Process paypal IPN with cURL

Peter · 03-17-2007, 03:07 AM

I was recently creating a script to process IPN payments from paypal. I tried using the fsockopen approach that paypal suggest but it was failing all of the time so I decided to use cURL.

The following maybe of use to you (it is of course not complete you will have to do the checks, read the comments).

PHP Code:

  <?php

????: NamePros.com http://www.namepros.com/code/306043-process-paypal-ipn-with-curl.html
// Set the request paramaeter

$req = 'cmd=_notify-validate';

 
// Run through the posted array

foreach ($_POST as $key => $value)

{

    // If magic quotes is enabled strip slashes

    if (get_magic_quotes_gpc())

    {

        $_POST[$key] = stripslashes($value);

        $value = stripslashes($value);

????: NamePros.com http://www.namepros.com/showthread.php?t=306043
    }

    $value = urlencode($value);

    // Add the value to the request parameter

    $req .= "&$key=$value";

}

 
$url = "http://www.paypal.com/cgi-bin/webscr";

$ch = curl_init();    // Starts the curl handler

curl_setopt($ch, CURLOPT_URL,$url); // Sets the paypal address for curl

curl_setopt($ch, CURLOPT_FAILONERROR, 1);

curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); // Returns result to a variable instead of echoing

curl_setopt($ch, CURLOPT_TIMEOUT, 3); // Sets a time limit for curl in seconds (do not set too low)

curl_setopt($ch, CURLOPT_POST, 1); // Set curl to send data using post

curl_setopt($ch, CURLOPT_POSTFIELDS, $req); // Add the request parameters to the post

$result = curl_exec($ch); // run the curl process (and return the result to $result

curl_close($ch);

 
if (strcmp ($result, "VERIFIED") == 0) // It may seem strange but this function returns 0 if the result matches the string So you MUST check it is 0 and not just do strcmp ($result, "VERIFIED") (the if will fail as it will equate the result as false)

{

    // Do some checks to ensure that the payment has been sent to the correct person

    // Check and ensure currency and amount are correct

    // Check that the transaction has not been processed before

    // Ensure the payment is complete

}

else 

{

    // Log an invalid request to look into

}

?>

This script also strips slashes added by magic_quotes_gpc so ensure if adding anything into a database that you make it secure by using such functions as mysql_real_escape_string().

If you need help in carrying out the checks feel free to contact me and I will work on a more comprehensive tutorial. The paypal ipn manual is located at:-

https://www.paypal.com/cgi-bin/websc...manual-outside

The manual lists all of the parameters and these will be available in the $_POST global array

Camron · 03-27-2007, 11:30 AM

So basically you put this as the return link in the paypal button, and it will check to see if it was paid or not?

What do you mean by:

Code:

    // Do some checks to ensure that the payment has been sent to the correct person
    // Check and ensure currency and amount are correct
    // Check that the transaction has not been processed before
    // Ensure the payment is complete

You say check to ensure the payment is complete, but isn't that what that if statement does? So we could put something in there which sends them a download, emails them a welcome email, etc, or is that part saying it has not been verified yet.

Peter · 03-27-2007, 01:34 PM

No the if statement confirms it is a genuine transaction. If the user uses an echeck paypal will send a notice to say payment initiated which will chow as VERIFIED but echeck payments are not actually completed for a few days.

Regarding what you put the url as. You can either enter the address the script would be at in the admin panel of paypal or you can use the following in your payment form:-

<input type="hidden" name="notify_url" value="http://www.you.url/script_name.php" />

03-17-2007, 03:07 AM	THREAD STARTER #1 (permalink)
Peter NamePros Expert Join Date: Nov 2003 Location: Scotland Posts: 5,074	Process paypal IPN with cURL I was recently creating a script to process IPN payments from paypal. I tried using the fsockopen approach that paypal suggest but it was failing all of the time so I decided to use cURL. The following maybe of use to you (it is of course not complete you will have to do the checks, read the comments). PHP Code: <?php ????: NamePros.com http://www.namepros.com/code/306043-process-paypal-ipn-with-curl.html // Set the request paramaeter $req = 'cmd=_notify-validate'; // Run through the posted array foreach ($_POST as $key => $value) { // If magic quotes is enabled strip slashes if (get_magic_quotes_gpc()) { $_POST[$key] = stripslashes($value); $value = stripslashes($value); ????: NamePros.com http://www.namepros.com/showthread.php?t=306043 } $value = urlencode($value); // Add the value to the request parameter $req .= "&$key=$value"; } $url = "http://www.paypal.com/cgi-bin/webscr"; $ch = curl_init(); // Starts the curl handler curl_setopt($ch, CURLOPT_URL,$url); // Sets the paypal address for curl curl_setopt($ch, CURLOPT_FAILONERROR, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); // Returns result to a variable instead of echoing curl_setopt($ch, CURLOPT_TIMEOUT, 3); // Sets a time limit for curl in seconds (do not set too low) curl_setopt($ch, CURLOPT_POST, 1); // Set curl to send data using post curl_setopt($ch, CURLOPT_POSTFIELDS, $req); // Add the request parameters to the post $result = curl_exec($ch); // run the curl process (and return the result to $result curl_close($ch); if (strcmp ($result, "VERIFIED") == 0) // It may seem strange but this function returns 0 if the result matches the string So you MUST check it is 0 and not just do strcmp ($result, "VERIFIED") (the if will fail as it will equate the result as false) { // Do some checks to ensure that the payment has been sent to the correct person // Check and ensure currency and amount are correct // Check that the transaction has not been processed before // Ensure the payment is complete } else { // Log an invalid request to look into } ?> This script also strips slashes added by magic_quotes_gpc so ensure if adding anything into a database that you make it secure by using such functions as mysql_real_escape_string(). If you need help in carrying out the checks feel free to contact me and I will work on a more comprehensive tutorial. The paypal ipn manual is located at:- https://www.paypal.com/cgi-bin/websc...manual-outside The manual lists all of the parameters and these will be available in the $_POST global array Last edited by Peter; 03-17-2007 at 03:15 AM.

03-27-2007, 11:30 AM	#2 (permalink)
Camron Senior Member Join Date: Jan 2006 Location: Portland, Oregon Posts: 2,100 Follow @hostingfuze	So basically you put this as the return link in the paypal button, and it will check to see if it was paid or not? What do you mean by: Code: // Do some checks to ensure that the payment has been sent to the correct person // Check and ensure currency and amount are correct // Check that the transaction has not been processed before // Ensure the payment is complete You say check to ensure the payment is complete, but isn't that what that if statement does? So we could put something in there which sends them a download, emails them a welcome email, etc, or is that part saying it has not been verified yet. __________________ HostingFuze.com Premium Master Reseller Services \| 99.9% Uptime Guaranteed SLA \| Starting at $4.95/mo Basic Reseller Hosting @ HostFz.com - Services starting as low as $1.95/mo!

03-27-2007, 01:34 PM	THREAD STARTER #3 (permalink)
Peter NamePros Expert Join Date: Nov 2003 Location: Scotland Posts: 5,074	No the if statement confirms it is a genuine transaction. If the user uses an echeck paypal will send a notice to say payment initiated which will chow as VERIFIED but echeck payments are not actually completed for a few days. Regarding what you put the url as. You can either enter the address the script would be at in the admin panel of paypal or you can use the following in your payment form:- <input type="hidden" name="notify_url" value="http://www.you.url/script_name.php" />

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)