-
Billing API Framework [Paypal and more...]
Billing API Framework
Intro
The Billing API is a secure framework from which premium subscription panels can be built upon. It's secure, advanced and unique - currently no live Hotel uses anything similar (that means Blah Hotel, Habbo BZ, Habbok, Fatal Hotel, Zap Hotel, HabRockz, etc.).
There is no Paypal-end editting, none of that IPN setting up crap. My methods are much cleaner and much more customizable (especially if you are using my panel).
If you use the code as-is, it will work although it is not the "friendliest" setup, meaning there is no back-end panel, everything needs to be manually edited in the code, etc. If you would like the panel its self, which includes other payment api's such as DaoPay, SMS Pay, etc. contact me through MSN.
Billing API
(note: this tutorial is made for Uber, although this could easily work in Pheonix if you change up the steps a little bit).
1. Create a folder called "payment_api" in the includes/ directory of your website, create a file called "paypal.php" inside the includes/payment_api/ directory.
Copy and paste the following code in "paypal.php":
Code:
<?php
// Read the post from PayPal system and add "cmd".
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value):
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
endforeach;
// Post back to PayPal system to validate.
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
// Opens socket.
$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);
//$fp = fsockopen ('www.sandbox.paypal.com', 80, $errno, $errstr, 30);
// List of relevant/important posted variables.
$item_number = $_POST['item_number'];
$quantity = $_POST['quantity'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$payment_status = $_POST['payment_status'];
$payment_type = $_POST['payment_type'];
$payment_date = $_POST['payment_date'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$payer_business_name = $_POST['payer_business_name'];
$payer_email = $_POST['payer_email'];
$address_street = $_POST['address_street'];
$address_zip = $_POST['address_zip'];
$address_city = $_POST['address_city'];
$address_state = $_POST['address_state'];
$address_country = $_POST['address_country'];
$address_country_code = $_POST['address_country_code'];
$residence_country = $_POST['residence_country'];
$custom = $_POST['custom'];
if (!$fp):
// HTTP error.
else:
fputs($fp, $header . $req);
while (!feof($fp)):
$res = fgets($fp, 1024);
if (strcmp($res, "VERIFIED") == 0):
// Success.
elseif (strcmp($res, "INVALID") == 0):
// Fail.
endif;
endwhile;
fclose($fp);
endif;
?>
2. Replace the "// Success." with appropriate PHP code upon success of a payment (to update the account, log payment, etc.).
Here is a demo code of what could be their:
Code:
$credits_increase = 500;
$activity_points_increase = 1000;
$connect = mysql_connect('localhost:3306', 'root', 'password');
if ($connect):
$select = mysql_select_db('habbo_database');
else:
exit;
endif;
while ($row = mysql_fetch_object(mysql_query("SELECT DISTINCT * FROM users AS u WHERE u.username = '{$custom}' LIMIT 0,1;"))):
if ($row['rank'] == 1):
$query_update = mysql_query("UPDATE users SET rank = '2' AND credits = credits + {$credits_increase} AND activiy_points = activity_points + {$activity_points_increase} WHERE username = '{$custom}';");
else:
$query_update = mysql_query("UPDATE users SET AND credits = credits + {$credits_increase} AND activiy_points = activity_points + {$activity_points_increase} WHERE username = '{$custom}';");
endif;
// Add a badge query here to give them VIP badge.
endwhile;
3. Replace the "// Fail." with the appropriate PHP code upon failure of a payment (log it, etc.).
No demo code provided.
4. Create a new page where you would like the user to go to when they want to purchase VIP ("/payment/", etc.).
Copy and paste the following HTML into that file. Note, fill in the colored spots appropriately.
Code:
<!-- (s) Subscription #1 -->
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<fieldset>
<legend>Premium Bronze Subscription - <strong>$4.00 (USD)</strong></legend>
Features include;
<br />
<br />
- VIP rank (rank 2).<br />
- VIP badge.<br />
- VIP catalog access.<br />
- Username on VIP list.<br />
<br />
The "Premium Bronze Subscription" lasts for 1 year (365 days).
<div class="float_right">
<input class="submit" type="submit" name="order_1" value="Order" />
</div>
</fieldset>
<!-- (s) Paypal Fields -->
<input type="hidden" name="cmd" value="_xclick" />
<input type="hidden" name="business" value="billing@yourhotel.com (paypal e-mail)" />
<input type="hidden" name="item_name" value="Subscription Name (VIP, etc.)" />
<input type="hidden" name="item_number" value="Item Number (optional)" />
<input type="hidden" name="amount" value="price (4.00, 10.00, etc.)" />
<input type="hidden" name="currency_code" value="Currency Code (USD)" />
<input type="hidden" name="return" value="http://yourhotel.com/payment_success/" />
<input type="hidden" name="cancel_return" value="http://yourhotel.com/payment_fail/" />
<input type="hidden" name="rm" value="2" />
<input type="hidden" name="notify_url" value="http://yourhotel.com/includes/payment_api/paypal.php (paypal.php URL)" />
<input type="hidden" name="custom" value="<?php echo $username; ?> (something that echos the username)" />
<input type="hidden" name="no_note" value="1" />
<!-- (e) Paypal Fields -->
</form>
<!-- (e) Subscription #1 -->
Documentation
I will provide this when I get back.
Screen Shots
The following are screen shots of my panel which has all of this coded it. It's an external panel with quite a bit more functionality than what I release above. You can talk to me on MSN if you are interested in using my panel and getting a feature list.
Contact
I will not offer setup assistance (unless you are using my proper panel), although I will answer appropriate thoughtful questions. My MSN is art.rizzo.0@gmail.com.
Note, I checked all the popular Hotels to see if they had anything similar to this. They do not. I will be able to tell who is using my methods, if you do not add visual copyrights you will be in trouble.
-
Re: Billing API [Paypal and more...]
-
Re: Billing API [Paypal and more...]
nice, only the screenshot = almost the same als steam payment thing
-
Re: Billing API [Paypal and more...]
Quote:
Originally Posted by
davidaap
nice, only the screenshot = almost the same als steam payment thing
Your Habbo retro is almost the same as Habbo Hotel.
-
Re: Billing API [Paypal and more...]
This looks pretty good. I added your MSN btw, I would love to chat :thumbup1:.
-
Re: Billing API [Paypal and more...]
Good try. But exploitable.
-
Re: Billing API [Paypal and more...]
Quote:
Originally Posted by
Matthew
Good try. But exploitable.
Who care's as long it's a good release -.-
-
Re: Billing API [Paypal and more...]
if you dont care... your only gunna get trouble!
I dont see it but i'm sure its there.
i hate lookin fly ;)
-
Re: Billing API [Paypal and more...]
Quote:
Originally Posted by
Matthew
Good try. But exploitable.
Lol??? Would you be kind enough to show where the exploit is.
@OP
Nice work :thumbup1:
-
Re: Billing API [Paypal and more...]
Quote:
Originally Posted by
Kryptos
Lol??? Would you be kind enough to show where the exploit is.
@OP
Nice work :thumbup1:
The end user can change anything they want. All this is just the copy of the example Paypal gives anyways. Coding a check to see if the posted objects are correct to what you define should work. I was just saying :)
Ah yeah, sorry. New account Jacob?
-
Re: Billing API [Paypal and more...]
Quote:
Originally Posted by
Matthew
Ah yeah, sorry. New account Jacob?
Sorry to bust your balls but I don't re-register as anything other than a variation of TheJacob or a network I am running :blink:. I would love to have this guys knowledge of API though :drool:, it's the one think I lack. You can ask Deformed Mr.Clouseaux.
@Sond, add my MSN if you get a chance.
-
Re: Billing API [Paypal and more...]
Quote:
Originally Posted by
TJP
Sorry to bust your balls but I don't re-register as anything other than a variation of TheJacob or a network I am running :blink:. I would love to have this guys knowledge of API though :drool:, it's the one think I lack. You can ask Deformed Mr.Clouseaux.
@Sond, add my MSN if you get a chance.
Yeah of course. That's why you registered as girls and got busted by a mod for logging in under the same IP?
What's so special?
https://www.paypal.com/us/cgi-bin/we...es-pop-outside
It's the standard API. There's not much to learn. You just get the posted data and process it. Paypal has alot of documentation on it.
-
Re: Billing API [Paypal and more...]
Quote:
Originally Posted by
Matthew
Yeah of course. That's why you registered as girls and got busted by a mod for logging in under the same IP?
What's so special?
https://www.paypal.com/us/cgi-bin/we...es-pop-outside
It's the standard API. There's not much to learn. You just get the posted data and process it. Paypal has alot of documentation on it.
I am confused, who are you again? :huh:
When I said I lack API knowledge, I didn't mean it was as low as yours, the norm knowledge of the Habbo Hotel section. I just said it wasn't as good as his. If you've seen his panel live, you'll know what I mean.
-
Re: Billing API [Paypal and more...]
Quote:
Originally Posted by
TJP
I am confused, who are you again? :huh:
When I said I lack API knowledge, I didn't mean it was as low as yours, the norm knowledge of the Habbo Hotel section. I just said it wasn't as good as his. If you've seen his panel live, you'll know what I mean.
Clearly avoiding what I said. Oh, and don't start that bull shit. 'As low as yours'. You have no idea what I know and have no evidence to prove other wise and never will. And as I said, there's not much to know. No need to get upset now.
I will never release a piece of my work on any forum, ever. I've seen what happens when people do. It comes back into the release section renamed by some noob. Plus its a sect pool of noobs and leeches anyways.
No need to get upset when some one has an opposite view of your work. Which, this is your work and the OP is another one of your many clones. Just admit it, and you'll be left alone. I still don't understand why you do/did it and still deny it when it's just too obvious.
If you don't like what I'm saying don't be such a brown nose. Ignore my posts and learn2ignore. You get trolled to easily because you reply with your typical, empty, pathetic insults and try to make your self big.
loooool now 'Sond' a.k.a Jacob has disabled profile comments after I posted 'Welcome back Jacob. Seriously. If you're going to clone try harder.
-
Re: Billing API [Paypal and more...]
I am going to make this extremely clear, I will only be posting this once. For anyone that chooses to continue the conversation, I will no longer be bothering to reply.
This project is a complete premium subscription "panel" using Paypal. It is not a base, not just the API released, it is 100% functional if you follow all the steps. It is not very "user friendly" as there is no real UI or back-end panel, although it is extremely advanced compared to what's currently used on all the Habbo Hotel private servers. If you would like the full panel (which includes DaoPay, SMS Pay, eChecks, back-end panel, etc.), you can talk to me on Instant Messenger. Read my thread carefully.
For the kids that think I am TJP, not much to say other than you're an idiot. If anyone decides to spam my profile or MSN or discuss with me that topic, I will just simply not reply.
Quote:
Originally Posted by
Matthew
loooool now 'Sond' a.k.a Jacob has disabled profile comments after I posted 'Welcome back Jacob. Seriously. If you're going to clone try harder.
How would you enjoy if I posted "penis" all over your wall or called you an inexperienced developer. I am pretty sure after a certain point in time you would remove it from your wall. Again, don't assume I did something or am someone, my wall is not disabled, it's only accessible by contacts and no you're not on my contacts list.
-
Re: Billing API Framework [Paypal and more...]
Finally someone who knows something. I added your MSN also, I would love to see the panel.
-
Re: Billing API Framework [Paypal and more...]
Design inspired by vBulletin Paid Subscriptions page I see... :P
Thanks for this amazing release though, it is really handy!
-
Re: Billing API Framework [Paypal and more...]
Just to let you all know Matthew as Never Released anything Useful Here on the Forum all he Released was TUT nothing in CMS wise or Server he is Greedy and wont help out the Community or anything of the Sort he keeps everything to himself ONLY Most people here as Released something. idc if i get Reported because of this little comment but it is True If Matthew Start's changing his ways he might get Far in life like helping out people who needs it and not some low life losers as he is now.
-
Re: Billing API Framework [Paypal and more...]
Could you release the one for PhoenixPHP
-
Re: Billing API Framework [Paypal and more...]
Quote:
Originally Posted by
Knail
Could you release the one for PhoenixPHP
This will work for any CMS. You just need to edit the tables/collums accordingly.
-
Re: Billing API Framework [Paypal and more...]
Could make the style more habbo-ish to fit in with the CMS that the use will use. Otherwise, It looks good. (Cant really say much about something I'm not that experienced in)
-
Re: Billing API Framework [Paypal and more...]
This is NOT how Paypal-IPN is meant to use, as in the request callback and check... thereforce, as mentioned before, highly exploitable.
-
Re: Billing API Framework [Paypal and more...]
Quote:
Originally Posted by
Superfun
This is NOT how Paypal-IPN is meant to use, as in the request callback and check... thereforce, as mentioned before, highly exploitable.
There are many ways to use the Paypal API tools. This is the way that quite a few more popular and advanced e-commerce tools have it. I would like you to explain step by step one of the many exploits you claim are within this. Explain how you would exploit it.
-
Re: Billing API Framework [Paypal and more...]
You are rite HabboBZ/ClaNBZ doesn't use this script cause we have our own script which allows people to also Gift others VIP.
so ya we do have our own IPN System.
-
Re: Billing API Framework [Paypal and more...]
Quote:
Originally Posted by
Sond
There are many ways to use the Paypal API tools. This is the way that quite a few more popular and advanced e-commerce tools have it. I would like you to explain step by step one of the many exploits you claim are within this. Explain how you would exploit it.
It's a known thing. He doesn't have to prove anything. If you're such the acclaimed coder you are you would see it. I've only been doing PHP for a few months and I can see exactly whats wrong with it. For one look at the $_POST's made. No filtration or anything. You could send to custom like.. I'm not a pro at MySQL but like... 'AND username =' blah blah blah. You can also send any currency you want. So like if your item was £2.00 you could send 2 yen. Yours - as on the Paypal website is just an example code. In programming class at my college some one did exploit a Paypal API for an example a few months ago
Also, is it really safe to transmit delicate data using the IPN with out an SSL cert?
