From 9a5d664d59db65fdab33ae0ab4a86d3c34eea521 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rytis=20Slatkevi=C4=8Dius?= <rytis.s@gmail.com>
Date: Thu, 31 May 2007 11:14:49 +0000
Subject: [PATCH] Donations: - Do not limit donations to integer amounts; - Use
 PayPal with https; - (Hopefully) fix PayPal Instant Payment Notification.

svn path=/trunk/boinc/; revision=12789
---
 html/user/donate.php       | 9 ++++-----
 html/user/donation_ipn.php | 3 +--
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/html/user/donate.php b/html/user/donate.php
index 222cd8e93b..e5255b1c18 100644
--- a/html/user/donate.php
+++ b/html/user/donate.php
@@ -8,7 +8,7 @@ db_init();
 
 $logged_in_user = get_logged_in_user(false);
 
-$amount = post_int("inV");
+$amount = post_str("inV");
 $item_id = post_int("item_id", true);
 if ($item_id == null) { $item_id = 1; }
 $currency = post_str("currency");
@@ -21,8 +21,7 @@ if ((post_int("anonymous", true) == 1) || ($logged_in_user == null)) {
 $order_time = time();
 
 // Write user id to paypal table, so the return script knows it's expecting this payment
-$sql = "INSERT INTO donation_paypal SET order_time = '".$order_time."', userid = '$userid', item_number=".$item_id.", order_amount = '$amount'";
-mysql_query($sql);
+mysql_query("INSERT INTO donation_paypal SET order_time = '".$order_time."', userid = '$userid', item_number=".$item_id.", order_amount = '".mysql_real_escape_string($amount)."'");
 
 $payment_id = mysql_insert_id();
 
@@ -30,8 +29,8 @@ $URL = "www.paypal.com/cgi-bin/webscr";
 
 $fields = ("cmd=_xclick&lc=US&business=".PAYPAL_ADDRESS."&quantity=1&item_name=Donation&item_number=".$payment_id."_".$order_time."&amount=".$amount."&no_shipping=1&return=".URL_BASE."donated.php&rm=2&cancel_return=".URL_BASE."donated.php&no_note=1&currency_code=".$currency."&bn=PP-BuyNowBF");
 
-header("Location: http://$URL?$fields");
+header("Location: https://$URL?$fields");
 
 exit;
 
-?>
\ No newline at end of file
+?>
diff --git a/html/user/donation_ipn.php b/html/user/donation_ipn.php
index e070320ede..f1ff2d8041 100644
--- a/html/user/donation_ipn.php
+++ b/html/user/donation_ipn.php
@@ -41,8 +41,7 @@ if (!$fp) {
             $item_array = explode("_",$item_number);
             $payment_id = abs($item_array[0]);
             $order_time = abs($item_array[1]);
-            $sql = "SELECT * FROM donation_paypal WHERE order_time = '$order_time' AND id = '$payment_id' AND processed = '0'";
-            $result = mysql_query($sql,$db);
+            $result = mysql_query("SELECT * FROM donation_paypal WHERE order_time = '$order_time' AND id = '$payment_id' AND processed = '0'");
             $num_rows = mysql_num_rows($result);
             if ($num_rows == 1) {
                 $row = mysql_fetch_object($result);