protected override void OnLoad(EventArgs e) { base.OnLoad(e); try { bool blnValid = true; // string strTransactionID; int intRoleID = 0; int intPortalID = PortalSettings.PortalId; int intUserID = 0; // string strDescription; double dblAmount = 0; // string strEmail; bool blnCancel = false; string strPayPalID = Null.NullString; var objRoles = new RoleController(); var objPortalController = new PortalController(); string strPost = "cmd=_notify-validate"; foreach (string strName in Request.Form) { string strValue = Request.Form[strName]; switch (strName) { case "txn_type": //get the transaction type string strTransactionType = strValue; switch (strTransactionType) { case "subscr_signup": case "subscr_payment": case "web_accept": break; case "subscr_cancel": blnCancel = true; break; default: blnValid = false; break; } break; case "payment_status": //verify the status if (strValue != "Completed") { blnValid = false; } break; case "txn_id": //verify the transaction id for duplicates // strTransactionID = strValue; break; case "receiver_email": //verify the PayPalId strPayPalID = strValue; break; case "mc_gross": // verify the price dblAmount = double.Parse(strValue); break; case "item_number": //get the RoleID intRoleID = Int32.Parse(strValue); //RoleInfo objRole = objRoles.GetRole(intRoleID, intPortalID); break; case "item_name": //get the product description // strDescription = strValue; break; case "custom": //get the UserID intUserID = Int32.Parse(strValue); break; case "email": //get the email // strEmail = strValue; break; } //reconstruct post for postback validation strPost += string.Format("&{0}={1}", Globals.HTTPPOSTEncode(strName), Globals.HTTPPOSTEncode(strValue)); } //postback to verify the source if (blnValid) { Dictionary<string, string> settings = PortalController.GetPortalSettingsDictionary(PortalSettings.PortalId); string strPayPalURL; // Sandbox mode if (settings.ContainsKey("paypalsandbox") && !String.IsNullOrEmpty(settings["paypalsandbox"]) && settings["paypalsandbox"].Equals("true", StringComparison.InvariantCultureIgnoreCase)) { strPayPalURL = "https://www.sandbox.paypal.com/cgi-bin/webscr?"; } else { strPayPalURL = "https://www.paypal.com/cgi-bin/webscr?"; } var objRequest = Globals.GetExternalRequest(strPayPalURL); objRequest.Method = "POST"; objRequest.ContentLength = strPost.Length; objRequest.ContentType = "application/x-www-form-urlencoded"; using (var objStream = new StreamWriter(objRequest.GetRequestStream())) { objStream.Write(strPost); } string strResponse; using (var objResponse = (HttpWebResponse) objRequest.GetResponse()) { using (var sr = new StreamReader(objResponse.GetResponseStream())) { strResponse = sr.ReadToEnd(); } } switch (strResponse) { case "VERIFIED": break; default: //possible fraud blnValid = false; break; } } if (blnValid) { int intAdministratorRoleId = 0; string strProcessorID = Null.NullString; PortalInfo objPortalInfo = objPortalController.GetPortal(intPortalID); if (objPortalInfo != null) { intAdministratorRoleId = objPortalInfo.AdministratorRoleId; strProcessorID = objPortalInfo.ProcessorUserId.ToLower(); } if (intRoleID == intAdministratorRoleId) { //admin portal renewal strProcessorID = Host.ProcessorUserId.ToLower(); float portalPrice = objPortalInfo.HostFee; if ((portalPrice.ToString() == dblAmount.ToString()) && (HttpUtility.UrlDecode(strPayPalID.ToLower()) == strProcessorID)) { objPortalController.UpdatePortalExpiry(intPortalID); } else { var objEventLog = new EventLogController(); var objEventLogInfo = new LogInfo(); objEventLogInfo.LogPortalID = intPortalID; objEventLogInfo.LogPortalName = PortalSettings.PortalName; objEventLogInfo.LogUserID = intUserID; objEventLogInfo.LogTypeKey = "POTENTIAL PAYPAL PAYMENT FRAUD"; objEventLog.AddLog(objEventLogInfo); } } else { //user subscription RoleInfo objRoleInfo = TestableRoleController.Instance.GetRole(intPortalID, r => r.RoleID == intRoleID); float rolePrice = objRoleInfo.ServiceFee; float trialPrice = objRoleInfo.TrialFee; if ((rolePrice.ToString() == dblAmount.ToString() || trialPrice.ToString() == dblAmount.ToString()) && (HttpUtility.UrlDecode(strPayPalID.ToLower()) == strProcessorID)) { objRoles.UpdateUserRole(intPortalID, intUserID, intRoleID, blnCancel); } else { var objEventLog = new EventLogController(); var objEventLogInfo = new LogInfo(); objEventLogInfo.LogPortalID = intPortalID; objEventLogInfo.LogPortalName = PortalSettings.PortalName; objEventLogInfo.LogUserID = intUserID; objEventLogInfo.LogTypeKey = "POTENTIAL PAYPAL PAYMENT FRAUD"; objEventLog.AddLog(objEventLogInfo); } } } } catch (Exception exc) //Page failed to load { Exceptions.ProcessPageLoadException(exc); } }
protected void Page_Load( Object sender, EventArgs e ) { try { string strName; StreamWriter objStream; bool blnValid = true; string strTransactionID; string strTransactionType; int intRoleID = 0; int intPortalID = PortalSettings.PortalId; int intUserID = 0; string strDescription; double dblAmount = 0; string strEmail; string strBody; bool blnCancel = false; string strPayPalID = String.Empty; RoleController objRoles = new RoleController(); PortalController objPortalController = new PortalController(); string strPost = "cmd=_notify-validate"; foreach( string tempLoopVar_strName in Request.Form ) { strName = tempLoopVar_strName; string strValue = Request.Form[strName]; switch( strName ) { case "txn_type": // get the transaction type strTransactionType = strValue; switch( strTransactionType ) { case "subscr_signup": break; case "subscr_payment": break; case "web_accept": break; case "subscr_cancel": blnCancel = true; break; default: blnValid = false; break; } break; case "payment_status": // verify the status if( strValue != "Completed" ) { blnValid = false; } break; case "txn_id": // verify the transaction id for duplicates strTransactionID = strValue; break; case "receiver_email": // verify the PayPalId strPayPalID = strValue; break; case "mc_gross": // verify the price dblAmount = double.Parse( strValue ); break; case "item_number": // get the RoleID intRoleID = int.Parse( strValue ); RoleInfo objRole = objRoles.GetRole( intRoleID, intPortalID ); break; case "item_name": // get the product description strDescription = strValue; break; case "custom": // get the UserID intUserID = int.Parse( strValue ); break; case "email": // get the email strEmail = strValue; break; } // reconstruct post for postback validation strPost += string.Format( "&{0}={1}", strName, Globals.HTTPPOSTEncode( strValue ) ); } // postback to verify the source if( blnValid ) { HttpWebRequest objRequest = (HttpWebRequest)WebRequest.Create( "https://www.paypal.com/cgi-bin/webscr" ); objRequest.Method = "POST"; objRequest.ContentLength = strPost.Length; objRequest.ContentType = "application/x-www-form-urlencoded"; objStream = new StreamWriter( objRequest.GetRequestStream() ); objStream.Write( strPost ); objStream.Close(); HttpWebResponse objResponse = (HttpWebResponse)objRequest.GetResponse(); StreamReader sr; sr = new StreamReader( objResponse.GetResponseStream() ); string strResponse = sr.ReadToEnd(); sr.Close(); switch( strResponse ) { case "VERIFIED": break; default: // possible fraud blnValid = false; break; } } if( blnValid ) { int intAdministratorRoleId = 0; string strProcessorID = String.Empty; PortalInfo objPortalInfo = objPortalController.GetPortal( intPortalID ); if( objPortalInfo != null ) { intAdministratorRoleId = objPortalInfo.AdministratorRoleId; strProcessorID = objPortalInfo.ProcessorUserId.ToLower(); } if( intRoleID == intAdministratorRoleId ) { // admin portal renewal strProcessorID = Convert.ToString( PortalSettings.HostSettings["ProcessorUserId"] ).ToLower(); float portalPrice = objPortalInfo.HostFee; if( ( portalPrice.ToString() == dblAmount.ToString() ) && ( HttpUtility.UrlDecode( strPayPalID.ToLower() ) == strProcessorID ) ) { objPortalController.UpdatePortalExpiry( intPortalID ); } else { try { EventLogController objEventLog = new EventLogController(); LogInfo objEventLogInfo = new LogInfo(); objEventLogInfo.LogPortalID = intPortalID; objEventLogInfo.LogPortalName = PortalSettings.PortalName; objEventLogInfo.LogUserID = intUserID; objEventLogInfo.LogTypeKey = "POTENTIAL PAYPAL PAYMENT FRAUD"; objEventLog.AddLog( objEventLogInfo ); } catch( Exception ) { } } } else { // user subscription RoleInfo objRoleInfo = objRoles.GetRole( intRoleID, intPortalID ); double rolePrice = objRoleInfo.ServiceFee; if( ( rolePrice.ToString() == dblAmount.ToString() ) && ( HttpUtility.UrlDecode( strPayPalID.ToLower() ) == strProcessorID ) ) { objRoles.UpdateUserRole( intPortalID, intUserID, intRoleID, blnCancel ); } else { try { //let's use the new logging provider. } catch( Exception ) { } } } } } catch( Exception exc ) //Page failed to load { Exceptions.ProcessPageLoadException( exc ); } }