#!/usr/bin/python24 import cgi import time import MySQLdb from traceback import format_exception from sys import exc_info from string import split from string import strip from sys import exit from urllib import urlencode import urllib2 DATADIR = "/home/user/data/" PP_URL = "https://www.sandbox.paypal.com/cgi-bin/webscr" #PP_URL = "https://www.paypal.com/cgi-bin/webscr" # non testing is www.paypal.com and /cgi-bin/webscr # note we used the fields custom and option_selection1 and # option_selection2 to pass item characteristics def confirm_paypal(f,f1): # f is the form handle to the cgi form passed by paypal # f1 is a file handle to a log text file newparams={} for key in f.keys(): newparams[key]=f[key].value newparams["cmd"]="_notify-validate" params=urlencode(newparams) f1.write(params + "\n") f1.write(PP_URL + "\n") req = urllib2.Request(PP_URL) req.add_header("Content-type", "application/x-www-form-urlencoded") fo = urllib2.urlopen(PP_URL, params) ret = fo.read() if ret == "VERIFIED": f1.write(" verified send back ok\n") print "Status: 200 Ok\n" else: f1.write(" ERROR did not verify\n") exit(0) return ret def write_db(f, f1): f1.write("... updating database\n") try: invoice = f['invoice'].value try: street = f['address_street'].value city = f['address_city'].value zipc = f['address_zip'].value country = f["address_country_code"].value firstn = f['first_name'].value lastn = f['last_name'].value except KeyError: street = "" city = "" zipc = "" country = "" firstn = "" lastn = "" try: #some countries don't have states state = f['address_state'].value except KeyError: state ="" if f.has_key("custom"): payer_url = f["custom"].value query = "INSERT INTO names VALUES ('" + invoice + "', '" + \ firstn + "', '" + lastn + "', '" + street + "', '" + city + "', '" + state + "', '" + zipc + "', '" + \ country + "', '" + f['payer_email'].value + "', '" + \ payer_url + "', '" + f['option_selection1'].value + "', '" + f['option_selection2'].value + "')" f1.write(query + "\n") db = MySQLdb.connect(host="localhost", user="username", passwd="passwd",db="db") cursor = db.cursor() cursor.execute (query) except: f1.write(''.join(format_exception(*exc_info()))) if __name__=="__main__": import cgitb; cgitb.enable() #can disable cgitb if not req. f1 = open(DATADIR + "log1.txt",'a') f1.write("############ " +str(time.ctime(time.time())) + " starting request\n ") try: f = cgi.FieldStorage() f1.write(repr(f) + "\n\n") a = confirm_paypal(f, f1) if not f['payment_status'].value == "Completed": # We want want to respond to anything that isn't a payment - but we won't insert into our database f1.write("### Not Completed so going to exit....\n") exit(0) else: f1.write("### Completed so going to write data...\n") write_db(f, f1) except: f1.write(''.join(format_exception(*exc_info())))