Paypal IPN Listener

Posted on 2013-11-07
Last Modified: 2016-03-24
OK, I've hit the wall. I've researched extensively and found the VBScript code for the IPN listener. I've set up the buyer and seller accounts in the Sandbox. All the test transactions are logged and work perfectly. For the listener, I've mostly worked with the IPN simulator to see if the code is working. It has to be getting there because if there is a code error, I get a message saying the IPN can't be sent. With the code as it currently is (skeletal until I can see if anything is working), the IPN is sent successfully. But nothing seems to happen when the listener is activated.

Here is the code that activates Paypal:
paypalurl = ""+item1+"&quantity_1="+quant1+"&amount_1="+amt1+"&item_name_2="+item2+"&quantity_2="+quant2+"&amount_2="+amt2+"&item_name_3="+item3+"&quantity_3="+quant3+"&amount_3="+amt3+"&item_name_4="+item4+"&quantity_4="+quant4+"&amount_4="+amt4+"&item_name_5="+item5+"&quantity_5="+quant5+"&amount_5="+amt5+"&item_name_6="+item6+"&quantity_6="+quant6+"&amount_6="+amt6+"&item_name_7="+item7+"&quantity_7="+quant7+"&amount_7="+amt7+"&item_name_8="+item8+"&quantity_8="+quant8+"&amount_8="+amt8+"&item_name_9="+item9+"&quantity_9="+quant9+"&amount_9="+amt9+"&item_name_10="+item10+"&quantity_10="+quant10+"&amount_10="+amt10+"&custom="+memID+"&currency_code=USD&cancel_return='_self'"

Here is the listener code:
Dim first_name, last_name, address_name, address_street, address_city, address_state, address_zip, address_country
Dim item_name, item_number, payment_status, payment_amount, memID
Dim txn_id, receiver_email, payer_email
Dim errorText, sql
Dim objHttp, str

'define subroutine to handle "all" payments ##
sub allPayments()  ' begin sub ###########################################################
   conn.Provider="Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath ("/../DB/eventCalendar.mdb") & ";"
   set rs = Server.CreateObject("ADODB.recordset")
   sql = "UPDATE members SET paypalStatus = '" & payment_status & "' Where (memID = '" & memID & "')"
   Set rs=conn.Execute(sql)
end sub  'end sub ###########################################################################

'read post from PayPal system and add 'cmd'
str = Request.Form & "&cmd=_notify-validate"

'post back to PayPal system to validate
'PayPal Sandbox settings
set objHttp = Server.CreateObject("Msxml2.ServerXMLHTTP")
'set objHttp = Server.CreateObject("Msxml2.ServerXMLHTTP.4.0")
'set objHttp = Server.CreateObject("Microsoft.XMLHTTP")
'PayPal Sandbox settings
 objHTTP.Open "POST", "" , false
 objHTTP.setRequestHeader "Host", ""
 objHttp.setRequestHeader "Content-type", "application/x-www-form-urlencoded"
 objHttp.Send str

'assign posted variables to local variables
 first_name = Request.Form("first_name")
 last_name = Request.Form("last_name")
 address_name = Request.Form("address_name")
 address_street = Request.Form("address_street")
 address_city = Request.Form("address_city")
 address_state = Request.Form("address_state")
 address_zip = Request.Form("address_zip")
 address_country = Request.Form("address_country")
 num_cart_items = Request.Form("num_cart_items")
 item_name = Request.Form("item_name")
 item_number = Request.Form("item_number")
 payment_status = Request.Form("payment_status")
 payment_amount = Request.Form("mc_gross")
 payment_currency = Request.Form("mc_currency")
 txn_id = Request.Form("txn_id")
 receiver_email = Request.Form("receiver_email")
 payer_email = Request.Form("payer_email")
 memID = Request.Form("custom")

'Check notification validation
 if (objHttp.status <> 200 ) then
' HTTP error handling
      elseif (objHttp.responseText = "VERIFIED") then
      ' check that Payment_status=Completed
      ' check that Receiver_email is your Primary PayPal email
             if (payment_status = "Completed") and (receiver_email = "sherleone-facilitator@msn") then
            end if
      ' check that Txn_id has not been previously processed
      ' check that Receiver_email is your Primary PayPal email
      ' check that Payment_amount/Payment_currency are correct
      ' process payment
            elseif (objHttp.responseText = "INVALID") then
            ' log for manual investigation
 ' error
 end if

 set objHttp = nothing

I'm definitely missing something. Also, my Sandbox business account was created automatically, and there is very little that can be changed. How do I tell it about the listener? And when a transaction completes in the Sandbox, why doesn't it go to the return URL? As you can see, I'm lost and really need help.
Question by:slegy
  • 2
  • 2
LVL 11

Expert Comment

by:Andrew Angell
Comment Utility
As long as the URL is valid and there's a file there for the simulator to find you'll get a successfully sent message.  That doesn't mean the IPN script itself actually completed successfully.  You could have a syntax error or something within the script causing it to fail. This can be tough to troubleshoot because you're not seeing the result on screen.

You can look at your web server logs to see what's happening when that script is hit.  You may find it's returning a 500 response of some sort, and if so, your logs should give you the error info and line number in your script where the issue is happening.

One thing I like to do, though, is setup a basic HTML form with the action set to my IPN listener.  Include hidden fields that match what you'd expect to get from an IPN and then you can load that in a browser and submit it so that you can see the result on screen. This will help you weed out any issues you might have.

Keep in mind that when testing this way the data isn't coming from PayPal so it will not be verified as valid.  You'll need to make sure your code can handle that accordingly for testing purposes.

Once you've gotten through that without any errors and you see everything happen like you expect then you can try the simulator again and you should see the same result.  At that point you'll be ready to go live.

Author Comment

Comment Utility
Thank  for the great idea. It is really helping me figure out what is going on. But now I realize that I don't know exactly what Paypal is returning. Does it make a difference whether the business account is set up for standard, express or direct payment? The way our site works is that up to five memberships and four donations can be accumulated before everything is sent in one call to Paypal (see call above). I've looked everywhere for a description of all the fields sent. Have been testing with an example transaction, but it appears a lot of expected fields are missing.

Also just ran across something about when to use IPN and when to use PDT. Is there a consideration there?
LVL 11

Accepted Solution

Andrew Angell earned 500 total points
Comment Utility
PDT is only for use to get data back to your return URL so you can display on your final thank you / receipt page.  It's NOT recommended to do any database updates, email notifications, etc. here because there is no guarantee the user will actually make it there, even with Auto-Return enabled.  They could simply close their browser before the redirect happens...and they often do.

IPN will trigger every time no matter what, so it's where you want to setup any important procedures that need to happen for every transaction.

IPN will function the same regardless of the type of account you have, but the txn_type variable will be different depending on the type of transaction that comes through.  

PayPal's IPN documentation does a decent job of showing you all the different types and all the variables that could be included with each type, but it's not perfect.  Sometimes IPN will send parameters that aren't included there, for example.

If you want to see an exact copy of what an IPN would look like you could setup a listener to do nothing but save a log file of the raw POST data to hit the script.  Then you could actually run a transaction in the sandbox to trigger the IPN from PayPal's server, and your log would then show you exactly what to expect from that type of an IPN so you can customize your solution accordingly.

Author Closing Comment

Comment Utility
With your help I've made good progress. Am sure there is a long siege ahead, but I think I am on the right track.

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now