| 
<?PHP
 unset($error);unset($debug);unset($TRIALPAY);
 
 ##SETTINGS##
 define('EMAILADMIN', "[email protected]");
 define('SITENAME', "My Site");
 define('SECRETKEY', "");
 
 //Globals:
 $error = false;
 $TRIALPAY = array();
 $lng = "en";
 $datetime = date("d-m-Y h:i:s");
 define('DATETIME', $datetime);
 
 
 //start script
 if(!isset($_POST)){ //works only with POST request
 $error['NoPost'] = "There is no POST data available. Possible direct access. IP: ".$_SERVER['REMOTE_ADDR'].". User agent: ".$_SERVER['HTTP_USER_AGENT'];
 ErrorReport($error);
 @header("Status: 404 Not Found");
 echo "Error 404 - not found";
 exit;
 }
 @header("Status: 200 OK");
 
 array_walk($_POST, 'CheckValues');
 
 unset($_POST);
 
 if(CheckSig() === false){
 $error['Signature'] = "Bad signature on message";
 ErrorReport($error);exit;
 }
 
 main($lng);
 
 if(!empty($error)) ErrorReport($error,$error['close'] = 0);
 
 @mysql_close();
 exit();
 
 //-------------------------------------------------------------------------------------
 
 function CheckSig(){
 global     $error, $TRIALPAY;
 
 $message_signature = $_SERVER['HTTP_TRIALPAY_HMAC_MD5'];     //dit zou moeten werken?
 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 // the following is for POST notification
 if (empty($HTTP_RAW_POST_DATA)) {
 $recalculated_message_signature = hash_hmac('md5', file_get_contents('php://input'), SECRETKEY);
 } else {
 $recalculated_message_signature = hash_hmac('md5', $HTTP_RAW_POST_DATA, SECRETKEY);
 }
 } else {
 // the following is for GET notification
 $recalculated_message_signature = hash_hmac('md5', $_SERVER['QUERY_STRING'], SECRETKEY);
 }
 
 if ($message_signature == $recalculated_message_signature) {
 return true;
 } else {
 $error['SignatureErrdeb'] = "mess sig: -$message_signature- | calc sig: -$recalculated_message_signature-";
 return false;
 }
 }
 
 function main($lng = "en"){
 global     $error,
 $TRIALPAY;
 
 if(!empty($error)){
 ErrorReport($error);    //stop script if error is found here
 }else{
 if($TRIALPAY['event'] == "Adjustment"){ //its not an order thus must be adjustment
 handleAdjustment();
 }elseif($TRIALPAY['event'] == "Order"){
 //process order logic and deliver your product
 }else{
 $error['BadEvent'] = "Unknown event registered; ".$TRIALPAY['event'];
 ErrorReport($error);
 }
 }
 }
 
 function CheckValues($value, $key) {
 //check all values plus convert them to local vars and make sure all vars are safe.
 global     $error, $TRIALPAY;
 if(trim($value) != ""){
 $key = htmlspecialchars(trim($key), ENT_QUOTES);
 $value = htmlspecialchars(trim($value), ENT_QUOTES);
 $TRIALPAY[$key] = $value;    //to local
 }
 }
 
 function handleAdjustment(){
 //Handle adjustments to existing orders.
 global     $error, $TRIALPAY;
 
 #### Handle adjustment to an order logic####
 
 
 $error['Adjustment'] = "There has been an order -adjustment- that requires attention. Order id: -".$TRIALPAY['oid']."-\n\nOld data:\n$olddata\n\nNew data:\n$newtrialpaydata\n\n -done- ";
 ErrorReport($error);
 }
 
 function ErrorReport($args){
 //accepts multiple arguments constructed in an array
 //eg ErrorReport(array("Error" => value, "Error2" => value))
 if( !is_array($args) || empty($args) ) {
 return 0;
 }
 $errdata = "Following errors have been detected:\n";
 foreach($args as $key=>$error){
 $errdata .= "$key - $error\n\n";
 }
 mail(EMAILADMIN,"Error report- TrialPay (".SITENAME.")","TrialPay errors / notifications have been detected.\nMessage:\n$errdata\n\n Best regards,\n".SITENAME."\n","From: ".EMAILADMIN);
 
 if($args['close'] != 0){    //abort whole script by default except if 'close' isset to zero it wont
 @mysql_close();
 exit();
 }
 }
 ?>
 |