# 05 — Integrations ## MaxMind GeoIP - **Library**: Legacy MaxMind GeoIP (pre-GeoIP2) — uses `geoip_record_by_name()` and binary `.dat` databases - **Files**: `httpdocs/maxmind/assets/` stores the `.dat` files; `httpdocs/maxmind/inc/` provides PHP wrappers - **Used by**: `httpdocs/ip_zip.php` (ZIP lookup endpoint), `httpdocs/search/dsX/Addons/GeoIP.inc` (search-result geo-filtering) - **Data extracted**: country (`GEOIP_COUNTRY_EDITION=106`), region/state (`GEOIP_REGION_EDITION_REV1=3`), city (`GEOIP_CITY_EDITION_REV1=2`), postal code - **Limitations**: - Binary `.dat` format predates IPv6 — only IPv4 lookups work - DB files in `assets/` are almost certainly stale (no auto-update cron) - Modern replacement path: MaxMind GeoIP2 + the official PHP client, or a cached HTTP service ## YouPortal cross-reference Searchmercials shares a host with the YouPortal platform (`/var/www/html/youportal`). They interoperate via: - **Shared MySQL instance** — Searchmercials' `dbconnect.php` defines a parameter set for `youportal_aroundme_new`, giving direct DB access - **`ypbackfill_feed_data`** — 1-byte marker at the project root, accompanied by `.txt` (1.9 KB instructions) and `.curl` (empty placeholder). Suggests a scheduled backfill job that replicates listing/click data into YouPortal - **No REST API** between the two — integration is database-level, which is fast but couples schemas tightly **Action item**: document exactly which tables flow between the two schemas and on what cadence. The `.txt` hint file contains human notes; the actual cron entry (if any) lives outside this repo. ## Payment processors `httpsdocs/receive-payment.php` (16 KB) handles inbound payment callbacks from two providers. ### PayPal IPN (Instant Payment Notification) - Receives POST from PayPal's IPN system - Verifies by POSTing the full message back to PayPal with `cmd=_notify-validate` - On `VERIFIED`, updates `iweb_acct_deposits` ### Authorize.net CGI - Receives POST via Authorize.net's hosted CGI form - Validates transaction ID / hash - Same downstream write to `iweb_acct_deposits` Function `process_payment()` (line 82) abstracts both flows. **No modern providers**: no Stripe, no Square, no Apple/Google Pay. Both active providers (PayPal IPN, Authorize.net CGI) are legacy integrations that have been progressively deprecated by the vendors themselves. PayPal now pushes developers toward the REST API; Authorize.net prefers Accept.js / API-only flows. ## Video advertising pipeline Recent work (15+ commits from 2023–2024) added video ads on top of the legacy search engine: - Entry points: `httpdocs/search/results.php`, `httpdocs/search/inlinehor-media.php` - Player assets: `httpdocs/search/Player/` directory - Legacy Flash artifacts: `httpsdocs/validation/flv/video.flv` (sample FLV), client-side `httpdocs/includes/playvideo.js` - Recent commits reference category filtering, detail pages, bid-location selection **Player technology not fully identified** in the analysis pass. Evidence points to a custom HTML5 player rather than video.js / JW Player, but confirm by reading `httpdocs/search/Player/` contents before making claims. If the sibling YouPortal video errors (IMA SDK, VMAP `AdTagURI`) surface here too, this project likely shares the same player harness. ## Bot detection - **Library**: "Mini Bots" (CodeCanyon #6060864) - **File**: `httpdocs/classes_new/minibots.class.php` (55 KB) - **Use**: likely invoked during ad delivery / click logging to avoid billing advertisers for bot traffic - **Concerns**: - Uses `mysql_real_escape_string()` — fatal under PHP 7+ - Vendor library, original package folder retained (`codecanyon-6060864-mini-bots-php-class/`) - Updates require paid repurchase from CodeCanyon ## External HTTP calls - **`httpdocs/joe.php`** (1.1 KB): Probes Yellow Pages API (`pubapi.yp.com`) through a hardcoded internal proxy `10.0.0.49:3128`. **Appears to be a dev-time probe, not production wiring.** Delete or gate with authentication. - **PayPal verification**: outbound POST to PayPal from `receive-payment.php` for IPN validation - No outbound webhooks or async job queues detected ## Email No PHPMailer/Swift-mailer wiring visible at the scan depth used. The auth directory mentions PHPMailer as a present library but no concrete integration point was read. **Action item**: locate the transactional email path (password reset, payment receipts, payout confirmations) and document it. ## Key environmental assumptions - Apache + `.htaccess` overrides must be honored (otherwise `httpsdocs/_analysis/.htaccess` Deny rule is ignored) - MySQL/MariaDB at `127.0.0.1` - Writable filesystem under `httpdocs/submissions/`, `httpdocs/files/` - Symlink support in the filesystem (for `fixlinks.sh`) - PHP `geoip` extension **or** the bundled MaxMind wrapper in `maxmind/inc/`