CURL Request problem

Question

I am trying to verify the paypal pdt information.

I generated my mockup form and submitted it. IT worked and returned the information too.

I tried the same thing making curl request. But my cur request is returning blank to me.

my mockup form:

<form method="post" action="https://sandbox.paypal.com/cgi-bin/webscr">
    <input type="hidden" name="cmd" value="_notify-synch"/>
    <input type="hidden" name="at" value="-----"/>
    <input type="hidden" name="tx" value="-----"/>
    <input type="submit" value="Test"/>
</form>

My CURL REQ Code:

$arrData = array(
    'tx'    => '----',
    'cmd'   => '_notify-synch',
    'at'    => '-----'
);
    $ch = curl_init( 'https://sandbox.paypal.com/cgi-bin/webscr' );
    curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1) ;
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $arrData);
    $strCurlResult = curl_exec($ch);
    curl_close( $ch );
    return $strCurlResult;

EDIT:

ON tracking curl error i found following message:

SSL: certificate subject name 'www.sandbox.paypal.com' does not match target host name 'sandbox.paypal.com'

possible dupe: http://stackoverflow.com/questions/1776827/php-curl-paypal-sandbox — Lawrence Cherone, Sep 02 '11 at 04:48
KoolKabin; please update this question if we contributed to your solution. — Robert, Sep 08 '11 at 20:39

score 21 · Answer 1 · answered Jun 05 '13 at 13:14

In fact, you can just disable peer HOST verification. In some PHP/cURL version, just disabling PEER is not enough:

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

From the docs:

CURLOPT_SSL_VERIFYHOST: 1 to check the existence of a common name in the SSL peer certificate. 2 to check the existence of a common name and also verify that it matches the hostname provided. In production environments the value of this option should be kept at 2 (default value).

score 9 · Accepted Answer · answered Sep 02 '11 at 16:03

Change: $ch = curl_init( 'https://sandbox.paypal.com/cgi-bin/webscr' );
To: $ch = curl_init( 'https://www.sandbox.paypal.com/cgi-bin/webscr' );

Reason: the certificate for www.sandbox.paypal.com is not valid for sandbox.paypal.com.
Make the same change in your form's 'action' as well, by the way.

score 6 · Answer 3 · answered Sep 02 '11 at 07:13

6

You need to tell cURL not to verify the SSL certificate. This can be done by setting a cURL option:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

More information here:

http://php.net/manual/en/function.curl-setopt.php

answered Sep 02 '11 at 07:13

Sam Huggill

3,106
3
29
34

1

It's not always enought. In some envs, you have to disable CURLOPT_SSL_VERIFYHOST as well. – joao_dv Jun 05 '13 at 13:16

score 2 · Answer 4 · answered Jul 25 '12 at 10:11

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

though the above works it's not recommended.

as robert said

Change:

$ch = curl_init( 'https://sandbox.paypal.com/cgi-bin/webscr' );

To:

$ch = curl_init( 'https://www.sandbox.paypal.com/cgi-bin/webscr' );

score 0 · Answer 5 · answered Sep 02 '11 at 04:49

Send it as string:

$arrData = array(
    'tx'    => '----',
    'cmd'   => '_notify-synch',
    'at'    => '-----'
);

$fields_string = "";

foreach($arrData as $key=>$value) 
    $fields_string .= $key.'='.$value.'&';

rtrim($fields_string,'&');

$ch = curl_init( 'https://sandbox.paypal.com/cgi-bin/webscr' );
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1) ;
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
$strCurlResult = curl_exec($ch);
curl_close( $ch );
return $strCurlResult;

CURL Request problem

5 Answers5

Linked