<%@LANGUAGE="VBScript"%>
<%
Dim str, OrderID, Txn_id,Payment_status
Dim objHttp,rsTemp,mySQL


' read post from PayPal system and add 'cmd'
str = Request.Form
OrderID = Request.Form("item_number")
Txn_id = Request.Form("txn_id")
Payment_status = Request.Form("payment_status")

' post back to PayPal system to validate
str = str & "&cmd=_notify-validate"
set objHttp = Server.CreateObject("Msxml2.ServerXMLHTTP")
objHttp.open "POST", "https://www.paypal.com/cgi-bin/webscr", false
objHttp.Send str

' assign posted variables to local variables
receiver_email = Request.Form("receiver_email")
item_name = Request.Form("item_name")
item_number = Request.Form("item_number")
quantity = Request.Form("quantity")
invoice = Request.Form("invoice")
custom = Request.Form("custom")

payment_status = Request.Form("payment_status")
payment_reasaon = Request.Form("payment_reason")
payment_date = Request.Form("payment_date")
payment_gross = Request.Form("payment_gross")
payment_fee = Request.Form("payment_fee")
txn_id = Request.Form("txn_id")
txn_type = Request.Form("txn_type")

first_name = Request.Form("first_name")
last_Name = Request.Form("last_name")
address_street = Request.Form("address_street")
address_city = Request.Form("address_city")
address_state = Request.Form("address_state")
address_zip = Request.Form("address_zip")
address_country = Request.Form("address_country")
address_status = Request.Form("address_status")

payer_email = Request.Form("payer_email")
payer_status = Request.Form("payer_status")

payment_type = Request.Form("payment_type")

notify_version = Request.Form("notify_version")

verify_sign = Request.Form("verify_sign")

' Check notification validation
if (objHttp.status <> 200 ) then
   ' HTTP error handling
   
elseif (objHttp.responseText = "VERIFIED") then
       ' check that Payment_status=Completed
       if payment_status = "completed" then
          'complete
          ' check that Txn_id has not been previously processed
          call opendb()
          mySQL = "Select * from tx where txn_id = txn_id
          Set rsTemp = Server.CreateObject("ADODB.Recordset")
          rsTemp.Open mySQL, Conntemp, adOpenStatic, adLockReadOnly, adCmdText
          if err.number <> 0 then
             response.redirect "comersus_supporterror.asp?error="& Server.Urlencode("Error in cartFunctions: "&err.description& " SQL:"&mySql)
          end if
          if rstemp.eof then
             countCartRows=0
          else
              ' check that Receiver_email is an email address in your PayPal account
              ' process payment
              mySQL="INSERT INTO cartRowsOptions (idCartRow, idOption) VALUES (" &pIdCartRow& "," &arrOptionGroups(f)& ")"
          end if
       else
           'not complete
       end if

elseif (objHttp.responseText = "INVALID") then
       ' log for manual investigation
       
else
    ' error
    
end if
set objHttp = nothing
%>