Solved

Unable to parse Variables with PayPal IPN script

Posted on 2007-11-22
8
1,182 Views
Last Modified: 2008-02-01
Hello everyone

I'm currently trying to modify a simple PayPal IPN script to send me more details about customers transactions, the problem I'm having is when I try to assign variables to local variables the script fails if I attempt to use the variable $address_street.  There are no errors the script just doesn't send an email, if I remove the $address_street then it all works fine.  Now from what I can gather it has something to do with some of the characters within the address_street variable. for example:

address_street=39+Jackson+Avenue%0D%0ATristam+Downs

Does anyone have any thoughts on how to resolve this.

Cheers
#!/usr/bin/perl
 

# read post from PayPal system and add 'cmd'

read (STDIN, $query, $ENV{'CONTENT_LENGTH'});

$query .= '&cmd=_notify-validate';
 

# post back to PayPal system to validate

use LWP::UserAgent;

$ua = new LWP::UserAgent;

$req = new HTTP::Request 'POST','https://www.sandbox.paypal.com/cgi-bin/webscr';

$req->content_type('application/x-www-form-urlencoded');

$req->content($query);

$res = $ua->request($req);
 

# split posted variables into pairs

@pairs = split(/&/, $query);

$count = 0;

foreach $pair (@pairs) {

($name, $value) = split(/=/, $pair);

$value =~ tr/+/ /;

$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

$variable{$name} = $value;

$count++;

}
 

# assign posted variables to local variables

$name_first = $variable('first_name');

$name_last = $variable('last_name');

$address_street = $variable('address_street');

$address_city = $variable('address_city');

$payment_status = $variable{'payment_status'};

$payment_amount = $variable{'mc_gross'};

$payment_currency = $variable{'mc_currency'};

$txn_id = $variable{'txn_id'};

$receiver_email = $variable{'receiver_email'};

$payer_email = $variable{'payer_email'};
 

#assign variables for email 

$status = $res->content;
 

if ($res->is_error) {

# HTTP error

}

elsif ($res->content eq 'VERIFIED') {

# check the $payment_status=Completed

# check that $txn_id has not been previously processed

# check that $receiver_email is your Primary PayPal email

# check that $payment_amount/$payment_currency are correct

# process payment
 

open (MAIL, "|/usr/sbin/sendmail -t -oeq") || die("Could not send

email.\n");

    print MAIL "To: payment\@mydomain.co.nz \n";

    print MAIL "From: paypal\@mydomain.co.nz \n";

    print MAIL "Subject: Payment Verification\n\n";

    print MAIL "$name_first \n";

    print MAIL "$name_last \n";

    print MAIL "$address_street \n";

    print MAIL "$address_city \n";

    print MAIL "$payment_status \n";

    print MAIL "$payment_amount \n";

    print MAIL "$payment_currency \n";

    print MAIL "$txn_id \n";

    print MAIL "$receiver_email \n";

    print MAIL "$payer_email \n";
 

close (MAIL);
 

}

elsif ($res->content eq 'INVALID') {

# log for manual investigation
 

open (MAIL, "|/usr/sbin/sendmail -t -oeq") || die("Could not send

email.\n");

    print MAIL "To: payment\@mydomain.co.nz \n";

    print MAIL "From: paypal\@mydomain.co.nz \n";

    print MAIL "Subject: INVALID IPN Notification\n\n";

    print MAIL "IPN returned: $status\n\n";

    print MAIL "Here is the raw IPN string:\n";

    print MAIL "$query\n";
 

close (MAIL);
 

}

else {

# error

}

print "content-type: text/plain\n\n";

Open in new window

0
Comment
Question by:matrixnz
8 Comments
 
LVL 9

Expert Comment

by:Suhas .
Comment Utility

# split posted variables into pairs
@pairs = split(/&/, $query);
$count = 0;
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
######## add the below line and try ######################
$value =~ tr/%//; #translate the % symbol to blank space in address
#############################
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$variable{$name} = $value;
$count++;
}

0
 
LVL 28

Accepted Solution

by:
FishMonger earned 250 total points
Comment Utility
You should be using the CGI module to read and parse the post submission.  You also should be using the warnings and strict pragma and declare your vars with the my keyword.

On the following hash vars, you're using ( ) parens when you should be using { } braces

$name_first = $variable('first_name');
$name_last = $variable('last_name');
$address_street = $variable('address_street');
$address_city = $variable('address_city');

#!/usr/bin/perl
 

use CGI; 

use strict;

use warnings;
 

# read post from PayPal system and add 'cmd'

my $cgi = CGI->new;

my %variable = $cgi->Vars;

 

# assign posted variables to local variables

my $name_first = $variable{'first_name'};

my $name_last = $variable{'last_name'};

my $address_street = $variable{'address_street'};

my $address_city = $variable{'address_city'};

my $payment_status = $variable{'payment_status'};

my $payment_amount = $variable{'mc_gross'};

my $payment_currency = $variable{'mc_currency'};

my $txn_id = $variable{'txn_id'};

my $receiver_email = $variable{'receiver_email'};

my $payer_email = $variable{'payer_email'};

Open in new window

0
 
LVL 48

Expert Comment

by:Tintin
Comment Utility
Classic example of a roll your own CGI parsing code that doesn't work properly.

FishMonger's code should work perfectly.
0
 
LVL 29

Author Comment

by:matrixnz
Comment Utility
Hi everyone

Thanks for your input.

suhasbharadwaj I tried changing the code but it still didn't work unfortunately.

FishMonger, Tintin this code is actually directly from PayPal, the only change is the To and From email addresses.  At a glance the script won't verify the transaction from PayPal is that correct?  From my limited understanding of PayPals IPN, on completion the customer is returned to a predefined URL in this case paypal.pl (this script) then it appends cmd=_notify-validate to the returned variables and sends this to PayPal, PayPal then returns a Verified or Invalid back to the script depending on the customers transaction.  If the transaction is Verified then it processes the Verified Email otherwise the Invalid Email.  So to enable the return to PayPal would I just need the following?

Cheers
#!/usr/bin/perl
 

use CGI; 

use strict;

use warnings;
 

# read post from PayPal system and add 'cmd'

read (STDIN, $query, $ENV{'CONTENT_LENGTH'});

my $query .= '&cmd=_notify-validate';
 

# post back to PayPal system to validate

use LWP::UserAgent;

my $ua = new LWP::UserAgent;

my $req = new HTTP::Request 'POST','https://www.sandbox.paypal.com/cgi-bin/webscr';

my $req->content_type('application/x-www-form-urlencoded');

my $req->content($query);

my $res = $ua->request($req);
 

my $cgi = CGI->new;

my %variable = $cgi->Vars;
 

# assign posted variables to local variables

my $name_first = $variable{'first_name'};

my $name_last = $variable{'last_name'};

my $address_street = $variable{'address_street'};

my $address_city = $variable{'address_city'};

my $payment_status = $variable{'payment_status'};

my $payment_amount = $variable{'mc_gross'};

my $payment_currency = $variable{'mc_currency'};

my $txn_id = $variable{'txn_id'};

my $receiver_email = $variable{'receiver_email'};

my $payer_email = $variable{'payer_email'};

Open in new window

0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 48

Expert Comment

by:Tintin
Comment Utility
You need to get rid of lines 8 and 9 and after line 19 add:

my $url = $cgi->url(-path_info=>1,-query=>1) . '+cmd=_notify-validate';
0
 
LVL 48

Assisted Solution

by:Tintin
Tintin earned 250 total points
Comment Utility
Just noticed the order of things.  Here's the corrected code:

#!/usr/bin/perl
 

use CGI;

use strict;

use warnings;
 

my $cgi = CGI->new;

my %variable = $cgi->Vars;
 

my $query = $cgi->url(-path_info=>1,-query=>1) . '+cmd=_notify-validate';
 

# post back to PayPal system to validate

use LWP::UserAgent;

my $ua = new LWP::UserAgent;

my $req = new HTTP::Request 'POST','https://www.sandbox.paypal.com/cgi-bin/webscr';

my $req->content_type('application/x-www-form-urlencoded');

my $req->content($query);

my $res = $ua->request($req);
 
 

# assign posted variables to local variables

my $name_first = $variable{'first_name'};

my $name_last = $variable{'last_name'};

my $address_street = $variable{'address_street'};

my $address_city = $variable{'address_city'};

my $payment_status = $variable{'payment_status'};

my $payment_amount = $variable{'mc_gross'};

my $payment_currency = $variable{'mc_currency'};

Open in new window

0
 
LVL 48

Expert Comment

by:Tintin
Comment Utility
Note that you may need to change

my $query = $cgi->url(-path_info=>1,-query=>1) . '+cmd=_notify-validate';


to

my $query = $cgi->url(-path_info=>1,-query=>1) . '&cmd=_notify-validate';

If Paypal are using the same buggy, broken CGI parsing code they supply in their examples.
0
 
LVL 29

Author Comment

by:matrixnz
Comment Utility
Hi everyone

Tintin, I tried your code, but wasn't able to retrieve any informaton from PayPal, tried a few changes but still nothing, however while looking over the posts again to get more insight, I noticed FishMongers post
"On the following hash vars, you're using ( ) parens when you should be using { } braces"
So made those changes to the old code and it started working, because of time constraints I'm unable to spend any further time on this, so I'm going to close the question.  I'm going to split the points between you both, thanks so much for your input, it was much appreciated.

Cheers
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Email validation in proper way is  very important validation required in any web pages. This code is self explainable except that Regular Expression which I used for pattern matching. I originally published as a thread on my website : http://www…
Checking the Alert Log in AWS RDS Oracle can be a pain through their user interface.  I made a script to download the Alert Log, look for errors, and email me the trace files.  In this article I'll describe what I did and share my script.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now