0

I want to verify IPN response from paypal, but for some reason I cannot read the response.

This is the code I'm trying to use:

$fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);

if(!$fp)die();

fputs($fp, $header . $postback);

$res=stream_get_contents($fp); #this triggers 500 error

It does open a connection, does fputs, but at the last line it hangs up and after some considerable amount of waiting returns 500 error.

Any ideas what's wrong with it?

note: even if I comment the fputs line the exactly same thing happens.

Headers:

$postback='cmd=_notify-validate&'.http_build_query($_POST);

// build the header string to post back to PayPal system to validate
$header = "POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .= "Host: www.sandbox.paypal.com\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($postback) . "\r\n\r\n";

Edit

I tried to use curl, but it always gets me an empty response:

$ch = curl_init( 'https://www.sandbox.paypal.com/cgi-bin/webscr' );
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1) ;
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postback);
$strCurlResult = curl_exec($ch);
curl_close( $ch );
echo $strCurlResult;

The above code outputs nothing at all.

Anonymous
  • 4,692
  • 8
  • 61
  • 91
  • Something wrong happens on target server. Nobody can help you unless you show headers. I think they are reason of failure. – Leri Sep 13 '12 at 10:41
  • use wireshark to inspect the request? – Prasanth Sep 13 '12 at 10:42
  • I see you're using `strlen` that won't give you accurate length in case of unicode encoding. Try using `mb_strlen($postback, 'UTF-8');` instead. – Leri Sep 13 '12 at 10:44
  • Tried changing to `mb_strlen($postback,'UTF-8')` and the exactly same thing happens. I think the problem is somewhere else... Even if I comment the fputs line - it gets me the same outcome – Anonymous Sep 13 '12 at 10:46
  • Sounds like `$res=stream_get_contents($fp);` blocks and your request times out. Is there a reason why you're not using [curl](http://www.php.net/curl) for this? I think it would ease everything. – Daniel M Sep 13 '12 at 10:51
  • I tried using curl before but it was returning an empty line, so wanted to try with the above. Could you advice for some equivalent curl that would also use `ssl:`? – Anonymous Sep 13 '12 at 10:53
  • [yes](http://stackoverflow.com/questions/7279298/curl-request-problem). Lots more on your favourite search engine. Just search for `curl https request` or similar. – Daniel M Sep 13 '12 at 10:54
  • Thanks, but It gets me an empty response, just as before... I will update my answer. – Anonymous Sep 13 '12 at 10:58
  • 1
    Try `var_dump($strCurlResult);` It'll give you more details on the return value. (There's a huge difference between false, null and "", but they're all the same printed using echo.) – Daniel M Sep 13 '12 at 10:59
  • Then `var_dump(curl_error($ch))` – Daniel M Sep 13 '12 at 11:01
  • `string(146) "SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"` – Anonymous Sep 13 '12 at 11:03
  • I think I'm getting it, Maybe it won't work on my localhost... gotta try from live server, 1 sec. – Anonymous Sep 13 '12 at 11:05
  • yup, it works on the live hosting. lots of thanks! – Anonymous Sep 13 '12 at 11:07

0 Answers0