I have an odd problem, testing my IPN handler using the IPN simulator on the paypal website, it works (I've just got it emailing me the report), but when I do it through my site, I don't receive anything.
So I guess the problem must be with sending the pay request and setting the ipn url there
$payRequest = new PayRequest(new RequestEnvelope("en_US"), "PAY", $cancelURL, $currencyCode, $receiverList, $returnURL);
$payRequest->ipnNotificationUrl = $notifyURL;
$service = new AdaptivePaymentsService($config);
try {
/* wrap API method calls on the service object with a try catch */
$response = $service->Pay($payRequest);
}
I've double checked $notifyURL is the same as what i'm using in the simulator. Everything else is working, the user gets sent to the paypal website to complete the payment, it's just the IPN never gets sent afterwards.
I figured out that IPN has to be manually turned on in one of the accounts' profile.
Related
I'm having trouble trying to verify paypal webhook signatures with PHP. Using the new V2 of paypals APIs I am receiving the paypal webhook on my page.
However I can not seem to successfully validate the signature.
From the link HERE I got some sample webhook validation PHP code from paypal.
I can not get it working, I don't know where I am supposed to get bootstrap.php from in the paypal code. The paypal information seems incomplete or half baked. Paypal seems to be terrible to set-up compared to Stripe.
Has anyone got experience of validating paypal webhook signatures with PHP when using V2 of the paypal APIs ?
Well I have come to the conclusion that the Paypal developer information is rather poor, it is scatted all over the place, on multiple different pages and sites. The examples they give on the paypal developer website HERE are not a complete picture of what is required to validate a webhook signature. Stripe developer documentation is much better formatted and concise.
Installing Paypal Checkout V2 SDK does not give you the necessary development tools to validate paypal webhook signatures i.e. you can process payments and receive webhooks but you can not validate the webhook signatures....I know stupid. Tip do not download the SDK directly as you will not include the required autoload.php file. Use composer to install Paypal Checkout V2 SDK so that you get the autoload.php file.
Once you are to a point that you can process payments and receive webhooks form paypal you need to install the another SKD called Paypal Rest API SDK. Again use composer to install the SDK so that you get a autoload.php file which you will need.
When you install Paypal Rest API SDK amazingly you will still be missing files that are required to validate the payapl webhook signatures. I can find no mention of these anywhere on the paypal developer website.
bootstrap.php & common.php
Thanks to #Grumpy I got some samples provided on github HERE
Note you will probably need to modify the samples a bit in order to get them working with your website. Tip set the logger to false and save yourself some bother if you don't have the necessary access permissions to write.
Once you have bootstrap.php & common.php files created you can write the code for your webhook endpoint page i.e. the page that paypal sends the webhook to. I have included my PHP code below for how to validate and then process the paypal webhook. Tip in the below code you need to specify the webhook ID, each webhook that you create in paypal has a unique ID. Also when you are testing you can not use webhook simulator as this will fail validation, you can make manually a payment with your sandbox account details which will trigger a webhook payment event.
Paypal sure don't make it easy, their documentation is all over the place compared to Stripe. The Paypal webhooks can sometimes take several minutes to arrive after a payment is made, very frustrating when trying to debug. Also it's a bit ridiculous that they have a webhook simulator on the paypal developer website that can not be used to validate signatures...if stripe can do it why can't paypal.
<?php
//get the webhook payload
$requestBody = file_get_contents('php://input');
//check if webhook payload has data
if($requestBody) {
//request body is set
} else {
//request body is not set
exit();
}
use \PayPal\Api\VerifyWebhookSignature;
use \PayPal\Api\WebhookEvent;
$apiContext = require __DIR__ . '/bootstrap.php';
//Receive HTTP headers that you received from PayPal webhook.
$headers = getallheaders();
//need header keys to be UPPERCASE
$headers = array_change_key_case($headers, CASE_UPPER);
/*
example header paypal signature content for webhook, these values are recieved as an array, we then need to use this data to verify the payload
CONTENT-LENGTH : 1376
CORRELATION-ID : 6db85170269e7
USER-AGENT : PayPal/AUHD-214.0-54377828
CONTENT-TYPE: application/json
PAYPAL-AUTH-ALGO : SHA256withRSA
PAYPAL-CERT-URL : https://api.paypal.com/v1/notifications/certs/CERT-360caa42-fca2a784-5edc0ebc
PAYPAL-AUTH-VERSION : v2
PAYPAL-TRANSMISSION-SIG : Hc2lsDedYdSjOM4/t3T/ioAVQqFPNVB/AY/EyPNlavXk5WYUfnAmt9dyEP6neAPOjFHiVkXMK+JlLODbr6dalw6i26aFQdsPXqGl38Mafuu9elPE74qgsqNferUFgHi9QFXL+UZCNYcb4mvlDePXZIIAPbB0gOuFGOdEv2uqNwTCSAa/D8aguv1/51FWb3RkytFuVwXK/XNfIEy2oJCpDs8dgtYAZeojH8qO6IAwchdSpttMods5YfNBzT7oCoxO80hncVorBtjj1zQrkoynEB9WNNN9ytepNCkT8l29fQ4Sx/WRndm/PESCqxqmRoYJoiSosxYU3bZP7QTtILDykQ==
PAYPAL-TRANSMISSION-TIME : 2020-04-05T14:40:43Z
PAYPAL-TRANSMISSION-ID : 6dec99b0-774b-11ea-b306-c3ed128f0c4b
*/
//if any of the relevant paypal signature headers are not set exit()
if(
(!array_key_exists('PAYPAL-AUTH-ALGO', $headers)) ||
(!array_key_exists('PAYPAL-TRANSMISSION-ID', $headers)) ||
(!array_key_exists('PAYPAL-CERT-URL', $headers)) ||
(!array_key_exists('PAYPAL-TRANSMISSION-SIG', $headers)) ||
(!array_key_exists('PAYPAL-TRANSMISSION-TIME', $headers))
)
{
exit();
}
//specify the ID for the webhook that you have set up on the paypal developer website, each web hook that you create has a unique ID
$webhookID = "ENTER_YOUR_WEBHOOK_ID_HERE";
//start paypal webhook signature validation
$signatureVerification = new VerifyWebhookSignature();
$signatureVerification->setAuthAlgo($headers['PAYPAL-AUTH-ALGO']);
$signatureVerification->setTransmissionId($headers['PAYPAL-TRANSMISSION-ID']);
$signatureVerification->setCertUrl($headers['PAYPAL-CERT-URL']);
$signatureVerification->setWebhookId($webhookID);
$signatureVerification->setTransmissionSig($headers['PAYPAL-TRANSMISSION-SIG']);
$signatureVerification->setTransmissionTime($headers['PAYPAL-TRANSMISSION-TIME']);
$signatureVerification->setRequestBody($requestBody);
$request = clone $signatureVerification;
try {
$output = $signatureVerification->post($apiContext);
} catch (Exception $ex) {
//error during signature validation, capture error and exit
ResultPrinter::printError("Validate Received Webhook Event", "WebhookEvent", null, $request->toJSON(), $ex);
exit(1);
}
$sigVerificationResult = $output->getVerificationStatus();
// $sigVerificationResult is a string and will either be "SUCCESS" or "FAILURE"
//if not webhook signature failed validation exit
if($sigVerificationResult != "SUCCESS"){
exit();
}
else if($sigVerificationResult == "SUCCESS"){
//paypay webhook signature is valid
//proceed to process webhook payload
//decode raw request body
$requestBodyDecode = json_decode($requestBody);
//pull whatever info required from decoded request body, some examples below
$paymentSystemID = $requestBodyDecode->id;
$eventType = $requestBodyDecode->event_type;
//do something with info captured from the webhook payload
}
This seems to work with php 8.1:
if (openssl_verify(
data: implode(separator: '|', array: [
$httpPayPalTransmissionId,
$httpPayPalTransmissionTime,
$webhookID,
crc32(string: $rawRequestBody),
]),
signature: base64_decode(string: $httpPayPalTransmissionSignature),
public_key: openssl_pkey_get_public(public_key: file_get_contents(filename: $cachedHttpPayPalCertUrl)),
algorithm: 'sha256WithRSAEncryption'
) === 1) {
die('OK');
} else {
die('FAILED');
}
Is the IPN working?, because the IPN simulator is not working and i am trying with a real transaction but i can't receive any notification in my listener.php
I have been trying with the IPN simulator to send a notification to my listener.php but apparently it is not working, it is throwing this error "window.moment is not a function" and apparently paypal is working on it.
For the previous reason I have been trying with real transactions, but there is no response from the IPN.
I am trying to put the answer to a txt file
$raw=file_get_contents('php://input');
file_put_contents("testP.txt", $raw);
$doc = fopen(filename:"testP.txt", mode:"w");
foreach ($_POST as $key => $value) {
fwrite($doc, string:"$key => $value \r\n");
}
fclose($doc);
There is no result and I would like to know if the IPN is working or I am doing something wrong, because I only created the paypal buttons and added in the advanced variables the url of my listener.php as the paypal documentation says
It isn't working. I contacted PayPal support and got the following reply:
We have reported this problem and are already working on it.
Try again later or feel free to ask me about the status.
I will get back to this thread if it starts working again.
The situation:
Setting up a buy and download market on a website using paypal.
I've already set up the "buy" and "checkout" buttons using paypals button creator.
Now I need to create a IPN script to call paypal and verify purchase so the "product"
may start downloading. If there is a better direction in how to go about this, I would appreciate the suggestion.
The problem:
Paypals IPN sandbox simulator is giving me a
"We could not send an IPN due to an HTTP error: 500: Internal Server Error"
yet, I still receive an "INVALID" response.
The Question:
How do I
1) Fix Paypals IPN sandbox simulator to be able to send the message
2) and receive a "VERIFIED response.
The Scripts:
I am using the exact script from paypals github
heres the link:
paypal_ipn.php
Thanks in Advance!
p.s.
I have come across some similar situations but none have work for me.
Your IPN script must have an error in it causing it to return the 500 back to PayPal's server. Your script could be (and apparently is) handling most everything ok and saving your log file as expected, but then at the end something is causing the error so the script doesn't fully complete successfully.
The first thing I would do is solve that problem. An easy way to do this is to create your own simulator by building a basic HTML form with hidden fields that match the names of the fields you expect to get from an IPN. Set the action of the form to your IPN URL and then you can load this in a browser and submit it so that you can see the result on screen. This can help with troubleshooting and fixing any errors you have.
Once you've solved all the errors you can try the simulator again and you should get a successful result at that point. If you're still getting invalid, though, then you must have a problem with your callback to PayPal. We can figure that out once the script is completing successfully, though, and that may very well fix both problems once you figure out whatever is going on there.
If you are using an PHP framework to implement PayPal IPN listener, then don't forget to put exit; statement at the bottom of the controller. If you don't write exit statement, then the framework will try to load the view file, and in my case there is no view file. That is why I got the 500 Error message in the PayPal IPN simulator.
Here is example of code that is running fine on my machine.
public function ipnlistener2Action(){
// tell PHP to log errors to ipn_errors.log in this directory
//mail('YOUR EMAIL', 'Invalid IPN', "Exception");
ini_set('display_errors',1);
error_reporting(E_ALL);
// intantiate the IPN listener
require_once('common/ipnlistener.php');
$listener = new IpnListener();
// tell the IPN listener to use the PayPal test sandbox
$listener->use_sandbox = true;
// try to process the IPN POST
try {
$listener->requirePostMethod();
$verified = $listener->processIpn();
if ($verified) {
// TODO: Implement additional fraud checks and MySQL storage
mail('YOUR EMAIL', 'Valid IPN', $listener->getTextReport());
} else {
// manually investigate the invalid IPN
mail('amir.duran#ceit.co.uk', 'Invalid IPN', $listener->getTextReport());
}
} catch (Exception $e) {
mail('YOUR EMAIL', 'Invalid IPN', "Exception: ".$e->getMessage());
//var_dump("Exception");
exit(0);
}
exit;
// TODO: Handle IPN Response here
}
I am using Zend Framework 2 as my listener for a Paypal payment.
My listener is triggered when the payment is made in the sandbox environment, but when I generate the request to reply to Paypal in order to get a VERIFIED or INVALID response I do not get a response.
There is nothing coming up in the web server logs, no errors and no exception is thrown.
Have tried both the dispatch and Send methods.
Is there any way I can see if the request is sent to Paypal sandbox?
Anywhere in the sandbox I can see this?
Or is there any way I can see the response come back.
Am using Amazon WS but I don't think it's getting blocked as the listener is initially triggered.
Many thanks
Code for IPN listenter is below:
$request1 = $this->getRequest();
// Follow Paypal IPN protocol
// First send back to PayPal received request
$request = new Request();
$request->setMethod(Request::METHOD_POST);
$client = new Client();
$client->setRequest($request);
$client->setUri('https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_notify-validate');
$postArray = $request1->getPost()->getArrayCopy();
$client->setParameterPost($postArray);
$requestHeaders = $client->getRequest()->getHeaders();
try {
$response = $client->send();
//$response = $client->dispatch($request);
} catch (Exception $e) {
$logger->info("Exception:");
$logger->info($e->getMessage());
}
Ended up using the paypal code on https://github.com/paypal/ipn-code-samples/blob/master/IPN_PHP.txt to solve the above.
I'm designing a website for a charity board game event, wherein people can watch the event live, and can donate money to a charity (Child's Play) in order to force players to play continuously for 60 hours. Because the donations are going directly to Child's Play, I need to use the notify_url setting to pass my IPN notification URL in; we've done this marathon twice before and have had no problems, but we recently ported it over to PHP.
Now, I've been testing the site extensively for the past few months using the sandbox, and everything was working perfectly. The marathon is only a couple of weeks away now, so I switched over to the actual PayPal system, fired off a test donation, and now I've got a problem: for some reason, PayPal is not hitting the notify_url at all. I've verified the URL by switching back to sandbox temporarily, and everything works fine. I've also added a few calls to error_log in the listener code to see if it's just getting caught in the code somewhere, but have found out it hasn't been hit at all.
If anyone can offer any suggestions here as to what I can do, I'd greatly appreciate it. Obviously I'm under a bit of a time crunch, so I'd really appreciate it if you could respond sooner rather than later.
EDIT: Here's the relevant code:
if (isset($_GET['paypalipn'])) {
// tell PHP to log errors to ipn_errors.log in this directory
ini_set('log_errors', true);
ini_set('error_log', dirname(__FILE__).'/ipn_errors.log');
// intantiate the IPN listener
$listener = new IpnListener();
// tell the IPN listener to use the PayPal test sandbox
$listener->use_sandbox = false;
error_log("here");
// try to process the IPN POST
try {
$listener->requirePostMethod();
$verified = $listener->processIpn();
} catch (Exception $e) {
error_log($e->getMessage());
exit(0);
}
error_log("here2");
// Process the IPN
if ($verified) {
error_log("here3");
$errmsg = ''; // stores errors from fraud checks
// Split the custom variable
$split_custom = explode("&", $_POST['custom']);
$custom_array = array();
for ($i = 0; $i<count($split_custom); $i++) {
$current_set = explode("=", $split_custom[$i]);
$custom_array[$current_set[0]] = $current_set[1];
}
error_log("here4");
if (!isset($custom_array['game'])) {
$custom_array['game'] = 0;
}
if (!isset($custom_array['player'])) {
$custom_array['player'] = 0;
}
error_log("here5");
if (!empty($errmsg)) {
// manually investigate errors from the fraud checking
$body = "IPN failed fraud checks: \n$errmsg\n\n";
$body .= $listener->getTextReport();
mail('jafawcett#gmail.com', 'IPN Fraud Warning', $body);
} else {
mail('jafawcett#gmail.com', 'Successful IPN', $listener->getTextReport());
}
error_log("donor_un: ".$custom_array['donor_un']);
process_donation($_POST['mc_gross'], $custom_array['player'], $custom_array['game'], $custom_array['donor_name'], $_POST['payer_email'], $custom_array['donor_un']);
} else {
// manually investigate the invalid IPN
mail('jafawcett#gmail.com', 'Invalid IPN', $listener->getTextReport());
}
}
For the ipn listener class I'm using the one created by Micah Carrick and available here:
https://github.com/Quixotix/PHP-PayPal-IPN
I asked my direct contact at PayPal about this and got the following response...
In regards to the IPN issue, we had an outage last night. It was fixed
at about 1-2am, the IPN’s are delayed because we had a backed up queue
of about 2.5 million IPN’s which did not send out. We are currently
working through these IPN’s. I’d expect normal functionality shortly.
You can also see plenty of people talking about this issue on Twitter.
We're having the same problem.
It worked perfectly fine for a few months now and the script remains untouched. PayPal IPN is enabled inside the PayPal account as well and our IPNs just stopped this morning.
There might be a problem over at PayPal, we're still trying to figure it out.