Jsp e ipn de paypal, graba registros en bd que no toca

Hola expertos! Gracias lo primero por dedicar vuestro tiempo en leer mi post.

Veréis estoy teniendo problemas con el ipn.jsp que he programado para paypal. Este código está dando problemas, lo que hago es verificar si el pago es verified con res.equal("VERIFIED"), pero por alguna razón graba VERIFIED, COMPLETED, INVALID, ##INVALID## en bd, es decir es como si estuviera entrando en todos los condicionales if. Ojala podáis echarme una mano con el código para ver que está mal.

// Java JSP
<%@ page import="java.util.*"%>
<%@ page import="java.net.*"%>
<%@ page import="java.io.*"%>
<%@page import="java.sql.DriverManager"%>
<%@page import="java.sql.SQLException"%>
<%@page import="java.sql.Connection"%>
<%@page import="java.sql.Statement"%>
<%@page import="java.sql.ResultSet"%>
<%@page import="xxx.webapps.xxx.server.DBAccess"%>
<%@page import="java.util.Date"%>
<%@ page import="java.text.SimpleDateFormat"%>
<%
// read post from PayPal system and add 'cmd'
Enumeration en = request.getParameterNames();
String str = "cmd=_notify-validate";
while (en.hasMoreElements()) {
String paramName = (String) en.nextElement();
String paramValue = request.getParameter(paramName);
str = str + "&" + paramName + "=" + URLEncoder.encode(paramValue);
}
// post back to PayPal system to validate
// NOTE: change http: to https: in the following URL to verify using SSL (for increased security).
// using HTTPS requires either Java 1.4 or greater, or Java Secure Socket Extension (JSSE)
// and configured for older versions.
//URL u = new URL("https://www.paypal.com/cgi-bin/webscr");
URL u = new URL("https://www.sandbox.paypal.com/cgi-bin/webscr");
URLConnection uc = u.openConnection();
uc.setDoOutput(true);
uc.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
uc.setRequestProperty("Host", "www.sandbox.paypal.com");
PrintWriter pw = new PrintWriter(uc.getOutputStream());
pw.println(str);
pw.close();
BufferedReader in = new BufferedReader(new InputStreamReader(uc.getInputStream()));
String res = in.readLine();
in.close();
// assign posted variables to local variables
String itemName = request.getParameter("item_name");
String itemNumber = request.getParameter("item_number");
String paymentStatus = request.getParameter("payment_status");
String paymentAmount = request.getParameter("mc_gross");
String paymentCurrency = request.getParameter("mc_currency");
String txnId = request.getParameter("txn_id");
String txnType = request.getParameter("txn_type");
String receiverEmail = request.getParameter("receiver_email");
String payerEmail = request.getParameter("payer_email");
String custom = request.getParameter("custom");
// String dbprefix = session.getAttribute("db_prefix").toString(); // For production systems
String dbprefix = "dev_"; // For paypal testing
Connection conn = null;
Statement select = null;
ResultSet result = null;
try
{
DBAccess dba = new DBAccess(request);
conn = dba.getDBConn();
// String sql = "";
select = conn.createStatement();
}
catch(Exception e)
{
}
select.executeUpdate("insert into dev_xxx.garbage values ('" + res + "');");
//check notification validation
if (res.equals("VERIFIED")) {
// Connection conn = null;
// Statement select = null;
// ResultSet result = null;
try {
// DBAccess dba = new DBAccess(request);
// conn = dba.getDBConn();
String sql = "";
// select = conn.createStatement();
Date dDate = new Date();
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
String sDate = sdf.format(dDate);
dDate.setMonth(dDate.getMonth() + 1);
String sDateMes = sdf.format(dDate);
select.executeUpdate("insert into dev_xxx.garbage values ('" + paymentStatus + "');");
select.executeUpdate("insert into dev_xxx.garbage values ('" + txnType + "');");
if (paymentStatus.equals("Completed") && txnType.equals("subscr_payment")) {//pago completado y periódico
if (paymentAmount.equals("9.90")) {
sql = "insert into "+ dbprefix + "xxx.UserPremium (IdUser, MailPaypal, IdPromo, IdUserType, IdPremium, FirstDate, EndDate) values("+ custom + ",'" + payerEmail + "', null, 2, 2, '"+ sDate + "', '" + sDateMes + "')";
select.executeUpdate(sql);
} else if (paymentAmount.equals("99.00")) {
dDate.setMonth(dDate.getMonth() - 1);
dDate.setYear(dDate.getYear() + 1);
String sDateYear = sdf.format(dDate);
sql = "insert into "+ dbprefix + "xxx.UserPremium (IdUser, MailPaypal, IdPromo, IdUserType, IdPremium, FirstDate, EndDate) values("+ custom + ",'" + payerEmail + "', null, 2, 2, '"+ sDate + "', '" + sDateYear + "')";
select.executeUpdate(sql);
}
else{
select.executeUpdate("insert into dev_xxx.garbage values ('" + paymentAmount + "');");
}
}
else if (txnType.equals("subscr_eot") || txnType.equals("subscr_cancel")){//suscripcion cancelada
String [] datos = custom.split(";");
sql = "insert into "+ dbprefix + "xxx.UserPremium (IdUser, MailPaypal, IdPromo, IdUserType, IdPremium, FirstDate, EndDate) values("+ datos + ",'" + payerEmail + "', null, 2, 3, '"+ sDate + "', '" + sDateMes + "')";
select.executeUpdate(sql);
if (datos.equals("avanzado")){
sql = "insert into "+ dbprefix + "xxx.UserPremium (IdUser, MailPaypal, IdPromo, IdUserType, IdPremium, FirstDate, EndDate) values("+ datos + ",'" + payerEmail + "', null, 1, 3, '"+ sDate + "', '" + sDateMes + "')";
select.executeUpdate(sql);
sql = "update "+ dbprefix +"xxx.Users set Valid=-1 WHERE Id=" + datos ;
select.executeUpdate(sql);
}
// check that paymentStatus=Completed
// check that txnId has not been previously processed
// check that receiverEmail is your Primary PayPal email
// check that paymentAmount/paymentCurrency are correct
// process payment
}
} catch (Exception e) {
conn.rollback();
}
finally{
select.close();
result.close();
conn.close();
}
}
else if (res.equals("INVALID"))
{
select.executeUpdate("insert into dev_xxx.garbage values ('##INVALID##');");
// log for investigation
} else {
// error
select.executeUpdate("insert into dev_xxx.garbage values ('#"+res+"#');");
}
%>

Añade tu respuesta

Haz clic para o