsProducts.CursorLocation = 2
rsProducts.LockType = 3
rsProducts.Open()


IF (Result = "VERIFIED") THEN


Dim objCDO

Set objCDO = Server.CreateObject("CDONTS.NewMail")
objCDO.From = "acdesigner@earthlink.net"
objCDO.To = Payer_Email
objCDO.CC = "acdesigner@earthlink.net"
objCDO.Subject = "Product Download Information"
objCDO.BodyFormat = 0 
objCDO.MailFormat = 0 
objCDO.Body = HTML
objCDO.Body = "<html>" & vbCrLf & "<head>" & vbCrLf & "<title>Untitled Document</title>" & vbCrLf & "<meta http-equiv= Content-Type content= text/html; charset= iso-8859-1>" & vbCrLf & "</head>" & vbCrLf & vbCrLf & "<body bgcolor= #FFFFFF text= #000000>" & vbCrLf & "<p>Thank you for purchasing " & rsProducts.Fields.Item("Product_Name").Value & ",</p>" & vbCrLf & "<p>Here is the link to download your copy:</p>" & vbCrLf & "<p>" & "<a href=http://www.bantrax.com/ipn-kit/demo/dl.asp?dl_id=" & rsProducts.Fields.Item("Item_Number").Value & ">http://www.bantrax.com/06/dl.asp?dl_id=" & rsProducts.Fields.Item("Item_Number").Value & "</a>"& "</p>" & vbCrLf & "<p> </p>" & vbCrLf & "<p>If you need help installing it, email me anytime at <a href = mailto:acdesigner@earthlink.net>acdesigner@earthlink.net</a></p>" & vbCrLf & "<p> </p>" & vbCrLf & "<p>Regards,</p>" & vbCrLf & "<p>David Morgan</p>" & "</body>" & vbCrLf & "</html>"
objCDO.Send()
Set objCDO = Nothing


set edit = server.createobject("ADODB.Command")
	edit.activeconnection = strDB
	edit.commandtext = "INSERT INTO transactions(invoice, item_name, item_number, quantity, first_name, last_name, address_street, address_city, address_state, payer_email, payment_type, payment_date, payment_fee, payment_gross) VALUES('" & Invoice & "', '" & Item_Name & "', '" & Item_Number & "', '" & Quantity & "', '" & First_Name & "', '" & Last_Name & "', '" & Address_Street & "', '" & Address_City & "', '" & Address_State & "', '" & Payer_Email & "', '" & Payment_Type & "', '" & Payment_Date & "', '" & Payment_Fee & "', '" & Payment_Gross & "')"
	edit.execute
	edit.activeconnection.close
	set edit = nothing


'// IPN was Confirmed as both Genuine and VERIFIED
'// Check that the "payment_status" variable is: Completed
'// If it is Pending you may Want to Inform your Customer?
'// Check your DB to Ensure this "txn_id" is Not a Duplicate
'// You may want to Check the "payment_gross" or "mc_gross" matches listed Prices?
'// You definately want to Check the "receiver_email" is yours
'// Update your DB and Process this Payment accordingly
'Response.Write ("Result: " &(Result)) // Remove: ' for Testing


ELSEIF (Result = "INVALID") THEN

set edit = server.createobject("ADODB.Command")
	edit.activeconnection = strDB
	edit.commandtext = "INSERT INTO falsetransactions(invoice, item_name, item_number, quantity, first_name, last_name, address_street, address_city, address_state, payer_email, payment_type, payment_date, payment_gross) VALUES('" & Invoice & "', '" & Item_Name & "', '" & Item_Number & "', '" & Quantity & "', '" & First_Name & "', '" & Last_Name & "', '" & Address_Street & "', '" & Address_City & "', '" & Address_State & "', '" & Payer_Email & "', '" & Payment_Type & "', '" & Payment_Date & "', '" & Payment_Gross & "')"
	edit.execute
	edit.activeconnection.close
	set edit = nothing


'// Check your code for any Post back Validation problems
'// Investigate the Fact that this Could be a spoofed IPN
'// If updating your DB, Ensure this "txn_id" is Not a Duplicate
'Response.Write ("Result: " &(Result)) // Remove: ' for Testing

ELSE

'// Something is Definately not Right

END IF
END IF

Set objHTTP = Nothing


%>