VidYen
commented
5 years ago Can you open your code in a text editor and use the ` (in brackets) to show the code in Git? Would be helpful.
Closed cslak closed 5 years ago
VidYen
commented
5 years ago Can you open your code in a text editor and use the ` (in brackets) to show the code in Git? Would be helpful.
VidYen
commented
5 years ago Like if you do pairs of three `
if ( isset($_GET['user_id']) AND isset($_GET['tx_id']) AND isset($_GET['point_value']) AND isset($_GET['status']) AND isset($_GET['session_ip']) )
{
//I'm going to do some greygoose and bad coding so that we recycle the Adgate format.
$userId = isset($_GET['user_id']) ? $_GET['user_id'] : null;
$transactionId = isset($_GET['tx_id']) ? $_GET['tx_id'] : null;
$points = isset($_GET['point_value']) ? $_GET['point_value'] : null;
$action = isset($_GET['status']) ? $_GET['status'] : null; //Determines if added (1) or subtracted (0) NOTE: This is different than Adgate where 2 is a chargeback
$ipuser = isset($_GET['session_ip']) ? $_GET['session_ip'] : null;
if($action == 0) { // action = 1 CREDITED // action = 2 REVOKED
$points = -abs($points);
}
//NOTE: Ok we got that post back. And if the keys match in theory we have the variables above. But there is no hell in way I'm trusting adgate to SQL the users Database with that data
//Yeah its unlikely adgate may try an SQL injection their user base, but if the user is lax with their secret key and someone knows what this is, they can have an injection fest
$userId_sanitized = intval($userId); //User Id should be an int
$transactionId_sanitized = sanitize_text_field($transactionId); //This actually doesn't have to be collected but could be useful in one of the metas columsn
$action_sanitized = intval($action); //Good thing I read the documentation. According to adgate, if this is 1 there should be a reward and 2 if there is punishment for some reason. Should be int
$ipuser_sanitized = sanitize_text_field($ipuser); //Again, not a have to have, but would be useful if admin needs to look at issue
//NOTE: Points gets its own section.
if($round_direction_decision == 'up')
{
$points = ceil($points);
$points_sanitized = intval($points);
}
elseif($round_direction_decision == 'down')
{
$points = ceil($points);
$points_sanitized = intval($points);
}
else
{
$points_sanitized = intval($points); //I actually wonder if this will be a problem as they may use decimals where I have always frowned on it as it confuses non technical users. Sorry not sorry, Satoshi
}
//OK, now we santized everything. In theory we could use our nice functions.
//We will need to throw some more stuff on to the shortcode array to feed the add
$atts['to_user_id'] = $userId_sanitized; //In theory you could set this in shortcode itself but I have no idea why other than debugging. Well that is good enough.
$atts['outputamount'] = $points_sanitized; //The int of the points.
$meta_id_pull = 'adgate' . $userId_sanitized . $transactionId_sanitized; //the meta_id will be adgate with userid plus the transaction id. To see if its unique.
$atts['btn_name'] = $meta_id_pull; //Need to one day make it a better name. But for now... The Button name for the transaction will be inlucded this way. Perhaps a find and replace of btn_name to meta_id or something for gets and posted etc etc
//NOTE: I am about to rage here. This is why postbacks are crap and always will be crap. Why would they be post back crap that is dupblicate. I dunno. This is abusive to the admins server.
//Anyways... I'll just use the btn_name for the metaId... check if meta id is same and then if it is. Anyways, hopefully this is a good solution to a bad implementation
if(vyps_meta_check_func($meta_id_pull) == 1) //Seeing if this return a 1. If so no duplicates.
{
//Ok, we are good to process transaction as there are no duplicates.
if( $action_sanitized == 1) //Reward time. AKA add points
{
//We will need to throw some more stuff on to the shortcode array to feed the add
vyps_add_func( $atts );
return "New Postback recorded successfully <br> Add";
}
elseif ( $action_sanitized == 0 )
{
//Subtract it. It looks like points has been added negative
vyps_deduct_func( $atts );
return "New Postback recorded successfully <br> Deduct";
//exit; //This is a big warhammer of smashing ourway through this.
}
}
elseif(vyps_meta_check_func($meta_id_pull) == 2)
{
// If the transaction already exist please echo DUP.
return "New Postback recorded successfully <br> DUP.";
//exit;
}
else
{
return 'Error:' . vyps_meta_check_func($meta_id_pull); //Means we got something else than 1 or 2, which probaly means SQL error but who knows. Hopefully the meta check will tell us.
}
}
//What to do if the post back is invalid.
else
{
return "Invalid postback URL!";
}
cslak
commented
5 years ago <?php
/**
* For a plain PHP page to receive the postback data from AdGate Media you may simply
* retrieve the array from the global $_GET variable. To ensure that the data is coming
* from AdGate Media check that the server sending the data is from AdGate Media by the ip
* address as listed on your affiliate panel at http://adgatemedia.com under
* the Postbacks Section and the Postback Information heading.
*/
define('AdGate_IP', '104.130.7.162'); // Note: as noted above change the IP to match what is in your affiliate panel.
protected $ip = $_SERVER['REMOTE_ADDR'];
protected $data = null;
protected $servername = "localhost";
protected $username = "***";
protected $password = "***";
protected $dbname = "***";
/**
* Check the Remote Address is AdGate Media
* if it is not throw an Exception
*/
if($ip === AdGate_IP)
{
$data = $_GET;
// Process or Persist Data here inline or via a function call.
} else {
// Throw either a custom Exception or just throw a generic \Exception
throw new InvalidIPException();
}
/**
* The data array will contain all the macros you included under the Postbacks section of your
* affiliate panel at http://adgatemedia.com. The array is keyed by the names you assigned to each macro
* when you constructed the url e.g., http://yoururl.com/postback/?tx_id={transaction_id}
* the transaction_id macro's data will have a key of 'tx_id' in the $data array: $data['tx_id'];
*
* Possible Macros
* For a list of possible macros see your affiliate panel at http://adgatemedia.com under the
* Postbacks section and the heading Postback Information.
*
* Parsing:
* From the data array you may parse the data into an object, supply it to an SQL query, or do
* any needed processing or persisting required by your application.
*
*/
/**
* Inline SQL Query Example
*/
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$conn->prepare("INSERT INTO Postbacks (tx_id, user_id, offer_id) VALUES (:tx_id,:user_id. :offer_id)");
$conn->bindValue(':tx_id', $data['tx_id']);
$conn->bindValue(':user_id', $data['user_id']);
$conn->bindValue('offer_id', $data['offer_id']);
// use exec() because no results are returned
$conn->exec();
echo "New Postback recorded successfully";
}
catch(PDOException $e)
{
echo $sql . "<br>" . $e->getMessage();
}
$conn = null;
/**
* Processing Example
* This example shows sending an notification to an admin when receiving a charge back of a conversion
* being sent to the postback url.
*
* The example uses a Static Notify class, use your own notification class or one provided by your framework
* of choice.
*/
if($data['status'] == 0)
{
Notify::admin("Conversion charge back for offer " . $data['offer_id'] . " on transaction " . $data['tx_id'] . "!");
}Yeah... I had to modify my version because my version of PHP and WP did not like the protected calls and the fact that $wpdb doesn't need an SQL user name to make the call.
That PDOException is just for when the SQL doesn't accept the add. So no sure.
Though I didn't use the notify part... Hrm...
VidYen
commented
5 years ago I have fixed and posted to site.
testpostback.zip