Process PayPal IPN with cURL

Peter · Mar 17, 2007

I was recently creating a script to process IPN payments from paypal. I tried using the fsockopen approach that paypal suggest but it was failing all of the time so I decided to use cURL.

The following maybe of use to you (it is of course not complete you will have to do the checks, read the comments).

PHP:

<?php
// Set the request paramaeter
$req = 'cmd=_notify-validate';

// Run through the posted array
foreach ($_POST as $key => $value)
{
	// If magic quotes is enabled strip slashes
	if (get_magic_quotes_gpc())
	{
		$_POST[$key] = stripslashes($value);
		$value = stripslashes($value);
	}
	$value = urlencode($value);
	// Add the value to the request parameter
	$req .= "&$key=$value";
}

$url = "http://www.paypal.com/cgi-bin/webscr";
$ch = curl_init();    // Starts the curl handler
curl_setopt($ch, CURLOPT_URL,$url); // Sets the paypal address for curl
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); // Returns result to a variable instead of echoing
curl_setopt($ch, CURLOPT_TIMEOUT, 3); // Sets a time limit for curl in seconds (do not set too low)
curl_setopt($ch, CURLOPT_POST, 1); // Set curl to send data using post
curl_setopt($ch, CURLOPT_POSTFIELDS, $req); // Add the request parameters to the post
$result = curl_exec($ch); // run the curl process (and return the result to $result
curl_close($ch);

if (strcmp ($result, "VERIFIED") == 0) // It may seem strange but this function returns 0 if the result matches the string So you MUST check it is 0 and not just do strcmp ($result, "VERIFIED") (the if will fail as it will equate the result as false)
{
	// Do some checks to ensure that the payment has been sent to the correct person
	// Check and ensure currency and amount are correct
	// Check that the transaction has not been processed before
	// Ensure the payment is complete
}
else 
{
	// Log an invalid request to look into
}
?>

This script also strips slashes added by magic_quotes_gpc so ensure if adding anything into a database that you make it secure by using such functions as mysql_real_escape_string().

If you need help in carrying out the checks feel free to contact me and I will work on a more comprehensive tutorial. The paypal ipn manual is located at:-

https://www.paypal.com/cgi-bin/webscr?cmd=p/xcl/rec/ipn-manual-outside

The manual lists all of the parameters and these will be available in the $_POST global array

Camron · Mar 27, 2007

So basically you put this as the return link in the paypal button, and it will check to see if it was paid or not?

What do you mean by:

Code:

    // Do some checks to ensure that the payment has been sent to the correct person
    // Check and ensure currency and amount are correct
    // Check that the transaction has not been processed before
    // Ensure the payment is complete

You say check to ensure the payment is complete, but isn't that what that if statement does? So we could put something in there which sends them a download, emails them a welcome email, etc, or is that part saying it has not been verified yet.

Peter · Mar 27, 2007

No the if statement confirms it is a genuine transaction. If the user uses an echeck paypal will send a notice to say payment initiated which will chow as VERIFIED but echeck payments are not actually completed for a few days.

Regarding what you put the url as. You can either enter the address the script would be at in the admin panel of paypal or you can use the following in your payment form:-

<input type="hidden" name="notify_url" value="http://www.you.url/script_name.php" />

Process PayPal IPN with cURL

More options

Peter

VIP Member

Camron

VIP Member

Peter

VIP Member

Similar threads

We're social

New posts

Auction activity

What non .com extensions have you sold in 2024?

Polls of interest

Popular this week

Community favorite

Popular this month

Blog favorites

Pinned

Appreciation

Agreement