PHP PayPal IPN

Scott2503 · 06-24-2006, 12:50 PM

I am trying to make a basic PHP PayPal IPN and when I say basic I mean really basic. I have tried everything and can't get anything to work... I am just trying to check if it is verified and it can't even do that. I am using the example with something I added:

PHP Code:

  // read the post from PayPal system and add 'cmd'

$req = 'cmd=_notify-validate';

 
foreach ($_POST as $key => $value) {

$value = urlencode(stripslashes($value));

$req .= "&$key=$value";

}

 
// post back to PayPal system to validate

$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";

$header .= "Content-Type: application/x-www-form-urlencoded\r\n";

$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

$fp = fsockopen ('www.eliteweaver.co.uk', 80, $errno, $errstr, 30);

 
// assign posted variables to local variables

$item_name = $_POST['item_name'];

$item_number = $_POST['item_number'];

$payment_status = $_POST['payment_status'];

$payment_amount = $_POST['mc_gross'];

$payment_currency = $_POST['mc_currency'];

$txn_id = $_POST['txn_id'];

$receiver_email = $_POST['receiver_email'];

$payer_email = $_POST['payer_email'];

 
if (!$fp) {

// HTTP ERROR

} else {

fputs ($fp, $header . $req);

while (!feof($fp)) {

$res = fgets ($fp, 1024);

if (strcmp ($res, "VERIFIED") == 0) {

// check the payment_status is Completed

// check that txn_id has not been previously processed

// check that receiver_email is your Primary PayPal email

// check that payment_amount/payment_currency are correct

// process payment

 
// it worked

mail("email@domain.com", "It worked", "The IPN worked");

}

else if (strcmp ($res, "INVALID") == 0) {

// log for manual investigation

}

}

fclose ($fp);

}

I am using http://www.eliteweaver.co.uk because it tests IPN scripts without actually buying something on PayPal so that is why you see www.eliteweaver.co.uk instead of www.paypal.com

Any reasons why this doesn't work?

Peter · 06-24-2006, 01:55 PM

alot of those ipn testin g sites are very selective on when they work. your best bet would just do a test transction on paypal and the just refund the payment.

Scott2503 · 06-24-2006, 02:04 PM

Hmm... I was wondering if it might be the actual site I was using to test it. Thanks I'll try an actual purchse.

paaaaaaaaaa · 06-24-2006, 03:03 PM

test it using paypal sanbox https://www.sandbox.paypal.com/

It is a copy of paypal but used for testing non real transactions you can set up as many accounts as possible and transfer any amount of cash between them.

This is what i used to test my IPN code. I remember when I was working on it the paypal IPN system wasn't working on their side for quite a while. I also found eliteweaver to fail testing.

RickM · 06-24-2006, 03:15 PM

Yes, sandbox is the best option...it gives you a virtual credit card number just for the sandbox, you can then run tests.

It may also be an idea to checkout paypaldev.com

Scott2503 · 06-24-2006, 03:23 PM

Ok I set up the sandbox but how do I add the imaginary funds?

Peter · 06-24-2006, 04:22 PM

the problem with the sandbox is that if I remember correctly the server that is doing the testing also needs to be logged onto the sandbox.

**-Nick-** · 06-24-2006, 08:22 PM

Hey guys. Here is the code that I use normally for the setup.

checkout.php

PHP Code:

  <?php

include("Includes/functions.php");

$dbc = dbconnect();

$pageid = $QUERY_STRING;

if ($QUERY_STRING == "")

{

$pageid = 1;

}

$arr = explode("x", $pageid);

$hid = $arr[0];

$catid = $arr[1];

$site_url = "http://www.hehehahahaha.com";

$order_total = 10;

$order_total = number_format($order_total, 2, ".", ",");

$order_id = "$hid" . "x" . "$catid";

 
$r = mysql_query("Select * from tblhost WHERE HID = '$hid'");

while ( $row = mysql_fetch_array ( $r ) )

{

$my_sFirstName = $row['User'];

$my_sLastName = $row['User'];

$hemail = $row['Email'];

$hname = $row['Host'];

}

$my_clientEmail = $hemail;

$business_paypal = "xxxxx@xxxxx.com";

$currency_id = "USD";

$sdate = time();

$r = mysql_query("INSERT INTO tblsponser (HID, CID, Sdate) VALUES ('$hid', '$catid', '$sdate')");

 
 
//redirect to paypal

header("location:https://www.paypal.com/xclick?business=$business_paypal&item_name=$hname$order_id&first_name=$my_sFirstName&last_name=$my_sLastName&email=$my_clientEmail&item_number=1&custom=$hid&amount=$order_total&currency_code=$currency_id&notify_url=$site_url/notify.php&return=$site_url/thankyou.php");

?>

Now for the IPN script:
notify.php

PHP Code:

  <?php

 
    // Assign posted variables to local variables

    $receiver_email = $_POST['receiver_email'];

    $payer_email = $_POST['payer_email'];

    $payer_status = $_POST['payer_status'];

    $payment_gross = $_POST['payment_gross'];

    $payment_fee = $_POST['payment_fee'];

    $payment_date = $_POST['payment_date'];

    $payment_type = $_POST['payment_type'];

    $payment_status = $_POST['payment_status'];

    $pending_reason = $_POST['pending_reason'];

    $txn_id = $_POST['txn_id'];

    $txn_type = $_POST['txn_type'];

    

    $custom = $_POST['custom'];

 
    if ($_REQUEST['payment_status'] == "Completed" || $_REQUEST['payment_status'] == "Pending") {

 
//Query for the payment recieved

 
include("Includes/functions.php");

 
$dbc = dbconnect();

 
$hid = $custom;

 
 
 
$r = mysql_query("Update tblsponser SET Payment = 'Y' WHERE HID = '$hid'");

 
////////////////////////////////////////

 
 
}

?>

I hope this helps.

Dan · 06-25-2006, 05:28 PM

For the sandbox on Paypal, is the money being sent to a fake account on the sandbox from another fake account on the sandbox?

Also, how long should it take for the verification email to come for the sandbox account..

edit: Why do they send the emails to that email buttons? I got lucky I found it. -_-

edit2: Never mind all of that. ^

But I still can't get it to work.

index.php

Code:

<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="rocky@sanchez.com">
<input type="hidden" name="item_name" value="something">
<input type="hidden" name="item_number" value="1">
<input type="hidden" name="amount" value="10.00">
<input type="hidden" name="no_shipping" value="2">
<input type="hidden" name="return" value="http://css.la/ipn/return.php">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="bn" value="PP-BuyNowBF">
<input type="image" src="https://www.sandbox.paypal.com/en_US/i/btn/x-click-but23.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
<img alt="" border="0" src="https://www.sandbox.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>

return.php

PHP Code:

  <?php

 
// read the post from PayPal system and add 'cmd'

$req = 'cmd=_notify-validate';

 
foreach ($_POST as $key => $value) {

    $value = urlencode(stripslashes($value));

    $req .= "&$key=$value";

}

 
// post back to PayPal system to validate

$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";

$header .= "Content-Type: application/x-www-form-urlencoded\r\n";

$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

$fp = fsockopen ('www.sandbox.paypal.com', 80, $errno, $errstr, 30);

 
// assign posted variables to local variables

$item_name = $_POST['item_name'];

$item_number = $_POST['item_number'];

$payment_status = $_POST['payment_status'];

$payment_amount = $_POST['mc_gross'];

$payment_currency = $_POST['mc_currency'];

$txn_id = $_POST['txn_id'];

$receiver_email = $_POST['receiver_email'];

$payer_email = $_POST['payer_email'];

 
if (!$fp) {

    echo 'HTTP ERROR';

} else {

    fputs ($fp, $header . $req);

    while (!feof($fp)) {

        $res = fgets ($fp, 1024);

        if (strcmp ($res, "VERIFIED") == 0) {

            echo 'it worked';

        } else if (strcmp ($res, "INVALID") == 0) {

            echo 'log for manual investigation';

        }

    }

    fclose ($fp);

}

 
?>

**-Nick-** · 06-25-2006, 08:33 PM

Hey Dan use my notify.php code instead. And it will work.

Dan · 06-26-2006, 04:01 AM

What does $pageid have in it? Somehow the different people can be determined by it.

**-Nick-** · 06-26-2006, 05:19 AM

Page ID is hte variable passed to the page.

Dan · 06-26-2006, 12:26 PM

Obviously..

But show me an example of what could be in it.

Code:

$pageid = $QUERY_STRING;
if ($QUERY_STRING == "")
{
$pageid = 1;
}
$arr = explode("x", $pageid);
$hid = $arr[0];
$catid = $arr[1];

I can't use the script if I don't have $QUERY_STRING and I don't know what it is, so how can I use it?

Scott2503 · 06-26-2006, 01:17 PM

Alright I ended up modify the script to work and I just tested it on an actual payment (of 31 cents

). Anyways is there some sort of way to get PayPal to pass a custom variable to the IPN?

For example when someone is on my site and they have $_SESSION variable set and they go to the site... can you some how pass the information of that $_SESSION variable to the PayPal payment thing so it then will pass that variable to my IPN?

EDIT: I am using a buy now button so could I just add:
<input type="hidden" name="custom" value="SESSION VARIABLE">

even if the rest of the button is encrypted?

ahtum · 06-26-2006, 02:12 PM

oups wrong place ... sorry :P

**-Nick-** · 06-26-2006, 09:15 PM

Quote:

Originally Posted by Dan Friedman

Obviously..

But show me an example of what could be in it.

Code:

$pageid = $QUERY_STRING;
if ($QUERY_STRING == "")
{
$pageid = 1;
}
$arr = explode("x", $pageid);
$hid = $arr[0];
$catid = $arr[1];

I can't use the script if I don't have $QUERY_STRING and I don't know what it is, so how can I use it?

The script right now passes two variables. One is the category ID of which the listing is a member of and other one is the listing ID itself. Both variables are seperated by a "-" seperator.

Then I explode it when I recieve the whole query string and process it accordingly.

The live thing can be seen here. http://www.firescripts.com Which I recently launched and it has the automatic sponsoring system.

Peter · 06-26-2006, 11:33 PM

Quote:

Originally Posted by Scott2503

EDIT: I am using a buy now button so could I just add:
<input type="hidden" name="custom" value="SESSION VARIABLE">

even if the rest of the button is encrypted?

I am sure you can only do that if it is not encrypted.

eddy0 · 06-30-2006, 06:16 PM

I am not sure, but paypal is usually on a secure connection. Port 80 is http and I think Port 443 is https. I hope this helps!

06-24-2006, 12:50 PM	#1 (permalink)
Scott2503 NamePros Member Join Date: Oct 2005 Posts: 38 9.80 NP$ (Donate)	PHP PayPal IPN I am trying to make a basic PHP PayPal IPN and when I say basic I mean really basic. I have tried everything and can't get anything to work... I am just trying to check if it is verified and it can't even do that. I am using the example with something I added: PHP Code: // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen ('www.eliteweaver.co.uk', 80, $errno, $errstr, 30); // assign posted variables to local variables $item_name = $_POST['item_name']; $item_number = $_POST['item_number']; $payment_status = $_POST['payment_status']; $payment_amount = $_POST['mc_gross']; $payment_currency = $_POST['mc_currency']; $txn_id = $_POST['txn_id']; $receiver_email = $_POST['receiver_email']; $payer_email = $_POST['payer_email']; if (!$fp) { // HTTP ERROR } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res, "VERIFIED") == 0) { // check the payment_status is Completed // check that txn_id has not been previously processed // check that receiver_email is your Primary PayPal email // check that payment_amount/payment_currency are correct // process payment // it worked mail("email@domain.com", "It worked", "The IPN worked"); } else if (strcmp ($res, "INVALID") == 0) { // log for manual investigation } } fclose ($fp); } I am using http://www.eliteweaver.co.uk because it tests IPN scripts without actually buying something on PayPal so that is why you see www.eliteweaver.co.uk instead of www.paypal.com Any reasons why this doesn't work?

06-24-2006, 03:03 PM	#4 (permalink)
paaaaaaaaaa NamePros Regular Join Date: Mar 2005 Posts: 412 162.25 NP$ (Donate)	test it using paypal sanbox https://www.sandbox.paypal.com/ It is a copy of paypal but used for testing non real transactions you can set up as many accounts as possible and transfer any amount of cash between them. This is what i used to test my IPN code. I remember when I was working on it the paypal IPN system wasn't working on their side for quite a while. I also found eliteweaver to fail testing. __________________ Please add to my rep points if i was helpful. Thanks. Ripe Website Manager - Steve Parish

06-24-2006, 03:15 PM	#5 (permalink)
RickM Senior Member Join Date: Sep 2005 Location: Herts, UK Posts: 3,769 62.06 NP$ (Donate)	Yes, sandbox is the best option...it gives you a virtual credit card number just for the sandbox, you can then run tests. It may also be an idea to checkout paypaldev.com __________________ I am no longer a NP moderator -- please do not PM me with moderation requests! ~ VPSSpeed.com - Unmanaged VPS Hosting from $9.95 Get a FREE Mach-1 VPS PLAN with any order - Use the coupon FREEWHIZ

06-24-2006, 08:22 PM	#8 (permalink)
-Nick- I'll do it Technical Services Join Date: Dec 2005 Location: India Posts: 6,434 5,169.80 NP$ (Donate)	Hey guys. Here is the code that I use normally for the setup. checkout.php PHP Code: <?php include("Includes/functions.php"); $dbc = dbconnect(); $pageid = $QUERY_STRING; if ($QUERY_STRING == "") { $pageid = 1; } $arr = explode("x", $pageid); $hid = $arr[0]; $catid = $arr[1]; $site_url = "http://www.hehehahahaha.com"; $order_total = 10; $order_total = number_format($order_total, 2, ".", ","); $order_id = "$hid" . "x" . "$catid"; $r = mysql_query("Select * from tblhost WHERE HID = '$hid'"); while ( $row = mysql_fetch_array ( $r ) ) { $my_sFirstName = $row['User']; $my_sLastName = $row['User']; $hemail = $row['Email']; $hname = $row['Host']; } $my_clientEmail = $hemail; $business_paypal = "xxxxx@xxxxx.com"; $currency_id = "USD"; $sdate = time(); $r = mysql_query("INSERT INTO tblsponser (HID, CID, Sdate) VALUES ('$hid', '$catid', '$sdate')"); //redirect to paypal header("location:https://www.paypal.com/xclick?business=$business_paypal&item_name=$hname$order_id&first_name=$my_sFirstName&last_name=$my_sLastName&email=$my_clientEmail&item_number=1&custom=$hid&amount=$order_total&currency_code=$currency_id&notify_url=$site_url/notify.php&return=$site_url/thankyou.php"); ?> Now for the IPN script: notify.php PHP Code: <?php // Assign posted variables to local variables $receiver_email = $_POST['receiver_email']; $payer_email = $_POST['payer_email']; $payer_status = $_POST['payer_status']; $payment_gross = $_POST['payment_gross']; $payment_fee = $_POST['payment_fee']; $payment_date = $_POST['payment_date']; $payment_type = $_POST['payment_type']; $payment_status = $_POST['payment_status']; $pending_reason = $_POST['pending_reason']; $txn_id = $_POST['txn_id']; $txn_type = $_POST['txn_type']; $custom = $_POST['custom']; if ($_REQUEST['payment_status'] == "Completed" \|\| $_REQUEST['payment_status'] == "Pending") { //Query for the payment recieved include("Includes/functions.php"); $dbc = dbconnect(); $hid = $custom; $r = mysql_query("Update tblsponser SET Payment = 'Y' WHERE HID = '$hid'"); //////////////////////////////////////// } ?> I hope this helps. __________________ Vhuv\|Delq\|Fhur\|Twut\|Tluz\|Kegh\|Vhir\|Juhy\|Ruuz\|Jyos\|Jupt\|Vhek Webmaster Blog \| Software Downloads Sponsor Ads at SponAds.com

06-25-2006, 05:28 PM	#9 (permalink)
Dan Buy my domains. Join Date: Feb 2006 Posts: 2,801 56.00 NP$ (Donate)	For the sandbox on Paypal, is the money being sent to a fake account on the sandbox from another fake account on the sandbox? Also, how long should it take for the verification email to come for the sandbox account.. edit: Why do they send the emails to that email buttons? I got lucky I found it. -_- edit2: Never mind all of that. ^ But I still can't get it to work. index.php Code: <form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_xclick"> <input type="hidden" name="business" value="rocky@sanchez.com"> <input type="hidden" name="item_name" value="something"> <input type="hidden" name="item_number" value="1"> <input type="hidden" name="amount" value="10.00"> <input type="hidden" name="no_shipping" value="2"> <input type="hidden" name="return" value="http://css.la/ipn/return.php"> <input type="hidden" name="no_note" value="1"> <input type="hidden" name="currency_code" value="USD"> <input type="hidden" name="bn" value="PP-BuyNowBF"> <input type="image" src="https://www.sandbox.paypal.com/en_US/i/btn/x-click-but23.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!"> <img alt="" border="0" src="https://www.sandbox.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> return.php PHP Code: <?php // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen ('www.sandbox.paypal.com', 80, $errno, $errstr, 30); // assign posted variables to local variables $item_name = $_POST['item_name']; $item_number = $_POST['item_number']; $payment_status = $_POST['payment_status']; $payment_amount = $_POST['mc_gross']; $payment_currency = $_POST['mc_currency']; $txn_id = $_POST['txn_id']; $receiver_email = $_POST['receiver_email']; $payer_email = $_POST['payer_email']; if (!$fp) { echo 'HTTP ERROR'; } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res, "VERIFIED") == 0) { echo 'it worked'; } else if (strcmp ($res, "INVALID") == 0) { echo 'log for manual investigation'; } } fclose ($fp); } ?> Last edited by Dan Friedman; 06-25-2006 at 07:38 PM.

06-24-2006, 01:55 PM	#2 (permalink)
Peter Senior Member Join Date: Nov 2003 Location: Scotland Posts: 4,900 0.60 NP$ (Donate)	alot of those ipn testin g sites are very selective on when they work. your best bet would just do a test transction on paypal and the just refund the payment.

06-24-2006, 02:04 PM	#3 (permalink)
Scott2503 NamePros Member Join Date: Oct 2005 Posts: 38 9.80 NP$ (Donate)	Hmm... I was wondering if it might be the actual site I was using to test it. Thanks I'll try an actual purchse.

06-24-2006, 03:23 PM	#6 (permalink)
Scott2503 NamePros Member Join Date: Oct 2005 Posts: 38 9.80 NP$ (Donate)	Ok I set up the sandbox but how do I add the imaginary funds?

06-24-2006, 04:22 PM	#7 (permalink)
Peter Senior Member Join Date: Nov 2003 Location: Scotland Posts: 4,900 0.60 NP$ (Donate)	the problem with the sandbox is that if I remember correctly the server that is doing the testing also needs to be logged onto the sandbox.

06-25-2006, 08:33 PM	#10 (permalink)
-Nick- I'll do it Technical Services Join Date: Dec 2005 Location: India Posts: 6,434 5,169.80 NP$ (Donate)	Hey Dan use my notify.php code instead. And it will work. __________________ Vhuv\|Delq\|Fhur\|Twut\|Tluz\|Kegh\|Vhir\|Juhy\|Ruuz\|Jyos\|Jupt\|Vhek Webmaster Blog \| Software Downloads Sponsor Ads at SponAds.com

06-26-2006, 04:01 AM	#11 (permalink)
Dan Buy my domains. Join Date: Feb 2006 Posts: 2,801 56.00 NP$ (Donate)	What does $pageid have in it? Somehow the different people can be determined by it.

06-26-2006, 05:19 AM	#12 (permalink)
-Nick- I'll do it Technical Services Join Date: Dec 2005 Location: India Posts: 6,434 5,169.80 NP$ (Donate)	Page ID is hte variable passed to the page. __________________ Vhuv\|Delq\|Fhur\|Twut\|Tluz\|Kegh\|Vhir\|Juhy\|Ruuz\|Jyos\|Jupt\|Vhek Webmaster Blog \| Software Downloads Sponsor Ads at SponAds.com

06-26-2006, 12:26 PM	#13 (permalink)
Dan Buy my domains. Join Date: Feb 2006 Posts: 2,801 56.00 NP$ (Donate)	Obviously.. But show me an example of what could be in it. Code: $pageid = $QUERY_STRING; if ($QUERY_STRING == "") { $pageid = 1; } $arr = explode("x", $pageid); $hid = $arr[0]; $catid = $arr[1]; I can't use the script if I don't have $QUERY_STRING and I don't know what it is, so how can I use it?

06-26-2006, 01:17 PM	#14 (permalink)
Scott2503 NamePros Member Join Date: Oct 2005 Posts: 38 9.80 NP$ (Donate)	Alright I ended up modify the script to work and I just tested it on an actual payment (of 31 cents ). Anyways is there some sort of way to get PayPal to pass a custom variable to the IPN? For example when someone is on my site and they have $_SESSION variable set and they go to the site... can you some how pass the information of that $_SESSION variable to the PayPal payment thing so it then will pass that variable to my IPN? EDIT: I am using a buy now button so could I just add: <input type="hidden" name="custom" value="SESSION VARIABLE"> even if the rest of the button is encrypted? Last edited by Scott2503; 06-26-2006 at 01:26 PM.

06-26-2006, 02:12 PM	#15 (permalink)
ahtum Senior Member Join Date: May 2006 Posts: 1,266 1,620.58 NP$ (Donate)	oups wrong place ... sorry :P

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

06-30-2006, 06:16 PM	#18 (permalink)
eddy0 NamePros Member Join Date: Jun 2006 Posts: 32 32.00 NP$ (Donate)	I am not sure, but paypal is usually on a secure connection. Port 80 is http and I think Port 443 is https. I hope this helps!

Technical Services

Technical Services

Technical Services

Technical Services