I am using PayPal IPN in Sandbox mode and this code isn't working for some reason.
What I want to happen is where it says "VERIFIED" to do the thing between the brackets. But it isnt and I don't know any PhP but I need this to work for my money.
Here is my store's index.php
<head>
<title>Donation Store | EndersoulsRH</title>
</head>
<body>
<center>
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post" target="_top">
<input type="text" name="username" placeholder="Your Minecraft Username"> <br>
<input type="hidden" name="itemname" value="VIP">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="SHW4WRJBFNDQA">
<input type="image" src="http://www.endersouls.us/img/buynow.png" border="0" name="submit" alt="PayPal – The safer, easier way to pay online!" width="200px;">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="1" height="1">
</form>
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post" target="_top">
<input type="text" name="username" placeholder="Your Minecraft Username"> <br>
<input type="hidden" name="itemname" value="VIP">
<input type="hidden" name="command" value="warp Ranks Hayno">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="XU8NQN8EVPMYG">
<input type="image" src="https://www.endersouls.us/img/buynow.png" border="0" name="submit" alt="PayPal – The safer, easier way to pay online!" width="200px">
<img alt="" border="0" src="https://www.sandbox.paypal.com/en_GB/i/scr/pixel.gif" width="1" height="1">
</form>
</center>
</body>
</html>
Here is my paypal ipn.php
<?php
header('HTTP/1.1 200 OK');
$resp = 'cmd=_notify-validate';
foreach ($_POST as $parm => $var) {
$var = urlencode(stripslashes($var));
$resp .= "&$parm=$var";
}
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$record_id = $_POST['custom'];
$httphead = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$httphead .= "Content-Type: application/x-www-form-urlencoded\r\n";
$httphead .= "Content-Length: " . strlen($resp) . "\r\n\r\n";
$errno ='';
$errstr='';
$fh = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
if (!$fh) {
die("Connection to and from PayPal has bee lost");
} else {
fputs ($fh, $httphead . $resp);
while (!feof($fh)) {
$readresp = fgets ($fh, 1024);
if (strcmp ($readresp, "VERIFIED") == 0) {
$command = "warp ranks Hayno";
require_once("WebsenderAPI.php"); // Load Library
$wsr = new WebsenderAPI("*****","*****","*****"); // HOST , PASSWORD , PORT
if($wsr->connect()){ //Open Connect
$wsr->sendCommand($command);
}
$wsr->disconnect(); //Close connection.
} else if (strcmp ($readresp, "INVALID") == 0) {
}
fclose ($fh);
}
}
?>
I think your URL is wrong. try to put
$fh = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);
instead of `$fh = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
in your test pay now button also put sandbox.paypal.com/blahglah`
so put sandbox.paypal.com..... instead of paypal.com....
// STEP 1: Read POST data
// reading posted data from directly from $_POST causes serialization
// issues with array data in POST
// reading raw POST data from input stream instead.
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
$keyval = explode ('=', $keyval);
if (count($keyval) == 2)
$myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
$get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {
if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
$value = urlencode(stripslashes($value));
} else {
$value = urlencode($value);
}
$req .= "&$key=$value";
}
// STEP 2: Post IPN data back to paypal to validate
$ch = curl_init('https://www.paypal.com/cgi-bin/webscr'); // change to [...]sandbox.paypal[...] when using sandbox to test
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
// In wamp like environments that do not come bundled with root authority certificates,
// please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
// of the certificate as shown below.
// curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
if( !($res = curl_exec($ch)) ) {
// error_log("Got " . curl_error($ch) . " when processing IPN data");
curl_close($ch);
exit;
}
curl_close($ch);
// STEP 3: Inspect IPN validation result and act accordinglyq
if (strcmp ($res, "VERIFIED") == 0) {
// check whether the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment
// assign posted variables to local variablesq
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
if ($_POST['mc_gross'] != NULL)
$payment_amount = $_POST['mc_gross'];
else
$payment_amount = $_POST['mc_gross1'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$custom = $_POST['custom'];
$servername = "*****";
$username = "*****";
$password = "*****";
$dbname = "*****";
$nizz = (explode('|', $custom));
$var1 = $nizz[0];
$var2 = $nizz[1];
$var3 = $nizz[2];
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// DO YOUR QUERY HERE OR WHATEVER YOU WANT
// --------------------
if ($conn->query($sql) === TRUE) {
$email_from = 'mymail#example.com';
//send mail from here to notify yourself
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
} else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
}
So I am working on a small site which takes a single payment per user.
When I do payments through the sandbox, if the payment is a success then i always get a IPN response and am able to use that to update my DB
BUT when using live even if paypal says it was a success the IPN returns INVALID
I have looked around for an answer and people have been saying make sure you are using paypal.com and not sandbox.paypal.com, I have done all the suggestions but still no luck.
A working answer to this would be much appreciated!
Here is my code:
This is the html form:
<form class="paypal" action="payments.php" method="post" id="paypal_form" target="_blank">
<input type="hidden" name="cmd" value="_xclick" />
<input type="hidden" name="no_note" value="1" />
<input type="hidden" name="lc" value="UK" />
<input type="hidden" name="currency_code" value="GBP" />
<input type="hidden" name="first_name" value="Customer's First Name" />
<input type="hidden" name="last_name" value="Customer's Last Name" />
<input type="hidden" name="payer_email" value="customer#example.com" />
<input type="hidden" name="item_number" value="123456" / >
<input type="hidden" name="invoice" value="<?php echo $invoice ?>" / >
<input class="submit" type="submit" name="submit" value="Start Payment Process"/>
</form>
This code starts the payment:
<?php
// Database variables
$servername = "localhost";
$username = "un";
$password = "pw";
$dbname = "dbn";
// PayPal settings
$paypal_email = 'email#email.com';
$return_url = 'http://domain.co.uk/paypal/test.php';
$cancel_url = 'http://domain.co.uk/paypal/payment-cancelled';
$notify_url = 'http:/domain.co.uk/paypal/test.php';
$item_name = 'Item Name';
$item_amount = 1.00;
$invoice = $_POST['invoice'];
// Include Functions
include("functions.php");
// Check if paypal request or response
if (!isset($_POST["txn_id"]) && !isset($_POST["txn_type"])){
$querystring = '';
// Firstly Append paypal account to querystring
$querystring .= "?business=".urlencode($paypal_email)."&";
// Append amount& currency (£) to quersytring so it cannot be edited in html
//The item name and amount can be brought in dynamically by querying the $_POST['item_number'] variable.
$querystring .= "item_name=".urlencode($item_name)."&";
$querystring .= "amount=".urlencode($item_amount)."&";
$querystring .= "invoice=".urlencode($invoice)."&";
//loop for posted values and append to querystring
foreach($_POST as $key => $value){
$value = urlencode(stripslashes($value));
$querystring .= "$key=$value&";
}
// Append paypal return addresses
$querystring .= "return=".urlencode(stripslashes($return_url))."&";
$querystring .= "cancel_return=".urlencode(stripslashes($cancel_url))."&";
$querystring .= "notify_url=".urlencode($notify_url);
// Append querystring with custom field
//$querystring .= "&custom=".USERID;
// Redirect to paypal IPN
header('location:https://www.paypal.com/cgi-bin/webscr'.$querystring);
exit();
} else {
//Database Connection
$link = mysql_connect($servername, $username, $password);
mysql_select_db($db_name);
// Response from Paypal
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$value = preg_replace('/(.*[^%^0^D])(%0A)(.*)/i','${1}%0D%0A${3}',$value);// IPN fix
$req .= "&$key=$value";
}
// assign posted variables to local variables
$data['item_name'] = $_POST['item_name'];
$data['item_number'] = $_POST['item_number'];
$data['payment_status'] = $_POST['payment_status'];
$data['payment_amount'] = $_POST['mc_gross'];
$data['payment_currency'] = $_POST['mc_currency'];
$data['txn_id'] = $_POST['txn_id'];
$data['receiver_email'] = $_POST['receiver_email'];
$data['payer_email'] = $_POST['payer_email'];
$data['custom'] = $_POST['custom'];
// post back to PayPal system to validate
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
if (!$fp) {
// HTTP ERROR
} else {
fputs($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp($res, "VERIFIED") == 0) {
// Used for debugging
// mail('user#domain.com', 'PAYPAL POST - VERIFIED RESPONSE', print_r($post, true));
// Validate payment (Check unique txnid & correct price)
$valid_txnid = check_txnid($data['txn_id']);
$valid_price = check_price($data['payment_amount'], $data['item_number']);
// PAYMENT VALIDATED & VERIFIED!
if ($valid_txnid && $valid_price) {
$orderid = updatePayments($data);
if ($orderid) {
// Payment has been made & successfully inserted into the Database
mail("email#email.com","Success","Payment made successfully");
echo "updated";
} else {
// Error inserting into DB
// E-mail admin or alert user
mail('email#email.com', 'PAYPAL POST - INSERT INTO DB WENT WRONG', print_r($data, true));
}
} else {
// Payment made but data has been changed
// E-mail admin or alert user
}
} else if (strcmp ($res, "INVALID") == 0) {
// PAYMENT INVALID & INVESTIGATE MANUALY!
// E-mail admin or alert user
// Used for debugging
//#mail("user#domain.com", "PAYPAL DEBUGGING", "Invalid Response<br />data = <pre>".print_r($post, true)."</pre>");
}
}
fclose ($fp);
}
}
?>
This code handles the response from paypal:
<?php
// STEP 1: read POST data
// Reading POSTed data directly from $_POST causes serialization issues with array data in the POST.
// Instead, read raw POST data from the input stream.
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
$keyval = explode ('=', $keyval);
if (count($keyval) == 2)
$myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the IPN message sent from PayPal and prepend 'cmd=_notify-validate'
$req = 'cmd=_notify-validate';
if (function_exists('get_magic_quotes_gpc')) {
$get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {
if ($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
$value = urlencode(stripslashes($value));
} else {
$value = urlencode($value);
}
$req .= "&$key=$value";
}
// Step 2: POST IPN data back to PayPal to validate
$ch = curl_init('https://www.paypal.com/cgi-bin/webscr');
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
// In wamp-like environments that do not come bundled with root authority certificates,
// please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set
// the directory path of the certificate as shown below:
// curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
if ( !($res = curl_exec($ch)) ) {
// error_log("Got " . curl_error($ch) . " when processing IPN data");
curl_close($ch);
exit;
}
curl_close($ch);
// inspect IPN validation result and act accordingly
if (strcmp ($res, "VERIFIED") == 0) {
// The IPN is verified, process it
} else if (strcmp ($res, "INVALID") == 0) {
// IPN invalid, log for manual investigation
}
// inspect IPN validation result and act accordingly
if (strcmp ($res, "VERIFIED") == 0) {
// The IPN is verified, process it:
// check whether the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process the notification
// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$invoice = $_POST['invoice'];
// IPN message values depend upon the type of notification sent.
// To loop through the &_POST array and print the NV pairs to the screen:
foreach($_POST as $key => $value) {
echo $key . " = " . $value . "<br>";
}
echo $res;
} else if (strcmp ($res, "INVALID") == 0) {
// IPN invalid, log for manual investigation
echo "Error! Paypal stated payment as: <b>" .$res ."<br />";
}
?>
Sorry i'm a newbie at this PAYPAL IPN
so i got my IPN file.
so my question is, once the user has paid gets redirected to the success/ipn page my script updates the records. but what if the user didnt get redirected, i tested it myself paypal redirects me to the PAYPAL THANK YOU ORDER page and then mozilla pops up a window alert saying that "your connecting to an insecure site bla bla CLICK (yes) or (cancel)" if i click yes then i get redirected to my success/ipn page, but if i click cancel i will stay on the PAYPAL THANK YOU PAGE so im worried that the user might click cancel and he wont get redirected and the data wont be updated
so how do i update the database without paypal redirecting me to my success/ipn page
Please advise, and dont vote down please,
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
$keyval = explode ('=', $keyval);
if (count($keyval) == 2)
$myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
$get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {
if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
$value = urlencode(stripslashes($value));
} else {
$value = urlencode($value);
}
$req .= "&$key=$value";
}
// STEP 2: Post IPN data back to paypal to validate
$ch = curl_init('https://www.sandbox.paypal.com/cgi-bin/webscr'); // change to [...]sandbox.paypal[...] when using sandbox to test
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
// In wamp like environments that do not come bundled with root authority certificates,
// please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
// of the certificate as shown below.
// curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
if( !($res = curl_exec($ch)) ) {
// error_log("Got " . curl_error($ch) . " when processing IPN data");
curl_close($ch);
exit;
}
curl_close($ch);
// WRITE LOG
$fh = fopen('result.txt', 'w');
fwrite($fh, $res .'--'. $req);
fclose($fh);
// STEP 3: Inspect IPN validation result and act accordingly
if (strcmp ($res, "VERIFIED") == 0) {
// check whether the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment
// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
if ($_POST['mc_gross'] != NULL){
$payment_amount = $_POST['mc_gross'];
}else{
$payment_amount = $_POST['mc_gross1'];
}
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$custom = $_POST['custom'];
// Insert your actions here
if(($payment_status == 'Completed') && ($receiver_email == 'paypal-test#bolddata-ap.com')){
include('php/config.php'); //Open Database connection
$check = $dbo->prepare('SELECT * FROM order_bytes WHERE trans_id = ?');
$check->execute(array($txn_id));
if($check->rowCount() >= 1){
die('ERROR FOUND SAME TXN ID IN DATABASE');
}else{
/*Data token = EAZZn0OkC2zo4H3CF9vrrSlU-grBGr0oQzE8NZ6jnYGRTuJkJS0howDNK48*/
$stmt = $dbo->prepare("UPDATE `order_bytes` SET stat=? ,paid=?, trans_id=? WHERE `tracker`=? AND `user_id`=?");
/*$stmt->bindValue(":stats", 'PAID', PDO::PARAM_STR);
$stmt->bindParam(":pay", $item_price, PDO::PARAM_STR);
$stmt->bindParam(":it", $item_transaction, PDO::PARAM_STR);
$stmt->bindParam(":trackers", $_SESSION['random_id'], PDO::PARAM_STR);
$stmt->bindParam(":uid", $_SESSION['byte_user'], PDO::PARAM_STR);*/
if(!$stmt->execute(array($payment_status,$payment_amount,$txn_id,$_SESSION['tracker'],$_SESSION['byte_user']))){
//print_r($stmt->errorInfo());
}else {
if($stmt->rowCount() == 1){
notify(getbyteuser($item_no),'A User Ordered your Byte<br />Tracker ID: '.$_SESSION['tracker'].'','NEW ORDER');
//mail_booked($item_transaction);
echo "<div class=\"alert alert-success\"><h3>Thank you<br>Your payment has been successfull</h3>
<p>Keep track of your order in your Dashboard</p>
</div>";
echo 'Done';
}else{
print alert_danger('Error');
}
}
}
}
} else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
echo "The response from IPN was: <b>" .$res ."</b>";
}
?>
You are confused about IPN and return page.
This is wrong:
so my question is, once the user has paid gets redirected to the success/ipn page
IPN is not a success page. It is a page that PayPal calls in the background to notify you about a transaction status. It is independent of the user session. (notify_url)
The page that PayPal redirects the user after complete (or cancel) a payment is different from the IPN. This is related to the user session (return_url)
I'm a noob to paypal and php so I followed this tutorial online: https://www.developphp.com/video/PHP/PayPal-IPN-PHP-Instant-Payment-Notification-Script
My problem is that my IPN results are all fine but my ipn.php script won't connect to my database so that I can store the results.
IPN.PHP CODE
<?php
//connect to the database
include_once ('includes/connect_to_mysql.php');
// Check to see there are posted variables coming into the script
if ($_SERVER['REQUEST_METHOD'] != "POST") die ("No Post Variables");
// Initialize the $req variable and add CMD key value pair
$req = 'cmd=_notify-validate';
// Read the post from PayPal
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
// Now Post all of that back to PayPal's server using curl, and validate everything with PayPal
// We will use CURL instead of PHP for this for a more universally operable script (fsockopen has issues on some environments)
$url = "https://www.sandbox.paypal.com/cgi-bin/webscr"; //USE SANDBOX ACCOUNT TO TEST WITH
//$url = "https://www.paypal.com/cgi-bin/webscr"; //LIVE ACCOUNT
$curl_result=$curl_err='';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/x-www-form-urlencoded", "Content-Length: " . strlen($req)));
curl_setopt($ch, CURLOPT_HEADER , 0);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$curl_result = #curl_exec($ch);
$curl_err = curl_error($ch);
curl_close($ch);
$req = str_replace("&", "\n", $req); // Make it a nice list in case we want to email it to ourselves for reporting
// Check that the result verifies with PayPal
if (strpos($curl_result, "VERIFIED") !== false) {
$req .= "\n\nPaypal Verified OK";
mail("email#gmail.com", "Verified OK", "$req", "From: email#gmail.com" );
} else {
$req .= "\n\nData NOT verified from Paypal!";
mail("email#gmail.com", "IPN interaction not verified", "$req", "From: email#gmail.com" );
exit();
}
/* CHECK THESE 4 THINGS BEFORE PROCESSING THE TRANSACTION, HANDLE THEM AS YOU WISH
1. Make sure that business email returned is your business email
2. Make sure that the transaction’s payment status is “completed”
3. Make sure there are no duplicate txn_id
4. Make sure the payment amount matches what you charge for items. (Defeat Price-Jacking) */
// Check Number 1 ------------------------------------------------------------------------------------------------------------
$receiver_email = $_POST['receiver_email'];
if ($receiver_email != "email-facilitator#hotmail.com") {
$message = "Investigate why and how receiver_email variable sent back by PayPal does not match the buisness email set in cart.php. Email = " . $_POST['receiver_email'] . "\n\n\n$req";
mail("email#gmail.com", "Receiver Email is incorrect", $message, "From: email#gmail.com" );
exit(); // exit script
}
// Check number 2 ------------------------------------------------------------------------------------------------------------
if ($_POST['payment_status'] != "Completed") {
// Handle how you think you should if a payment is not complete yet, a few scenarios can cause a transaction to be incomplete
$message = "Investigate why payment was not completed. Email = " . $_POST['receiver_email'] . "\n\n\n$req";
mail("email#gmail.com", "Payment not complete", $message, "From: email#gmail.com" );
exit(); // exit script
}
// Check number 3 ------------------------------------------------------------------------------------------------------------
$this_txn = $_POST['txn_id'];
$sql = mysqli_query($conn, "SELECT id FROM transactions WHERE txn_id='$this_txn' LIMIT 1"); //check to see transaction id exists in the DB
$numRows = mysqli_num_rows($sql);
if ($numRows == 0) {
$message = "Duplicate transaction ID occured so we killed the IPN script. \n\n\n$req";
mail("email#gmail.com", "Duplicate transaction ID(txn_id) in the IPN system", $message, "From: email#gmail.com" );
exit(); // exit script
}
// Check number 4 ------------------------------------------------------------------------------------------------------------
$product_id_string = $_POST['custom'];
$product_id_string = rtrim($product_id_string, ","); // remove last comma
// Explode the string, make it an array, then query all the prices out, add them up, and make sure they match the payment_gross amount
$id_str_array = explode(",", $product_id_string); // Uses Comma(,) as delimiter(break point)
$fullAmount = 0;
foreach ($id_str_array as $key => $value) {
$id_quantity_pair = explode("-", $value); // Uses Hyphen(-) as delimiter to separate product ID from its quantity
$product_id = $id_quantity_pair[0]; // Get the product ID
$product_quantity = $id_quantity_pair[1]; // Get the quantity
$sql = mysqli_query($conn, "SELECT price FROM products WHERE id='$product_id' LIMIT 1");
while($row = mysqli_fetch_array($sql)){
$product_price = $row["price"];
}
$product_price = $product_price * $product_quantity;
$fullAmount = $fullAmount + $product_price;
}
$fullAmount = number_format($fullAmount, 2);
$grossAmount = $_POST['mc_gross'];
if ($fullAmount != $grossAmount) {
$message = "Possible Price Jack: " . $_POST['mc_gross'] . " != $fullAmount \n\n\n$req";
mail("email#gmail.com", "Price Jack or Bad Programming", $message, "From: email#gmail.com" );
exit(); // exit script
}
// END ALL SECURITY CHECKS NOW IN THE DATABASE IT GOES ------------------------------------
////////////////////////////////////////////////////
// Assign local variables from the POST PayPal variables
$custom = $_POST['custom'];
$payer_email = $_POST['payer_email'];
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$payment_date = $_POST['payment_date'];
$mc_gross = $_POST['mc_gross'];
$payment_currency = $_POST['payment_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payment_type = $_POST['payment_type'];
$payment_status = $_POST['payment_status'];
$txn_type = $_POST['txn_type'];
$payer_status = $_POST['payer_status'];
$address_street = $_POST['address_street'];
$address_city = $_POST['address_city'];
$address_state = $_POST['address_state'];
$address_zip = $_POST['address_zip'];
$address_country = $_POST['address_country'];
$address_status = $_POST['address_status'];
$notify_version = $_POST['notify_version'];
$verify_sign = $_POST['verify_sign'];
$payer_id = $_POST['payer_id'];
$mc_currency = $_POST['mc_currency'];
$mc_fee = $_POST['mc_fee'];
// Place the transaction into the database
$sql = mysqli_query($conn, "INSERT INTO transactions (product_id_array, payer_email, first_name, last_name, payment_date, mc_gross, payment_currency, txn_id, receiver_email, payment_type, payment_status, txn_type, payer_status, address_street, address_city, address_state, address_zip, address_country, address_status, notify_version, verify_sign, payer_id, mc_currency, mc_fee)
VALUES('$custom','$payer_email','$first_name','$last_name','$payment_date','$mc_gross','$payment_currency','$txn_id','$receiver_email','$payment_type','$payment_status','$txn_type','$payer_status','$address_street','$address_city','$address_state','$address_zip','$address_country','$address_status','$notify_version','$verify_sign','$payer_id','$mc_currency','$mc_fee')") or die ("unable to execute the query");
mysqli_close();
// Mail yourself the details
mail("email#gmail.com", "NORMAL IPN RESULT - Transaction Entered", $req, "From: email#gmail.com");
?>
When testing I sent myself an email with the IPN results which were returned as verified and payment_status=Completed.
Here is the IPN output:
cmd=_notify-validate
mc_gross=9.99
protection_eligibility=Eligible
address_status=confirmed
item_number1=
payer_id=BDK3Z8X34KY3Y
tax=0.00
address_street=1+Maire-Victorin
payment_date=13%3A51%3A16+Jul+06%2C+2015+PDT
payment_status=Completed
charset=windows-1252
address_zip=M5A+1E1
mc_shipping=0.00
mc_handling=0.00
first_name=test
mc_fee=0.59
address_country_code=CA
address_name=test+buyer
notify_version=3.8
custom=9-1%2C
payer_status=verified
business=email-facilitator%40hotmail.com
address_country=Canada
num_cart_items=1
mc_handling1=0.00
address_city=Toronto
verify_sign=A2YnYs6LuOd-R8BHIdbWTA6xHgalAu.DiwxDdytu5YxLaIvebtzbprOA
payer_email=email-buyer%40hotmail.com
mc_shipping1=0.00
tax1=0.00
txn_id=6HE31475W2614530U
payment_type=instant
last_name=buyer
address_state=Ontario
item_name1=Leather+Pouch
receiver_email=email-facilitator%40hotmail.com
payment_fee=
quantity1=1
receiver_id=SF4CCTMHQJMF8
txn_type=cart
mc_gross_1=9.99
mc_currency=CAD
residence_country=CA
test_ipn=1
transaction_subject=9-1%2C
payment_gross=
ipn_track_id=a7531c2eb1cec
Paypal Verified OK
I further debugged the code down to the fact that my select statements were not returning any values which to me indicates that the connection to the database was failing.
Can anyone help me out as to why I can't connect to my database using the ipn.php code? All other pages of my website will connect using the same code except this page, so I can only think that it has something to do with PayPal calling this page and not my server.
Here is my connection code in connect_to_mysql.php:
<?php
/* PHP Database Connection */
$servername = "localhost";
$username = "user";
$password = "passs";
$database = "database";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $database);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
echo "Connected successfully";
?>
You need to troubleshoot the script to find the issue. This can be difficult with IPN, but if you follow these steps for how to test PayPal IPN you should be able to track it down pretty quickly.
I fixed the issue. I needed to switch all of the queries to Mysqli versions instead of the old Mysql. Fixed code below:
<?php
// Report all PHP errors
ini_set('error_reporting', E_ALL);
// Destinations
define("ADMIN_EMAIL", "email#gmail.com");
// Destination types
define("DEST_EMAIL", "1");
/* PHP Database Connection */
$servername = "localhost";
$username = "aesirleatherworks";
$password = "";
$database = "my_aesirleatherworks";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $database);
// Send an e-mail to the administrator if connection fails
if (!$conn) {
error_log("Failed to connect to MYSQL ".mysqli_connect_error(), DEST_EMAIL, ADMIN_EMAIL);
}
// Check to see there are posted variables coming into the script
if ($_SERVER['REQUEST_METHOD'] != "POST") die ("No Post Variables");
// Initialize the $req variable and add CMD key value pair
$req = 'cmd=_notify-validate';
// Read the post from PayPal
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
// Now Post all of that back to PayPal's server using curl, and validate everything with PayPal
// We will use CURL instead of PHP for this for a more universally operable script (fsockopen has issues on some environments)
$url = "https://www.sandbox.paypal.com/cgi-bin/webscr"; //USE SANDBOX ACCOUNT TO TEST WITH
//$url = "https://www.paypal.com/cgi-bin/webscr"; //LIVE ACCOUNT
$curl_result=$curl_err='';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/x-www-form-urlencoded", "Content-Length: " . strlen($req)));
curl_setopt($ch, CURLOPT_HEADER , 0);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$curl_result = #curl_exec($ch);
$curl_err = curl_error($ch);
curl_close($ch);
$req = str_replace("&", "\n", $req); // Make it a nice list in case we want to email it to ourselves for reporting
// Check that the result verifies with PayPal
if (strpos($curl_result, "VERIFIED") !== false) {
$req .= "\n\nPaypal Verified OK";
} else {
$req .= "\n\nData NOT verified from Paypal!";
mail("email#gmail.com", "IPN interaction not verified", "$req", "From: email#gmail.com" );
exit();
}
/* CHECK THESE 4 THINGS BEFORE PROCESSING THE TRANSACTION, HANDLE THEM AS YOU WISH
1. Make sure that business email returned is your business email
2. Make sure that the transaction’s payment status is “completed”
3. Make sure there are no duplicate txn_id
4. Make sure the payment amount matches what you charge for items. (Defeat Price-Jacking) */
// Check Number 1 ------------------------------------------------------------------------------------------------------------
$receiver_email = $_POST['receiver_email'];
if ($receiver_email != "email-facilitator#hotmail.com") {
$message = "Investigate why and how receiver_email variable sent back by PayPal does not match the buisness email set in cart.php. Email = " . $_POST['receiver_email'] . "\n\n\n$req";
mail("email#gmail.com", "Receiver Email is incorrect", $message, "From: email#gmail.com" );
exit(); // exit script
}
// Check number 2 ------------------------------------------------------------------------------------------------------------
if ($_POST['payment_status'] != "Completed") {
// Handle how you think you should if a payment is not complete yet, a few scenarios can cause a transaction to be incomplete
$message = "Investigate why payment was not completed. Email = " . $_POST['receiver_email'] . "\n\n\n$req";
mail("email#gmail.com", "Payment not complete", $message, "From: email#gmail.com" );
exit(); // exit script
}
// Check number 3 ------------------------------------------------------------------------------------------------------------
$this_txn = $_POST['txn_id'];
$query = "SELECT id FROM transactions WHERE txn_id='$this_txn' LIMIT 1";
$result = mysqli_query($conn, $query);
$numRows = mysqli_num_rows($result);
if ($numRows != 0) {
$message = "Duplicate transaction ID occured so we killed the IPN script. Transaction ID:$this_txn \n\n\n$req";
mail("email#gmail.com", "Duplicate transaction ID(txn_id) in the IPN system", $message, "From: email#gmail.com" );
exit(); // exit script
}
// Check number 4 ------------------------------------------------------------------------------------------------------------
$product_id_string = $_POST['custom'];
$product_id_string = rtrim($product_id_string, ","); // remove last comma
// Explode the string, make it an array, then query all the prices out, add them up, and make sure they match the payment_gross amount
$id_str_array = explode(",", $product_id_string); // Uses Comma(,) as delimiter(break point)
$fullAmount = 0;
foreach ($id_str_array as $key => $value) {
$id_quantity_pair = explode("-", $value); // Uses Hyphen(-) as delimiter to separate product ID from its quantity
$product_id = $id_quantity_pair[0]; // Get the product ID
$product_quantity = $id_quantity_pair[1]; // Get the quantity
$query = "SELECT price FROM products WHERE id='$product_id' LIMIT 1";
$result = mysqli_query($conn, $query);
while($row = mysqli_fetch_array($result)){
$product_price = $row["price"];
}
$product_price = $product_price * $product_quantity;
$fullAmount = $fullAmount + $product_price;
}
$fullAmount = number_format($fullAmount, 2);
$grossAmount = $_POST['mc_gross'];
if ($fullAmount != $grossAmount) {
$message = "Possible Price Jack: " . $_POST['mc_gross'] . " != $fullAmount \n\n\n$req";
mail("email#gmail.com", "Price Jack or Bad Programming", $message, "From: email#gmail.com" );
exit(); // exit script
}
// END ALL SECURITY CHECKS NOW IN THE DATABASE IT GOES ------------------------------------
////////////////////////////////////////////////////
// Assign local variables from the POST PayPal variables
$custom = $_POST['custom'];
$payer_email = $_POST['payer_email'];
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$payment_date = $_POST['payment_date'];
$mc_gross = $_POST['mc_gross'];
$payment_currency = $_POST['payment_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payment_type = $_POST['payment_type'];
$payment_status = $_POST['payment_status'];
$txn_type = $_POST['txn_type'];
$payer_status = $_POST['payer_status'];
$address_street = $_POST['address_street'];
$address_city = $_POST['address_city'];
$address_state = $_POST['address_state'];
$address_zip = $_POST['address_zip'];
$address_country = $_POST['address_country'];
$address_status = $_POST['address_status'];
$notify_version = $_POST['notify_version'];
$verify_sign = $_POST['verify_sign'];
$payer_id = $_POST['payer_id'];
$mc_currency = $_POST['mc_currency'];
$mc_fee = $_POST['mc_fee'];
// Place the transaction into the database
$sql = mysqli_query($conn, "INSERT INTO transactions (id, product_id_array, payer_email, first_name, last_name, payment_date, mc_gross, payment_currency, receiver_email, payment_type, payment_status, txn_type, payer_status, address_street, address_city, address_state, address_zip, address_country, address_status, notify_version, verify_sign, payer_id, mc_currency, mc_fee)
VALUES('$txn_id','$custom','$payer_email','$first_name','$last_name','$payment_date','$mc_gross','$payment_currency','$receiver_email','$payment_type','$payment_status','$txn_type','$payer_status','$address_street','$address_city','$address_state','$address_zip','$address_country','$address_status','$notify_version','$verify_sign','$payer_id','$mc_currency','$mc_fee')") or die ("unable to execute the query");
mysqli_close();
// Mail yourself the details
mail("email#gmail.com", "New Order Entered: ".$txn_id, $req, "From: email#gmail.com");
?>
I'm using paypals IPN for players to purchase points from my game. Once they purchase them it should update the users table where their Id is and give them points and energy, and then insert into a different table named transactions. I've tested it and the IPN is sending but it's not updating the database or inserting into the table. Here's the code:
<?php session_start() ?>
<?php require 'connect.php' ?>
<?php
// check if logged into PsychoWars
if(!$id) {
die('Error: Not Logged In! Contact Us With The Transaction ID!');
}
// STEP 1: read POST data
// Reading POSTed data directly from $_POST causes serialization issues with array data in the POST.
// Instead, read raw POST data from the input stream.
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
$keyval = explode ('=', $keyval);
if (count($keyval) == 2)
$myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the IPN message sent from PayPal and prepend 'cmd=_notify-validate'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
$get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {
if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
$value = urlencode(stripslashes($value));
} else {
$value = urlencode($value);
}
$req .= "&$key=$value";
}
// STEP 2: POST IPN data back to PayPal to validate
$ch = curl_init('https://sandbox.paypal.com/cgi-bin/webscr');
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
// In wamp-like environments that do not come bundled with root authority certificates,
// please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set
// the directory path of the certificate as shown below:
// curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
if( !($res = curl_exec($ch)) ) {
// error_log("Got " . curl_error($ch) . " when processing IPN data");
curl_close($ch);
exit;
}
curl_close($ch);
// STEP 3: Inspect IPN validation result and act accordingly
if (strcmp ($res, "VERIFIED") == 0) {
// The IPN is verified, process it:
// check whether the payment_status is Completed (Done)
// check that txn_id has not been previously processed ()
// check that receiver_email is your Primary PayPal email (Done)
// check that payment_amount/payment_currency are correct (Done)
// process the notification
// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
// Checking if package exists
$get_points = mysql_query("SELECT * FROM buying_offers WHERE id=".$item_number."");
if(mysql_num_rows($get_points) == 0) {
die('Error: Boss Point Offer Doesn\'t Exist!');
}
// Get Points Info
$points_info = mysql_fetch_array($get_points);
$points_cost = $points_info['cost'];
$points_amount = $points_info['points'];
$points_energy = $points_info['energy'];
$points_name = $points_info['package'];
// check that payment_amount/payment_currency are correct
if($payment_amount != $points_cost) {
die('Error: Payment Doesn\'t Equal Package Cost!');
}
if($receiver_email != 'bad.karma12323#gmail.com') {
die('Error: Paypal Email Doesn\'t Match!');
}
// checking payment status
if($payment_status == 'Completed'){
echo 'Success: You Were Rewarded '.$points_amount.' Boss Points And '.$points_energy.' Energy!';
$update_user = mysql_query("UPDATE users SET points=(points+".$points_amount."),energy=(energy+".$points_energy.") WHERE id=".$id."");
$add_trans = mysql_query("INSERT INTO transactions (user_id,txn_id,item_name,payment_status,cost,time) VALUES ('$id','$txn_id','$points_name','$payment_status','$payment_amount','".time()."')");
}
elseif($payment_status == 'Denied' || $payment_status == 'Failed' || $payment_status == 'Refunded' || $payment_status == 'Reversed' || $payment_status == 'Voided'){
die('Error: There Was An Issue With The Transaction!');
}
elseif($payment_status == 'In-Progress' || $payment_status == 'Pending' || $payment_status == 'Processed'){
//Do something
}
elseif($payment_status == 'Canceled_Reversal'){
die('Error: The Transaction Was Cancelled!');
}
// IPN message values depend upon the type of notification sent.
// To loop through the &_POST array and print the NV pairs to the screen:
foreach($_POST as $key => $value) {
echo $key." = ". $value."<br>";
}
} else if (strcmp ($res, "INVALID") == 0) {
// IPN invalid, log for manual investigation
echo "The response from IPN was: <b>" .$res ."</b>";
}
echo mysql_error();
?>
The IPN Message from paypal shows all of the variables going through, but like I said, Nothing's updating. Any help would be appreciated!