• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1741
  • Last Modified:

Paypal IPN: INVALID

Hi experts, I'm trying to use the IPN Paypal system.
I've tryed different code... but always the same answer: INVALID.

The strange thing is that the PayPal manual say that Paypal pass the parameters in POST... but I get anything in POST, I get data only in GET.

Here is my code:

<?php

// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';

foreach ($_GET as $key => $value) {
      $value = urlencode(stripslashes($value));
      $req .= "&$key=$value";
}

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Host: www.sandbox.paypal.com\r\n"; //<<<<<<<<<<<< ADD THIS LINE
$header .= "Referer: ".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].@$_SERVER['QUERY_STRING']."\r\n";
$header .= "Server: ".$_SERVER['SERVER_SOFTWARE']."\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n";
$header .= "Accept: */*\r\n\r\n";

$fp = fsockopen ('www.sandbox.paypal.com', 80, $errno, $errstr, 30);

if (!$fp) {
      echo "PHP fsockopen() error: " . $errstr;
}
else {
      fputs ($fp, $header . $req);
      while (!feof($fp)) {
            $res = fgets ($fp, 1024);
            echo "RECEIVED: ".$res."<BR>"; // for debug
            if (strcmp ($res, "VERIFIED") == 0) {
                  echo "VERIFIED";
            }
            else if (strcmp ($res, "INVALID") == 0) {
                  echo "INVALID";
            }
      }
}

?>


Here the answer:

cmd=_notify-validate&tx=9BL62873GK243402G&st=Completed&amt=100.00&cc=EUR&cm=&sig=rD%2fvVjLNDwD3dAm9sv9GPPiTyAvtYm4fcqJBqXhwWoV0Y1nyEkWDRsuJg2102NpBwPjDp0sARhPOF446Z6hfW8xzv3S%2f1ILdF1v964dm0M%2fCXItrhJI2RsD7d63EgMeVPRn8TZ4ndlrmEtCBvtLT8QOlViCPOoPCwgGhXd9I%2bM8%3dRECEIVED: HTTP/1.0 200 OK
RECEIVED: Date: Mon, 19 Jun 2006 16:53:49 GMT
RECEIVED: Server: Apache/1.3.27 (Unix) mod_ssl/2.8.12 OpenSSL/0.9.7a PHP/4.3.2
RECEIVED: Set-Cookie: cookie_check=yes; expires=Thu, 16-Jun-2016 16:53:49 GMT; path=/; domain=.paypal.com
RECEIVED: Set-Cookie: Apache=64.202.165.201.153601150736029465; path=/; expires=Wed, 11-Jun-36 16:53:49 GMT
RECEIVED: Content-Type: text/html; charset=UTF-8
RECEIVED: X-Cache: MISS from wc04.inet.mesa1.secureserver.net
RECEIVED: Connection: close
RECEIVED:
RECEIVED: INVALID


Thanks
0
marcodalzotto
Asked:
marcodalzotto
  • 3
  • 2
1 Solution
 
DataSmartsCommented:
I've worked with Paypal before, and I understand mostly what you are trying to do, but can you provide a short two sentence narrative of what you are wanting to do?

Are you wanting to get the confirmation id from Paypal and add that to your own database?
0
 
marcodalzottoAuthor Commented:
The answer I've posted is a paramateter passed by Paypal to my ok.php when the payment transaction is completed.
The code I've posted connects to Paypal and repeat the parameters as received, adding 'cmd=_notify-validate'.
As a result I shoud get VERIFIED.

Yes I want to get a confirmation by paypal that the transaction really occured so I can permit the downalod of my product.
0
 
DataSmartsCommented:
<?php
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-synch';

$tx_token = $_GET['tx'];
$auth_token = "Enter yourToken";
$req .= "&tx=$tx_token&at=$auth_token";

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);
// If possible, securely post back to paypal using HTTPS
// Your PHP server will need to be SSL enabled
// $fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);

if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
// read the body data
$res = '';
$headerdone = false;
while (!feof($fp)) {
$line = fgets ($fp, 1024);
if (strcmp($line, "\r\n") == 0) {
// read the header
$headerdone = true;
}
else if ($headerdone)
{
// header has been read. now read the contents
$res .= $line;
}
}

// parse the data
$lines = explode("\n", $res);
$keyarray = array();
if (strcmp ($lines[0], "SUCCESS") == 0) {
for ($i=1; $i<count($lines);$i++){
list($key,$val) = explode("=", $lines[$i]);
$keyarray[urldecode($key)] = urldecode($val);
}
// check the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment

$firstname = $keyarray['first_name'];
$lastname = $keyarray['last_name'];
$itemname = $keyarray['item_name'];
$amount = $keyarray['payment_gross'];
$shipping = $keyarray['shipping'];
$payment_status = $keyarray['payment_status'];
$txn_id = $keyarray['txn_id'];
$custom = $keyarray['custom'];


$DB_Server = "localhost"; //your MySQL Server
$DB_Username = ""; //your MySQL User Name
$DB_Password = ""; //your MySQL Password
$DB_DBName = ""; //your MySQL Database Name
$DB_TBLName = ""; //your MySQL Table Name


//create MySQL connection
$Connect = @mysql_connect($DB_Server, $DB_Username, $DB_Password)
or die("Couldn't connect to MySQL:<br>" . mysql_error() . "<br>" . mysql_errno());
//select database
$Db = @mysql_select_db($DB_DBName, $Connect)
or die("Couldn't select database:<br>" . mysql_error(). "<br>" . mysql_errno());

$fecha = date("m")."/".date("d")."/".date("Y");

$result = @mysql_query("UPDATE tblname SET paymentstatus='$payment_status', Transaction_Code='$txn_id' WHERE order_id='$custom'");

$i = 1;

if ($payment_status == 'Varified') {
Write access to Downloadable file
}
if ($payment_status != 'Varified') {
Write some Error message here
|


mail("poneal@paypal.com", "VERIFIED PDT", "$res\n $req");
}
else if (strcmp ($lines[0], "FAIL") == 0) {
// log for manual investigation
}
}
fclose ($fp);
?>
0
 
marcodalzottoAuthor Commented:
Well done, DataSmarts.

I'm going to accept your answer, and I'm going to give you a grade of 'A' if you tel me the difference between:

     $req = 'cmd=_notify-validate';

and

     $req = 'cmd=_notify-synch';

And why I couldn't use 'cmd=_notify-validate' that is present in a lot of example about how to receive IPN notification from Paypal?

Thanks
0
 
DataSmartsCommented:
Well to be technical, I used the PDT instead of IPN as IPN has routinely had problems with the way they are sending the transaction confirmations.

As you may be aware, IPN provides a means where the user could, feasibly, close the browser and still receive the confirmation required to download your product.  PDT requires the user to got hrough the process of completing their transaction and then auto_return would direct them back to your site.  You also need a Cancel_return to be set so they are directed to your site where they can determine IF they want to continue or not...

0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now