• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1466
  • Last Modified:

IPN for Paypal works in Sandbox, but not when it's live

Hi

I had a developer write some code for a website I wanted developing.  The Paypal function only works within Sandbox, but when I switch to live (which uses the same code) it doesn't work.  Sandbox goes through the whole process and credits my account.  When I switch to live it goes through the whole process but for some reason doesn't send the IPN information back to my site so my account isn't credited.

The developer has washed his hands with it and now I'm stuck with site that doesn't work.  I've had someone else take a look and they're still scratching their head.  Please help!  I know a little PHP and can muddle my way through but this is completely above me!

Thanks in advance.

Regards
<? ob_start();
session_start();
?>
<?
if($_SESSION['USER_ID']=='')
{
	header("location:index.php");
	exit();
}
    
	$mid=$_GET['mid'];
	$porder_id=$_GET['porder_id'];
	$_SESSION[PORDER_ID]=$porder_id;
    $Sql_music="select userid,price,name from ms_music_upload where mid='$mid' and  is_approve='Y'";
    $res_music=$db->select_data($Sql_music);
  //echo "<br>music_price---".
    $music_price=$res_music[0]['price'];
  //echo "<br>music_user---".
    $music_user=$res_music[0]['userid'];
  //echo "<br>music_name---".
     $music_name=stripslashes($res_music[0]['name']);
    // purchase user infor
	     $purchase_userid=$_SESSION['USER_ID'];
		 $sql_meminfo="select id,first_name,last_name,email,location from ms_member where id='$purchase_userid'";
		 $res_meminfo=$db->select_data($sql_meminfo);
		 if(count($res_meminfo)>0)
		 {
		  $first_name=$res_meminfo[0]['first_name'];
		  $last_name=$res_meminfo[0]['last_name'];
		  $email=$res_meminfo[0]['email'];
		  $location=$res_meminfo[0]['location'];
		 }//if count 
		 //
	
	
 
///----cancellation of paypal for purchase by CLient-----
//---new code for deduction of purchas amount from deposited amount----
$_SESSION['porder_id']=$porder_id;
header("location:payment_receipt.php");
exit();
 
 
//---new code for deduction of purchas amount from deposited amount----
 
	
$sql_selact="select * from `ms_paypal` where `status`='Y' ";
$res_selact=$db->select_data($sql_selact);
 
if($res_selact[0]["type"]=="S")
					   {
						
						$paypal_url="https://www.sandbox.paypal.com/cgi-bin/webscr"; // For Test 
						
					}else if($res_selact[0]["type"]=="M"){
					
					   $paypal_url="https://www.paypal.com/cgi-bin/webscr";  // For Live 
					
					}
	
?>
<table width="100%" border="0" align="center" cellpadding="0" cellspacing="0">
  <tr>
	<td width="30"><img src="images/spacer.gif" width="30" height="1" /></td>
	
	<td><form class="formclass" method="post"  action="<?=$paypal_url?>"  id="myform" name="theForm" >
<!--<form class="formclass" method="post" action="https://www.paypal.com/cgi-bin/webscr"  id="myform" name="theForm" >-->
		<input name="validate" value="1" type="hidden">
		<input type="hidden" name="porder_id" value="<?=$porder_id?>" />
		<?
 
		$paypal[site_url]= ROOT_PATH;
		$paypal[success_url]="payment_receipt.php?success=paypal&pt=paypal&porder_id=$porder_id";
		$paypal[cancel_url]="payment_receipt.php?success=failed&pt=paypal&porder_id=$porder_id";
		$paypal[notify_url]="/ipn/ipn.php";
		$paypal[return_method]="2"; //1=GET 2=POST
		$paypal[currency_code]="GBP"; //[USD,GBP,JPY,CAD,EUR]
		$paypal[lc]="US";
		$paypal[url]=$paypal_url; // For Test 
		$paypal[post_method]="fso"; //fso=fsockopen(); curl=curl command line libCurl=php compiled with libCurl support
		$paypal[curl_location]="/usr/local/bin/curl";
		$paypal[bn]="toolkit-php";
		$paypal[cmd]="_xclick";
		
		$paypal[display_comment]="0"; //0=yes 1=no
		$paypal[comment_header]="Comments";
		$paypal[continue_button_text]="Continue >>";
		$paypal[background_color]="1"; //""=white 1=black
		$paypal[display_shipping_address]="1"; //""=yes 1=no
		$paypal[display_comment]="1"; //""=yes 1=no
		
		?>
 
			
		<input type="hidden" name="business" value="<?=trim($res_selact[0]["email"])?>"><? // For Test ?>
		<input type="hidden" name="item_name" value="<?=$music_name?>">
		<input type="hidden" name="cmd" value="<?=$paypal[cmd]?>">
		<input type="hidden" name="redirect_cmd" value="<?=$paypal[cmd]?>">
		<input type="hidden" name="image_url" value="">
		<input type="hidden" name="return" value="<? echo "$paypal[site_url]$paypal[success_url]"; ?>">
		<input type="hidden" name="cancel_return" value="<? echo "$paypal[site_url]$paypal[cancel_url]"; ?>">
		<input type="hidden" name="rm" value="<?=$paypal[return_method]?>">
		<input type="hidden" name="currency_code" value="<?=$paypal[currency_code]?>">
		<input type="hidden" name="lc" value="<?=$paypal[lc]?>">
		<input type="hidden" name="bn" value="<?=$paypal[bn]?>">
		<input type="hidden" name="cbt" value="<?=$paypal[continue_button_text]?>">
		<input type="hidden" name="no_shipping" value="<?=$paypal[display_shipping_address]?>">
		<input type="hidden" name="no_note" value="<?=$paypal[display_comment]?>">
		<input type="hidden" name="order_id" value="<?=$porder_id?>">
		<input type="hidden" name="amount" value="<?=$music_price?>">
		<input type="hidden" name="user_id" value="<?=$_SESSION['USER_ID']?>">
		<input type="hidden" name="first_name" value="<?=$first_name?>">
		<input type="hidden" name="last_name" value="<?=$last_name?>">
		<input type="hidden" name="city" value="<?=$location?>">
		<input type="hidden" name="a3" value="<?=$music_price?>">
        <input type="hidden" name="p3" value="1">
        <input type="hidden" name="t3" value="M">
		<input type="hidden" name="email " value="<?=$email?>">
		<input type="hidden" name="no_note" value="1">
		<input type="hidden" name="src" value="1">
		<input type="hidden" name="sra" value="1">
			
		<table width="100%" border="0" cellspacing="0" cellpadding="0">
		  <tr>
			<td class="text_body">&nbsp;</td>
		  </tr>
		  <tr>
			<td align="left"></td>
		  </tr>
		</table>
	  </form></td>
	<td width="15"><img src="images/spacer.gif" width="15" height="1" /></td>
  </tr>
</table>
<script language="JavaScript">
objfrm = document.getElementById("myform");
objfrm.submit();
</script>

Open in new window

0
miskodisco
Asked:
miskodisco
  • 12
  • 9
1 Solution
 
albrieuCommented:
Hello i use a class PHP Toolkit for PayPal works excellent and its easy to integrate


at http://paypal.sourceforge.net/

http://sourceforge.net/project/showfiles.php?group_id=102595
0
 
Ray PaseurCommented:
When you run this script and do a "view source" can you see that the correct value has been set for this?

$paypal_url="https://www.paypal.com/cgi-bin/webscr";  // For Live
0
 
Ray PaseurCommented:
Also, it may be a bit of a long shot, but try changing this on line 118 in the OP:

                <input type="hidden" name="email "        value="<?=$email?>">

To the code snippet (eliminate the trailing blank in the name field)
                <input type="hidden" name="email"        value="<?=$email?>">

Open in new window

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
Ray PaseurCommented:
And last, but not least, please post your IPN script.

Thanks, ~Ray
0
 
miskodiscoAuthor Commented:
Hi Ray

Thanks for your suggestions.

The correct value for : https://www.paypal.com/cgi-bin/webscr is set.

I tried the code changes in <input type="hidden" name="email "        value="<?=$email?>"> - but unfortunately it didn't work.

Just so I'm sure, is the IPN script the one referred to in the above code as /ipn/ipn.php as I can't find it - or is the code referenced on line 73 (above) : payment_receipt.php

Thanks




0
 
Ray PaseurCommented:
To get the name of the IPN script, you need to log in to your PayPal account and find the URL there.  I think it's in Merchant Tools.  Get the source code for that URL and post that.  We will need to tinker with it a little bit.

Suggest you list a 50-cents item on your web site for us to play with.  That way, a purchase won't cost you much money when we are testing.
0
 
miskodiscoAuthor Commented:
There isn't one for this site set up.  There's one set up for my other site.  Could this be the problem and would this explain why sandbox works and live doesn't?   And if it is where could I find sample code for an IPN script?
0
 
Ray PaseurCommented:
Yes, that could be the problem.  Do you have the code for the IPN for the other site?  I could post a sample IPN script, but it might not do you much good because it is custom built for my applications (and besides the PayPal developers man pages have good examples).

It is not 100% clear to me when you say "sandbox works and live doesn't" what might be happening, but if you need the IPN to take some action and it's not getting called, that's a pretty strong signal of where the error might lie.  
0
 
miskodiscoAuthor Commented:
Thanks for your suggestions.

I'm not sure whether IPN is required, it was a guess.  The IPN on the other site isn't actually used as I ended up using Virtuemart.

When I say that sandbox works and live doesn't - When i go through the payment process using sandbox it works completely and my account is credited.  However, doing exactly the same thing "live" (using exactly the same code) the system goes through the same process (including Paypal saying that the transaction was a success) but when it comes back to my site it goes to the sucess page (as directed in the code above) however the information from Paypal isn't getting back to my site because the money isn't deposited to my site's account and the page doesn't say how much has been credited.  The site is supposed to say "x amount has been credited to your account".  As mentioned before, it does work completely in sandbox including the part which says "x amount has been credited to your account".
0
 
Ray PaseurCommented:
When you say, "the money isn't deposited to my site's account" do you mean that you sign in to PayPal, and the funds are not in the PayPal account?
0
 
miskodiscoAuthor Commented:
The money arrives in the PayPal account, but the funds don't arrive in the user's account on my site.
0
 
Ray PaseurCommented:
Can you please post the code that is supposed to put the money into the user's account?
0
 
miskodiscoAuthor Commented:
The code is below.  I've removed email addresses and changed them to "email address here".
<?
session_start();
//echo "<pre>";
//print_r($_POST);
$userId=$_GET['user_id'];
$pt=$_GET['pt'];
 
 
if($pt=="paypal" && $_SESSION["NOBACK"]!=1)
{
		//----------------------------------- Code For Inserting Paypal Data ---------------------------------------------//
		
		$subsid=$_POST['subscr_id'];	
		$currnecy=$_POST['mc_currency'];
		$verifysign=$_POST['verify_sign'];
		$status=$_POST['payer_status'];
		$email=$_POST['payer_email'];
		$subscriptiontype=$_POST['item_name'];
		$sub_amt=$_POST['amount3'];
		$payerid=$_POST['payer_id'];
		$sub_date=$_POST['subscr_date'];
		$sub_period=$_POST['period3'];
		$address_country_code=$_POST['address_country_code'];
		$amount=$_POST['mc_amount3'];
		$txn_type=$_POST['txn_type'];
		$test_ipn=$_POST['test_ipn'];
		$first_name=$_POST['first_name'];
		$receiver_email=$_POST['receiver_email'];
		$payer_id=$_POST['payer_id'];
		$item_name=$_POST['item_name'];
		$form_charset=$_POST['form_charset'];
		$notify_version=$_POST['notify_version'];
 
		//payer_status==payment_status
		$quantity=1;
 
		
	include_once("includes/application_top.php");
 
	$sql_insertp="INSERT INTO `ms_paypalpaymentdata` 
(`user_id`, `txn_type`, `payment_date`, `last_name`, `residence_country`, `pending_reason`, `item_name`, `payment_gross`, `mc_currency`, `payment_type`, `payer_status`, `verify_sign`, `test_ipn`, `payer_email`, `tax`, `txn_id`, `first_name`, `receiver_email`, `quantity`, `payer_id`, `payer_business_name`, `item_number`, `payment_status`, `shipping`, `mc_gross`, `custom`, `charset`, `notify_version`, `merchant_return_link`) VALUES
 ('$userId', '$txn_type', '$subscr_date', '', '$address_country_code', '$pending_reason', '$item_name', '$amount', '$currnecy', '', '$status', '$verifysign', '$test_ipn', '$email', '', '$subsid', '$first_name', '$receiver_email', '$quantity', '$payer_id', '', '', '$payer_status', '$verifysign', '$amount', '', '$form_charset', '$notify_version','')";
		$res_insertp=$db->insert_data($sql_insertp);
		///$res_insertp=@mysql_query($sql_insertp);
 
	
 
		
		
		if($_GET['success']=="paypal")
		{
		
		//$sql_up="update ms_member  set `deposit_amount`=`deposit_amount`+$payment_gross  where id='$userId'";
		$sql_up="update ms_member  set `deposit_amount`=`deposit_amount`+$amount , `deposit_amount_org`=`deposit_amount_org`+$amount   where id='$userId'";
		
		$res_up=$db->update_data($sql_up);
		///$res_up=@mysql_query($sql_up);
		
		$msg="Your deposit amount ".CUREXT." $amount has transferred successfully";
		
		$sql_sel_email="select * from `ms_member` where `id`='$userId'";
		
		$res_sel_email=$db->select_data($sql_sel_email);
				
		$sql_sel="select * from ms_adminmail  where mail_id='5'";
		
		$sql_res=$db->select_data($sql_sel);
		
		$subject=$sql_res[0]['mail_subject'];
		
		$mail_desc=nl2br($sql_res[0]["mail_desc"]);
								
		$mail_desc = str_replace("#Username#", $_SESSION['USERNAME'], $mail_desc); 
	
		$mail_desc = str_replace("#Amount#", CUREXT.$amount, $mail_desc); 
	
		$mail_desc = str_replace("#Sitename#", $SITE, $mail_desc);      
							
	    $mail_matter1=$mail_desc;								
					
		$mail->from = "email address here"; 
		
		$mail->reply = "email address here"; 
		
		$mail->headers.="email address here";
		
		$mail->to =$res_sel_email[0]["email"]; 
		
		$mail->subject = $subject; 
		
		$mail->body = $mail_matter1; 
		
		$mail_message=$mail_matter1;
		
		$mail->send(); 
			
 
		//---newly added for reminder to admin --------	
		$mail->from = "email address here"; 
		$mail->reply = "email address here"; 
		$mail->to ="email address here"; 
		$mail->subject = $subject; 
		$mail->body = $mail_matter1; 
		$mail_message=$mail_matter1;
		//$mail->send(); 
			
		
		
		}else{
 
		$msg="Your deposit amount ".CUREXT." $amount has <b>Not</b> transferred successfully";
		
		}
		
		
	    session_register("NOBACK");
 		
		$_SESSION["NOBACK"]=1;	
		
	}else{
	
		$msg="Please do not refresh this page ";
	
	
	}	
	
	
ob_start();
?>
 
<table width="100%" border="0" cellspacing="0" cellpadding="0" >
  <tr>
    <td class="text">&nbsp;</td>
  </tr>
  <tr>
    <td align="center">
      <table width="100%" border="0" cellspacing="0" cellpadding="0" class="form">
        <tr>
          <td align="center">&nbsp;
            
          </td>
        </tr>
	   
	    <tr>
          <td align="center">
            <?=$msg?>
          </td>
        </tr>
      
	  <tr>
          <td align="center">&nbsp;
            
          </td>
        </tr>
	   
	  
	  </table>
    </td>
  </tr>
  <tr>
    <td class="text">&nbsp;</td>
  </tr>
</table>
<?
$titlename="page name here";
$pagedisplay=ob_get_contents();
ob_end_clean();
include("maintemplate.php");
?>

Open in new window

0
 
Ray PaseurCommented:
How is this script supposed to get called?
0
 
miskodiscoAuthor Commented:
The code at the top of the page calls payment_receipt.php, which is the code which I just posted.
0
 
Ray PaseurCommented:
The code at the top of what page?
0
 
miskodiscoAuthor Commented:
Sorry, it's the code I originally posted at the start of this question.
0
 
Ray PaseurCommented:
So this recent post is the script called, "payment_receipt.php" ?
0
 
Ray PaseurCommented:
See code snippet.  I do this in all of my scripts so I can keep them sorted out.
<?php // script_name_here.php

Open in new window

0
 
miskodiscoAuthor Commented:
Yes, the recent post is payment_receipt.php.
0
 
Ray PaseurCommented:
I'm going to recommend that you hire a developer to sort this out.  The code looks somewhat confused to me, and nothing like what I have used in PayPal processing.  I do not think it is worth trying to debug this.

In the OP, you have this statement:
header("location:payment_receipt.php");

And in the recent post of payment_receipt.php you have this statement:
$userId=$_GET['user_id'];

Since the header("Location") command did not provide a GET string in the URL, the $userid field will be set to a null string.  This script is not even testing for that field and throwing an error - that is a very serious programming mistake, and the sort of thing that says to me, scrap this and get a new developer in here - with an error this glaring, there have got to be other errors lurking in the code.

But having said that, there may be a couple of architectural issues you want to consider.  For me the advantage of PayPal is that I do NOT handle any money.  I do a lot of things in the IPN scripts that involve processing the purchases, for example, I print mailing labels via PDF into a directory that is monitored by a cron job, and in another IPN I do a bill-of-materials explosion for a factory.  Probably the place you want to do any credits-and-debits work is in the IPN, not in some script that takes its input from a non-PayPal source.

PayPal has a robust developer community who do these things professionally, and I urge you to take advantage of their skills.  It will be FAR less costly than a fatal processing error one day.

Best of luck, ~Ray
0
 
miskodiscoAuthor Commented:
Thanks for your help with this Ray.  I had a feeling that there were going to be some big errors in the code.  I'll hire a developer.

Regards
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 12
  • 9
Tackle projects and never again get stuck behind a technical roadblock.
Join Now