I have a working IPN script. It is updating the data correctly in database according to the logged in user. So, Once the payment is successfully made user account will be upgraded as a paid member. And since i am using a paypal subscribe button. So, from the next month billing process will occur automatically.
So, here what i think(I am not sure), Paypal will not interact with my IPN script stored in my server.
So, My question is :-
If my assumption about IPN script is correct then how could i track which user has made a payment for the next billing cycle? (I don't want to be involved with manual work like tracking user payment information from my Paypal merchant account. I just want to do it through a script. So, once the subscription amount has been deducted from user Paypal account his account on my website will be upgraded as a paid member.)
For the reference what exactly i wanted to update through my ipn script. Below is my IPN script.
<?php
// STEP 1: Read POST data
// reading posted data from directly from $_POST causes serialization
// issues with array data in POST
// reading raw POST data from input stream instead.
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
$keyval = explode ('=', $keyval);
if (count($keyval) == 2)
$myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
$get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {
if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
$value = urlencode(stripslashes($value));
} else {
$value = urlencode($value);
}
$req .= "&$key=$value";
}
// STEP 2: Post IPN data back to paypal to validate
$ch = curl_init('https://www.sandbox.paypal.com/cgi-bin/webscr');
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
// In wamp like environments that do not come bundled with root authority certificates,
// please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
// of the certificate as shown below.
// curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
if( !($res = curl_exec($ch)) ) {
// error_log("Got " . curl_error($ch) . " when processing IPN data");
curl_close($ch);
exit;
}
curl_close($ch);
// STEP 3: Inspect IPN validation result and act accordingly
if (strcmp ($res, "VERIFIED") == 0) {
// check whether the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment
// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_name=strip_tags($item_name);
$item_number = strip_tags($_POST['item_number']);
$payment_status = strip_tags($_POST['payment_status']);
$payment_amount = strip_tags($_POST['mc_gross']);
$payment_currency = strip_tags($_POST['mc_currency']);
$txn_id = strip_tags($_POST['txn_id']);
$user_id=strip_tags($_POST['custom']);
$receiver_email = strip_tags($_POST['receiver_email']);
$payer_email = strip_tags($_POST['payer_email']);
//if(strcmp($receiver_email, "h_1356964205_per#gmail.com") == 0)
//{
/*if($payment_status != "Completed")
{
$msg="Transaction with id ".$txn_id." status is not completed..";
mail("support#example.com","Transaction with the same id already exists in database.",$msg,"From:admin#leadstool.net");
exit();
}*/
include_once('connection.php');
//$user_id=getfield('id');
// Query to check the duplicate transaction id.
$query="SELECT `User_id` FROM `transaction` WHERE `Transaction_id`='".mysql_real_escape_string($txn_id)."'";
if($query_run=mysql_query($query))
{
$num=mysql_num_rows($query_run);
if($num == 0)
{
// Query to check the number of times for subscription.
$query="SELECT `Transaction_id` FROM `transaction` WHERE `User_id`='".mysql_real_escape_string($user_id)."'";
if($query_run=mysql_query($query))
{
$num=mysql_num_rows($query_run);
if($num>=1)
{
$type_of_subscription=2;// This 2 will denote the user is rnewing his account
} else {
$type_of_subscription=1;// Here 1 is denoting that user has subscribed for the 1st time.
}
$query="SELECT `B_ad_no_paid_user`,`T_ad_no_paid_user` FROM `WebsiteContent` WHERE `Creator_id`='1' ORDER BY `Date_of_update` DESC LIMIT 1";
if($query_run=mysql_query($query))
{
while($rows=mysql_fetch_array($query_run))
{
$banner_ad_limit=$rows['B_ad_no_paid_user'];
$text_ad_limit=$rows['T_ad_no_paid_user'];
}
}
}// Query to check the number of times for subscription ends here.
//Query to insert the transaction details in database.
$query="INSERT INTO `transaction` VALUES('".$txn_id."','".$user_id."','".$payment_amount."','".$type_of_subscription."','".$payment_status."','1','".$payer_email."',now())";
if($query_run=mysql_query($query))
{
$query="UPDATE `user` SET `User_type`='1', `Banner_ad_limit`='".$banner_ad_limit."', `Text_ad_limit`='".$text_ad_limit."' WHERE `id`='".mysql_real_escape_string($user_id)."'";
if($query_run=mysql_query($query))
{
$msg="Thank you for subscribing to our service. Your Transaction Id is $txn_id.";
mail("$payer_email","Subscription confirmation mail",$msg,"From:admin#example.com");
} else {
$msg="Thank you! Your transaction is successful with transaction id:- $txn_id. But we are unable to upgrade your profile right now. Please contact admin to resolve the problem.";
mail("$payer_email","Subscription confirmation mail",$msg,"From:admin#example.com");
}
} else {
$msg="For Transaction with id ".$txn_id." failed to update in database.";
mail("support#example.com","Unable to update the details in database.",$msg,"From:admin#example.com");
exit();
}
// Query to insert data in database ends here.
} else {
$msg="Transaction with id $txn_id already exists in database. Admin please verify the details manually and contact the user. Email id of user is: $payer_email";
mail("support#example.com","Transaction with the same id already exists in database.",$msg,"From:admin#example.com");
exit();
}// Query to check the duplicate transaction id ends here.
}
//} else {
//$msg="Investigate the reason why the registered email id with paypal does not matched with this id $receiver_email";
//mail("support#example.com","Receiver email address do not matched",$msg,"From:admin#example.com");
//exit();
//}
} else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
$msg="Dear administrator please verify the reason why the transaction failure occures. The details is:- $res";
mail("support#example.com","IPN interaction was not verified.",$msg,"From:admin#example.com");
exit();
}
?>
This is possible using the IPN and notify_url.
Here is a good tutorial:
http://www.techrepublic.com/article/handling-recurring-payments-with-paypal-subscriptions-and-ipn/5331883
Related
I have been at this for 3 days now and still can't get it to work.
What I want to do is to get PayPal response from the IPN listener so that I can modify my database accordingly, but no matter what I do, it just won't work. I have already done the following in my PayPal Sandbox account:
Enabled Auto Return
Set Auto Return URL ('paypal/success')
Enabled Payment Data Transfer (PDT)
Enabled IPN message reception
Set IPN URL ('paypal/ipn')
The redirect to Auto Return URL works fine and I receive the payment data in success page, but the IPN won't process for reasons beyond me. A quick look at the IPN history on my PayPal profile shows that the messages are being sent, but I don't receive them at my end.
Here is my current IPN listener: Paypal/ipn
public function ipn() {
//Build the data to post back to Paypal
$postback = 'cmd=_notify-validate';
// go through each of the posted vars and add them to the postback variable
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$postback .= "&$key=$value";
}
// build the header string to post back to PayPal system to validate
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Host: www.sandbox.paypal.com\r\n";//or www.sandbox.paypal.com
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($postback) . "\r\n\r\n";
// Send to paypal or the sandbox depending on whether you're live or developing
// comment out one of the following lines
$fp = fsockopen ('www.sandbox.paypal.com', 443, $errno, $errstr, 30);//open the connection
//$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);
// or use port 443 for an SSL connection
//$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
if ( ! $fp ) {
// HTTP ERROR Failed to connect
$message = 'HTTP ERROR Failed to connect!';
$this->email_me($message);
} else { // if we've connected OK
fputs ($fp, $header . $postback); //post the data back
while ( ! feof($fp) ) {
$response = fgets ($fp, 1024);
if (strcmp (trim($response), "VERIFIED") == 0) { //It's verified
//read the payment details and the account holder
$payment_status = $_POST['payment_status'];
$receiver_email = urldecode($_POST['receiver_email']);
// further checks
if( ($payment_status == 'Completed') && ($receiver_email == $this->business_email) ) {
$message = 'IPN verified successfully!';
$this->email_me($message);
// Insert the transaction data in the database
$this->product_model->insert_transaction_details($_POST);
} else {
$message = 'Payment could not be verified!';
$this->email_me($message);
}
} else {
$message = 'IPN invalid!';
$this->email_me($message);
}
}
}
}
Can someone point me in the right direction please?
Also, is there anyway I can check the IPN response ("VERIFIED" or "INVALID") on chrome debugger or in my PayPal Sandbox dashboard? I can see delivery status in my dashboard but it doesn't say 'Verified' or 'Invalid' anywhere.
I found the solution! I wrote the IPN handler inside a controller that allows access to users who are logged in as admin. Apparently, the IPN method was denying access to PayPal to verify the transaction. I figured this out and wrote the IPN method in a different controller and everything worked perfectly.
I also changed my IPN handler to this code (although the original might still work... i didn't try it):
class Paypal_ipn extends MY_Controller {
public function __construct() {
parent::__construct();
$this->load->model('product_model');
$this->sandbox = $this->config->item('sandbox');
$this->paypal_host = $this->config->item('paypal_host');
$this->paypal_url = $this->config->item('paypal_url');
$this->business_email = $this->config->item('business');
}
public function ipn() {
// STEP 1: Read POST data
// reading posted data from directly from $_POST causes serialization
// issues with array data in POST
// reading raw POST data from input stream instead.
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
$keyval = explode ('=', $keyval);
if (count($keyval) == 2)
$myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
$get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {
if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
$value = urlencode(stripslashes($value));
} else {
$value = urlencode($value);
}
$req .= "&$key=$value";
}
// STEP 2: Post IPN data back to paypal to validate
$ch = curl_init($this->paypal_url);
$headers = array(
'POST /cgi-bin/webscr HTTP/1.1',
'Host: ' . $this->paypal_host,
'Content-Type: application/x-www-form-urlencoded; charset=utf-8',
'Content-Length: ' . strlen($req),
'User-Agent: PayPal-IPN-VerificationScript',
'Connection: Close'
);
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
if( !($res = curl_exec($ch)) ) {
curl_close($ch);
exit;
}
curl_close($ch);
// STEP 3: Inspect IPN validation result and act accordingly
if (strcmp ($res, "VERIFIED") == 0) {
// check whether the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment
// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = urldecode($_POST['receiver_email']);
$payer_email = $_POST['payer_email'];
$school_id = $_POST['custom'];
// further checks
if($payment_status == 'Completed') {
$message = 'IPN verified successfully!';
$this->email_developer($message);
// Insert the transaction data in the database
$this->product_model->insert_transaction_details($_POST);
} else {
$message = 'Payment could not be verified!';
$this->email_developer($message);
}
} else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
$message = 'IPN Invalid!';
$this->email_developer($message);
}
}
}
For those that might experience my predicament, ensure you also do the following:
If you enabled Cross Site Request Forgery (CSRF), ensure the IPN listener/handler is whitelisted, else IPN message will fail (Error 403 in PayPal IPN history).
To be sure your IPN listener is working well, run it as a URL and see the response. If there is any error, it won't work. For response, trying echoing "Verified" or "Invalid".
Use the PayPal IPN Simulator to test the process. Include a procedure that will submit information to the database upon success.
I hope it helps someone.
use php://input instead of $_POST
reson described here in details : PHP "php://input" vs $_POST
also paypal has documentation for implementing IPN Listener and its in php as well
Paypal tutorial
i am using the following code for my paypal configuration here's the code
///Paypal Array///
$data=array(
//merchant email for live
//'merchant_email'=>'sumofish#yahoo.com',
//merchant email for test
'merchant_email'=>'uneebmir321-facilitator#yahoo.com',
'product_name'=>$bundleplan." Bundle Plan",
's_amount'=>$bundle_came_price, // Second` Amount
's_cycle'=>'M', //Second Period M=montrh,Y=year ,D=Days, W='week'
's_period'=>$period, // Second Cycle
//see small_price fucntionality again
'small_price'=>$bundle_came_price,
////see small_price fucntionality again
'currency_code'=>'USD',
'thanks_page'=>"https://".$_SERVER['HTTP_HOST'].'/puppy/puppy/thanks222.php',
'notify_url'=>"https://puppybundle.com/beta/ipn.php",
'cancel_url'=>"https://puppybundle.com/beta/index.php",
//true for sandbox false for live
'paypal_mode'=>true,
//true for sandbox false for live
'currency_symbole'=>'$'
);
///Paypal Array///
and here's the ipn class
<?php
session_start();
$unique_id=$_SESSION['unique_id'];
include("db.php");
file_put_contents("newfile.txt",var_export($_POST,true));
$status="not_completed";
$status2="paid";
$status3="remaining";
$zero=0;
$currency="CAD";
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
$keyval = explode ('=', $keyval);
if (count($keyval) == 2)
$myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
$get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {
if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
$value = urlencode(stripslashes($value));
} else {
$value = urlencode($value);
}
$req .= "&$key=$value";
}
// STEP 2: Post IPN data back to paypal to validate
$ch = curl_init('https://www.sandbox.paypal.com/cgi-bin/webscr'); // change to [...]sandbox.paypal[...] when using sandbox to test
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
// In wamp like environments that do not come bundled with root authority certificates,
// please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
// of the certificate as shown below.
// curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
if( !($res = curl_exec($ch)) ) {
// error_log("Got " . curl_error($ch) . " when processing IPN data");
curl_close($ch);
exit;
}
curl_close($ch);
// STEP 3: Inspect IPN validation result and act accordingly
if (strcmp (trim($res), "VERIFIED") == 0) {
// check whether the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment
// assign posted variables to local variables
$price = $_POST['mc_gross'];
$currency = $_POST['mc_currency'];
$payer_email = $_POST['payer_email'];
$txn_id=$_POST['txn_id'];
$item_name = $_POST['item_name'];
if($item_name=="Small Bundle Plan"){
$item_name="small";
}
parse_str($_POST['custom'],$_MYVAR);
$custom =$_MYVAR['id'];
$unique_id =$_MYVAR['unique_id'];
trim($custom);
$txt =$custom;
$currency_code= $_POST['currency_code'];
$fulldate = gmdate('Y-m-d H:i:s');
if($txn_id){
$query="UPDATE `puppy_pending_transaction` SET `status`=? WHERE unique_id=?";
$stmt = $db->prepare($query);
if($stmt){
$stmt->bind_param("ss", $status2,$unique_id);
$stmt->execute();
$stmt->close();
}
$query="INSERT INTO `puppy_transaction_confirmed`(`transaction_id`,`unique_id`, `user_id`, `payer_email`, `transaction_time`, `package`, `amount`, `currency`,`status_delivery`) VALUES (?,?,?,?,?,?,?,?,?)";
$stmt = $db->prepare($query);
if($stmt)
{
$check=$stmt->bind_param("sssssssss",$txn_id,$unique_id,$custom,$payer_email,$fulldate,$item_name,$price,$currency,$status);
$stmt->execute();
$stmt->close();
}
$query="INSERT INTO `puppy_paid_transaction_record`(`unique_id`, `month_delivered`, `total`,`status`) VALUES (?,?,?,?)";
$stmt = $db->prepare($query);
if($stmt){
$stmt->bind_param("ssss", $unique_id,$zero,$item_name,$status3);
$stmt->execute();
$stmt->close();
}
}
} else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
}
?>
the problem is this code is working 100% fine for sandbox now what i did for live version is to change the merchant email to client email and paypal_mode to false for live testing and one other thing i changed the
`$ch = curl_init('https://www.sandbox.paypal.com/cgi-bin/webscr');
in the ipn class to
`$ch = curl_init('https://www.paypal.com/cgi-bin/webscr');`
for live mode i have used ipn simulator to validate my file and it is ok more over i am sure about the ipn path i set in paypal for merchant that is also ok am sure of it, i dont know whats wrong! can anybody point me on the right direction?
As per downloading the newer PHP IPN code from here. You save the IPN class file to whereever you need it (exampled below in the same folder as your IPN file.
You will also need to setup a Exception catching routine as Paypal don't implement one by default (that's what the try{ ...} catch{} block does).
<?php
define("LOG_FILE", "paypal_ipn.log");
////edit
error_log("Log File Started:\n",3,LOG_FILE);
require('PaypalIPN.php'); //check path is correct.
$ipn = new PayPalIPN();
try {
// Use the sandbox endpoint during testing.
$ipn->useSandbox(); //comment this line out to use live version.
$verified = $ipn->verifyIPN(); //returns true or false.
if ($verified) {
/*****
* Process IPN
* A list of variables is available here:
* https://developer.paypal.com/webapps/developer/docs/classic/ipn/integration-guide/IPNandPDTVariables/
*
* Here is where you add your data from your current setup, your own custom data to take the values from Paypal and process them.
****/
// check whether the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment
// assign posted variables to local variables
$price = $_POST['mc_gross'];
$currency = $_POST['mc_currency'];
$payer_email = $_POST['payer_email'];
$txn_id = $_POST['txn_id'];
$item_name = $_POST['item_name'];
if ($item_name == "Small Bundle Plan") {
$item_name = "small";
}
parse_str($_POST['custom'], $_MYVAR);
$custom = $_MYVAR['id'];
$unique_id = $_MYVAR['unique_id'];
trim($custom);
$txt = $custom;
$currency_code = $_POST['currency_code'];
$fulldate = gmdate('Y-m-d H:i:s');
if ($txn_id) {
$query = "UPDATE `puppy_pending_transaction` SET `status`=? WHERE unique_id=?";
$stmt = $db->prepare($query);
if ($stmt) {
$stmt->bind_param("ss", $status2, $unique_id);
$stmt->execute();
$stmt->close();
}
$query = "INSERT INTO `puppy_transaction_confirmed`(`transaction_id`,`unique_id`, `user_id`, `payer_email`, `transaction_time`, `package`, `amount`, `currency`,`status_delivery`) VALUES (?,?,?,?,?,?,?,?,?)";
$stmt = $db->prepare($query);
if ($stmt) {
$check = $stmt->bind_param("sssssssss", $txn_id, $unique_id, $custom, $payer_email, $fulldate, $item_name, $price, $currency, $status);
$stmt->execute();
$stmt->close();
}
$query = "INSERT INTO `puppy_paid_transaction_record`(`unique_id`, `month_delivered`, `total`,`status`) VALUES (?,?,?,?)";
$stmt = $db->prepare($query);
if ($stmt) {
$stmt->bind_param("ssss", $unique_id, $zero, $item_name, $status3);
$stmt->execute();
$stmt->close();
}
/***
* End OP code
***/
}
// Reply with an empty 200 response to indicate to paypal the IPN was received correctly.
header("HTTP/1.1 200 OK");
}
}
catch (Exception $e) {
error_log("There was a problem: ".$e->getMessage(),3,LOG_FILE);
}
I also highly recommend you download the associated .pem file and upload it to your server and adjust the reference to it on line 106 of the IPN class file. This pem file has a key for your server to communicate with the Paypal secure server and solves a large batch of historic problems relating to this.
You may need to tweak some of your own code for editing the incoming data but this script works for me much better than the older procedural Paypal code did.
.pem file clarification:
I may be easiest for at least testing perspective to simply have the Paypal Pem file in the same folder as you keep your paypal IPN class.
so line 106 of the class:
if ($this->use_local_certs) {
curl_setopt($ch, CURLOPT_CAINFO, "cacert.pem");
}
and ensure that $this->use_local_certs = true;.
For some reason im having more trouble with this then I should... I have a IPN listner for Paypal and the IPN Simulator says successful each time and with different methods, but I can not get it to then manipulate the database based on a successful response.
Any ideas anyone?
<?php
//INCLUDE CONNECTION STRING
include('connect.php');
// STEP 1: read POST data
// Reading POSTed data directly from $_POST causes serialization issues with array data in the POST.
// Instead, read raw POST data from the input stream.
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
$keyval = explode ('=', $keyval);
if (count($keyval) == 2)
$myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the IPN message sent from PayPal and prepend 'cmd=_notify-validate'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
$get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {
if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
$value = urlencode(stripslashes($value));
} else {
$value = urlencode($value);
}
$req .= "&$key=$value";
}
// STEP 2: POST IPN data back to PayPal to validate
$ch = curl_init('https://www.paypal.com/cgi-bin/webscr');
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
if( !($res = curl_exec($ch)) ) {
error_log("Got " . curl_error($ch) . " when processing IPN data");
curl_close($ch);
exit;
}
curl_close($ch);
// STEP 3: Inspect IPN validation result and act accordingly
if (strcmp ($res, "VERIFIED") == 0) {
// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
if($payment_status=="Completed"){
$selectuser = mssql_query("select statsmemberid from statsmembers where email='$payer_email'");
if(mssql_num_rows($selectuser) != 0){
$row = mssql_fetch_row($selectuser);
$statsmemberid = $row[0];
$getCredits = mssql_query("select creditsbought from statsmuplayers where statsmemberid='$statsmemberid'");
$row = mssql_fetch_row($getCredits);
$totalCredits = $row[0]+11;
$updatemu = mssql_query("update statsmuplayers set creditsbought='$totalCredits' where statsmemberid='$statsmemberid'");
echo "Credits Applyed";
}else{
echo "Invalid Email";
}
}
} else if (strcmp ($res, "INVALID") == 0) {
// IPN invalid, log for manual investigation
echo "The response from IPN was: <b>" .$res ."</b>";
}
?>
I'd suggest you encapsulate all of this code into a few objects. That will really help you figure out where things are going wrong.
You want an object that handles the IPN communication with paypal (you don't need to write that from scratch here's the first PHP implementation I found in a google search https://github.com/dodev34/paypal-ipn-response-client)
Then you want a base object that handles your database connections. And finally you want a statsmembers object that extends your database connection object and enforces your business logic. You might just lift some PHP ORM code like what you see here http://www.phpactiverecord.org/projects/main/wiki/Quick_Start
That would allow you to test the update functionality separately from the actual paypal IPN communication. The good news is at that point you don't have to rely on writing to system files for debugging like someone suggested in a comment above.
I don't see the specific error in your code just from a glance sorry, are you sure your passing the payer_email through paypal correctly?
I'm using CodeIgniter to create a page where users can register for a charity cycle my club is organising.
The registration page accepts info such as name/dob/phone number etc etc, and asks the user if they want to pay online or on the day. Clicking the submit button sends the info to the same page, runs form validation, inserts the info to the database (including timestamp) and checks if the user selected to pay online. If so, the user is redirected to the PayPal donate button URL to complete their payment.
My question is, how do I send the PayPal custom field through the URL? I have tried appending &custom=whatever to the button URL, (where 'whatever' is the new database row ID and the timestamp) but this doesn't work after completing a donation with a sandbox account.
IPN:
public function ipn()
{
// STEP 1: Read POST data
// reading posted data from directly from $_POST causes serialization
// issues with array data in POST
// reading raw POST data from input stream instead.
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach($raw_post_array as $keyval)
{
$keyval = explode ('=', $keyval);
if(count($keyval) == 2)
{
$myPost[$keyval[0]] = urldecode($keyval[1]);
}
}
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc'))
{
$get_magic_quotes_exists = true;
}
foreach($myPost as $key => $value)
{
if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1)
{
$value = urlencode(stripslashes($value));
}
else
{
$value = urlencode($value);
}
$req .= "&$key=$value";
}
// STEP 2: Post IPN data back to paypal to validate
$ch = curl_init('https://www.sandbox.paypal.com/cgi-bin/webscr');
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
// In wamp like environments that do not come bundled with root authority certificates,
// please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
// of the certificate as shown below.
// curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
if(!($res = curl_exec($ch)))
{
// error_log("Got " . curl_error($ch) . " when processing IPN data");
curl_close($ch);
exit;
}
curl_close($ch);
// STEP 3: Inspect IPN validation result and act accordingly
if(strcmp($res, "VERIFIED") == 0)
{
// PAYMENT VALIDATED & VERIFIED!
$custom = explode('_', $_POST['custom']);
$reg_id = $custom[0];
$date_registered = $custom[1];
$query = $this->db->query('SELECT date_registered FROM registrations WHERE id=' . $reg_id);
$array = $query->result_array();
if($array['date_registered'] == $date_registered)
{
$data = array(
'has_payed' => 1
);
$this->db->where('id', $reg_id);
$this->db->update('registrations', $data);
}
}
elseif(strcmp($res, "INVALID") == 0)
{
// do whatever
}
}
Note that I need this to work to update the 'has_payed' field of the database, which requires the row ID to be sent when the registration page is submitted.
Registration controller:
// check payment online
if($this->input->post('pay_online') == 1)
{
// redirect to paypal depending on route
switch($route)
{
case '80':
case '40':
// €20 for over 16s
if($age >= 16)
{
redirect('https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=H3PFP5GGN2X5J&custom=' . urlencode($reg_id . '_' . $sql['date_registered']));
}
// €10 for anyone under 16
else
{
redirect('a different button URL');
}
break;
case '15':
// €15 for family
redirect('a different button URL');
break;
}
}
The above code is working, as in, I'm being redirected to the button URL when I submit the form with the appropriate values (i.e. doing the 80km or 40km route, and being over 16yo). When I complete the payment at the PayPal page, the 'has_payed' field in the database is not updated as it should be (see IPN page).
Also, note that I do obviously have IPN enabled in my sandbox seller account.
I have searched for hours for a solution to this, but cannot find anything. Maybe I'm overlooking something simple! I'd appreciate any help.
Thanks!
UPDATE
Instead of redirecting the user to the PayPal button URL, I'm now redirecting them to a HTML page with the <form> code on it, and a Javascript which auto-submits the form when they load the page. This is working fine, but the database field is still not updating when the user has donated.
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" id="paypal_form" method="post" target="_top">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="H3PFP5GGN2X5J">
<input type="hidden" name="notify_url" value="#IPN URL#" />
<input type="hidden" name="custom" value="<?php echo urlencode($reg_id . '_' . $sql['date_registered']); ?>">
<input type="image" src="https://www.sandbox.paypal.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal – The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.sandbox.paypal.com/en_GB/i/scr/pixel.gif" width="1" height="1">
</form>
You can pass over the variable "custom" in your button code that you send over to PayPal. This would then be sent back to your system thru the IPN POST. You should then be able to grab it from there and perform your actions that you need to.
The problem, of course, was simple.
CSRF protection was enabled in config.php, which caused the IPN to not work. Disabling it fixed the issue.
So on my website, people are able to order upgrades by clicking "Pay Now" for the upgrade they want and by entering their username in the box. Up until now, I would then go in to PayPal, see the payment, and look at the Minecraft Username field, and upgrade it by hand. Now I want to start using IPN so that I can automate all of the work that i've been doing.
Here is the HTML code for a upgrade option:
<div class=donationBox>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="W2RH7VA3YS3Y4">
<table>
<tr>
<td width=75%><h2>Custom Maps - $5.00</h2></td>
<td><input type="hidden" name="on0" value="Minecraft Username">Minecraft Username<input type="text" name="os0" maxlength="200"></td>
</tr>
<tr>
<td>The ability to upload any map you want to play on! Maybe a survival island map? You bet! Or the Hunger Games!</td>
<td><input type="submit" class="btn btn-primary" value="Buy Now" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!"></td>
</tr>
</table>
</form>
</div>
And here is the PHP code to simply send me an Email with the info I need to try to get it working:
<?php
// STEP 1: Read POST data
// reading posted data from directly from $_POST causes serialization
// issues with array data in POST
// reading raw POST data from input stream instead.
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
$keyval = explode ('=', $keyval);
if (count($keyval) == 2)
$myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
$get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {
if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
$value = urlencode(stripslashes($value));
} else {
$value = urlencode($value);
}
$req .= "&$key=$value";
}
// STEP 2: Post IPN data back to paypal to validate
$ch = curl_init('https://www.paypal.com/cgi-bin/webscr');
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
// In wamp like environments that do not come bundled with root authority certificates,
// please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
// of the certificate as shown below.
// curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
if( !($res = curl_exec($ch)) ) {
// error_log("Got " . curl_error($ch) . " when processing IPN data");
curl_close($ch);
exit;
}
curl_close($ch);
// STEP 3: Inspect IPN validation result and act accordingly
if (strcmp ($res, "VERIFIED") == 0) {
// check whether the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment
// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$custom = $_POST['on0'];
$message = "An order has been IPNified! " . $item_name . " " . $item_number . " " . $payment_amount . " " . $txn_id . " " . $custom;
mail('myemail#gmail.com', 'PayPal IPN', $message);
} else if (strcmp ($res, "INVALID") == 0) {
mail('myemail#gmail.com', 'PayPal IPN', 'Errors');
}
?>
The problem that I'm having is here:
$custom = $_POST['on0'];
I tried it as the above and:
$custom = $_POST['custom'];
The first one because that's the name of the Minecraft Username field, and the second I tried because I read that's what it should be, but either way it just didn't return anything. Any help would be great! Thanks!
Dump the results of $_POST and see which key fits the values you're looking for. Use either var_dump or print_r
// Displays more detail such as value types
var_dump($_POST);
// Only displays key => value relationships of an array
print_r($_POST);
EDIT
I just realized it's not possible to see the output of this using ipn. In this case you can always serialize the entire $_POST array and send it in an email.
$post_data_string = serialize($_POST);
mail('myemail#gmail.com', 'PayPal IPN', $post_data_string);
First, you're using a hosted button. As such, any custom options you set must be done within the button creation wizard or edit area of your PayPal account.
The actual parameter name for sending custom data is indeed "custom" so that's what you'll need to use in IPN to get values back for that particular parameter.
What was mentioned before (changing the field name on your form to custom) would work except that you're using a hosted button, so again, that will need to be adjusted in the button manager in your PayPal account.