I'm developing an IPN response page but seems there're some problem:
I receive correctly Paypal post data, when I send data do get confirm, Paypal does not respond!
here's my PHP code:
$paypal_url = "www.sandbox.paypal.com";
$url = "https://" . $paypal_url . "/cgi-bin/webscr";
$req = 'cmd=_notify-validate'; // Add 'cmd=_notify-validate' to beginning of the acknowledgement
foreach ($_POST as $key => $value)
{ // Loop through the notification NV pairs
$value = urlencode(stripslashes($value)); // Encode these values
$req .= "&$key=$value"; // Add the NV pairs to the acknowledgement
}
$header =
"POST /cgi-bin/webscr HTTP/1.0\r\n" .
"Host: www.sandbox.paypal.com\r\n" .
"Content-Type: application/x-www-form-urlencoded\r\n" .
"Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);
fputs($fp, $header . $req."\r\n\r\n");
$counter = 0;
while (!feof($fp))
{
$res = $res . fgets($fp, 1024);
$counter++;
if($counter > 10)break;
}
fclose($fp);
$tfile=fopen("text.txt","a+");
fwrite($tfile,$req . "\r\n");
fwrite($tfile,$res . "\r\n");
fclose($tfile);
On my text.txt test file :
cmd=_notify- validate&mc_gross=0.02&protection_eligibility=Eligible&address_status=unconfirmed&item_number1=&payer_id=M4DXNVMDFB8TY&tax=0.00&address_street=Gandhi+5%0D%0ABO&payment_date=01%3A05%3A50+Feb+19%2C+2016+PST&payment_status=Completed&charset=windows-1252&address_zip=40069&mc_shipping=0.00&mc_handling=0.00&first_name=test&mc_fee=0.02&address_country_code=IT&address_name=test+facilitator¬ify_version=3.8&custom=56&payer_status=verified&business=andreafilippini90%40gmail.com&address_country=Italy&num_cart_items=1&mc_handling1=0.00&address_city=Zola+Predosa&verify_sign=AAllE9FA13ABhVwJYLWEzvptA49cACmRumx.SAuIktyCdTEuwgwrBDOF&payer_email=andreafilippini90-facilitator%40gmail.com&mc_shipping1=0.00&tax1=0.00&txn_id=2XL26853PJ6650947&payment_type=instant&payer_business_name=test+facilitator%27s+Test+Store&last_name=facilitator&address_state=&item_name1=lol&receiver_email=andreafilippini90%40gmail.com&payment_fee=&quantity1=1&receiver_id=36AE5DEXKKHSY&txn_type=cart&mc_gross_1=0.02&mc_currency=EUR&residence_country=IT&test_ipn=1&transaction_subject=&payment_gross=&ipn_track_id=436b4ca66c696
HTTP/1.1 200 OK
Date: Fri, 19 Feb 2016 09:05:59 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Set-Cookie: c9MWDuvPtT9GIMyPc3jwol1VSlO=B2WFzbH6YM2Qyocy2U8eFnZLXwNKbE5H6baCy7qZWiquQveA1SY6UXyZGdfVwZhcRZgDRdhebwuzWFRSDj-JjwIGDp30AX8j3Ps5vhehIHBj7BlRSHWnIDfGq1pdF2_4Ffl6U9PpApn2XMxLLOHKuaJ3avnkqrE7ZZBw9dqp1RtWr6t60ZSDuSrek2zMtn08YXZ7thh1wF88X-1wqF1u3e6pDEZKeDuUOvSxut-QuRsEwIcNSJmDkmbdqAUYASBlgTNG1TolLzQgt3FbOVOI-zXfyu1uDk9BWlgAYpxL_XL00vjCVaX6iYkdC98OXbfhj2mnJvlWxFjbPiDjCKamWlD84U_EeV7GhjUbN5qns_F5OSMbXBm0erybHvlGMTCIJ53-j8FSw68imXw6WkM6Fzl_bq67Zle08eDb3mhLuzekpw_Xg-CpL5TMZne; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: cookie_check=yes; expires=Mon, 16-Feb-2026 09:06:00 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navcmd=_notify-validate; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Sun, 18-Feb-2018 09:06:00 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: Apache=10.72.108.11.1455872759947539; path=/; expires=Sun, 11-Feb-46 09:05:59 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Any idea??
Why it does not respond?
Thank you.
This is the Verify Request step with IPN so you're getting the data that PayPal has POSTed to your IPN script and sending it back to PayPal to verify it; this step does fail occasionally btw even if everything is correct so you have to prepare to handle that.
You can do this with a cURL call that looks like:
//Sandbox URL
$sURL = 'https://www.sandbox.paypal.com/cgi-bin/webscr';
//QueryString
$sQueryString = "cmd=_notify-validate";
foreach($_POST as $sPostKey => $sPostData) { $sQueryString .= "&{$sPostKey}={$sPostData}"; }
//Open the cURL session
$hCurl = curl_init();
//set cURL options
curl_setopt($hCurl, CURLOPT_URL, $sURL); //URI
curl_setopt($hCurl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); //HTTP version
curl_setopt($hCurl, CURLOPT_HEADER, 0); //no HTTP headers
curl_setopt($hCurl, CURLOPT_POST, 1); //REQUEST => POST
curl_setopt($hCurl, CURLOPT_POSTFIELDS, $sQueryString); //POST data
curl_setopt($hCurl, CURLOPT_RETURNTRANSFER, 1); //return raw data to script rather than browser
curl_setopt($hCurl, CURLOPT_TIMEOUT, 60); //set timeout
curl_setopt($hCurl, CURLOPT_FORBID_REUSE, 1);
curl_setopt($hCurl, CURLOPT_HTTPHEADER, array('Connection: Close'));
//ensure that cURL is using the server IP address
curl_setopt($hCurl, CURLOPT_INTERFACE, $_SERVER['SERVER_ADDR']);
//The next two lines must be present for the kit to work with newer version of cURL
//You should remove them if you have any problems in earlier versions of cURL
curl_setopt($hCurl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($hCurl, CURLOPT_SSL_VERIFYHOST, 2);
//post and retrieve the response
$sRawResponse = trim(curl_exec($hCurl));
//throw Exceptions if cURL failed
if(curl_error($hCurl)) { throw new Exception(curl_error($hCurl), E_USER_ERROR); }
if(!$sRawResponse) { throw new Exception("No response from PayPal - cURL possibly failed"); }
//close the cURL handle
curl_close($hCurl);
At the end of which you should have the response back from PayPal stored in the $sRawResponse variable which, if everything has gone according to plan, should simply have the word VERIFIED in it.
Related
I've tried to send a CSV File to eBay FileExchange Service.
I'm writing an application to update a lot of products on eBay at the same time.
When I upload the test.csv by using the eBay CSV-Manager the update will be success, but with the script nothing will happens after post the data.
I've treid the following steps:
Create a separate token for FileExchange.
https://signin.ebay.de/ws/eBayISAPI.dll?SignIn&runame=F-FILEEXL51P1EHH6L899Q9B969GE134DK-FileUpload
Then I use the following script:
$token = 'AgAAAA**AQAAAA**aAAAAA************';
$ebay_url = 'https://bulksell.ebay.com/ws/eBayISAPI.dll?FileExchangeUpload';
$sendheaders = array(
'User-Agent: My Client App v1.0'
);
$fields = array(
'token' => $token,
'file' => '#test.csv'
);
$ch = curl_init($ebay_url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HEADER, 1); // set to 0 to eliminate header info from response
curl_setopt($ch, CURLOPT_NOBODY, 0); // set to 1 to eliminate body info from response
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); // use HTTP/1.0 instead of 1.1
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // Returns response data instead of TRUE(1)
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); // uncomment this line if you get no gateway response. ###
curl_setopt($ch, CURLOPT_HTTPHEADER, $sendheaders);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields); // use HTTP POST to send form data
$resp = curl_exec($ch); //execute post and get results
if(!curl_exec($ch)) {
die('Error: ' . curl_error($ch) . ' - Code: ' . curl_errno($ch));
}
curl_close ($ch);
I've used this csv File-format (test.csv)
Action;ItemID;DispatchTimeMax
Revise;28*********916;30
The results after post:
print_r($resp);
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: dp1=bu1p/QEBfX0BAX19AQA**617d3da3^bl/DE617d3da3^; Domain=.ebay.com; Expires=Sat, 30-Oct-2021 12:42:11 GMT; Path=/
Set-Cookie: s=CgAD4ACBdvCgjMjFkNjZkMDcxNmUwYTBmMTc1MTA0ZmEwZmZmYjEyZWFY39RE; Domain=.ebay.com; Path=/
Set-Cookie: nonsession=CgADKACBhfT2jMjFkNjZkMDcxNmUwYTBmMTc1MTA0ZmEwZmZmYjEyZWIAywABXbrdqzHTwXKU; Domain=.ebay.com; Expires=Sat, 30-Oct-2021 12:42:11 GMT; Path=/
Cache-Control: private
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Content-Length: 731
Date: Thu, 31 Oct 2019 12:42:11 GMT
Connection: keep-alive
File upload successful. Your ref # is .
Close
Thanks for helping me.
I have found a solution:
Obviously at php 7.1 the # has no effect, and the file post ist empty to ebay.
I use the curl_file_create function and it's work.
if (!function_exists('curl_file_create'))
{
function curl_file_create($filename, $mimetype = '')
{
return "#$filename;filename="
. ($mimetype ? ";type=$mimetype" : '');
}
}
$fields = array(
"token" => $token,
"file" => curl_file_create ($_GET['filename'], 'text/csv')
);
Hope that help's anybody.
Sorry to have to ask this again - but none of the options ive tried work for me..
Below is my listener code:
Note i have done the following to the ipn file (from paypal github) - without these issues i got an SSL error in log file.
1. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);//1 - changed
2. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);//2 - changed
3. curl_setopt($ch, CURLOPT_SSLVERSION, 6); // - added
4. added the CURL headers after default CURL options
The SendBasicEmail is a email function that just sends me the POST data.
I have also worked thru the Paypal troubleshooting guide, the URL is correct and the two name/value url paragraphs in the log file (see below) are also perfectly identical..
This is on a SHared hostgator account - Im not getting any php errors, and ive set the charset of the sandbox to utf-8..
Im getting the correct values sent by the IPN simulator, but the IPN keeps just saying INVALID without any rhyme or reason..
My ipn.log file has the following:
[2016-05-27 08:13 America/Chicago] HTTP request of validation request:POST /cgi-bin/webscr HTTP/1.1
Accept: */*
Content-Type:application/x-www-form-urlencoded
Host: www.sandbox.paypal.com
Content-Length: 934
Connection: close
for IPN payload: cmd=_notify-validate&payment_type=instant&payment_date=Fri+May+27+2016+15%3A08%3A35+GMT+0200+%28South+Africa+Standard+Time%29&payment_status=Completed&address_status=confirmed&payer_status=verified&first_name=John&last_name=Smith&payer_email=buyer%40paypalsandbox.com&payer_id=TESTBUYERID01&address_name=John+Smith&address_country=United+States&address_country_code=US&address_zip=95131&address_state=CA&address_city=San+Jose&address_street=123+any+street&business=seller%40paypalsandbox.com&receiver_email=seller%40paypalsandbox.com&receiver_id=seller%40paypalsandbox.com&residence_country=US&item_name1=something&item_number1=AK-1234&tax=2.02&mc_currency=USD&mc_fee=0.44&mc_gross=12.34&mc_gross_1=12.34&mc_handling=2.06&mc_handling1=1.67&mc_shipping=3.02&mc_shipping1=1.02&txn_type=cart&txn_id=429875949¬ify_version=2.1&custom=xyz123&invoice=abc1234&test_ipn=1&verify_sign=AoVeQZD-CT8vDxSGDZcG6pciC5eEAcQRkIs5dl-N0cnLYMm89A4qOJ7B
[2016-05-27 08:13 America/Chicago] HTTP response of validation request: HTTP/1.1 200 OK
Date: Fri, 27 May 2016 13:13:01 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Set-Cookie: c9MWDuvPtT9GIMyPc3jwol1VSlO=0g7tVdxHaY6Zg55enbaKcWevON6OjuZOp-9GlUHpUmFZPDdL2ctJ_ipwOgPQtZgsJB37HUmD6-vfYr2TmKpcq6CrX81SyThtTxD_VPiGzhTpF0velEglL5BnltyBzDVI8wzJOQgyWxio60HFFGxVd67xy6e088O7CBWNS9i64IuHjc2jAux4dD7NU1zU7kvgsDLCFjW08ibZ1gQzEU3EafhMQpg7q_q8ntofjs1SXs_a-V1GiVueQQDN5eQALgvk_T2iwg51Gv630VvftWPJSnr3N2hqsW6gshwJY3ctvkR4bs9k_kS8rWYBkTxE1zqwwmSA9MdS_izc35-mwEzD8bKp3Xlyoc1FREU4wo-fnCzun6YPRZKaCDBzvY6O9smT9-k5b4nt6pnOcCikDTbZ4r0DAJu-XaJUK9mGnG; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: cookie_check=yes; expires=Mon, 25-May-2026 13:13:01 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navcmd=_notify-validate; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Sun, 27-May-2018 13:13:01 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: Apache=10.72.108.11.1464354781199222; path=/; expires=Sun, 20-May-46 13:13:01 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
HTTP_X_PP_AZ_LOCATOR: sandbox.slc
Paypal-Debug-Id: 96473e862c576
Set-Cookie: X-PP-SILOVER=name%3DSANDBOX3.WEB.1%26silo_version%3D1880%26app%3Dappdispatcher%26TIME%3D3712436311%26HTTP_X_PP_AZ_LOCATOR%3Dsandbox.slc; Expires=Fri, 27 May 2016 13:43:01 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: X-PP-SILOVER=; Expires=Thu, 01 Jan 1970 00:00:01 GMT
Strict-Transport-Security: max-age=14400
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
INVALID
[2016-05-27 08:13 America/Chicago] Invalid IPN: cmd=_notify-validate&payment_type=instant&payment_date=Fri+May+27+2016+15%3A08%3A35+GMT+0200+%28South+Africa+Standard+Time%29&payment_status=Completed&address_status=confirmed&payer_status=verified&first_name=John&last_name=Smith&payer_email=buyer%40paypalsandbox.com&payer_id=TESTBUYERID01&address_name=John+Smith&address_country=United+States&address_country_code=US&address_zip=95131&address_state=CA&address_city=San+Jose&address_street=123+any+street&business=seller%40paypalsandbox.com&receiver_email=seller%40paypalsandbox.com&receiver_id=seller%40paypalsandbox.com&residence_country=US&item_name1=something&item_number1=AK-1234&tax=2.02&mc_currency=USD&mc_fee=0.44&mc_gross=12.34&mc_gross_1=12.34&mc_handling=2.06&mc_handling1=1.67&mc_shipping=3.02&mc_shipping1=1.02&txn_type=cart&txn_id=429875949¬ify_version=2.1&custom=xyz123&invoice=abc1234&test_ipn=1&verify_sign=AoVeQZD-CT8vDxSGDZcG6pciC5eEAcQRkIs5dl-N0cnLYMm89A4qOJ7B
Below is my ipn listener file:
//Begin IPN FILE
// CONFIG: Enable debug mode. This means we'll log requests into 'ipn.log' in the same directory.
// Especially useful if you encounter network errors or other intermittent problems with IPN (validation).
// Set this to 0 once you go live or don't require logging.
define("DEBUG", 1);
// Set to 0 once you're ready to go live
define("USE_SANDBOX", 1);
define("LOG_FILE", "./ipn.log");
// Read POST data
// reading posted data directly from $_POST causes serialization
// issues with array data in POST. Reading raw POST data from input stream instead.
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
$keyval = explode ('=', $keyval);
if (count($keyval) == 2)
$myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
$get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {
if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
$value = urlencode(stripslashes($value));
} else {
$value = urlencode($value);
}
$req .= "&$key=$value";
}
// Post IPN data back to PayPal to validate the IPN data is genuine
// Without this step anyone can fake IPN data
if(USE_SANDBOX == true) {
$paypal_url = "https://www.sandbox.paypal.com/cgi-bin/webscr";
} else {
$paypal_url = "https://www.paypal.com/cgi-bin/webscr";
}
$ch = curl_init($paypal_url);
if ($ch == FALSE) {
return FALSE;
}
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);//1
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);//2
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_SSLVERSION, 6);
$headers= array('POST /cgi-bin/webscr HTTP/1.0',
'Content-Type:application/x-www-form-urlencoded',
'Host: www.sandbox.paypal.com',
"Content-Length: " . strlen($req),
'Connection: close'
);
curl_setopt($ch,CURLOPT_HTTPHEADER, $headers);
if(DEBUG == true) {
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLINFO_HEADER_OUT, 1);
}
// CONFIG: Optional proxy configuration
//curl_setopt($ch, CURLOPT_PROXY, $proxy);
//curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
// Set TCP timeout to 30 seconds
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
#curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
// CONFIG: Please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
// of the certificate as shown below. Ensure the file is readable by the webserver.
// This is mandatory for some environments.
//$cert = __DIR__ . "./cacert.pem";
//curl_setopt($ch, CURLOPT_CAINFO, $cert);
$res = curl_exec($ch);
if (curl_errno($ch) != 0) // cURL error
{
if(DEBUG == true) {
error_log(date('[Y-m-d H:i e] '). "Can't connect to PayPal to validate IPN message: " . curl_error($ch) . PHP_EOL, 3, LOG_FILE);
}
curl_close($ch);
exit;
} else {
// Log the entire HTTP response if debug is switched on.
if(DEBUG == true) {
error_log(date('[Y-m-d H:i e] '). "HTTP request of validation request:". curl_getinfo($ch, CURLINFO_HEADER_OUT) ." for IPN payload: $req" . PHP_EOL, 3, LOG_FILE);
error_log(date('[Y-m-d H:i e] '). "HTTP response of validation request: $res" . PHP_EOL, 3, LOG_FILE);
}
curl_close($ch);
}
SendBasicEmail("fran#strike1.co.za","res",strcmp (var_dump($raw_post_array), "VERIFIED"));
// Inspect IPN validation result and act accordingly
// Split response headers and payload, a better way for strcmp
$tokens = explode("\r\n\r\n", trim($res));
$res = trim(end($tokens));
if (strcmp ($res, "VERIFIED") == 0) {
// check whether the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your PayPal email
// check that payment_amount/payment_currency are correct
// process payment and mark item as paid.
// assign posted variables to local variables
//$item_name = $_POST['item_name'];
//$item_number = $_POST['item_number'];
//$payment_status = $_POST['payment_status'];
//$payment_amount = $_POST['mc_gross'];
//$payment_currency = $_POST['mc_currency'];
//$txn_id = $_POST['txn_id'];
//$receiver_email = $_POST['receiver_email'];
//$payer_email = $_POST['payer_email'];
SendBasicEmail("fran#strike1.co.za", "IPN DATA - Pass", "$ipnrows");
if(DEBUG == true) {
error_log(date('[Y-m-d H:i e] '). "Verified IPN: $req ". PHP_EOL, 3, LOG_FILE);
}
} else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
// Add business logic here which deals with invalid IPN messages
SendBasicEmail("fran#strike1.co.za", "IPN DATA - Fail", "$ipnrows");
if(DEBUG == true) {
error_log(date('[Y-m-d H:i e] '). "Invalid IPN: $req" . PHP_EOL, 3, LOG_FILE);
}
}
//END IPN FILE
Finally found the issue!!
After scratching around hordes of other peoples posts with the same issues for days - I found many were using a preg_replace to remove the url encoded characters (%) from the paypal post variable values..
Assuming you have double checked u dont have php syntax errors and not getting a php error.log file created when running the ipn simulator - look inside the ipn.log file (or email yourself the output of $req from the ipn listener)...
mail("*email#what.where*","Ipn Res", curl_getinfo($ch, CURLINFO_HEADER_OUT) .$res );
Look for any characters beginning with % -
look at my example above:
payment_date=Fri+May+27+2016+15**%3A**08**%3**A35+GMT+0200+
The default IPN simulator was adding a whole lot of rubbish timezone trash that was causing a variety of % (url encoded) values that were failing my ipn.
(Note I had already changed my encoding to utf-8 in the account settings)
I replaced the default IPN date field with a regular php date and all worked - FINALLY!
So - make sure you arent getting any % values in the post url and all should be good!
Also - I had to change these options to also pass:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);//1 - changed
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);//2 - changed
curl_setopt($ch, CURLOPT_SSLVERSION, 6); // - added
I'm having trouble with Paypal IPN. I'm using the IPN script from github:
Script link
This is the php code for the script:
<?php
// CONFIG: Enable debug mode. This means we'll log requests into 'ipn.log' in the same directory.
// Especially useful if you encounter network errors or other intermittent problems with IPN (validation).
// Set this to 0 once you go live or don't require logging.
define("DEBUG", 1);
// Set to 0 once you're ready to go live
define("USE_SANDBOX", 0);
define("LOG_FILE", "./ipn.log");
// Read POST data
// reading posted data directly from $_POST causes serialization
// issues with array data in POST. Reading raw POST data from input stream instead.
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
$keyval = explode ('=', $keyval);
if (count($keyval) == 2)
$myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
$get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {
if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
$value = urlencode(stripslashes($value));
} else {
$value = urlencode($value);
}
$req .= "&$key=$value";
}
// Post IPN data back to PayPal to validate the IPN data is genuine
// Without this step anyone can fake IPN data
if(USE_SANDBOX == true) {
$paypal_url = "https://www.sandbox.paypal.com/cgi-bin/webscr";
} else {
$paypal_url = "https://www.paypal.com/cgi-bin/webscr";
}
$ch = curl_init($paypal_url);
if ($ch == FALSE) {
return FALSE;
}
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
if(DEBUG == true) {
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLINFO_HEADER_OUT, 1);
}
// CONFIG: Optional proxy configuration
//curl_setopt($ch, CURLOPT_PROXY, $proxy);
//curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
// Set TCP timeout to 30 seconds
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
// CONFIG: Please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
// of the certificate as shown below. Ensure the file is readable by the webserver.
// This is mandatory for some environments.
//$cert = __DIR__ . "./cacert.pem";
//curl_setopt($ch, CURLOPT_CAINFO, $cert);
$res = curl_exec($ch);
if (curl_errno($ch) != 0) // cURL error
{
if(DEBUG == true) {
error_log(date('[Y-m-d H:i e] '). "Can't connect to PayPal to validate IPN message: " . curl_error($ch) . PHP_EOL, 3, LOG_FILE);
}
curl_close($ch);
exit;
} else {
// Log the entire HTTP response if debug is switched on.
if(DEBUG == true) {
error_log(date('[Y-m-d H:i e] '). "HTTP request of validation request:". curl_getinfo($ch, CURLINFO_HEADER_OUT) ." for IPN payload: $req" . PHP_EOL, 3, LOG_FILE);
error_log(date('[Y-m-d H:i e] '). "HTTP response of validation request: $res" . PHP_EOL, 3, LOG_FILE);
}
curl_close($ch);
}
// Inspect IPN validation result and act accordingly
// Split response headers and payload, a better way for strcmp
$tokens = explode("\r\n\r\n", trim($res));
$res = trim(end($tokens));
if (strcmp ($res, "VERIFIED") == 0) {
// check whether the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your PayPal email
// check that payment_amount/payment_currency are correct
// process payment and mark item as paid.
// assign posted variables to local variables
//$item_name = $_POST['item_name'];
//$item_number = $_POST['item_number'];
//$payment_status = $_POST['payment_status'];
//$payment_amount = $_POST['mc_gross'];
//$payment_currency = $_POST['mc_currency'];
//$txn_id = $_POST['txn_id'];
//$receiver_email = $_POST['receiver_email'];
//$payer_email = $_POST['payer_email'];
if(DEBUG == true) {
error_log(date('[Y-m-d H:i e] '). "Verified IPN: $req ". PHP_EOL, 3, LOG_FILE);
}
} else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
// Add business logic here which deals with invalid IPN messages
if(DEBUG == true) {
error_log(date('[Y-m-d H:i e] '). "Invalid IPN: $req" . PHP_EOL, 3, LOG_FILE);
}
}
?>
...with my post-processing code being after the verifiy check
if (strcmp ($res, "VERIFIED") == 0) {
When someone pays via Paypal, everything seems to work in terms of my site receiving the IPN data and processing it. However, when I check the IPN logs in Paypal it has a status code of 500 (internal server error) and keeps resending the IPN data.
I have no idea why this is happening. This same IPN script (or close variations) are all over the net so I presume the script is fine.
Here is the log file recorded by the script:
[2015-08-15 13:31 Europe/London] HTTP request of validation request:POST /cgi-bin/webscr HTTP/1.1
Host: www.paypal.com
Accept: */*
Connection: Close
Content-Length: 1014
Content-Type: application/x-www-form-urlencoded
for IPN payload: cmd=_notify-validate&mc_gross=4.95&protection_eligibility=Eligible&address_status=unconfirmed&payer_id=--------&tax=0.00&address_street=------&payment_date=05%3A25%3A51+Aug+15%2C+2015+PDT&payment_status=Completed&charset=windows-1252&address_zip=------&first_name=-----&mc_fee=0.27&address_country_code=ES&address_name=-----¬ify_version=3.8&custom=&payer_status=verified&business=--------&address_country=Spain&address_city=-------&quantity=1&verify_sign=AEWexEu2HAXvtIxtV.FjJ4XDJIdfA8MGuWBu9unU4dGBd7qVw2YL2a0p&payer_email=--------&txn_id=-------&payment_type=instant&payer_business_name=------&last_name=W----&address_state=------&receiver_email=--------&payment_fee=&receiver_id=-------&txn_type=web_accept&item_name=---------&mc_currency=GBP&item_number=------&residence_country=GB&handling_amount=0.00&transaction_subject=&payment_gross=&shipping=0.00&ipn_track_id=--------
[2015-08-15 13:31 Europe/London] HTTP response of validation request: HTTP/1.1 200 OK
Server: Apache
X-Frame-Options: SAMEORIGIN
Paypal-Debug-Id: 85e8fa12ae5b4
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
DC: slc-origin-www.paypal.com
Date: Sat, 15 Aug 2015 12:31:22 GMT
Content-Length: 8
Connection: close
Set-Cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=GsUqRUQy6PV-FIg6NZNaoWTmld6up9P1KKqndXexz_jj_zeAZ4x0Kn30L4uIpy__dU4bnuACyaC89S34gzVIGmA2RmA8EBSoiH6oFumGT1YG-PxlbiMrDzyyNIjAnfFEJ0XPZmwovk7hutZlJannbvBOGibCAawKZ3rpqkphLxNrDZR-AZa0OAwjsUNEJtcy8gxroi8dbImfynYwQxhP_tTP1422-p2gLl8hxdhVqzO1PgDbCALd3kqfM67UCXZ0TVNpr5Pi84KsVZkZ1X00PblzKmbsFJ8vS7wbmocXEJveA6o1mPllq-qKO9MOEppBM0IxMS8rbwafRFDBzkFepW_gsNCkQPAATYNkLS6PTiBYMzL5-VV4ku_b4xTAsT_q4cotE5q4d-hqH1sE4fkdbql8HGCNwIiq2RpYrsI00nmMDrkGmZbHMV02BMG; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: cookie_check=yes; expires=Tue, 12-Aug-2025 12:31:22 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navcmd=_notify-validate; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Mon, 14-Aug-2017 12:31:22 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: Apache=10.16.0.147.1439641881720232; path=/; expires=Mon, 07-Aug-45 12:31:21 GMT
Set-Cookie: X-PP-SILOVER=name%3DLIVE9.WEB.1%26silo_version%3D880%26app%3Dappdispatcher%26TIME%3D422694741; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: X-PP-SILOVER=; Expires=Thu, 01 Jan 1970 00:00:01 GMT
Set-Cookie: Apache=10.16.0.206.1439641881713999; path=/; expires=Mon, 07-Aug-45 12:31:21 GMT
Set-Cookie: AKDC=slc-origin-www.paypal.com; expires=Sat, 15-Aug-2015 13:01:22 GMT; path=/; secure
Strict-Transport-Security: max-age=63072000
VERIFIED
Does anyone know why I could be getting this 500 error?
I've searched the net for a solution but can't find out what's wrong.
Thanks
Try to put a "/" at the end of the url.
Example:
The URL http:///paypal/notify gives the error status 500 but the URL http:///paypal/notify/ works fine.
I'm experiencing some problems with my paypal ipn script:
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
// post back to PayPal system to validate
$header = '';
$header = "POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Host: www.paypal.com\r\n";
$header .= "Connection: close\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen('ssl://www.paypal.com', 443, $errno, $errstr, 30);
if (!$fp) {
// HTTP ERROR
}
else {
fputs ($fp, $header . $req);
$response = '';
while (!feof($fp)) {
$res = fgets ($fp, 1024);
$res = trim($res);
if (strpos($res,'VERIFIED') !== false) {
}
else {
// not verified
}
}
}
if (strpos($res,'VERIFIED') !== false) is always false.
This is what $res returns:
HTTP/1.1 200 OK
Server: Apache
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=14400
Strict-Transport-Security: max-age=14400
Content-Type: text/html; charset=UTF-8
DC: slc-a-origin-www-1.paypal.com
Date: Thu, 27 Feb 2014 20:50:47 GMT
Content-Length: 8
Connection: close
Set-Cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=KVmAID_U9eq9TG0lkX119TL840BG6Xau98CeIZX3jTQTx9a4uGno9gxDJGS6VrX8CoBQnj9_n7cUnfeLjb8bD_pyJvE1_XJY5j-Sl5dVIROlu-Cn3_PmfiwL1S0RB-hCOCJzLNIzLsV7H4_xyZg7u4eCzBKTZdlfRru95teI1r2A2tFCtNcYgejjmUHfHzy4nSMco604T_4OJZX_6PvoheXYKqj8tOR_hNW_s3057XoT0wbqzwWA0YI00DZRoRocUuY77_hR6THpxJ6ZnekN3nrdsh74z4XvF39eaf2kdQLGKArjel4sFCAFtmO0NkVQs7VOM_upvhbruJQdm94oOue4UWUpx2NQMUE2JWYNgrgUaBliTrzbFgWOLFidJ1bNJoopcthU5nDUFDXDka7_JSRL44rPMWS0o0kLQIZDnfTiVqhdZsnWNT6wxH4; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: cookie_check=yes; expires=Sun, 25-Feb-2024 20:50:47 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navcmd=_notify-validate; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Sat, 27-Feb-2016 20:50:47 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: Apache=10.73.8.134.1393534247185146; path=/; expires=Sat, 20-Feb-44 20:50:47 GMT
Set-Cookie: X-PP-SILOVER=name%3DLIVE5.WEB.1%26silo_version%3D880%26app%3Dslingshot%26TIME%3D665128787; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: X-PP-SILOVER=; Expires=Thu, 01 Jan 1970 00:00:01 GMT
Set-Cookie: Apache=10.73.8.46.1393534247177026; path=/; expires=Sat, 20-Feb-44 20:50:47 GMT
Set-Cookie: AKDC=slc-a-origin-www-1.paypal.com; expires=Thu, 27-Feb-2014 21:20:47 GMT; path=/; secure
A few possible things, based off a working example I'm using...
You might be running into serialization issues.
You're posting back to ssl://www.paypal.com instead of https://www.paypal.com/cgi-bin/webscr
There may be a problem with the way you're checking for verification? My example uses strcmp() instead of strpos()
// read raw POST data to prevent serialization issues w/ $_POST
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
$keyval = explode ('=', $keyval);
if (count($keyval) == 2)
$myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($myPost as $key => $value) {
if (get_magic_quotes_gpc()) {
$value = urlencode(stripslashes($value));
} else {
$value = urlencode($value);
}
$req .= "&$key=$value";
}
// Post IPN back to PayPal to validate the IPN data is genuine
$paypal_url = 'https://www.paypal.com/cgi-bin/webscr';
$ch = curl_init($paypal_url);
if ($ch == false) {
return false;
}
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
// Set TCP timeout to 30 seconds
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
// CONFIG: Please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
// of the certificate as shown below. Ensure the file is readable by the webserver.
// This is mandatory for some environments.
// $cert = __DIR__ . "./cacert.pem";
// curl_setopt($ch, CURLOPT_CAINFO, $cert);
$res = curl_exec($ch);
curl_close($ch);
// Inspect IPN validation result and act accordingly
if (strcmp($res, "VERIFIED") == 0) {
// good to go...
}
References:
https://developer.paypal.com/webapps/developer/docs/classic/products/instant-payment-notification/
http://paypal.github.io/sdk/sample-apps/
today I was trying something using 'lib cURL' when I got this weird error, I cannot found a solution for this, can you help me to figure it out?
<?php
set_time_limit(0);
class cURL
{
var $content;
var $cookie;
var $headers = array();
var $ch;
var $data;
var $info;
var $httpcode;
var $proxy_ip;
var $proxy_port;
var $cookie_f;
function __construct($cookie = '')
{
if (!empty($cookie)) {
$this->cookie_f = $cookie;
}
}
function setproxy($proxy)
{
list($ip, $porta) = explode(":", $proxy);
$this->proxy_ip = $ip;
$this->proxy_port = $porta;
}
function setcookie($cookie)
{
$this->cookie = $cookie;
}
function open($type, $url)
{
$this->ch = curl_init();
curl_setopt($this->ch, CURLOPT_URL, $url);
curl_setopt($this->ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($this->ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($this->ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($this->ch, CURLOPT_HEADER, true);
//curl_setopt($this->ch, CURLOPT_HTTPHEADER, array("Content-type: application/x-www-form-urlencoded", "Content-length: 216"));
curl_setopt($this->ch, CURLOPT_ENCODING, "");
curl_setopt($this->ch, CURLOPT_COOKIEFILE, getcwd() . '/cookies.cookie');
curl_setopt($this->ch, CURLOPT_COOKIEJAR, getcwd() . '/cookies.cookie');
curl_setopt($this->ch, CURLOPT_USERAGENT, "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.2.18) Gecko/20110614 Firefox/3.6.18");
if (strtolower($type) == 'post') {
curl_setopt($this->ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($this->ch, CURLOPT_POST, 1);
curl_setopt($this->ch, CURLOPT_POSTFIELDS, $this->data);
curl_setopt($this->ch, CURLOPT_HEADER, true);
}
$this->content = curl_exec($this->ch);
curl_close($this->ch);
return $this->content;
}
}
?>
<?php
$curll = New cURL;
$curll ->setCookie = "cookies.cookie";
$curll ->data = "username=user&password=pass&IsSyncUp=&FacebookAssociation=&SNAccessToken=";
$curll ->open("POST", "http://www.website.com");
$curll ->data = '__EVENTTARGET=ctl00$ctl00$cphRoblox$cphMyRobloxContent$lbSend&ctl00$ctl00$cphRoblox$cphMyRobloxContent$rbxMessageEditor$txtSubject=AAAAAAAAA&ctl00$ctl00$cphRoblox$cphMyRobloxContent$rbxMessageEditor$txtBody=BBBBBBBBB';
$curll ->open("POST", "http://www.website.com/My/PrivateMessage.aspx?RecipientID=20815603");
echo $curll ->content;
?>
So, my returned error was:
HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: /Login/Default.aspx?ReturnUrl=%2fMy%2fPrivateMessage.aspx%3fRecipientID%3d20815603&RecipientID=20815603 Server: Microsoft-IIS/7.0 Set-Cookie: rbx-ip=; path=/; HttpOnly Set-Cookie: RBXSource=rbx_acquisition_time=10/14/2011 3:32:12 PM&rbx_acquisition_referrer=http://www.website.com/My/PrivateMessage.aspx?RecipientID=20815603&rbx_medium=Direct&rbx_source=www.website.com&rbx_campaign=&rbx_send_info=0; expires=Sun, 13-Nov-2011 21:32:12 GMT; path=/ X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE" Date: Fri, 14 Oct 2011 20:32:12 GMT Content-Length: 224 HTTP/1.1 411 Length Required Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Fri, 14 Oct 2011 20:32:12 GMT Connection: close Content-Length: 344
Length Required
HTTP Error 411. The request must be chunked or have a content length.
So my problem was "The request must be chunked or have a content length."
My POST was made by consulting browser post using 'Live HTTP Headers' (Mozila)
If I comment the seconds data & open/post it works fine.
The seconds data and open/post was the problem.
Can anybody help me?
Thanks for reading.
It is hard to know exactly what is being sent unless you see the actual data that is being passed.
Download the fiddler web proxy and compare the exact browser output with curl.
http://www.fiddler2.com/fiddler2/
add this line of PHP code to pass curl thru fiddler.
curl_setopt($ch, CURLOPT_PROXY, '127.0.0.1:8888');
Set the content-length header to the length of the data you are sending. See http://www.php.net/manual/en/function.curl-setopt.php#80271 for an example.