I have built a IPN Listener and tested it with the IPN Simulator in sandbox and it works fine, however when I add the "NOTIFYURL" parameter and set it to my IPN Listener I do not get any notifications from my listener, but payment still goes through.
Is there something else I have to do to get this to work?
Here's my codes
My IPN Listener (for the purposes of testing it simply Imports the entire result into a SQL Table)
include "dbconnect.php";
$request = "cmd=_notify-validate";
foreach ($_POST as $varname => $varvalue){
$email .= "$varname: $varvalue\n";
if(function_exists('get_magic_quotes_gpc') and get_magic_quotes_gpc()){
$varvalue = urlencode(stripslashes($varvalue));
}
else {
$value = urlencode($value);
}
$request .= "&$varname=$varvalue";
}
mysql_query("INSERT INTO `test` (`nvps`) VALUES ('".$email."')");
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,"https://www.sandbox.paypal.com/cgi-bin/webscr");
//curl_setopt($ch,CURLOPT_URL,"https://www.paypal.com");
curl_setopt($ch,CURLOPT_POST,true);
curl_setopt($ch,CURLOPT_POSTFIELDS,$request);
curl_setopt($ch,CURLOPT_FOLLOWLOCATION,false);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
$result = curl_exec($ch);
curl_close($ch);
The portion of my payment processing script that interacts with paypal:
// Store request params in an array
$request_params = array
(
'METHOD' => 'DoDirectPayment',
'USER' => $api_username,
'PWD' => $api_password,
'SIGNATURE' => $api_signature,
'VERSION' => $api_version,
'PAYMENTACTION' => 'Sale',
'IPADDRESS' => $_SERVER['REMOTE_ADDR'],
'CREDITCARDTYPE' => 'Visa',
'ACCT' => '4887864152287206',
'EXPDATE' => '072018',
'CVV2' => '123',
'FIRSTNAME' => 'Tester',
'LASTNAME' => 'Testerson',
'STREET' => '707 W. Bay Drive',
'CITY' => 'Largo',
'STATE' => 'FL',
'COUNTRYCODE' => 'US',
'ZIP' => '33770',
'AMT' => '100.00',
'CURRENCYCODE' => 'USD',
'NOTIFYURL' => 'http://www.mysite.com/ipnlistener.php',
'DESC' => 'Testing Payments Pro'
);
// Loop through $request_params array to generate the NVP string.
$nvp_string = '';
foreach($request_params as $var=>$val)
{
$nvp_string .= '&'.$var.'='.urlencode($val);
}
// Send NVP string to PayPal and store response
$curl = curl_init();
curl_setopt($curl, CURLOPT_VERBOSE, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($curl, CURLOPT_TIMEOUT, 30);
curl_setopt($curl, CURLOPT_URL, $api_endpoint);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, $nvp_string);
$result = curl_exec($curl);
echo $result.'<br /><br />';
mysql_query("INSERT INTO `test` (`nvps`) VALUES ('".$result."')");
Why aren't I getting my notifications?
Can you take a look at the PHP IPN script over at https://github.com/paypal/ipn-code-samples/blob/master/IPN_PHP.txt?
Leave USE_SANDBOX and USE_DEBUG enabled and create an empty file called 'ipn.txt' in the same directory (writable by the webserver).
This will log all steps of the IPN process (receiving it, posting it back, verifying the results, etc). Should anything, that should make it clear.
the purpose of the ipn listener is for paypal to pass back payment info so you can process it, it will not send you any notifications as such unless you add things like a log file, where each payment status is logged or send email to yourself about processed payments (whether they failed or not)
Related
I have a 3-page checkout process. The first page is Customer information. The second page is card information. The third page is review & confirm order.
I'm using the paypal api to handle payments processing. Right now I have the payments page setup with the request parameters for the paypal api stored in an array, and after the customer clicks confirm & pay, I send the request over the paypal api. Is this a proper way to handle credit card payments? Would I just have to store the $nvp_string using mcrypt or some other encryption method? or temporarily store in a database and delete the info after the order is paid?
Payment Information Page
// Store request params in an array THESE ARE STATIC VARIABLES FOR TESTING
$request_params = array
(
'METHOD' => 'DoDirectPayment',
'USER' => $api_username,
'PWD' => $api_password,
'SIGNATURE' => $api_signature,
'VERSION' => $api_version,
'PAYMENTACTION' => 'Sale',
'IPADDRESS' => $_SERVER['REMOTE_ADDR'],
'CREDITCARDTYPE' => 'MasterCard',
'ACCT' => '5522340006063638',
'EXPDATE' => '022018',
'CVV2' => '456',
'FIRSTNAME' => 'Tester',
'LASTNAME' => 'Testerson',
'STREET' => '707 W. Bay Drive',
'CITY' => 'Largo',
'STATE' => 'FL',
'COUNTRYCODE' => 'US',
'ZIP' => '33770',
'AMT' => '100.00',
'CURRENCYCODE' => 'USD',
'DESC' => 'Testing Payments Pro'
);
// Loop through $request_params array to generate the NVP string.
$nvp_string = '';
foreach($request_params as $var=>$val)
{
$nvp_string .= '&'.$var.'='.urlencode($val);
}
Confirm & Pay Page
// Send NVP string to PayPal and store response
$curl = curl_init();
curl_setopt($curl, CURLOPT_VERBOSE, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($curl, CURLOPT_TIMEOUT, 30);
curl_setopt($curl, CURLOPT_URL, $api_endpoint);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, $nvp_string);
$result = curl_exec($curl);
curl_close($curl);
// Parse the API response
$nvp_response_array = parse_str($result);
Storage of variables in a database for a 3 step process is an idea that's really fraught with issues. For one, you never want to get into the credit card info storage business, and it may actually be against TOS based on your payment provider and other factors. You'd have to consider things like abandoned processes too.
When I build a site like this, I'll have a 3 (or more) step process, but it's all in one page. Build 3 different "screens" in divs/templates on one file and then toggle between those divs/templates without changing files. This way, the data is still in one common form (which spans the 3 divs/templates) and I don't have to deal with storage of variables on a session or database at all. It's also lightning quick to toggle between. Really, your only consideration of any significance is handling back button behavior, which can be accomplished with URL hashing. When you've reached the last screen in your process, simply submit the form.
Hi I implement PayPal DoDirectPayment in my website, I want to required expire date And CVV but payment taking without those with this warning "This transaction was approved. However, the Card Security Code provided had too few, too many, or invalid character types but, as per your account option settings, was not required in the approval process"
I'm using PHP.
My Code is
$api_endpoint = 'https://api-3t.sandbox.paypal.com/nvp';
$request = array
(
'METHOD' => 'DoDirectPayment',
'USER' => 'sell3_api1.pay.com',
'PWD' => '75DQHCABLDFSDF',
'SIGNATURE' => 'AFcWxV21C7fd0asdasdCpasdsdAtxzafSFsaKZ3unSUBjX9r-',
'VERSION' => '55.0',
'PAYMENTACTION' => 'Sale',
'FIRSTNAME' => $current_user->user_login,
'LASTNAME' => '.',
'IPADDRESS' => $_SERVER['REMOTE_ADDR'],
'ACCT' => $acct,
'CREDITCARDTYPE'=>
'EXPDATE' => $month.$year,
'CVV2' => $cvv,
'AMT' => $amt,
'CURRENCYCODE' => 'USD',
);
$nvp_string = '';
foreach ($request as $key => $value) {
$nvp_string .= '&'.$key.'='.urlencode($value);
}
$curl = curl_init();
curl_setopt($curl, CURLOPT_VERBOSE, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($curl, CURLOPT_TIMEOUT, 30);
curl_setopt($curl, CURLOPT_URL, $api_endpoint);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, $nvp_string);
$result = curl_exec($curl);
curl_close($curl);
parse_str($result);
How can I solve It.
i am using credit card with paypal payment code from below site-
http://code.tutsplus.com/tutorials/how-to-process-credit-cards-with-paypal-payments-pro-using-php--net-25397
and got my api credentials from here-
https://www.paypal.com/uk/cgi-bin/webscr?cmd=_profile-api-signature
and i am entering my API usaername, API password and signature but it is returning "ACK=Failure".I followed its comments but did not get proper solution, my code is-
includes/config.php
// Set sandbox (test mode) to true/false.
$sandbox = TRUE;
// Set PayPal API version and credentials.
$api_version = '85.0';
$api_endpoint = $sandbox ? 'https://api-3t.sandbox.paypal.com/nvp' : 'https://api-3t.paypal.com/nvp';
$api_username = $sandbox ? 'SANDBOX_USERNAME_GOES_HERE' : 'LIVE_USERNAME_GOES_HERE';
$api_password = $sandbox ? 'SANDBOX_PASSWORD_GOES_HERE' : 'LIVE_PASSWORD_GOES_HERE';
$api_signature = $sandbox ? 'SANDBOX_SIGNATURE_GOES_HERE' : 'LIVE_SIGNATURE_GOES_HERE';
process-credit-card.php
// Include config file
require_once('includes/config.php');
// Store request params in an array
$request_params = array
(
'METHOD' => 'DoDirectPayment',
'USER' => $api_username,
'PWD' => $api_password,
'SIGNATURE' => $api_signature,
'VERSION' => $api_version,
'PAYMENTACTION' => 'Sale',
'IPADDRESS' => $_SERVER['REMOTE_ADDR'],
'CREDITCARDTYPE' => 'MasterCard',
'ACCT' => '5522340006063638',
'EXPDATE' => '022013',
'CVV2' => '456',
'FIRSTNAME' => 'Tester',
'LASTNAME' => 'Testerson',
'STREET' => '707 W. Bay Drive',
'CITY' => 'Largo',
'STATE' => 'FL',
'COUNTRYCODE' => 'US',
'ZIP' => '33770',
'AMT' => '100.00',
'CURRENCYCODE' => 'USD',
'DESC' => 'Testing Payments Pro'
);
// Loop through $request_params array to generate the NVP string.
$nvp_string = '';
foreach($request_params as $var=>$val)
{
$nvp_string .= '&'.$var.'='.urlencode($val);
}
// Send NVP string to PayPal and store response
$curl = curl_init();
curl_setopt($curl, CURLOPT_VERBOSE, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($curl, CURLOPT_TIMEOUT, 30);
curl_setopt($curl, CURLOPT_URL, $api_endpoint);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, $nvp_string);
$result = curl_exec($curl);
curl_close($curl);
var_dump($result);
// Parse the API response
$nvp_response_array = parse_str($result);
// Function to convert NTP string to an array
function NVPToArray($NVPString)
{
$proArray = array();
while(strlen($NVPString))
{
// name
$keypos= strpos($NVPString,'=');
$keyval = substr($NVPString,0,$keypos);
// value
$valuepos = strpos($NVPString,'&') ? strpos($NVPString,'&'): strlen($NVPString);
$valval = substr($NVPString,$keypos+1,$valuepos-$keypos-1);
// decoding the respose
$proArray[$keyval] = urldecode($valval);
$NVPString = substr($NVPString,$valuepos+1,strlen($NVPString));
}
return $proArray;
}
Error
ACK=Failure
L_SHORTMESSAGE0=Security error
L_LONGMESSAGE0=Security header is not valid
How to solve this error?
Quite simple Google search came up with this:
http://www.prestashop.com/forums/topic/125029-security-header-is-not-valid-read-first/
Which says:
[...] your credentials are incorrect or [...] you are using
SandBox credentials with production mode (or production credentials
with sandbox mode). If you are in production, you have to check
INACTIVE for SandBox mode (be sure to fill the configuration form with
your production credentials and not your sandbox credentials).
And adds:
If the problem is not coming from the test mode that means your credentials are incorrect.
So I would start there.
Also instead of creating that query string manually with foreach construct, try looking into http-build-query() function: http://php.net/manual/en/function.http-build-query.php
Hi I want to test payment in paypal test account but I am facing error
ACK: "Failure"
AMT: "100.00"
BUILD: "9915774"
CORRELATIONID: "39d5ad29e8411"
CURRENCYCODE: "USD"
L_ERRORCODE0: "10501"
L_LONGMESSAGE0: "This transaction cannot be processed due to an invalid merchant configuration."
L_SEVERITYCODE0: "Error"
L_SHORTMESSAGE0: "Invalid Configuration"
TIMESTAMP: "2014-03-18T07:29:45Z"
VERSION: "85.0"
my config.php file is
$sandbox = TRUE;
// Set PayPal API version and credentials.
$api_version = '85.0';
$api_endpoint = $sandbox ? 'https://api-3t.sandbox.paypal.com/nvp' : 'https://api-3t.paypal.com/nvp';
$api_username = $sandbox ? 'shafiq2626-facilitator#hotmail.com' : 'shafiq2626-facilitator#hotmail.com';
$api_password = $sandbox ? 'XXXXXX' : 'XXXXX';
$api_signature = $sandbox ? 'XXXXXXXXXXXXXXXXXXXXXXxx' : 'XXXXXXXXXXXXXXXXXXXXXXXXXXxxx';
my dodirect method is
<?php
// Include config file
require_once('includes/config.php');
// Store request params in an array
$request_params = array
(
'METHOD' => 'DoDirectPayment',
'USER' => $api_username,
'PWD' => $api_password,
'SIGNATURE' => $api_signature,
'VERSION' => $api_version,
'PAYMENTACTION' => 'Sale',
'IPADDRESS' => $_SERVER['REMOTE_ADDR'],
'CREDITCARDTYPE' => $_REQUEST['cardtype'],
'ACCT' => $_REQUEST['pay_cardnumber'],
'EXPDATE' => $_REQUEST['crd_month'].$_REQUEST['crd_year'],
'CVV2' => $_REQUEST['security_code'],
'FIRSTNAME' => $_REQUEST['vpb_fname'],
'LASTNAME' => $_REQUEST['vpb_lname'],
'STREET' => $_REQUEST['street'],
'CITY' => $_REQUEST['city'],
'STATE' => $_REQUEST['state'],
'COUNTRYCODE' => 'US',
'ZIP' => $_REQUEST['zip'],
'AMT' => '100.00',
'CURRENCYCODE' => 'USD',
'DESC' => 'Testing Payments Pro'
);
// Loop through $request_params array to generate the NVP string.
$nvp_string = '';
foreach($request_params as $var=>$val)
{
$nvp_string .= '&'.$var.'='.urlencode($val);
}
// Send NVP string to PayPal and store response
$curl = curl_init();
curl_setopt($curl, CURLOPT_VERBOSE, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($curl, CURLOPT_TIMEOUT, 30);
curl_setopt($curl, CURLOPT_URL, $api_endpoint);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, $nvp_string);
$result = curl_exec($curl);
// Parse the API response
$result_array = NVPToArray($result);
print_r($result_array);
// Function to convert NTP string to an array
function NVPToArray($NVPString)
{
$proArray = array();
while(strlen($NVPString))
{
// name
$keypos= strpos($NVPString,'=');
$keyval = substr($NVPString,0,$keypos);
// value
$valuepos = strpos($NVPString,'&') ? strpos($NVPString,'&'): strlen($NVPString);
$valval = substr($NVPString,$keypos+1,$valuepos-$keypos-1);
// decoding the respose
$proArray[$keyval] = urldecode($valval);
$NVPString = substr($NVPString,$valuepos+1,strlen($NVPString));
}
return json_encode($proArray);
}
What can be the problem and how this will fix please.
That particular error has to do with not having Pro enabled on your account. Facilitator accounts do not have Pro enabled by default so you'd either need to enable it on that account or create a separate account inside your developer portal that has Pro enabled on it. To enable pro on an existing business sandbox account follow the directions below.
Login to developer.paypal.com
Click the Applications Tab
Click Sandbox Accounts on the left menu
Click the arrow to the left of your facilitator account to expand the options
Click the Profile link
Click "Upgrade to Pro" next to your Business account type
Currently using PHP + cURL to test the NVP SetExpressCheckout Paypal feature (sandbox mode) on xampp,
no matter what I do, I receive the following error:
Error Code 10002 : Authentication/Authorization Failed. You do not have permission to make this API call.
$nvp = array(
'METHOD' => 'SetExpressCheckout',
'VERSION' => '98',
'USER' => $user,
'PWD' => $pwd,
'SIGNATURE' => $signature,
'RETURNURL' => $returnurl,
'CANCELURL' => $cancelurl,
'PAYMENTREQUEST_0_PAYMENTACTION' => 'Sale',
'PAYMENTREQUEST_0_AMT' => '20.00',
'PAYMENTREQUEST_0_CURRENCYCODE' => $currency,
'REQCONFIRMSHIPPING' => '0',
'NOSHIPPING' => '1',
'ALLOWNOTE' => '0',
'LOCALECODE' => 'US'
'L_PAYMENTREQUEST_0_NAME0' = 'A product name';
'L_PAYMENTREQUEST_0_AMT0' = '20.00';
'L_PAYMENTREQUEST_0_QTY0' = '1';
'L_PAYMENTREQUEST_0_ITEMCATEGORY0' = 'Digital';
);
$request = 'https://api-3t.sandbox.paypal.com/nvp?' . http_build_query($nvp);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $request);
curl_setopt($curl, CURLOPT_VERBOSE, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$response = urldecode(curl_exec($curl));
curl_close($curl);
The weird thing is if I type curl request(the same as $request variable) in the browser I get the SUCCESS and token from the endpoint,
I don't know if it has something to do with the curl itself or if it's something else, I tried to completely
disable my firewall but the error persists...
Your array is malformed.
'L_PAYMENTREQUEST_0_NAME0' = 'A product name';
That's a good way to start debugging