|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
04-01-2024, 03:45 PM
|
#1 |
|
Confirmed User
Industry Role:
Join Date: Oct 2018
Location: New Orleans, Louisiana. / Newcastle, England.
Posts: 1,113
|
Paypal IPN (PHP) Script Issue
On PayPal's side of things, they're saying that everything is working (IPN was sent and the handshake was verified.) with the following php code however, despite this (and that the DB, table, etc is all correct) the data from the sandbox (and live) transaction does not appear to be saving to SQL.
Can any of you with a little more php knowledge than me see any reason why this would be so, or do you think it may be an issue on PayPal's side of things? This is a few steps before I finish up a custom affiliate type script for PayPal and its been giving me grief for a few days now :/ Code:
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// MySQL database configuration
$host = 'localhost'; // Your MySQL host
$username = 'PayPal'; // Your MySQL username
$password = 'Password'; // Your MySQL password
$database = 'IPNPayPal'; // Your MySQL database name
// Create connection
$conn = new mysqli($host, $username, $password, $database);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// Read the IPN notification from PayPal and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
// Set up the PayPal URL to send the IPN verification request to
$paypal_url = 'https://www.sandbox.paypal.com/cgi-bin/webscr';
// For live transactions, use:
// $paypal_url = 'https://www.paypal.com/cgi-bin/webscr';
// Set up cURL to make the request
$ch = curl_init($paypal_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
// Execute the request
$response = curl_exec($ch);
curl_close($ch);
// Inspect IPN validation result and act accordingly
if (strcmp($response, "VERIFIED") == 0) {
// IPN is verified, process the payment
$txn_id = $_POST['txn_id'];
$payment_status = $_POST['payment_status'];
$mc_gross = $_POST['mc_gross'];
$mc_currency = $_POST['mc_currency'];
$payment_date = $_POST['payment_date'];
$payer_email = $_POST['payer_email'];
$receiver_email = $_POST['receiver_email'];
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$quantity = $_POST['quantity'];
$payment_type = $_POST['payment_type'];
$payment_fee = $_POST['payment_fee'];
$payment_gross = $_POST['payment_gross'];
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$address_street = $_POST['address_street'];
$address_city = $_POST['address_city'];
$address_state = $_POST['address_state'];
$address_country = $_POST['address_country'];
$address_zip = $_POST['address_zip'];
$subscr_id = isset($_POST['subscr_id']) ? $_POST['subscr_id'] : "";
$subscr_date = isset($_POST['subscr_date']) ? $_POST['subscr_date'] : "";
$subscr_effective = isset($_POST['subscr_effective']) ? $_POST['subscr_effective'] : "";
$period1 = isset($_POST['period1']) ? $_POST['period1'] : "";
$period3 = isset($_POST['period3']) ? $_POST['period3'] : "";
$custom = isset($_POST['custom']) ? $_POST['custom'] : "";
$invoice = isset($_POST['invoice']) ? $_POST['invoice'] : "";
$notify_version = isset($_POST['notify_version']) ? $_POST['notify_version'] : "";
$verify_sign = isset($_POST['verify_sign']) ? $_POST['verify_sign'] : "";
// Insert IPN data into database
$sql = "INSERT INTO transactions (
txn_id, payment_status, mc_gross, mc_currency, payment_date,
payer_email, receiver_email, item_name, item_number, quantity,
payment_type, payment_fee, payment_gross, first_name, last_name,
address_street, address_city, address_state, address_country,
address_zip, subscr_id, subscr_date, subscr_effective, period1,
period3, custom, invoice, notify_version, verify_sign
) VALUES (
'$txn_id', '$payment_status', '$mc_gross', '$mc_currency', '$payment_date',
'$payer_email', '$receiver_email', '$item_name', '$item_number', '$quantity',
'$payment_type', '$payment_fee', '$payment_gross', '$first_name', '$last_name',
'$address_street', '$address_city', '$address_state', '$address_country',
'$address_zip', '$subscr_id', '$subscr_date', '$subscr_effective', '$period1',
'$period3', '$custom', '$invoice', '$notify_version', '$verify_sign'
)";
// Execute SQL query
if ($conn->query($sql) === TRUE) {
// Record inserted successfully
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
} else if (strcmp($response, "INVALID") == 0) {
// IPN is invalid, log for investigation
// Log the invalid IPN for further investigation
$error = "Invalid IPN: " . print_r($_POST, true);
// Log the error
}
// Close MySQL connection
$conn->close();
?>
__________________
NOTHING TO SEE HERE |
|
|
|
04-01-2024, 04:28 PM
|
#2 |
|
Bollocks
Industry Role:
Join Date: Jun 2007
Location: Bollocks
Posts: 2,792
|
What result do you get? Can you confirm if rows are actually getting added to the database table?
There's one issue straight off the bat - you're not sanitising your database inputs. You should *never* take data straight out of the $_POST array and into an SQL statement, always run it through mysqli_real_escape_string() first. I would confirm what return you are getting from the curl_exec, the compare you are doing means it has to be exactly the word "VERIFIED", if there are any extra characters it won't match. Find out whether the response is what you expect before going any further. Note that if the comparison fails it won't tell you because you're not doing anything with the $error string, maybe echo it to see if the script ends up getting to there.
__________________
Interserver unmanaged AMD Ryzen servers from $73.00 |
|
|
|
|
04-01-2024, 04:45 PM
|
#3 | |
|
Confirmed User
Industry Role:
Join Date: Oct 2018
Location: New Orleans, Louisiana. / Newcastle, England.
Posts: 1,113
|
Quote:
Yeah this is just being used to get things in order prior to going live so sanitizing isn't a major concern of mine right now, its just my process I throw the script together than add sanitization and binding stuff after, i just find it easier that way. I'll confirm the response and make sure there is no white space now, thanks.
__________________
NOTHING TO SEE HERE |
|
|
|
|
|
04-01-2024, 05:01 PM
|
#4 |
|
see you later, I'm gone
Industry Role:
Join Date: Oct 2002
Posts: 14,053
|
Right after you do the curl, echo the $response so that you can see it. As rwb said, make sure that you are getting the value you are expecting back. Just because paypal said everything was cool does not mean the data came back properly.
On your strcmp, throw a trim() around $response to get rid of any unexpected spaces (again in line with what rwb said) I would on that same thing throw a strtoupper() around it to make sure you are comparing upper to upper. trim(strtoupper($response)) Since all your database action occurs inside the if, I would say that you are not getting the expected value. |
|
|
|
04-02-2024, 06:25 AM
|
#5 |
|
Confirmed User
Industry Role:
Join Date: Oct 2018
Location: New Orleans, Louisiana. / Newcastle, England.
Posts: 1,113
|
Thanks, you were both correct, the value it was sending back was malformed.
I appreciate the assistance with this 
__________________
NOTHING TO SEE HERE |
|
|
|
