protected void PayPalImageButton_Click(object sender, ImageClickEventArgs e)
{
const string Server_URL = "https://www.sandbox.paypal.com/cgi-bin/webscr";
const string return_URL = "http://www.haithem-araissia.com/WIP2/RightCleanSideJOB2008FromInetpub/CleanSIDEJOB2008/Authenticated/Professional/Paypal/PDTSuccess.aspx";
const string cancelreturn_URL = "http://www.haithem-araissia.com/WIP2/RightCleanSideJOB2008FromInetpub/CleanSIDEJOB2008/Authenticated/Professional/Paypal/CancelPayment.aspx";
const string notify_url = "http://www.haithem-araissia.com/WIP2/RightCleanSideJOB2008FromInetpub/CleanSIDEJOB2008/Authenticated/Professional/Paypal/Handler.aspx";
const string cmd = "_xclick";
ProfessionalPDTDataSet.ProfessionalPaymentDueDataTable ProfessionalPaymentDueTable;
GetValue(out ProfessionalPaymentDueTable);
const string business = "*****@*****.**";
string item_name = ProfessionalPaymentDueTable.Rows[0]["ProjectTitle"].ToString();
string project_id = Request.QueryString["ID"].ToString();
string ProID = GetProfessionalID();
if (PaymentMade(ProID, project_id) == false)
{
string redirect = "";
redirect += Server_URL;
redirect += "?cmd=" + cmd;
redirect += "&business=" + business;
redirect += "&item_name=" + item_name;
redirect += "&amount=" + Amount.Text.ToString();
redirect += "¤cy_code=" + CurrencyDropDownList.SelectedValue.ToString();
redirect += "&payer_id=" + ProID.ToString();
redirect += "&receiver_email=" + "*****@*****.**";
redirect += "&custom=" + project_id;
redirect += "¬ify_url" + notify_url;
redirect += "&return=" + return_URL;
redirect += "&cancel_return" + cancelreturn_URL;
ProfessionalPDTDataSetTableAdapters.QueriesTableAdapter ProfessionalPDT = new ProfessionalPDTDataSetTableAdapters.QueriesTableAdapter();
ProfessionalPDT.ProfessionalStartPayment(Convert.ToInt32(project_id), Convert.ToDouble(Amount.Text.ToString()), CurrencyDropDownList.SelectedValue.ToString(), Convert.ToInt32(ProID));
//Redirect to the payment page
Response.Redirect(redirect);
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (!Page.IsPostBack)
{
// Used parts from https://www.paypaltech.com/PDTGen/
// Visit above URL to auto-generate PDT script
authToken = WebConfigurationManager.AppSettings["PROPDTToken"];
//read in txn token from querystring
txToken = Request.QueryString.Get("tx");
query = string.Format("cmd=_notify-synch&tx={0}&at={1}", txToken, authToken);
// Create the request back
string url = WebConfigurationManager.AppSettings["PayPalSubmitUrl"];
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);
// Set values for the request back
req.Method = "POST";
req.ContentType = "application/x-www-form-urlencoded";
req.ContentLength = query.Length;
// Write the request back IPN strings
StreamWriter stOut = new StreamWriter(req.GetRequestStream(), System.Text.Encoding.ASCII);
stOut.Write(query);
stOut.Close();
// Do the request to PayPal and get the response
StreamReader stIn = new StreamReader(req.GetResponse().GetResponseStream());
strResponse = stIn.ReadToEnd();
stIn.Close();
string ProID = GetProfessionalID();
PDTHolder pdt = PDTHolder.Parse(strResponse);
ProfessionalPDTDataSetTableAdapters.ProfessionalStartingPaymentTableAdapter ProfessionalPDTAdapter = new ProfessionalPDTDataSetTableAdapters.ProfessionalStartingPaymentTableAdapter();
ProfessionalPDTDataSet.ProfessionalStartingPaymentDataTable ProfessionalPDTTable = new ProfessionalPDTDataSet.ProfessionalStartingPaymentDataTable();
ProfessionalPDTAdapter.FillVerifyTransaction(ProfessionalPDTTable, Convert.ToInt32(pdt.Custom));
// If response was SUCCESS, parse response string and output details
//The payment is succesful
if (strResponse.StartsWith("SUCCESS"))
{
//If there is no match
//The Professional close the windows.
//If There is a match
//The Professional return back to the confirmation page.
foreach (DataRow row in ProfessionalPDTTable)
{
ProfessionalPDTDataSetTableAdapters.QueriesTableAdapter ProfessionalPDT = new ProfessionalPDTDataSetTableAdapters.QueriesTableAdapter();
if (pdt.Custom.ToString() == row["ProjectID"].ToString() && pdt.Currency.ToString() == row["CurrencyCode"].ToString() && (row["Amount"].ToString() == pdt.GrossTotal.ToString()))
{
//Insert it only 1 time
////Sucessful PDT////
ProfessionalPDTDataSetTableAdapters.ProfessionalSuccessfulPDTTableAdapter ProfessionalSuccessfulPDTAdapter = new ProfessionalPDTDataSetTableAdapters.ProfessionalSuccessfulPDTTableAdapter();
ProfessionalPDTDataSet.ProfessionalSuccessfulPDTDataTable ProfessionalSuccessfulPDTTable = new ProfessionalPDTDataSet.ProfessionalSuccessfulPDTDataTable();
ProfessionalSuccessfulPDTAdapter.FillProfessionalSuccededPDT(ProfessionalSuccessfulPDTTable, Convert.ToInt32(ProID), Convert.ToInt32(pdt.Custom.ToString()));
if (ProfessionalSuccessfulPDTTable.Rows.Count == 0)
{
ProfessionalPDT.SuccessPDT(pdt.GrossTotal, pdt.InvoiceNumber, pdt.PaymentStatus, pdt.PayerFirstName, pdt.PayerLastName, pdt.PaymentFee, pdt.BusinessEmail, txToken
, pdt.ReceiverEmail, pdt.ItemName, pdt.Currency, pdt.TransactionId, pdt.Custom, "no subscriber", Convert.ToInt32(ProID), Convert.ToInt32(pdt.Custom));
ProfessionalPDT.AddProfessionalPendingTransaction(Convert.ToInt32(ProID),
Convert.ToInt32(pdt.Custom));
string sucessmessage = pdt.PayerFirstName + " " +
pdt.PayerFirstName + "<br/>";
sucessmessage += Resources.Resource.PaymentOf + " ";
sucessmessage += pdt.Currency + " " + pdt.GrossTotal +
Resources.Resource.PaymentProcessed + "<br/>";
sucessmessage += Resources.Resource.Sincerely + "<br/>";
sucessmessage += Resources.Resource.YourSideJobTeam + "<br/>";
}
else
{
HiddenLabel.Text = Resources.Resource.AlreadyPaid;
}
}
else
{
//Potential Hack
ProfessionalPDT.HackedPDT(pdt.GrossTotal, pdt.InvoiceNumber, pdt.PaymentStatus, pdt.PayerFirstName, pdt.PayerLastName, pdt.PaymentFee, pdt.BusinessEmail, txToken
, pdt.ReceiverEmail, pdt.ItemName, pdt.Currency, pdt.TransactionId, pdt.Custom, "no subscriber", Convert.ToInt32(ProID), Convert.ToInt32(pdt.Custom));
//Email The Hacker and Admin
string failuremessage = pdt.PayerFirstName + " " +
pdt.PayerFirstName + "<br/>";
failuremessage += Resources.Resource.FailedTransaction + "<br/>";
failuremessage += Resources.Resource.FailurePDT;
HiddenLabel.Text = failuremessage;
}
}
}
else
{
string failuremessage = pdt.PayerFirstName + " " +
pdt.PayerFirstName + "<br/>";
failuremessage += Resources.Resource.FailedTransaction + "<br/>";
failuremessage += Resources.Resource.FailurePDT;
HiddenLabel.Text = failuremessage;
}
}
}