- Impact
- 209
I was recently creating a script to process IPN payments from paypal. I tried using the fsockopen approach that paypal suggest but it was failing all of the time so I decided to use cURL.
The following maybe of use to you (it is of course not complete you will have to do the checks, read the comments).
This script also strips slashes added by magic_quotes_gpc so ensure if adding anything into a database that you make it secure by using such functions as mysql_real_escape_string().
If you need help in carrying out the checks feel free to contact me and I will work on a more comprehensive tutorial. The paypal ipn manual is located at:-
https://www.paypal.com/cgi-bin/webscr?cmd=p/xcl/rec/ipn-manual-outside
The manual lists all of the parameters and these will be available in the $_POST global array
The following maybe of use to you (it is of course not complete you will have to do the checks, read the comments).
PHP:
<?php
// Set the request paramaeter
$req = 'cmd=_notify-validate';
// Run through the posted array
foreach ($_POST as $key => $value)
{
// If magic quotes is enabled strip slashes
if (get_magic_quotes_gpc())
{
$_POST[$key] = stripslashes($value);
$value = stripslashes($value);
}
$value = urlencode($value);
// Add the value to the request parameter
$req .= "&$key=$value";
}
$url = "http://www.paypal.com/cgi-bin/webscr";
$ch = curl_init(); // Starts the curl handler
curl_setopt($ch, CURLOPT_URL,$url); // Sets the paypal address for curl
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); // Returns result to a variable instead of echoing
curl_setopt($ch, CURLOPT_TIMEOUT, 3); // Sets a time limit for curl in seconds (do not set too low)
curl_setopt($ch, CURLOPT_POST, 1); // Set curl to send data using post
curl_setopt($ch, CURLOPT_POSTFIELDS, $req); // Add the request parameters to the post
$result = curl_exec($ch); // run the curl process (and return the result to $result
curl_close($ch);
if (strcmp ($result, "VERIFIED") == 0) // It may seem strange but this function returns 0 if the result matches the string So you MUST check it is 0 and not just do strcmp ($result, "VERIFIED") (the if will fail as it will equate the result as false)
{
// Do some checks to ensure that the payment has been sent to the correct person
// Check and ensure currency and amount are correct
// Check that the transaction has not been processed before
// Ensure the payment is complete
}
else
{
// Log an invalid request to look into
}
?>
This script also strips slashes added by magic_quotes_gpc so ensure if adding anything into a database that you make it secure by using such functions as mysql_real_escape_string().
If you need help in carrying out the checks feel free to contact me and I will work on a more comprehensive tutorial. The paypal ipn manual is located at:-
https://www.paypal.com/cgi-bin/webscr?cmd=p/xcl/rec/ipn-manual-outside
The manual lists all of the parameters and these will be available in the $_POST global array
Last edited: