Probleme d'où ? je ne sais pas

Sparkosis
PHP

Bonjour tout le monde, j'ai encoder une solution d'espace membre avec abonnement paypal grace au tuto de notre amis grafikart, cependant lorsque je suis connecter en temps que membre au lieu d'admin ma session sur ma page de choix d'abonnement me dit connecter en temps qu'admin meme ! quand je ne suis pas loguer préalablement desoler sa va vous piquer les yeux tout ce code mais le voici:
Pour index de ma page de connexion:

<?php
session_start();

// Instance PDO
try{
    $PDO = new PDO('mysql:host=MONHOST;dbname=MADB','MONUSERDB','MON MDP'); 
    $PDO->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_WARNING);
    $PDO->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE,PDO::FETCH_OBJ);
}catch(PDOException $e){
    echo 'Connexion impossible';
}
// Class Auth
require "class.auth.php";
ob_start();
include((isset($_GET'p']) ? $_GET'p'] : 'home').'.php');
$content_for_layout = ob_get_clean(); 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr" lang="fr">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
  <link rel="stylesheet" href="../theme/style.css" type="text/css" media="screen" />
</head>
<body>
  <div id="conteneur">

  <?php if($Auth->user('id')): ?>
  <h1>Bonjour <?php echo $Auth->user('login'); ?></h1>
  <ul>
      <li><a href="index.php?p=compte">Mon compte</a></li>
      <?php if($Auth->user('role') == 'admin'): ?>
      <li><a href="index.php?p=admin">Administration</a></li>
      <?php endif; ?>
      <li><a href="index.php?p=logout">Se déconnecter</a></li>

  </ul>
  <?php else: ?>
    <a href="index.php?p=login">Se connecter</a>
  <?php endif; ?>

      <?php echo $content_for_layout; ?>

  </div>
</body>

Pour ma page index pour le choix d'abonnement: 

<?php session_start(); ?>
<?php
$db = new PDO("mysql:host=MONHOST;dbname=MADB","MONUSERDB","MONMDP");
$db->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_WARNING);
$req =$db->query('SELECT * FROM users WHERE id=1');
while($d = $req->fetch(PDO:: FETCH_ASSOC)){
  $_SESSION'User'] = $d;
}
?>
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <title>Bootstrap, from Twitter</title>
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta name="description" content="">
    <meta name="author" content="">
    <!-- Le styles -->
    <link href="http://twitter.github.io/bootstrap/assets/css/bootstrap.css" rel="stylesheet">

  </head>
  <body>
    <div class="navbar navbar-inverse navbar-fixed-top">
      <div class="navbar-inner">
        <div class="container-fluid">

            <ul class="nav">
            <li><a href="#" title="">Connecté en tant que <?php echo $_SESSION'User']'login']; ?> </a></li>

            </ul>
          </div><!--/.nav-collapse -->
        </div>
      </div>
    </div>
    <div class="container-fluid">
    <div class="page-header">
       </br> <h1>Choisissez votre formule d'abonnement</h1>
       <form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
 <select name="amount">
  <?php $req =$db->query('SELECT * FROM offers');
while($d = $req->fetch(PDO:: FETCH_ASSOC)){
?>
<option value="<?php echo $d'price']; ?>"><?php echo $d'name']; ?> -  <?php echo $d'price'];?>€</option>
<?php

} ?>
</select>
  <input name="currency_code" type="hidden" value="EUR" />
  <input name="shipping" type="hidden" value="0.00" />
  <input name="tax" type="hidden" value="0.00" />
  <input name="return" type="hidden" value="http://stream-center.fr/mb/paypal/success.php" />
  <input name="cancel_return" type="hidden" value="http://stream-center.fr/mb/paypal/cancel.php" />
  <input name="notify_url" type="hidden" value="http://stream-center.fr/mb/paypal/ipn.php" />
  <input name="cmd" type="hidden" value="_xclick" />
  <input name="business" type="hidden" value="contact-facilitator@stream-center.fr" />
  <input name="item_name" type="hidden" value="Abonnement live" />

  <input name="lc" type="hidden" value="FR" />
  <input name="bn" type="hidden" value="PP-BuyNowBF" />
  <input name="custom" type="hidden" value="user_id=1" />
  <input type="submit" value="S'abonner" class="btn primary">
</form>
    </div>
    </div><!--/.fluid-container-->

  </body>
</html>

Pour mon code ipn de paypal: 

<?php 
//permet de traiter le retour ipn de paypal
$email_account = "MONADRESSESANDBXPAYPAL";
$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
    $value = urlencode(stripslashes($value));
    $req .= "&$key=$value";
}

$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);
$item_name = $_POST'item_name'];
$item_number = $_POST'item_number'];
$payment_status = $_POST'payment_status'];
$payment_amount = $_POST'mc_gross'];
$payment_currency = $_POST'mc_currency'];
$txn_id = $_POST'txn_id'];
$receiver_email = $_POST'receiver_email'];
$payer_email = $_POST'payer_email'];
parse_str($_POST'custom'],$custom);

if (!$fp) {

} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
    $res = fgets ($fp, 1024);
    if (strcmp ($res, "VERIFIED") == 0) {
        // vérifier que payment_status a la valeur Completed
        if ( $payment_status == "Completed") {
               if ( $email_account == $receiver_email) {
                /**
                 * C'EST LA QUE TOUT SE PASSE
                 * PS : tjrs penser à vérifier la somme !!
                 */
                file_put_contents('log', print_r($_POST,true));
                $db = new PDO("mysql:host=MONHOST;dbname=MADB","MONUSERDB","MONMDP");
                $req =$db->query('SELECT * FROM offers WHERE price = '.$payment_amount.'LIMIT 1');
                $d = $req->fetch(PDO:: FETCH_ASSOC);
                if(!empty($d)){
                $duration = $d'duration'];
                $uid = $custom'user_id'];
               $data = serialize($_POST);
                //On met à jour la date d'expiration
                $db->query('UPDATE users SET expiration = DATE_ADD(NOW(),INTERVAL '.$duration.' MONTH) WHERE id = '.$uid);
// On sauvegarde la commande
                $db->query("INSERT INTO orders SET user_id =$uid, amount=$payment_amount, created=NOW(), datas='$data'");
                  file_put_contents('log','Le paiement a bien été confirmé'); 
                }else{
                   file_put_contents('log','Le paiement ne correspond à aucune offre'); 
                }

                /**
                 * FIN CODE
                 */
               }
        }
        else {
                // Statut de paiement: Echec
        }
        exit();
   }
    else if (strcmp ($res, "INVALID") == 0) {
        // Transaction invalide
    }
}
fclose ($fp);
}

PS: meme mon expiration dans ma db ne change pas, merci de m'aider

Tuto suivis:

Cordialement

1 réponse

Sparkosis
Auteur

UP toujours même soucis. Cordialement