1

this is my code to interpret PayPal's notification. I keep receiving "INVALID" from paypal. I'm sorry that this question is essentially just a code snippet, but I've been working on it for so long and can't seem to make any progress.

If anyone has any ideas, but needs to see some debug infomation, then the way I'm managing to get it is via the php mail() function - so just ask and I can get it.

<?php
    $debugmessage = "";

    require($_SERVER['DOCUMENT_ROOT'] . '/xxxx.php');
    mysql_connect("$server", "$user", "$password") or die(mysql_error());
    mysql_select_db("$database") or die(mysql_error());

    // read the post from PayPal system and add 'cmd'
    $req = 'cmd=_notify-validate';
    foreach ($_POST as $key => $value) {
        $value = urlencode(stripslashes($value));
        $req .= "&$key=$value";
    }

    // post back to PayPal system to validate
    $header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
    $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
    $header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
    $fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);

    if (!$fp) {
        // HTTP ERROR
        echo "http error";
    } else {
        fputs ($fp, $header . $req);
        while (!feof($fp)) {
            $res = fgets ($fp, 1024);
            $debugmessage .= "|".$res;
            $debugmessage .= "|".strlen($req);
            if (strcmp ($res, "VERIFIED") == 0) {
                // PAYMENT VALIDATED & VERIFIED!
                $debugmessage .= "|"+"payment VALID";

                $email = $_POST['payer_email'];
                $password = mt_rand(100000, 999999);
                mysql_query("INSERT INTO users (email, password) VALUES('". mysql_escape_string($email) ."', '".md5($password)."' ) ") or die(mysql_error());
                $to      = $email;
                $subject = 'Download Area | Login Credentials';
                $message = '
                Thank you for your purchase!
                Your account information
                -------------------------
                Email: '.$email.'
                Password: '.$password.'
                -------------------------
                You can now login at xxxxxxxxxxxx';
                $headers = 'From:xxxxxxx@xxxxxxx.com' . "\r\n";
                mail($to, $subject, $message, $headers);
            }
            else if (strcmp ($res, "INVALID") == 0) {
                $debugmessage .= "|"."payment INvalid";
                // PAYMENT INVALID & INVESTIGATE MANUALY!
                $to      = 'xxxxxx@xxxxxxx.com';
                $subject = 'Download Area | Invalid Payment';
                $message = '
                Dear Administrator,
                A payment has been made but is flagged as INVALID.
                Please verify the payment manualy and contact the buyer.
                Buyer Email: '.$email.'
                ';
                $headers = 'From:xxxxxx@xxxxxxx.com' . "\r\n";
                mail($to, $subject, $message, $headers);

            }
        }
        fclose ($fp);
    }
    mail("xxxxxxx@gmail.com",$debugmessage,"");
?>

Just in case anyone understands that horrible mess, $debugmessage contains this once the script has run:

|HTTP/1.0 200 OK |840|X-Frame-Options: SAMEORIGIN |840|Strict-Transport-Security: max-age=14400 |840|Strict-Transport-Security: max-age=14400 |840|Content-Type: text/html; charset=UTF-8 |840|Date: Tue, 05 Mar 2013 04:42:09 GMT |840|Content-Length: 7 |840|Connection: close |840| |840|INVALID|840|payment INvalid

I've read things about not using fsockopen and also using something called "CURL", but I'm not too confident with this stuff.

Any help would be really appreciated.

  • Can you show what are you sending to paypal for processing? – Ravinder Singh Mar 05 '13 at 05:22
  • Please check that port 443 is open on your machine/server or not. – kwelsan Mar 05 '13 at 05:52
  • @Sandy I believe the port is open, I don't have a firewall. It's a standard HostGator webserver with Cpanel installed. @RavinderSingh I am using sandbox and have tried sending all sorts of transfers. The output above was from a Web Accept transfer with `payment_type=instant`, `payer_status=verified`, `address_status=confirmed`. –  Mar 05 '13 at 06:51
  • If you are using sandbox then you should use "$fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);" – kwelsan Mar 05 '13 at 06:55
  • Thanks people, I've ended up chucking the code away and using this: `http://www.micahcarrick.com/paypal-ipn-with-php.html` –  Mar 05 '13 at 09:19

3 Answers3

1

5 hours later... my solution was to chuck the code and redo it using this tutorial.

Highly recommended.

0

It may seem obvious to many but I spent some time figuring it out. IPN Simulator requests were VERIFIED but IPNs from history were INVALID. In fact the Sim ones only work with the sandbox and the history ones only work with the normal url. You cannot test historic IPN messages with the sandbox.

Vladtn
  • 2,506
  • 3
  • 27
  • 23
-1

You can try PayPal Sandbox test tools (Instant Payment Notification (IPN) Simulator) to test the IPN. In IPN file you can write a file with the POST data and can check what is wrong.

kwelsan
  • 1,229
  • 1
  • 7
  • 18