for details. if ($_SERVER["REQUEST_METHOD"] == "POST") { if ( !isset( $HTTP_RAW_POST_DATA ) ) { $HTTP_RAW_POST_DATA = file_get_contents("php://input"); } } $xml_parser = xml_parser_create(); xml_set_element_handler($xml_parser, "startElement", "endElement"); xml_set_character_data_handler($xml_parser, "characterData"); if (!xml_parse($xml_parser, $HTTP_RAW_POST_DATA, TRUE)) { $msg = sprintf("XML error: %s at line %d", xml_error_string(xml_get_error_code($xml_parser)), xml_get_current_line_number($xml_parser)); xml_parser_free($xml_parser); ReportFatalError($msg); } xml_parser_free($xml_parser); // We have all the data in the $XmlData array // Check the secret text if ($XmlData["ORDERNOTICEDS"]["ORDERINFO"]["ORDER_NOTICE_SECRET"]["_data"] != $order_notice_secret) { ReportFatalError("Invalid order notice secret\n"); } // Ignore Preview orders if (($debug == 0) && ($XmlData["ORDERNOTICEDS"]["ORDERINFO"]["STATUS"]["_data"] == "PREVIEW")) { ReportFatalError("No processing of preview order except in debug mode.\n"); } // We will open a MySql database and store the serial numbers if (!TryOpenDb()) { ReportFatalError($DbError); } // The tables in eSellerate.sql are type InnoDB, so we can have the safety of transactions. // The corresponding COMMIT is at the end of this file. The ROLLBACK, if necessary, is over in ReportFatalError(). mysql_query("BEGIN"); //$date = date("Y/m/d"); // Fix up the transaction date to give MySQL something it likes. $tran_date_str = $XmlData["ORDERNOTICEDS"]["ORDERINFO"]["TRAN_DATE"]["_data"]; $tran_date_stamp = strtotime($tran_date_str); $tran_date_for_sql = strftime("%Y-%m-%d", $tran_date_stamp); $XmlData["ORDERNOTICEDS"]["ORDERINFO"]["TRAN_DATE"]["_data"] = $tran_date_for_sql; // Write the OrderInfo stuff to the database $orderNumber = $XmlData["ORDERNOTICEDS"]["ORDERINFO"]["ORDER_NUMBER"]["_data"]; // First check and see whether the order's already in the database. $sqlResult = mysql_query("SELECT ORDER_NUMBER from OrderInfo WHERE ORDER_NUMBER=\"$orderNumber\""); if (!$sqlResult) { ReportFatalError(mysql_error()); } $numRows = mysql_num_rows($sqlResult); mysql_free_result($sqlResult); if ($numRows > 0) { ReportFatalError("Order $orderNumber is already in the database\n"); } // It wasn't there? OK, put it there. // Build a query string $queryStringValues = array(); foreach ($orderInfoFields as $currentField) { $queryStringValues[] = "\"" . mysql_real_escape_string($XmlData["ORDERNOTICEDS"]["ORDERINFO"][$currentField]["_data"]) . "\""; } $queryString = "INSERT INTO OrderInfo (" . join(", ", $orderInfoFields) . ")" . " VALUES (" . join(", ", $queryStringValues) . ")"; if ($debug == 1) { echo "$queryString\n"; } // Do the insert $sqlResult = mysql_query($queryString); if (!$sqlResult) { ReportFatalError(mysql_error()); } // For Aquatic Prime we really need the date and time (in case someone orders more than one copy // the same day), so the date from eSellerate won't cut it. $sn_date = strftime("%Y-%m-%d %H:%m:%S"); // Process each order line for ($i = 0; $i < $nOrderLines; ++$i) { // Now do the AquaticPrime stuff if (in_array($XmlData["ORDERNOTICEDS"]["ORDERLINES"][$i]["SKU_ID"]["_data"], $aquaticPrimeSKUs)) { $product = $XmlData["ORDERNOTICEDS"]["ORDERLINES"][$i]["SKU_TITLE"]["_data"]; $name = $XmlData["ORDERNOTICEDS"]["ORDERLINES"][$i]["REGISTRATION_NAME"]["_data"]; if ($name == "") { $name = $XmlData["ORDERNOTICEDS"]["ORDERINFO"]["FIRST_NAME"]["_data"] . " " . $XmlData["ORDERNOTICEDS"]["ORDERINFO"]["LAST_NAME"]["_data"]; } $email = $XmlData["ORDERNOTICEDS"]["ORDERINFO"]["EMAIL"]["_data"]; $unit_price = $XmlData["ORDERNOTICEDS"]["ORDERLINES"][$i]["UNIT_PRICE"]["_data"]; $count = $XmlData["ORDERNOTICEDS"]["ORDERLINES"][$i]["QUANTITY"]["_data"]; // eSellerate only gives you the date, not the time (so we don't do RFC 2822 formatting here). $transactionID = $orderNumber; // Create our license dictionary to be signed $dict = array("Product" => $product, "Name" => $name, "Email" => $email, "Licenses" => $count, "Timestamp" => $sn_date, "TransactionID" => $transactionID); $license = licenseDataForDictionary($dict, $key, $privateKey); // Note that the database size for SERIAL_NUMBER was raised from 255 (eSellerate's size) to // a MySQL TEXT field to fit alternate registration schemes. $XmlData["ORDERNOTICEDS"]["ORDERLINES"][$i]["SERIAL_NUMBER"]["_data"] = $license; $to = $email; $from = str_replace(array("##NAME##", "##EMAIL##"), array($name, $email), $from); $subject = str_replace(array("##NAME##", "##EMAIL##"), array($name, $email), $subject); $message = str_replace(array("##NAME##", "##EMAIL##", "##LICENSES##"), array($name, $email, $count), $message); $licenseName = str_replace(array("##NAME##", "##EMAIL##"), array($name, $email), $licenseName); $bcc = str_replace(array("##NAME##", "##EMAIL##"), array($name, $email), $bcc); sendMail($to, $from, $subject, $message, $license, $licenseName, $bcc); } // Build a query string $queryStringValues = array(); foreach ($orderLinesFields as $currentField) { $queryStringValues[] = "\"" . mysql_real_escape_string($XmlData["ORDERNOTICEDS"]["ORDERLINES"][$i][$currentField]["_data"]) . "\""; } $queryString = "INSERT INTO OrderLines (" . join(", ", $orderLinesFields) . ", ORDER_NUMBER, SN_DATE)" . " VALUES (" . join(", ", $queryStringValues) . ", \"$orderNumber\", \"$sn_date\")"; if ($debug == 1) { echo "$queryString\n"; } // Do the insert $sqlResult = mysql_query($queryString); if (!$sqlResult) { ReportFatalError(mysql_error()); } } mysql_query("COMMIT"); CloseDb(); ?>