lshane
asked on
ASP VBScript PayPal IPN
DWMX
WIN XP PRO
Classic ASP VBScript
MS Access
Hello. I have scoured EE and the internet and PayPal's site for a nice, clean description of IPN and how it works. I know I'm missing something, but I just can't wrap my head around what the correct sequence of processes/transactions should be.
Would someone, please, explain in a 1-2-3-4-etc. format and the correct syntax on the IPN page, as well? I am only using a "Buy Now" button for only one "product". When it is VERIFIED, I just want the process page to update the related user's account in the db. I can handle the Update script, I just don't know if, or when, the page is ever reached. This is basically a subscription site, except I'm not using a "subscription" button from PayPal. Just using a basic "Buy Now" button, with basic parameters of E-mail, UserID, and Price.
Here's what I have so far as I understand it:
1) User registers and logs in. Before they can see their Contol Panel to enter data for their profile, there is a PayPal button to pay their money first. After they have paid, the process page should update their account with a "Y" for "Activated", and then they can see their Control Panel. I have attached the Form as I am using it ("form.txt")
2) The user should then press the PayPal button, and will then be directed to PP to make their payment. Included in the attached form is a "return_URL" hidden field, to which the user should be directed after the PP payment completes, or when they press the "Return to Merchant" button on the PP confirmation screen. This does occur, and I can view the "payment_status" value as it was posted from PP as "Completed". However, the purpose of the IPN, as I understand it, is to have a process page to process the validity of the payment, as well as whether the payment was completed, and then a script on the process page could run to update a db, and what not.
I have another hidden field "notify_url" which is supposed to be the IPN process page; however, I never know if anything is getting to it. I use the "sample code" from PayPal, but I'm not sure how to test, or see any results, etc.
I guess that's where the 1-2-3-4-etc. sequence is needed for me. Not sure when what is supposed to be happening, and what to expect.
As always, I greatly appreciate your help.
Thanks so much,
Shane
form.txt
WIN XP PRO
Classic ASP VBScript
MS Access
Hello. I have scoured EE and the internet and PayPal's site for a nice, clean description of IPN and how it works. I know I'm missing something, but I just can't wrap my head around what the correct sequence of processes/transactions should be.
Would someone, please, explain in a 1-2-3-4-etc. format and the correct syntax on the IPN page, as well? I am only using a "Buy Now" button for only one "product". When it is VERIFIED, I just want the process page to update the related user's account in the db. I can handle the Update script, I just don't know if, or when, the page is ever reached. This is basically a subscription site, except I'm not using a "subscription" button from PayPal. Just using a basic "Buy Now" button, with basic parameters of E-mail, UserID, and Price.
Here's what I have so far as I understand it:
1) User registers and logs in. Before they can see their Contol Panel to enter data for their profile, there is a PayPal button to pay their money first. After they have paid, the process page should update their account with a "Y" for "Activated", and then they can see their Control Panel. I have attached the Form as I am using it ("form.txt")
2) The user should then press the PayPal button, and will then be directed to PP to make their payment. Included in the attached form is a "return_URL" hidden field, to which the user should be directed after the PP payment completes, or when they press the "Return to Merchant" button on the PP confirmation screen. This does occur, and I can view the "payment_status" value as it was posted from PP as "Completed". However, the purpose of the IPN, as I understand it, is to have a process page to process the validity of the payment, as well as whether the payment was completed, and then a script on the process page could run to update a db, and what not.
I have another hidden field "notify_url" which is supposed to be the IPN process page; however, I never know if anything is getting to it. I use the "sample code" from PayPal, but I'm not sure how to test, or see any results, etc.
I guess that's where the 1-2-3-4-etc. sequence is needed for me. Not sure when what is supposed to be happening, and what to expect.
As always, I greatly appreciate your help.
Thanks so much,
Shane
form.txt
ASKER
Hi, carrzkiss. Thanks for the reply.
I have tried the redirect via use of the "return_url" field in the form to PayPal. That definitely works fine, IF the user waits the 10 seconds on the PayPal screen to be redirected back to my process page... or if they press the "Return To Merchant" button on the PayPal page.
However, there are users who do not wait the 10 seconds, nor do they press the "Return To Merchant" button, so they never reach the process page, which never runs the script to activate their account.
As I understand it, the IPN method is a behind-the-scenes process for situations such as these, where it will still go through the processing, even if the user exits the browser before being redirected.
This is a simple example of a site I'm doing, but will take the solution and apply it to more complex sites, once I understand the sequence of what is being processed, when, and how.
I have tried the redirect via use of the "return_url" field in the form to PayPal. That definitely works fine, IF the user waits the 10 seconds on the PayPal screen to be redirected back to my process page... or if they press the "Return To Merchant" button on the PayPal page.
However, there are users who do not wait the 10 seconds, nor do they press the "Return To Merchant" button, so they never reach the process page, which never runs the script to activate their account.
As I understand it, the IPN method is a behind-the-scenes process for situations such as these, where it will still go through the processing, even if the user exits the browser before being redirected.
This is a simple example of a site I'm doing, but will take the solution and apply it to more complex sites, once I understand the sequence of what is being processed, when, and how.
ASKER
One of the huge questions in my head is what variable is being Posted back with a value of "VERIFIED", "INVALID", etc.???
I mean, how do I know how to write an If... Then condition, if I don't know the variable being passed?
I mean, how do I know how to write an If... Then condition, if I don't know the variable being passed?
I will have to do some checking on this.
As I will most likely be using something like this in the future, so.
No better time then now I quess to figure it out.
I will take a closer look at it tomorrow, as I am tied up with other stuff right now.
have a good one, until tomorrow.
Carrzkiss
As I will most likely be using something like this in the future, so.
No better time then now I quess to figure it out.
I will take a closer look at it tomorrow, as I am tied up with other stuff right now.
have a good one, until tomorrow.
Carrzkiss
ASKER
Thank you. I'll standby.
The basic process for IPN is...
Paypal posts form data to your webserver at the specified url....
You then post all this data back to paypal and add cmd=notify-validate (you can do this using XMLHTTP)
Paypal then responds with valid or invalid (this is to ensure the original 'post' was from paypal not a hacker)
Therefore you need to create a page which will read in all the form data passed to it, the page should then send all this back to paypal and check the response. If its valid then start updating your database. There are several hundred variables Paypal may post in an IPN, so you will need to work out which ones apply to you and look out for them.
From experience using the redirect really doesn't work very well... so I would strongly advise the IPN route.
I will leave it to carrzkiss to help with code, but will keep an eye on this thread in case you need help.
Paypal posts form data to your webserver at the specified url....
You then post all this data back to paypal and add cmd=notify-validate (you can do this using XMLHTTP)
Paypal then responds with valid or invalid (this is to ensure the original 'post' was from paypal not a hacker)
Therefore you need to create a page which will read in all the form data passed to it, the page should then send all this back to paypal and check the response. If its valid then start updating your database. There are several hundred variables Paypal may post in an IPN, so you will need to work out which ones apply to you and look out for them.
From experience using the redirect really doesn't work very well... so I would strongly advise the IPN route.
I will leave it to carrzkiss to help with code, but will keep an eye on this thread in case you need help.
Hello Harrison.
If you would like to jump in and assist him with some code, that would be great.
As I am not sure if I will be able to get to working with this fast enough today.
Always a pleasure reading your words of wisdom.
Have a good one
Carrzkiss
If you would like to jump in and assist him with some code, that would be great.
As I am not sure if I will be able to get to working with this fast enough today.
Always a pleasure reading your words of wisdom.
Have a good one
Carrzkiss
ASKER
Hello, carrzkiss, and Harrison. I appreciate both of you trying to help me out. So, Harrison, I understand what you wrote, however, my hangup is not knowing what to send back, and how, but MOSTLY, what variable is PayPal returning with the value of VALID or INVALID. Is it something like... (request.form("pp_response
That's one of the places I'm really confused about.
Another area with which I'm lost is which form variables to post back to PP, and which "order" (According to PayPal's site, there is a specific order you have to post back your form variables).
I will attach the VBScript Sample Code from PayPal's site. It's straight off their site, and maybe you could help me with disecting each section to understand what I'M supposed to be doing.
I appreciate your help so much with this. I have poured over the internet and EE for weeks, with no definitive and conclusive solutions.
Thanks so much,
Shane
That's one of the places I'm really confused about.
Another area with which I'm lost is which form variables to post back to PP, and which "order" (According to PayPal's site, there is a specific order you have to post back your form variables).
I will attach the VBScript Sample Code from PayPal's site. It's straight off their site, and maybe you could help me with disecting each section to understand what I'M supposed to be doing.
I appreciate your help so much with this. I have poured over the internet and EE for weeks, with no definitive and conclusive solutions.
Thanks so much,
Shane
<%@LANGUAGE="VBScript"%>
<%
Dim Item_name, Item_number, Payment_status, Payment_amount
Dim Txn_id, Receiver_email, Payer_email
Dim objHttp, str
' read post from PayPal system and add 'cmd'
str = Request.Form & "&cmd=_notify-validate"
' post back to PayPal system to validate
set objHttp = Server.CreateObject("Msxml2.ServerXMLHTTP")
' set objHttp = Server.CreateObject("Msxml2.ServerXMLHTTP.4.0")
' set objHttp = Server.CreateObject("Microsoft.XMLHTTP")
objHttp.open "POST", "https://www.paypal.com/cgi-bin/webscr", false
objHttp.setRequestHeader "Content-type", "application/x-www-form-urlencoded"
objHttp.Send str
' assign posted variables to local variables
Item_name = Request.Form("item_name")
Item_number = Request.Form("item_number")
Payment_status = Request.Form("payment_status")
Payment_amount = Request.Form("mc_gross")
Payment_currency = Request.Form("mc_currency")
Txn_id = Request.Form("txn_id")
Receiver_email = Request.Form("receiver_email")
Payer_email = Request.Form("payer_email")
' Check notification validation
if (objHttp.status <> 200 ) then
' HTTP error handling
elseif (objHttp.responseText = "VERIFIED") then
' check that Payment_status=Completed
' check that Txn_id has not been previously processed
' check that Receiver_email is your Primary PayPal email
' check that Payment_amount/Payment_currency are correct
' process payment
elseif (objHttp.responseText = "INVALID") then
' log for manual investigation
else
' error
end if
set objHttp = nothing
%>ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Oh, I forgot... you don't neet to worry about the order of the data being sent back to paypal as we are justing returning the entire response (response.form) exactly as it was received so it will be in the same (which is the correct) order...
ASKER
Hello, Harrison.
Thank you. It will take me a day more, or so, to test this.
One thing I'm still unclear on, however, is regarding this part:
==========================
The webpage is returned as objHttp.responseText. This objHttp.responseText should contain a single word, either VERIFIED or INVALID...
==========================
How do I query for the VERIFIED or INVALID?
Something like this maybe:
<%
str=objHttp.responseText
if inStr(str, "VERIFIED")>0 then
....do stuff...
elseif inStr(str,"INVALID")>0 then
...do other stuff...
%>
I guess that's one of my confused point.
Also, it appears the only way to truly test whether I'm getting the responses I need is to either have something UPDATE in the db, or send an E-mail. There doesn't appear to be a way to sit there on the IPN process page and "response.write" an reply, or anything. Is that also correct?
Thanks so much,
Shane
Thank you. It will take me a day more, or so, to test this.
One thing I'm still unclear on, however, is regarding this part:
==========================
The webpage is returned as objHttp.responseText. This objHttp.responseText should contain a single word, either VERIFIED or INVALID...
==========================
How do I query for the VERIFIED or INVALID?
Something like this maybe:
<%
str=objHttp.responseText
if inStr(str, "VERIFIED")>0 then
....do stuff...
elseif inStr(str,"INVALID")>0 then
...do other stuff...
%>
I guess that's one of my confused point.
Also, it appears the only way to truly test whether I'm getting the responses I need is to either have something UPDATE in the db, or send an E-mail. There doesn't appear to be a way to sit there on the IPN process page and "response.write" an reply, or anything. Is that also correct?
Thanks so much,
Shane
Regarding the VERIFIED/INVALID, that is correct (although you don't need to use instr as the value will equal VERIFED or INVALID), lines 29, 31 and 37 of the code you pasted check the value of the objHttp.responseText. The IF statement on line 29 will execute if there is no response from paypal, 31 if the transaction is verified and 37 if it is a hacker!
The page will run blind (e.g nobody will see the page it is purely automation and is being called by Paypals servers), therefore as you suggest you will need to update a database or send an email otherwise you will never know the page has been run. This does of course make debugging code a pain, but the end result is worth it.
The page will run blind (e.g nobody will see the page it is purely automation and is being called by Paypals servers), therefore as you suggest you will need to update a database or send an email otherwise you will never know the page has been run. This does of course make debugging code a pain, but the end result is worth it.
ASKER
Hello, Harrison. I apologize for the delay. It is taking me a bit longer to test than I anticipated.
Your explanation, and solution, however, seem logically like they will do what I am seeking. Thank you, also, for expaining the VERIFIED/INVALID for me. It seems much clearer now.
It will take me a few more days to test, so I wanted to go ahead and submit points to you.
I'll be back if I have more questions. LOL
Thanks so much,
Shane
Your explanation, and solution, however, seem logically like they will do what I am seeking. Thank you, also, for expaining the VERIFIED/INVALID for me. It seems much clearer now.
It will take me a few more days to test, so I wanted to go ahead and submit points to you.
I'll be back if I have more questions. LOL
Thanks so much,
Shane
I am not sure if you really need the IPN to do this.
When a purchase is made through the Buy It Now.
You have the script to send the user to either
Order Cancelled
Order Completed.
If
Order Completed, the get the Logged In User's ID and add a [Yes] to the Checkbox.
That seems to be the easier way to do something like what you are wanting to do.
I signed up for the Paypal sandbox, and will look into it, but do not know if I will be able to assist or not.
But, try the above information first.
(Paypal redirects are pretty reliable, so, using it is just as good)
Carrzkiss