2

Ok, so I have recently started trying to work with PayPals IPN, I have read some of PayPals pages on their IPN and used the PHP source from here: https://developer.paypal.com/docs/classic/ipn/gs_IPN/, I have ended up with this entire code:

<?php

header('HTTP/1.1 200 OK');

$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
    $value = urlencode(stripslashes($value));
    $req .= "&$key=$value";
}

$header = "POST /cgi-bin/webscr HTTP/1.1\r\n";

$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

$header .= "Host: www.sandbox.paypal.com:443\r\n";

$fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);

fputs($fp, $header . $req);

while (!feof($fp))
{
    $res = fgets($fp, 1024);
    if (strcmp ($res, "VERIFIED") == 0) {  

    } else if (strcmp ($res, "INVALID") == 0) { 

    }

    fclose ($fp);
}
?>

When I use PayPal's IPN simulator it says

IPN was not sent, and the handshake was not verified. Please review your information.

This is strange because it seems as though i read PayPal's PHP documentation correctly and this code seems like it should work? What could Possibly going wrong?

JeffCoderr
  • 283
  • 1
  • 4
  • 16
  • check this answer http://stackoverflow.com/questions/32586711/ipn-was-not-sent-and-the-handshake-was-not-verified-please-review-your-informa – Pawel Dubiel Aug 28 '16 at 12:04
  • You are aware that the header with the trailing double `\r\n` is not coming last? Or is this just a mistake while copying code into the question? – bwoebi Aug 28 '16 at 16:09
  • @bwoebi Wait what? My code was made based off the code PayPal has on this page https://developer.paypal.com/docs/classic/ipn/gs_IPN/ – JeffCoderr Aug 29 '16 at 01:24

3 Answers3

1

Maybe try running the same thing using cURL?

$params = clone $_POST;
$params['cmd'] = '_notify-validate';

$ch = curl_init('https://www.sandbox.paypal.com/cgi-bin/webscr');
curl_setopt_array($ch, array(
    CULROPT_RETURNTRANSFER=>true,
    CURLOPT_POST=>true,
    CURLOPT_POSTFIELDS=>$params
));

$result = curl_exec($ch);
$status = 'unknown';
if($result === false) {
    $status = 'error';
} else {
    if(strcmp($result, 'VERIFIED') == 0) {
         $status = 'verified';
    } elseif (strcmp($result, 'INVALID') == 0) {
         $status = 'invalid';
    }
}

echo $status;
Yaron U.
  • 7,681
  • 3
  • 31
  • 45
1

The problem is that your request returns 400 Bad Request.

This is because the request does not contain a Host header (the request is terminated by the first \r\n sequence it encounters, and the Host header is only passed after this), which is required by HTTP/1.1 and thus makes the request fail.

Now, put the Host header first:

$header = "POST /cgi-bin/webscr HTTP/1.1\r\n";

$header .= "Host: www.sandbox.paypal.com:443\r\n";

$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

and it should work. (At least I got locally a proper 200 OK reply). There might be other issues, but then these are unrelated.

[btw. yes, the code on paypal docs seems to be wrong then.]

bwoebi
  • 23,637
  • 5
  • 58
  • 79
1

Try logging in back-end. Sometimes PayPals IPN listener says handshake was invalid even though it was.

C0d1ng
  • 441
  • 6
  • 17