Review my Paypal IPN Handler Please

[ssj5goku]

I wrote an automated donations system for someone, so that people who play on his game servers can enter their information, donate, and automatically be added to a database. Its working great, but im not very php saavy, so I am hoping you guys can take a look and tell me what else I should add. I need to remove them when the subscription ends, which I think is subscr_eot, but I cant find any good examples of using it. And as for the rest I am just hoping it looks okay, thanks!\[code\]<?php// databaseinclude_once('config.php');//Connect$db_connect = mysql_connect($DB_host, $DB_username, $DB_password) or die(mysql_error());mysql_select_db($DB_name) or die(mysql_error());// read the post from PayPal system and add 'cmd'$req = 'cmd=_notify-validate';foreach ($_POST as $key => $value){ $value = http://stackoverflow.com/questions/2086042/urlencode(stripslashes($value)); $req .="&$key=$value";}// post back to PayPal system to validate$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";$header .= "Content-Type: application/x-www-form-urlencoded\r\n";$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);// assign posted variables to local variables$item_name = $_POST['item_name'];$item_number = $_POST['item_number'];$payment_status = $_POST['payment_status'];$payment_amount = $_POST['mc_gross'];$payment_currency = $_POST['mc_currency'];$txn_id = $_POST['txn_id'];$txn_type = $_POST['txn_type'];$receiver_email = $_POST['receiver_email'];$first_name = $_POST['first_name'];$last_name = $_POST['last_name'];$payer_email = $_POST['payer_email'];$steam_id = $_POST['custom'];if ($fp){ fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); switch ($res) { //Payment is Validated case 'VERIFIED': if(strcmp($payment_status, "Completed") == 0) { $firstlast = $first_name[0] . $last_name; $username = strtolower($firstlast); $query = "INSERT INTO sb_admins (user, authid, password, gid, email, validate, extraflags, immunity, srv_group, srv_password) VALUES('". $username ."', '". $steam_id ."', '', -1, '". mysql_real_escape_string($payer_email) ."', 0, 0, 0, '". $sm_group ."', 'password')"; mysql_query($query) or die(mysql_error()); } // check that txn_id has not been previously processed // check that receiver_email is your Primary PayPal email // check that payment_amount/payment_currency are correct // process payment break; case 'INVALID': // PAYMENT INVALID & INVESTIGATE MANUALLY! $to = $receiver_email; $subject = 'XA - BattleClan | Invalid Donation'; $message = ' Dear Administrator, A donation has been made but is flagged as INVALID. Please verify the payment manually and contact the donator. Donator Email: '.$email.' '; $headers = 'From:[email protected]' . "\r\n"; mail($to, $subject, $message, $headers); break; default: break; } }fclose ($fp);}\[/code\]?>