StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
7884731
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
3
CommunityOwnedDate
CreationDate
2011-10-25T04:32:03.120
FavoriteCount
0
LastActivityDate
2011-10-25T04:32:03.120
LastEditDate
LastEditorUserId
0
OwnerUserId
5982
ParentId
7884609
PostTypeId
2
Score
0
ViewCount
0
LastEditorDisplayName
text
Body
The main problem I see is that you are using session variables. Please note that the request that hits your PHP code will be coming directly from the PayPal server and has nothing to do with the currently logged in user. You need to pass the user information to PayPal so that PayPal can pass it back to your server as part of the IPN request. The other thing you can do is check some of the values coming in the IPN, for example, the payer's email address (<code>payer_email</code>) or the <code>parent_txn_id</code>, or <code>payer_id</code>. I'm not sure about subscriptions, but refund and cancellation IPNs will include a <code>parent_txn_id</code> that provides the txn_id of the original purchase, so you can use that to locate the user's account. What you need to do is make sure that when a purchase is made that you're saving all the information from the IPN and tying that by the txn_id or similar to the user's account. When the cancelation comes in, use the <code>parent_txn_id</code> or whatever value you use to locate the account in the database and then apply the change to the user's account. I see a number of other issues with the code above. <pre><code>$query = "SELECT * FROM users WHERE username= '$_SESSION[username]' AND password = '$_SESSION[password]'"; </code></pre> You need to use mysql_real_escape_string on all variables that you add into a query. You should do this: <pre><code>$query = "SELECT * FROM users WHERE username='".mysql_real_escape_string($username)."' AND password = '.mysql_real_escape_string($password).'"; </code></pre> Second, array references should use quotes around the key name: <pre><code>$_SESSION[password] => $_SESSION['password'] </code></pre> Third, you should probably be locating the user in the database by their row ID in the users table (you do have a primary key of "id" set as auto-increment, right?) instead of their username and password. After you authenticate a user, you really shouldn't be keeping their password in a session variable.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POCapturing PayPal subscription cancellation
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. USChris Thompson
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POCapturing PayPal subscription cancellation
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTAcceptedByOriginator
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.