close ad
 
Important WebAssist Announcement
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

IPN Verification Postback to HTTPS

Thread began 2/21/2017 1:16 pm by Dave Buchholz | Last modified 9/14/2021 9:01 am by Ray Borduin | 2393 views | 6 replies |

Dave BuchholzBeta Tester

IPN Verification Postback to HTTPS

See https://www.paypal-knowledge.com/infocenter/index?page=content&id=FAQ1916&expand=true&locale=en_US

PayPal will be requiring post backs, which are controlled by the WA_isValidPayPal function to be to https from 30th June.

I am assuming that this part off the function:

$header = "POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Host: www.paypal.com\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);

Will need to be changed accordingly and from the url I posted I assume it will look like this ?

$header = "POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Host: ipnpb.paypal.com\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ipnpb.paypal.com', 443, $errno, $errstr, 30);

I am working with a live site so I want to make sure I get this right 1st time!

Thanks,

Dave Buchholz
I-CRE8 Limited

Sign in to reply to this post

Ray BorduinWebAssist

It looks like you need to add "ssl://" to the front of the url to use ssl for an fsockopen call. Other than that it looks correct.

I think you can still use www.paypal.com but if you read you should use ipnpb.paypal.com then that should work as well.

Sign in to reply to this post
Did this help? Tips are appreciated...

Dave BuchholzBeta Tester

Thanks Ray, that advice is exactly why I ask here first before blundering in !

Sign in to reply to this post

Dave BuchholzBeta Tester

Just to follow up on this after testing changing the code to this worked:

$header = "POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n";
$header .= "Host: www.paypal.com\r\n";
$header .= "Connection: close\r\n\r\n";
$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);

for some reason no version of the code using the ipnpb.paypal.com domain would work

Regards,

Dave Buchholz
I-CRE8 Limited

Sign in to reply to this post

Dave BuchholzBeta Tester

Ray, apologies for resurrecting this old thread but it pertains to an issue this site has started experiencing recently. Whenever I get a IPN notification now it is producing a FALSE from the function so none of the orders are getting inserted into the database or a receipt generated. I have included in a private message what I see being returned and the full code that is being used. Are there any changes to the IPN system that I am not aware of ? I have not updated this code in 3 years so it must be a recent development.

Many thanks

Sign in to reply to this post

Ray BorduinWebAssist

It looks like we have updated the function at some point.

We now use:

php:
<?php

function WA_isValidPayPal()     {
  
// STEP 1: read POST data
  // Reading POSTed data directly from $_POST causes serialization issues with array data in the POST.
  // Instead, read raw POST data from the input stream.
  
$raw_post_data file_get_contents('php://input');
  
$raw_post_array explode('&'$raw_post_data);
  
$myPost = array();
  foreach (
$raw_post_array as $keyval) {
    
$keyval explode ('='$keyval);
    if (
count($keyval) == 2)
      
$myPost[$keyval[0]] = urldecode($keyval[1]);
  }
  
// read the IPN message sent from PayPal and prepend 'cmd=_notify-validate'
  
$req 'cmd=_notify-validate';

  foreach (
$myPost as $key => $value) {
    
$value urlencode($value);
    
$req .= "&$key=$value";
  }

  
// Step 2: POST IPN data back to PayPal to validate
  
$ch curl_init('https://ipnpb.paypal.com/cgi-bin/webscr');
  
curl_setopt($chCURLOPT_HTTP_VERSIONCURL_HTTP_VERSION_1_1);
  
curl_setopt($chCURLOPT_POST1);
  
curl_setopt($chCURLOPT_RETURNTRANSFER,1);
  
curl_setopt($chCURLOPT_POSTFIELDS$req);
  
curl_setopt($chCURLOPT_SSL_VERIFYPEER1);
  
curl_setopt($chCURLOPT_SSL_VERIFYHOST2);
  
curl_setopt($chCURLOPT_FORBID_REUSE1);
  
curl_setopt($chCURLOPT_HTTPHEADER, array('Connection: Close'));
  
// In wamp-like environments that do not come bundled with root authority certificates,
  // please download 'cacert.pem' from "https://curl.haxx.se/docs/caextract.html" and set
  // the directory path of the certificate as shown below:
  // curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
  
if ( !($res curl_exec($ch)) ) {
    
// error_log("Got " . curl_error($ch) . " when processing IPN data");
    
curl_close($ch);
    exit;
  }
  
curl_close($ch);
  return (
strcmp ($res"VERIFIED") == 0);
}



You could try updating it on your end and see if that fixes the problem. It looks like you have it manually updated on line 1332 of the eCart Definition include.

Sign in to reply to this post
Did this help? Tips are appreciated...

Dave BuchholzBeta Tester

Thanks Ray, you are correct I put the previous new code in it's own function to a/b test and never moved it out. I have updated the file with the new code and I will let you know if there is still an issue.

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...