<?php
$url        = 'http://www.website.nl/iDEAL.php';
$partnerID  = 12345; //Of gebruik mijn partnerID 15115 ;)
$testmode   = true;

$server     = '';
$username   = '';
$password   = '';
$database   = '';

$ipadresses = array ('82.94.203.80', '82.94.203.81', '82.94.203.82', '82.94.203.83', '82.94.203.84', '82.94.203.85', '82.94.203.86');

$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

if(mysql_connect($server, $username, $password))
{
    if(mysql_select_db($database))
    {
        if(!empty($_GET['payment_id']) && ctype_alnum($_GET['payment_id']))
        {
            $payment_id = mysql_real_escape_string($_GET['payment_id']);
            
            $query  = "SELECT transaction_id, amount, description, paid FROM payments WHERE payment_id = '".$payment_id."'";
            $result = mysql_query($query);
            
            if($result && mysql_num_rows($result) == 1)
            {
                $transaction = mysql_fetch_assoc($result);
                
                if(!empty($_GET['action']))
                {
                    switch($_GET['action'])
                    {
                        case 'start':
                            if($transaction['paid'] == 0)
                            {
                                echo '<p>Er is een betaling aangemaakt voor <b>&euro; '.number_format($transaction['amount']/100, 2, ', ', '.').'</b> met als beschrijving <b>'.$transaction['description'].'</b>.</p>';
                                
                                if($testmode)
                                {
                                    curl_setopt($ch, CURLOPT_URL, "http://www.mollie.nl/xml/ideal?a=banklist&testmode=true");
                                }else{
                                    curl_setopt($ch, CURLOPT_URL, "http://www.mollie.nl/xml/ideal?a=banklist");
                                }

                                $xml = new SimpleXMLElement(curl_exec($ch));
                                
                                echo '<form method="post" action="?action=redirect&payment_id='.$payment_id.'">';
                                echo '<label for="bank_id">Uw bank:</label><br />';
                                echo '<select name="bank_id">';
                                foreach($xml->bank as $bank)
                                {
                                    echo '<option value="'.$bank->bank_id.'">'.$bank->bank_name.'</option>';
                                }
                                echo '</select>';
                                echo '<input type="submit" name="verwerken" value="Verwerken"/>';
                                echo '</form>';
                            }else{
                                echo '<p>Sorry, deze transactie is reeds betaald!</p>';
                            }
                        break;
                    
                        case 'redirect':
                            if($transaction['paid'] == 0)
                            {
                                if($_SERVER['REQUEST_METHOD'] == "POST")
                                {
                                    if(!empty($_POST['bank_id']) && ctype_digit($_POST['bank_id']))
                                    {
                                        curl_setopt($ch, CURLOPT_URL, "http://www.mollie.nl/xml/ideal?a=fetch&partnerid=".$partnerID."&description=".urlencode($transaction['description'])."&reporturl=".urlencode($url.'?action=report&payment_id='.$payment_id)."&returnurl=".urlencode($url.'?action=return&payment_id='.$payment_id)."&amount=".$transaction['amount']."&bank_id=".$_POST['bank_id']."");
        
                                        $xml = new SimpleXMLElement(curl_exec($ch));
    
                                        if($xml->order->amount == $transaction['amount'])
                                        {
                                            $query = "UPDATE payments SET transaction_id = '".$xml->order->transaction_id."' WHERE payment_id = '".$payment_id."'";
                                            $result = mysql_query($query);
    
                                            if($result && mysql_affected_rows() == 1)
                                            {
                                                header('Location: '.$xml->order->URL);
                                            }else{
                                                echo '<p>Sorry, er is iets mis gegaan met het updaten van de database!</p>';
                                            }
                                        }else{
                                            echo '<p>Sorry, er is iets mis gegaan met de aanvraag van deze betaling!</p>';
                                        }
                                    }else{
                                        echo '<p>Sorry, er word een bank_id verwacht en deze dient numeriek te zijn!</p>';
                                    }
                                }
                            }else{
                                echo '<p>Sorry, deze transactie is reeds betaald!</p>';
                            }
                        break;
                    
                        case 'report':
                            if(in_array($_SERVER['REMOTE_ADDR'], $ipadresses))
                            {
                                if(!empty($_GET['transaction_id']) && ctype_alnum($_GET['transaction_id']))
                                {
                                    if($testmode)
                                    {
                                        curl_setopt($ch, CURLOPT_URL, "http://www.mollie.nl/xml/ideal?a=check&partnerid=".$partnerID."&transaction_id=".$_GET['transaction_id']."&testmode=true");
                                    }else{
                                        curl_setopt($ch, CURLOPT_URL, "http://www.mollie.nl/xml/ideal?a=check&partnerid=".$partnerID."&transaction_id=".$_GET['transaction_id']."");
                                    }
                                    
                                    $xml = new SimpleXMLElement(curl_exec($ch));

                                    if((string) $xml->order->payed == 'true')
                                    {
                                        $query = "UPDATE payments SET paid = 1 WHERE payment_id = '".$payment_id."' AND transaction_id = '".mysql_real_escape_string($_GET['transaction_id'])."'";
                                        $result = mysql_query($query);
                                    }
                                }
                            }
                        break;
                    
                        case 'return':
                            if(!empty($_GET['transaction_id']) && ctype_alnum($_GET['transaction_id']))
                            {
                                $query   = "SELECT paid FROM payments WHERE payment_id = '".$payment_id."' AND transaction_id = '".mysql_real_escape_string($_GET['transaction_id'])."' AND paid = 1";
                                $result  = mysql_query($query);
                                
                                if($result && mysql_num_rows($result) == 1)
                                {
                                    echo '<p>Gelukt! De betaling is succesvol ontvangen!</p>';
                                }else{
                                    echo '<p>Sorry, de betaling is niet succesvol ontvangen!</p>';
                                }
                            }else{
                                echo '<p>Sorry, er word een transaction_id verwacht en deze dient alphanumeriek te zijn!</p>';
                            }
                        break;
                    
                        default:
                            echo 'Sorry, deze actie word niet herkend!';
                        break;
                    }
                }else{
                    echo '<p>Sorry, er word een actie verwacht!</p>';
                }
            }else{           
                echo '<p>Sorry, dit payment_id bestaat niet!</p>';
            }
        }else{
            //echo '<p>Sorry, er word een payment_id verwacht en deze dient alphanumeriek te zijn!</p>';
            
            $code = md5(rand(000000,999999).microtime());
            
            $query = "INSERT INTO payments (payment_id, amount, description, ipadress) VALUES ('".$code."', ".rand(1000,2500).", 'Dit is een omschrijving!', '".$_SERVER['REMOTE_ADDR']."')";
            $result = mysql_query($query);
            
            if($result && mysql_affected_rows() == 1)
            {
                header('Location: '.$url.'?action=start&payment_id='.$code.'');
            }
        }
    }else{
        echo '<p>Sorry, er kon geen verbinding gemaakt worden met de database!</p>';
    }
}else{
    echo '<p>Sorry, er kon geen verbinding gemaakt worden met de databaseserver!</p>';
}

curl_close($ch);
?>