GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Tech Paypal IPN (PHP) Script Issue (https://gfy.com/showthread.php?t=1374369)

Publisher Bucks 04-01-2024 03:45 PM
Paypal IPN (PHP) Script Issue
 
On PayPal's side of things, they're saying that everything is working (IPN was sent and the handshake was verified.) with the following php code however, despite this (and that the DB, table, etc is all correct) the data from the sandbox (and live) transaction does not appear to be saving to SQL.

Can any of you with a little more php knowledge than me see any reason why this would be so, or do you think it may be an issue on PayPal's side of things?

This is a few steps before I finish up a custom affiliate type script for PayPal and its been giving me grief for a few days now :/

Code:
<?php

error_reporting(E_ALL);
ini_set('display_errors', 1);

// MySQL database configuration
$host = 'localhost'; // Your MySQL host
$username = 'PayPal'; // Your MySQL username
$password = 'Password'; // Your MySQL password
$database = 'IPNPayPal'; // Your MySQL database name

// Create connection
$conn = new mysqli($host, $username, $password, $database);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

// Read the IPN notification from PayPal and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
    $value = urlencode(stripslashes($value));
    $req .= "&$key=$value";
}

// Set up the PayPal URL to send the IPN verification request to
$paypal_url = 'https://www.sandbox.paypal.com/cgi-bin/webscr';
// For live transactions, use:
// $paypal_url = 'https://www.paypal.com/cgi-bin/webscr';

// Set up cURL to make the request
$ch = curl_init($paypal_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

// Execute the request
$response = curl_exec($ch);
curl_close($ch);

// Inspect IPN validation result and act accordingly
if (strcmp($response, "VERIFIED") == 0) {
    // IPN is verified, process the payment
    $txn_id = $_POST['txn_id'];
    $payment_status = $_POST['payment_status'];
    $mc_gross = $_POST['mc_gross'];
    $mc_currency = $_POST['mc_currency'];
    $payment_date = $_POST['payment_date'];
    $payer_email = $_POST['payer_email'];
    $receiver_email = $_POST['receiver_email'];
    $item_name = $_POST['item_name'];
    $item_number = $_POST['item_number'];
    $quantity = $_POST['quantity'];
    $payment_type = $_POST['payment_type'];
    $payment_fee = $_POST['payment_fee'];
    $payment_gross = $_POST['payment_gross'];
    $first_name = $_POST['first_name'];
    $last_name = $_POST['last_name'];
    $address_street = $_POST['address_street'];
    $address_city = $_POST['address_city'];
    $address_state = $_POST['address_state'];
    $address_country = $_POST['address_country'];
    $address_zip = $_POST['address_zip'];
    $subscr_id = isset($_POST['subscr_id']) ? $_POST['subscr_id'] : "";
    $subscr_date = isset($_POST['subscr_date']) ? $_POST['subscr_date'] : "";
    $subscr_effective = isset($_POST['subscr_effective']) ? $_POST['subscr_effective'] : "";
    $period1 = isset($_POST['period1']) ? $_POST['period1'] : "";
    $period3 = isset($_POST['period3']) ? $_POST['period3'] : "";
    $custom = isset($_POST['custom']) ? $_POST['custom'] : "";
    $invoice = isset($_POST['invoice']) ? $_POST['invoice'] : "";
    $notify_version = isset($_POST['notify_version']) ? $_POST['notify_version'] : "";
    $verify_sign = isset($_POST['verify_sign']) ? $_POST['verify_sign'] : "";

    // Insert IPN data into database
    $sql = "INSERT INTO transactions (
                txn_id, payment_status, mc_gross, mc_currency, payment_date,
                payer_email, receiver_email, item_name, item_number, quantity,
                payment_type, payment_fee, payment_gross, first_name, last_name,
                address_street, address_city, address_state, address_country,
                address_zip, subscr_id, subscr_date, subscr_effective, period1,
                period3, custom, invoice, notify_version, verify_sign
            ) VALUES (
                '$txn_id', '$payment_status', '$mc_gross', '$mc_currency', '$payment_date',
                '$payer_email', '$receiver_email', '$item_name', '$item_number', '$quantity',
                '$payment_type', '$payment_fee', '$payment_gross', '$first_name', '$last_name',
                '$address_street', '$address_city', '$address_state', '$address_country',
                '$address_zip', '$subscr_id', '$subscr_date', '$subscr_effective', '$period1',
                '$period3', '$custom', '$invoice', '$notify_version', '$verify_sign'
            )";
    // Execute SQL query
    if ($conn->query($sql) === TRUE) {
        // Record inserted successfully
    } else {
        echo "Error: " . $sql . "<br>" . $conn->error;
    }
} else if (strcmp($response, "INVALID") == 0) {
    // IPN is invalid, log for investigation
    // Log the invalid IPN for further investigation
    $error = "Invalid IPN: " . print_r($_POST, true);
    // Log the error
}

// Close MySQL connection
$conn->close();
?>
Thanks in advance for any advice or solutions you can offer :thumbsup

redwhiteandblue 04-01-2024 04:28 PM
What result do you get? Can you confirm if rows are actually getting added to the database table?

There's one issue straight off the bat - you're not sanitising your database inputs. You should *never* take data straight out of the $_POST array and into an SQL statement, always run it through mysqli_real_escape_string() first.

I would confirm what return you are getting from the curl_exec, the compare you are doing means it has to be exactly the word "VERIFIED", if there are any extra characters it won't match. Find out whether the response is what you expect before going any further. Note that if the comparison fails it won't tell you because you're not doing anything with the $error string, maybe echo it to see if the script ends up getting to there.

Publisher Bucks 04-01-2024 04:45 PM
Quote:
Originally Posted by redwhiteandblue (Post 23249846)
What result do you get? Can you confirm if rows are actually getting added to the database table?

There's one issue straight off the bat - you're not sanitising your database inputs. You should *never* take data straight out of the $_POST array and into an SQL statement, always run it through mysqli_real_escape_string() first.

I would confirm what return you are getting from the curl_exec, the compare you are doing means it has to be exactly the word "VERIFIED", if there are any extra characters it won't match. Find out whether the response is what you expect before going any further. Note that if the comparison fails it won't tell you because you're not doing anything with the $error string, maybe echo it to see if the script ends up getting to there.
Nothing at all is being added to to the table itself, that's the issue I'm trying to resolve, even when a successful transaction occurs in sandbox and on the 1 live transaction I made, zilch... Everything is working perfectly up until this point.

Yeah this is just being used to get things in order prior to going live so sanitizing isn't a major concern of mine right now, its just my process I throw the script together than add sanitization and binding stuff after, i just find it easier that way.

I'll confirm the response and make sure there is no white space now, thanks.

sarettah 04-01-2024 05:01 PM
Right after you do the curl, echo the $response so that you can see it. As rwb said, make sure that you are getting the value you are expecting back. Just because paypal said everything was cool does not mean the data came back properly.

On your strcmp, throw a trim() around $response to get rid of any unexpected spaces (again in line with what rwb said)

I would on that same thing throw a strtoupper() around it to make sure you are comparing upper to upper. trim(strtoupper($response))

Since all your database action occurs inside the if, I would say that you are not getting the expected value.

Publisher Bucks 04-02-2024 06:25 AM
Thanks, you were both correct, the value it was sending back was malformed.

I appreciate the assistance with this :)


All times are GMT -7. The time now is 06:45 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc