PayPal IPN, PHP, & MySQL
Here is a run-down of what I am trying to accomplish:
I need users to pay a set fee ($10) to my Business PayPal account. When they do this I need to pass the contents of a PHP variable along with the purchase request that will travel along with the order until it is eventually passed back to my listening script. Once the payment comes back verified I need to update my database ( I need to set the txn_id and another column to VALIDATED where that custom field is equal to the column email). My current scripts are not working at all it seems. I have attached those files below, any help at all as to how to get this working would be massively appreciated. Thanks in advanced and let me know if you need anymore information.
ipn.php
ipnlistener.php
I need users to pay a set fee ($10) to my Business PayPal account. When they do this I need to pass the contents of a PHP variable along with the purchase request that will travel along with the order until it is eventually passed back to my listening script. Once the payment comes back verified I need to update my database ( I need to set the txn_id and another column to VALIDATED where that custom field is equal to the column email). My current scripts are not working at all it seems. I have attached those files below, any help at all as to how to get this working would be massively appreciated. Thanks in advanced and let me know if you need anymore information.
ipn.php
ipnlistener.php
ASKER
Thanks Ray, I will test this and let you know how it goes. Also I really appreciate the fast response.
Best of luck with it, and please post back with any questions.
One thing to think about with asynchronous scripts like this one or with email PIPE scripts. When the script is started by an external signal, there is no browser output and that can make debugging difficult. I have found two ways around this.
One way is to use
http://us.php.net/manual/en/function.error-log.php
Another way is to start the output buffers, capture the results of echo and var_dump(), then grab the buffers and email the information to yourself. Of course this fails if you have a parse error, so it's best to use both methods when you're constructing a new script.
HTH, ~Ray
One thing to think about with asynchronous scripts like this one or with email PIPE scripts. When the script is started by an external signal, there is no browser output and that can make debugging difficult. I have found two ways around this.
One way is to use
http://us.php.net/manual/en/function.error-log.php
Another way is to start the output buffers, capture the results of echo and var_dump(), then grab the buffers and email the information to yourself. Of course this fails if you have a parse error, so it's best to use both methods when you're constructing a new script.
HTH, ~Ray
ASKER
I went ahead and just removed the warning_RAY function for testing, modified the SQL connection info to match that of my server, set up the PAYPAL_ORDER_LOG table, and told the script to use the sandbox For some reason I still can't get this thing working. I sent a test IPN to the ipn.php file and it says it was sent successfully but I don't know what it is doing after that as I do not receive any emails or see any entries in the DB. My website is hosted at GoDaddy could that have anything to do with it? I'm just trying to pursue every possibility.
Well, I am not a fan of GoDaddy, but it is probably not directly their fault. Please post the code the way you have it now, and let me look through it. I may be able to spot something or at least add some debugging information to it.
Also, consider using the actual PayPal interface instead of the sandbox, ie: make a real payment. You can set the amount of the payment to a dollar, and it will cost you something like 30 cents for a real time, real world test. You can't beat that for value!
Also, consider using the actual PayPal interface instead of the sandbox, ie: make a real payment. You can set the amount of the payment to a dollar, and it will cost you something like 30 cents for a real time, real world test. You can't beat that for value!
ASKER
Attached below is the your IPN file I customized, hopefully you'll see what I can't.
ipn.php
ipn.php
This version will parse correctly and will send me an email message with the diagnostics. Note that it is mercifully free of things like require() and die(). We need diagnostic information at this point, so we want the script to run all the way to the end uninterrupted. To that end, please post the code for '../dbConnect.inc' so we can add any diagnostic messages that might be needed, thanks.
<?php // paypal_ipn.php - custom PayPal IPN processor
// CAPTURE THE OUTPUT BUFFERS
ob_start();
// COLLECT ALL NOTICES, WARNINGS, ERRORS
error_reporting(E_ALL);
// WHO GETS THIS PAYMENT (this address below is the test seller account in sandbox)
$rcvr = "paypal_1331301818_biz@piggybackmove.com";
// LOADS DB CONNECTION, LOCAL FUNCTIONS, ETC
include_once('../dbConnect.inc');
// READ THE POST FROM PayPal AND ADD 'cmd'
$postdata = 'POSTDATA: ';
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value)
{
$postdata .= PHP_EOL . "$key = $value "; // SAVE THE COLLECTION
$$key = trim($value); // ASSIGN LOCAL VARIABLES
$value = urlencode(stripslashes($value)); // ENCODE FOR BOUNCE-BACK
$req .= "&$key=$value";
}
// POST BACK TO PayPal SYSTEM TO VALIDATE
$header = NULL;
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.sandbox.paypal.com', 80, $errno, $errstr, 30);
// TEST FOR VERIFICATION
if (!$fp)
{
// IF HTTP ERROR
echo PHP_EOL . "IPN HTTP ERROR fsockopen failed";
echo PHP_EOL . "ERRNO=$errno";
echo PHP_EOL . "ERRSTR=$errstr";
}
else
{
// HTTP OPEN - WRITE HEADER AND REQUEST
fputs ($fp, $header . $req);
}
// HTTP OPEN - READ PayPal RESPONSE, DISCARDING HEADERS TO THE VERY END
$paypal_reply = 'NO-REPLY';
$paypal_headers = NULL;
while (!feof($fp))
{
$paypal_reply = fgets ($fp, 1024);
$paypal_headers .= $paypal_reply;
}
// IF THIS IS TRULY A POST FROM PAYPAL, PROCESS ORDER NOTIFICATION
if (strcmp ($paypal_reply, "VERIFIED") == 0)
{
$errormsg = NULL;
// THE ONLY PAYMENT STATUS OTHER THAN COMPLETED IS PENDING (E-CHECK)
if ($payment_status != "Completed")
{
echo PHP_EOL . "ERROR PAYMENT STATUS: payment_status";
}
// THE RECEIVER EMAIL MUST BE CORRECT
$receiver_email = strtolower($receiver_email);
if ($receiver_email != $rcvr)
{
echo PHP_EOL . "ERROR RECEIVER EMAIL: receiver_email";
}
// ASSUMING EVERYTHING IS OK, PREPARE PAYMENT INFORMATION FOR INSERT INTO THE DATA BASE
$txn_id = mysql_real_escape_string($txn_id);
$receipt_id = mysql_real_escape_string($receipt_id);
$first_name = mysql_real_escape_string($first_name);
$last_name = mysql_real_escape_string($last_name);
$item_name = mysql_real_escape_string($item_name);
$payer_email = mysql_real_escape_string($payer_email);
$postdata = mysql_real_escape_string($postdata);
// CONSTRUCT THE QUERY HERE
$sql = "INSERT INTO PAYPAL_ORDER_LOG ( txn_id, receipt_id, first_name, last_name, payer_email, item_name, postdata)
VALUES ( \"$txn_id\", \"$receipt_id\", \"$first_name\", \"$last_name\", \"$payer_email\", \"$item_name\", \"$postdata\")";
// DISPLAY BUT DO NOT EXECUTE THE UPDATE QUERY
echo PHP_EOL . $sql;
}
// LOG INVALID POSTS FOR MANUAL INVESTIGATION AND INTERVENTION
else
{
echo PHP_EOL . "ERROR PAYPAL REPLY: $paypal_reply";
}
// PROCESSING IS DONE. COLLECT THE ERROR MESSAGES AND MAIL THEM
$msg = 'IPN MESSAGES: ' . ob_get_clean();
mail('Ray.Paseur@Gmail.com', 'EE-ITNC-IPN-DATA', $msg);ASKER
The dbConnect only contains the username, password, and database name variables and nothing else. I went ahead and uploaded this revised script and subsituted your email address with mine (just to see the results myself) but got the following two emails after sending one IPN test from the sandbox.
IPN MESSAGES:
ERROR PAYPAL REPLY:
As you can see those error messages are empty. I will go ahead and put your email back in place so you can receive those messages yourself. Once again I really appreciate your assistance on this and I feel like we may be very close to figuring this out.
IPN MESSAGES:
ERROR PAYPAL REPLY:
As you can see those error messages are empty. I will go ahead and put your email back in place so you can receive those messages yourself. Once again I really appreciate your assistance on this and I feel like we may be very close to figuring this out.
Let's try this new version. We have a way to see the data now, so that will get us much closer to an answer.
<?php // paypal_ipn.php - custom PayPal IPN processor
// CAPTURE THE OUTPUT BUFFERS
ob_start();
// COLLECT ALL NOTICES, WARNINGS, ERRORS
error_reporting(E_ALL);
// WHO GETS THIS PAYMENT (this address below is the test seller account in sandbox)
$rcvr = "paypal_1331301818_biz@piggybackmove.com";
// LOADS DB CONNECTION, LOCAL FUNCTIONS, ETC
include_once('../dbConnect.inc');
// READ THE POST FROM PayPal AND ADD 'cmd'
$postdata = 'POSTDATA: ';
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value)
{
$postdata .= PHP_EOL . "$key = $value "; // SAVE THE COLLECTION
$$key = trim($value); // ASSIGN LOCAL VARIABLES
$value = urlencode(stripslashes($value)); // ENCODE FOR BOUNCE-BACK
$req .= "&$key=$value";
}
// GET THE POST DATA AND REQUEST
echo PHP_EOL . $postdata;
echo PHP_EOL . $req;
// POST BACK TO PayPal SYSTEM TO VALIDATE
$header = NULL;
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.sandbox.paypal.com', 80, $errno, $errstr, 30);
// TEST FOR VERIFICATION
if (!$fp)
{
// IF HTTP ERROR
echo PHP_EOL . "IPN HTTP ERROR fsockopen failed";
echo PHP_EOL . "ERRNO=$errno";
echo PHP_EOL . "ERRSTR=$errstr";
}
else
{
// HTTP OPEN - WRITE HEADER AND REQUEST
fputs ($fp, $header . $req);
}
// HTTP OPEN - READ PayPal RESPONSE, DISCARDING HEADERS TO THE VERY END
$paypal_reply = 'NO-REPLY';
$paypal_headers = NULL;
while (!feof($fp))
{
$paypal_reply = fgets ($fp, 1024);
$paypal_headers .= $paypal_reply;
}
// IF THIS IS TRULY A POST FROM PAYPAL, PROCESS ORDER NOTIFICATION
if (strcmp ($paypal_reply, "VERIFIED") == 0)
{
$errormsg = NULL;
// THE ONLY PAYMENT STATUS OTHER THAN COMPLETED IS PENDING (E-CHECK)
if ($payment_status != "Completed")
{
echo PHP_EOL . "ERROR PAYMENT STATUS: payment_status";
}
// THE RECEIVER EMAIL MUST BE CORRECT
$receiver_email = strtolower($receiver_email);
if ($receiver_email != $rcvr)
{
echo PHP_EOL . "ERROR RECEIVER EMAIL: receiver_email";
}
// ASSUMING EVERYTHING IS OK, PREPARE PAYMENT INFORMATION FOR INSERT INTO THE DATA BASE
$txn_id = mysql_real_escape_string($txn_id);
$receipt_id = mysql_real_escape_string($receipt_id);
$first_name = mysql_real_escape_string($first_name);
$last_name = mysql_real_escape_string($last_name);
$item_name = mysql_real_escape_string($item_name);
$payer_email = mysql_real_escape_string($payer_email);
$postdata = mysql_real_escape_string($postdata);
// CONSTRUCT THE QUERY HERE
$sql = "INSERT INTO PAYPAL_ORDER_LOG ( txn_id, receipt_id, first_name, last_name, payer_email, item_name, postdata)
VALUES ( \"$txn_id\", \"$receipt_id\", \"$first_name\", \"$last_name\", \"$payer_email\", \"$item_name\", \"$postdata\")";
// DISPLAY BUT DO NOT EXECUTE THE UPDATE QUERY
echo PHP_EOL . $sql;
}
// LOG INVALID POSTS FOR MANUAL INVESTIGATION AND INTERVENTION
else
{
echo PHP_EOL . "ERROR PAYPAL REPLY: $paypal_reply";
}
// PROCESSING IS DONE. COLLECT THE ERROR MESSAGES AND MAIL THEM
$msg = 'IPN MESSAGES: ' . ob_get_clean();
mail('Ray.Paseur@Gmail.com', 'EE-ITNC-IPN-DATA', $msg);ASKER
Sending the test through now (this is using an encrypted button generated from the test seller account, purchased from my test buyer account - FYI)
That sent me the following:
Here is the next iteration test of the IPN
IPN MESSAGES:
POSTDATA:
mc_gross = 10.00
protection_eligibility = Eligible
address_status = confirmed
payer_id = MB4X4C6S5MWJG
tax = 0.00
address_street = 1 Main St
payment_date = 09:56:20 Mar 12, 2012 PDT
payment_status = Completed
charset = windows-1252
address_zip = 95131
first_name = Christian
mc_fee = 0.59
address_country_code = US
address_name = Christian Haynes
notify_version = 3.4
custom = chaynes@itnc.biz
payer_status = verified
business = paypal_1331301818_biz@piggybackmove.com
address_country = United States
address_city = San Jose
quantity = 1
verify_sign = AR8OPjBLsrD0rau1MH87Ooys0sY2Aj3CnvqzcCIA6Gs8AoYIzB2KP00r
payer_email = paypal_1331304457_per@piggybackmove.com
txn_id = 77S49219SJ5857906
payment_type = instant
btn_id = 2455546
last_name = Haynes
address_state = CA
receiver_email = paypal_1331301818_biz@piggybackmove.com
payment_fee = 0.59
shipping_discount = 0.00
insurance_amount = 0.00
receiver_id = C4QC5DXVXR9KL
txn_type = web_accept
item_name = Membership Fee
discount = 0.00
mc_currency = USD
item_number = 1
residence_country = US
test_ipn = 1
shipping_method = Default
handling_amount = 0.00
transaction_subject = chaynes@itnc.biz
payment_gross = 10.00
shipping = 0.00
ipn_track_id = f4583e4c513bd
cmd=_notify-validate&mc_gross=10.00&protection_eligibility=Eligible&address_status=confirmed&payer_id=MB4X4C6S5MWJG&tax=0.00&address_street=1+Main+St&payment_date=09%3A56%3A20+Mar+12%2C+2012+PDT&payment_status=Completed&charset=windows-1252&address_zip=95131&first_name=Christian&mc_fee=0.59&address_country_code=US&address_name=Christian+Haynes¬ify_version=3.4&custom=chaynes%40itnc.biz&payer_status=verified&business=paypal_1331301818_biz%40piggybackmove.com&address_country=United+States&address_city=San+Jose&quantity=1&verify_sign=AR8OPjBLsrD0rau1MH87Ooys0sY2Aj3CnvqzcCIA6Gs8AoYIzB2KP00r&payer_email=paypal_1331304457_per%40piggybackmove.com&txn_id=77S49219SJ5857906&payment_type=instant&btn_id=2455546&last_name=Haynes&address_state=CA&receiver_email=paypal_1331301818_biz%40piggybackmove.com&payment_fee=0.59&shipping_discount=0.00&insurance_amount=0.00&receiver_id=C4QC5DXVXR9KL&txn_type=web_accept&item_name=Membership+Fee&discount=0.00&mc_currency=USD&item_number=1&residence_country=US&test_ipn=1&shipping_method=Default&handling_amount=0.00&transaction_subject=chaynes%40itnc.biz&payment_gross=10.00&shipping=0.00&ipn_track_id=f4583e4c513bd
ERROR PAYPAL REPLY:Here is the next iteration test of the IPN
<?php // paypal_ipn.php - custom PayPal IPN processor
// CAPTURE THE OUTPUT BUFFERS
ob_start();
// COLLECT ALL NOTICES, WARNINGS, ERRORS
error_reporting(E_ALL);
// WHO GETS THIS PAYMENT (this address below is the test seller account in sandbox)
$rcvr = "paypal_1331301818_biz@piggybackmove.com";
// LOADS DB CONNECTION, LOCAL FUNCTIONS, ETC
include_once('../dbConnect.inc');
// READ THE POST FROM PayPal AND ADD 'cmd'
$postdata = 'POSTDATA: ';
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value)
{
$postdata .= PHP_EOL . "$key = $value "; // SAVE THE COLLECTION
$$key = trim($value); // ASSIGN LOCAL VARIABLES
$value = urlencode(stripslashes($value)); // ENCODE FOR BOUNCE-BACK
$req .= "&$key=$value";
}
// GET THE POST DATA AND REQUEST
echo PHP_EOL . $postdata;
echo PHP_EOL . $req;
// POST BACK TO PayPal SYSTEM TO VALIDATE
$header = NULL;
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.sandbox.paypal.com', 80, $errno, $errstr, 30);
// TEST FOR VERIFICATION
if (!$fp)
{
// IF HTTP ERROR
echo PHP_EOL . "IPN HTTP ERROR fsockopen failed";
echo PHP_EOL . "ERRNO=$errno";
echo PHP_EOL . "ERRSTR=$errstr";
}
else
{
// HTTP OPEN - WRITE HEADER AND REQUEST
$nwrit = fputs ($fp, $header . $req);
}
echo PHP_EOL . "FPUTS() WROTE $nwrit BYTES";
// HTTP OPEN - READ PayPal RESPONSE, DISCARDING HEADERS TO THE VERY END
$paypal_reply = 'NO-REPLY';
$paypal_headers = NULL;
while (!feof($fp))
{
$paypal_reply = fgets ($fp, 1024);
$paypal_headers .= PHP_EOL . $paypal_reply;
}
echo PHP_EOL . "PAYPAL HEADERS: $paypal_headers";
// IF THIS IS TRULY A POST FROM PAYPAL, PROCESS ORDER NOTIFICATION
if (strcmp ($paypal_reply, "VERIFIED") == 0)
{
$errormsg = NULL;
// THE ONLY PAYMENT STATUS OTHER THAN COMPLETED IS PENDING (E-CHECK)
if ($payment_status != "Completed")
{
echo PHP_EOL . "ERROR PAYMENT STATUS: payment_status";
}
// THE RECEIVER EMAIL MUST BE CORRECT
$receiver_email = strtolower($receiver_email);
if ($receiver_email != $rcvr)
{
echo PHP_EOL . "ERROR RECEIVER EMAIL: receiver_email";
}
// ASSUMING EVERYTHING IS OK, PREPARE PAYMENT INFORMATION FOR INSERT INTO THE DATA BASE
$txn_id = mysql_real_escape_string($txn_id);
$receipt_id = mysql_real_escape_string($receipt_id);
$first_name = mysql_real_escape_string($first_name);
$last_name = mysql_real_escape_string($last_name);
$item_name = mysql_real_escape_string($item_name);
$payer_email = mysql_real_escape_string($payer_email);
$postdata = mysql_real_escape_string($postdata);
// CONSTRUCT THE QUERY HERE
$sql = "INSERT INTO PAYPAL_ORDER_LOG ( txn_id, receipt_id, first_name, last_name, payer_email, item_name, postdata)
VALUES ( \"$txn_id\", \"$receipt_id\", \"$first_name\", \"$last_name\", \"$payer_email\", \"$item_name\", \"$postdata\")";
// DISPLAY BUT DO NOT EXECUTE THE UPDATE QUERY
echo PHP_EOL . $sql;
}
// LOG INVALID POSTS FOR MANUAL INVESTIGATION AND INTERVENTION
else
{
echo PHP_EOL . "ERROR PAYPAL REPLY: $paypal_reply";
}
// PROCESSING IS DONE. COLLECT THE ERROR MESSAGES AND MAIL THEM
$msg = 'IPN MESSAGES: ' . ob_get_clean();
mail('Ray.Paseur@Gmail.com', 'EE-ITNC-IPN-DATA', $msg);ASKER
Sending test payment now
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ray that fixed it, I have everything working great right now for sandbox, I will start production testing tomorrow. Once again thanks a lot man, you've been amazing!
Excellent! Thanks for the points and thanks for using EE! ~Ray
I use encrypted "buy now" buttons so I do not have as much risk of fraud as I might if I had clear-text buttons. If you want to use clear-text buttons to pass information along to the IPN other than the standard information that the IPN receives, you can pass hidden form variables item_name and item_number. If you're doing that, you probably want to add some more sanity checks.
HTH, ~Ray
Open in new window