PHP PayPal IPN

[Scott2503]

I am trying to make a basic PHP PayPal IPN and when I say basic I mean really basic. I have tried everything and can't get anything to work... I am just trying to check if it is verified and it can't even do that. I am using the example with something I added:

// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.eliteweaver.co.uk', 80, $errno, $errstr, 30);

// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];

if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
// check the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment

// it worked
mail("[email protected]", "It worked", "The IPN worked");
}
else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
}
}
fclose ($fp);
}

I am using http://www.eliteweaver.co.uk because it tests IPN scripts without actually buying something on PayPal so that is why you see www.eliteweaver.co.uk instead of www.paypal.com

Any reasons why this doesn't work?

 

[Peter]

alot of those ipn testin g sites are very selective on when they work. your best bet would just do a test transction on paypal and the just refund the payment.

 

[Scott2503]

Hmm... I was wondering if it might be the actual site I was using to test it. Thanks I'll try an actual purchse.

 

[paaaaaaaaaa]

test it using paypal sanbox https://www.sandbox.paypal.com/

It is a copy of paypal but used for testing non real transactions you can set up as many accounts as possible and transfer any amount of cash between them.

This is what i used to test my IPN code. I remember when I was working on it the paypal IPN system wasn't working on their side for quite a while. I also found eliteweaver to fail testing.

 

[RickM]

Yes, sandbox is the best option...it gives you a virtual credit card number just for the sandbox, you can then run tests.

It may also be an idea to checkout paypaldev.com

 

[Scott2503]

Ok I set up the sandbox but how do I add the imaginary funds?

 

[Peter]

the problem with the sandbox is that if I remember correctly the server that is doing the testing also needs to be logged onto the sandbox.

 

[Keral_Patel]

Hey guys. Here is the code that I use normally for the setup.

checkout.php

<?php
include("Includes/functions.php");
$dbc = dbconnect();
$pageid = $QUERY_STRING;
if ($QUERY_STRING == "")
{
$pageid = 1;
}
$arr = explode("x", $pageid);
$hid = $arr[0];
$catid = $arr[1];
$site_url = "http://www.hehehahahaha.com";
$order_total = 10;
$order_total = number_format($order_total, 2, ".", ",");
$order_id = "$hid" . "x" . "$catid";

$r = mysql_query("Select * from tblhost WHERE HID = '$hid'");
while ( $row = mysql_fetch_array ( $r ) )
{
$my_sFirstName = $row['User'];
$my_sLastName = $row['User'];
$hemail = $row['Email'];
$hname = $row['Host'];
}
$my_clientEmail = $hemail;
$business_paypal = "[email protected]";
$currency_id = "USD";
$sdate = time();
$r = mysql_query("INSERT INTO tblsponser (HID, CID, Sdate) VALUES ('$hid', '$catid', '$sdate')");


//redirect to paypal
header("location:https://www.paypal.com/xclick?business=$business_paypal&item_name=$hname$order_id&first_name=$my_sFirstName&last_name=$my_sLastName&email=$my_clientEmail&item_number=1&custom=$hid&amount=$order_total&currency_code=$currency_id&notify_url=$site_url/notify.php&return=$site_url/thankyou.php");
?>

Now for the IPN script:
notify.php

<?php

	// Assign posted variables to local variables
	$receiver_email = $_POST['receiver_email'];
	$payer_email = $_POST['payer_email'];
	$payer_status = $_POST['payer_status'];
	$payment_gross = $_POST['payment_gross'];
	$payment_fee = $_POST['payment_fee'];
	$payment_date = $_POST['payment_date'];
	$payment_type = $_POST['payment_type'];
	$payment_status = $_POST['payment_status'];
	$pending_reason = $_POST['pending_reason'];
	$txn_id = $_POST['txn_id'];
	$txn_type = $_POST['txn_type'];
	
	$custom = $_POST['custom'];

	if ($_REQUEST['payment_status'] == "Completed" || $_REQUEST['payment_status'] == "Pending") {

//Query for the payment recieved

include("Includes/functions.php");

$dbc = dbconnect();

$hid = $custom;



$r = mysql_query("Update tblsponser SET Payment = 'Y' WHERE HID = '$hid'");

////////////////////////////////////////


}
?>

I hope this helps.

 

[Dan]

For the sandbox on Paypal, is the money being sent to a fake account on the sandbox from another fake account on the sandbox?

Also, how long should it take for the verification email to come for the sandbox account..

edit: Why do they send the emails to that email buttons? I got lucky I found it.

edit2: Never mind all of that. ^

But I still can't get it to work.

index.php

<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="[email protected]">
<input type="hidden" name="item_name" value="something">
<input type="hidden" name="item_number" value="1">
<input type="hidden" name="amount" value="10.00">
<input type="hidden" name="no_shipping" value="2">
<input type="hidden" name="return" value="http://css.la/ipn/return.php">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="bn" value="PP-BuyNowBF">
<input type="image" src="https://www.sandbox.paypal.com/en_US/i/btn/x-click-but23.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
<img alt="" border="0" src="https://www.sandbox.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>

return.php

<?php

// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
	$value = urlencode(stripslashes($value));
	$req .= "&$key=$value";
}

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.sandbox.paypal.com', 80, $errno, $errstr, 30);

// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];

if (!$fp) {
	echo 'HTTP ERROR';
} else {
	fputs ($fp, $header . $req);
	while (!feof($fp)) {
		$res = fgets ($fp, 1024);
		if (strcmp ($res, "VERIFIED") == 0) {
			echo 'it worked';
		} else if (strcmp ($res, "INVALID") == 0) {
			echo 'log for manual investigation';
		}
	}
	fclose ($fp);
}

?>

 

[Keral_Patel]

Hey Dan use my notify.php code instead. And it will work.

 

[Dan]

What does $pageid have in it? Somehow the different people can be determined by it.

 

[Keral_Patel]

Page ID is hte variable passed to the page.

 

[Dan]

Obviously..

But show me an example of what could be in it.

$pageid = $QUERY_STRING;
if ($QUERY_STRING == "")
{
$pageid = 1;
}
$arr = explode("x", $pageid);
$hid = $arr[0];
$catid = $arr[1];

I can't use the script if I don't have $QUERY_STRING and I don't know what it is, so how can I use it?

 

[Scott2503]

Alright I ended up modify the script to work and I just tested it on an actual payment (of 31 cents :p ). Anyways is there some sort of way to get PayPal to pass a custom variable to the IPN?

For example when someone is on my site and they have $_SESSION variable set and they go to the site... can you some how pass the information of that $_SESSION variable to the PayPal payment thing so it then will pass that variable to my IPN?

EDIT: I am using a buy now button so could I just add:
<input type="hidden" name="custom" value="SESSION VARIABLE">

even if the rest of the button is encrypted?

 

[ahtum]

oups wrong place ... sorry :P

 

[Keral_Patel]

Obviously..

But show me an example of what could be in it.

$pageid = $QUERY_STRING;
if ($QUERY_STRING == "")
{
$pageid = 1;
}
$arr = explode("x", $pageid);
$hid = $arr[0];
$catid = $arr[1];

I can't use the script if I don't have $QUERY_STRING and I don't know what it is, so how can I use it?

The script right now passes two variables. One is the category ID of which the listing is a member of and other one is the listing ID itself. Both variables are seperated by a "-" seperator.

Then I explode it when I recieve the whole query string and process it accordingly.

The live thing can be seen here. http://www.firescripts.com Which I recently launched and it has the automatic sponsoring system.

 

[Peter]

EDIT: I am using a buy now button so could I just add:
<input type="hidden" name="custom" value="SESSION VARIABLE">

even if the rest of the button is encrypted?

I am sure you can only do that if it is not encrypted.

 

[eddy0]

I am not sure, but paypal is usually on a secure connection. Port 80 is http and I think Port 443 is https. I hope this helps!