Joomla Paypal IPN always return INVALID - joomla1.5

I've problem to veryfied the paypal payment on my joomla 1.5 website. I always get "INVALID" although the payment is success. i cannot get POST value from paypal, only can GET value. what's wrong with these code or the setting.
my paypal setting in sandbox.paypal.com
IPN : Turn On
Message delivery : enabled
notification url : http://mysite.com/index.php?option=com_order&type=orders
auto return : on
return url : http://mysite.com/index.php?option=com_order&type=orders
PDT : on
Encrypted Website Payments : off
PayPal Account Optional : off
in mycomponent joomla
payment.php
<form method="post" action="https://www.sandbox.paypal.com/cgi-bin/webscr" name="paypal">
<input type="hidden" value="_xclick" name="cmd">
<input type="hidden" value="myname_1335697493_biz#gmail.com" name="business">
<input type="hidden" value="test payment" name="item_name" id="item_name">
<input type="hidden" value="11" name="item_number" id="item_number">
<input type="hidden" value="0.1" name="amount" id="amount">
<input type="hidden" value="USD" name="currency_code" id="currency_code">
<input type="hidden" value="<?php echo JURI::base();?>index.php?option=com_order&type=orders" name="return" id="return">
<input type="hidden" value="<?php echo JURI::base();?>index.php?option=com_order&type=orders" name="cancel_return" id="cancel_return">
<input type="hidden" value="<?php echo JURI::base();?>index.php?option=com_order&task=orders" name="notify_url" id="notify_url">
<input type="hidden" name="rm" value="2">
<table class="tblpay">
.....
</table>
</form>
on my controller.php
function display()
{
$user =& JFactory::getUser();
$type = JRequest::getVar('type');
switch($type) {
...
case 'orders':
$viewName = 'orders';
$viewLayout = 'orderslayout';
if (JRequest::getVar('tx') != null){
$this->processpayment();
$viewLayout = 'paymentlayout';
}
break;
...
}
function processpayment(){
// Response from Paypal
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
$get = JRequest::get('get');
foreach ($get as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
// assign posted variables to local variables
$data['amount'] = JRequest::getVar('amt');
$data['currency'] = JRequest::getVar('cc');
$data['cm'] = JRequest::getVar('cm');
$data['idorder'] = JRequest::getVar('item_number');
$data['st'] = JRequest::getVar('st');
$data['tx'] = JRequest::getVar('tx');
$data['option'] = JRequest::getVar('option');
$data['type'] = JRequest::getVar('type');
$data['paymentresult'] = "";
// post back to PayPal system to validate
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);
if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp($res, "VERIFIED") == 0) {
...
}else if (strcmp ($res, "INVALID") == 0) {
...
}
}
fclose ($fp);
}
//$redirectTo = str_replace("amp;","",JRoute::_('index.php?option='.JRequest::getVar('option').'&type=orders&layout=paymentlayout'));
//$this->setRedirect($redirectTo, '');
}
this is the result i get from paypal (use jdump):
[string] option = "com_order"
[string] type = "orders"
[string] tx = "9D9224627W344360N"
[string] st = "Completed"
[string] amt = "0.10"
[string] cc = "USD"
[string] cm = ""
[string] item_number = "41"
[string] Itemid = "" --> why i get this because i never send itemid?

Ok I have had a similar issue today and I think usually these 'INVALID' responses are usually when the submitted data is not exactly the same as the received data.
For me it was an issue with addressses but for you it probably is that Itemid. With my problem (which I'll just mention here since it may help others), paypal had been requested to send back the users address. Because paypal allows the street address to be multiple lines long it adds \r\n in between the lines of the address.
Its usually best practice to use something line this to send values back...
$value = urlencode( stripslashes( $value ) );
but this won't work if you have requested an address because it will strip the slashes from the \r\n so you just want to do a conditional so that if the key is address_street you just urlencode (or just get the address another way which I ended up doing)
In your case you can change the above code to
foreach ( $post as $key => $value ) {
if ($key != 'Itemid')
{
$value = urlencode( stripslashes( $value ) );
$req .= "&$key=$value";
}
}
Hope that solves it for you ;)

Related

sagepay form integration - Not able to decrypt the $_GET['crypt'] string returned

I have placed a test transaction using following encryption -
<?php
function pkcs5_pad($text, $blocksize)
{
$pad = $blocksize - (strlen($text) % $blocksize);
return $text . str_repeat(chr($pad), $pad);
}
function encryptFieldData($input)
{
$key = "use your SagePAY encryption key here";
$iv = $key;
$cipher = mcrypt_module_open(MCRYPT_RIJNDAEL_128, "", MCRYPT_MODE_CBC, "");
if (mcrypt_generic_init($cipher, $key, $iv) != -1)
{
$cipherText = mcrypt_generic($cipher,$input );
mcrypt_generic_deinit($cipher);
$enc = bin2hex($cipherText);
}
return $enc;
}
$str = "Currency=GBP";
$datapadded = pkcs5_pad($str,16);
$cryptpadded = "#" . encryptFieldData($datapadded);
?>
<html>
<form name="pp_form" action="SagePay test url" method="post">
<input name="VPSProtocol" type="hidden" value=3.00 />
<input name="TxType" type="hidden" value=PAYMENT />
<input name="Vendor" type="hidden" value="YOUR SAGEPAY ACCOUNT NAME HERE" />
<input name="Crypt" type="hidden" value=<?php echo $cryptpadded;?> />
<p>Click here to submit
<input type="submit" value="here">
</p>
</form>
</html>
But when the SagePay returns encrypted string, I am not sure how to decrypt this encrypted data as we will have to do decrypt it while creating order at our end. Can someone help?
Thanks in advance.

PayPal IPN: custom field not passing to IPN

I have a paypal buy button that looks like this:
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="business" value="my#email.com">
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="upload" value="1">
<input type="hidden" name="item_name_1" value="item1">
<input type="hidden" name="amount_1" value="3">
<input type="hidden" name="item_name_2" value="item2">
<input type="hidden" name="amount_2" value="5">
<input type="hidden" name="custom" value="Admin|2">
<input type="hidden" name="discount_rate_cart" value="5">
<input type="hidden" name="notify_url" value="paypal-ipn.php">
<input type="hidden" name="currency_code" value="EUR">
<input type="hidden" name="return" value="Thank-you-page">
<input type="hidden" name="country" value="SE">
<input type="submit" value="Checkout" id="checkoutButton">
</form>
And a IPN that looks like this:
<?php
session_start();
// STEP 1: read POST data
// Reading POSTed data directly from $_POST causes serialization issues with array data in the POST.
// Instead, read raw POST data from the input stream.
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval)
{
$keyval = explode ('=', $keyval);
if (count($keyval) == 2)
{
$myPost[$keyval[0]] = urldecode($keyval[1]);
}
}
// read the IPN message sent from PayPal and prepend 'cmd=_notify-validate'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc'))
{
$get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value)
{
if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1)
{
$value = urlencode(stripslashes($value));
}
else
{
$value = urlencode($value);
}
$req .= "&$key=$value";
}
// Step 2: POST IPN data back to PayPal to validate
$ch = curl_init('https://www.paypal.com/cgi-bin/webscr');
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
// In wamp-like environments that do not come bundled with root authority certificates,
// please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set
// the directory path of the certificate as shown below:
// curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
if( !($res = curl_exec($ch)) )
{
// error_log("Got " . curl_error($ch) . " when processing IPN data");
curl_close($ch);
exit;
}
curl_close($ch);
if(strcmp($res, "VERIFIED") == 0)
{
// The IPN is verified, process it:
// check whether the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process the notification
// assign posted variables to local variables
$custom = explode('|', $_POST['custom']);
$user = $custom['0'];
$itemAmount = $custom['1'];
$item_name = "";
for($i = 0 ; $i < $itemAmount ; $i++)
{
$item_name .= $_POST['item_name_' . ($i + 1)] . '<br>';
}
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'] . ' ' . $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$accstatus = $_POST['payer_status'];
include("../config.php");
$sql = "INSERT INTO `purchase` (`product`,`member`,`amount`,`ppmail`,`accstatus`,`status`)
VALUES
('$item_name','$user','$payment_amount','$payer_email','$accstatus','$payment_status')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
$post_data_string = serialize($_POST);
mail('mail#domain.com', 'PayPal IPN', $post_data_string);
mysql_close($con);
// IPN message values depend upon the type of notification sent.
// To loop through the &_POST array and print the NV pairs to the screen:
foreach($_POST as $key => $value)
{
echo $key." = ". $value."<br>";
}
}
else if(strcmp($res, "INVALID") == 0)
{
// IPN invalid, log for manual investigation
echo "The response from IPN was: <b>" .$res ."</b>";
}
?>
Now why does not the custom field get passed on to the API?
I do get this in error logging, because custom[0] = "" and custom[1] does not exist:
HP Notice: Undefined offset: 1 in /home1/planetzi/public_html/firefallcrystite/action/paypal-ipn.php on line 79

PayPal IPN and PDT - Cannot get buyer postal address on return_url page or email

I am setting up a basic donation system and need to send a confirmation email to the client but cannot get the buyer postal address to show on return_url page of the website, or to show in the email to send to the client. The custom values for the taxpayer yes/no radio selects won't follow through either in the email. I am using a custom form on our website with fields to fill in the donation amount, name, address and if they pay tax (simple radio select.) Not sure if I'm using it right but I have both IPN and PDT settings on the site site and setup within the PayPal account.
Donation Form:
<form class="dsForm" name="details" action="https://www.paypal.com/cgi-bin/webscr" method="post" onsubmit="if ( !CheckForm() ) return false;">
<input type="hidden" name="cmd" value="_donations">
<input type="hidden" id="business" name="business" value="charityemail#internet.com">
<input type="hidden" id="item_name" name="item_name" value="Website Donation - Water">
<input type="hidden" name="notify_url" value="http://www.urltoipnscript.com/ipn.php">
<input type="hidden" id="item_number" name="item_number" value="3">
<input type="hidden" name="no_note" value="1">
<input type="hidden" id="currency_code" name="currency_code" value="GBP">
<input type="hidden" name="no_shipping" value="2">
<input type="hidden" name="tax" value="0">
<input type="hidden" name="bn" value="IC_Sample">
<input type="hidden" value="donation" name="custom">
<ul id="donate-form">
<li><label>Amount:</label>
<input type="text" id="amount" name="amount" value="25.00" size='9'>
<select id='currency' onchange='CheckCurrency()'>
<option value="GBP">GBP</option>
<option value="EUR">EUR</option>
<option value="AUD">AUD</option>
<option value="USD">USD</option>
</select>
</li>
<li><label>Program:</label>
<select name='program' id='program' onchange='ProgramChange();' >
<option value=''>Please Select</option>
<option id="education" value='4'>Education</option>
<option id="water" value='3' selected="selected">Water</option>
<option id="health" value='2'>Health Promotion</option>
<option id="community" value='18'>Community Based Projects</option>
<option id="sponsorship" value='8'>Child Sponsorship</option>
</select>
</li>
<li><label>Firstname:</label>
<input type='text' name='first_name' size='30' />
</li>
<li><label>Surname:</label>
<input type='text' name='last_name' size='30' />
</li>
<li><label>Address 1:</label>
<input type='text' name='address1' size='30' />
</li>
<li><label>Address 2:</label>
<input type='text' name='address2' size='30' />
</li>
<li><label>Town/City:</label>
<input type='text' name='city' size='30' />
</li>
<li><label>Postcode/Zip:</label>
<input type='text' name='zip' size='30' />
</li>
<li><label>Country:</label>
<select name='country' id='country' >
<option value='' selected='selected'>Please Select</option>
<option value='AL'>Albania
</option><option value='DZ'>Algeria
</option><option value='GB'>United Kingdom
</option><option value='US'>United States
etc...
</li>
<div id='ukTaxOptions' style='display:none'>
<label style="width:auto; margin-top:20px; margin-bottom:10px;font-weight: bold;" > Please choose an appropriate option below:</label >
<li>
<label style="width:auto" >
<input id='gbTaxPayer_1' name='gbTaxPayer_radio' type='radio' value='1' onchange="SetPayPalCustom('UK')" />
<input id="gbTaxPayer" name="gbTaxPayer" type="hidden" value="1" /> I am a UK taxpayer and would like to Gift Aid all donations I have made to Fields Of Life in the last four years and all donations I make in the future, until I notify you otherwise *
</label>
</li>
<li><label style="width:auto">
<input id='gbTaxPayer_' name='gbTaxPayer_radio' type='radio' value='' checked onchange="SetPayPalCustom('')" />I am not a UK taxpayer
</label></li>
<li><label style="width:auto">* I understand that I must have paid an amount of income tax or capital gains tax at least equal to the tax you reclaim on my donations</label></li>
</div>
<input type="hidden" name="hosted_button_id" value="hidden from stackflow">
<input type="image" src="http://www.hiddenfromsov.com/mybtn.png" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<li><img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif width="1" height="1" /></li>
</ul>
IPN Script:
<?php
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
$keyval = explode ('=', $keyval);
if (count($keyval) == 2)
$myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
$get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {
if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
$value = urlencode(stripslashes($value));
} else {
$value = urlencode($value);
}
$req .= "&$key=$value";
}
$ch = curl_init('https://www.paypal.com/cgi-bin/webscr');
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
if( !($res = curl_exec($ch)) ) {
curl_close($ch);
exit;
}
curl_close($ch);
if (strcmp ($res, "VERIFIED") == 0) {
// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$address_street = $_POST['address_street'];
$address_city = $_POST['address_city'];
$address_state = $_POST['address_state'];
$address_zip = $_POST['address_zip'];
$address_country = $_POST['address_country'];
$address_status = $_POST['address_status'];
$gbtax = $_POST['gbTaxPayer_radio'];
} else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
}
Code on success return_url page
//PDT
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-synch';
$tx_token = $_GET['tx'];
$auth_token = "I've copied this the paypal settings";
$req .= "&tx=$tx_token&at=$auth_token";
// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);
// $fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
// read the body data
$res = '';
$headerdone = false;
while (!feof($fp)) {
$line = fgets ($fp, 1024);
if (strcmp($line, "\r\n") == 0) {
// read the header
$headerdone = true;
}
else if ($headerdone)
{
// header has been read. now read the contents
$res .= $line;
}
}
// parse the data
$lines = explode("\n", $res);
$keyarray = array();
if (strcmp ($lines[0], "SUCCESS") == 0) {
for ($i=1; $i<count($lines);$i++){
list($key,$val) = explode("=", $lines[$i]);
$keyarray[urldecode($key)] = urldecode($val);
}
// check the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment
$item_number = $_GET['item_number'];
$address12 = $_GET['address_street'];
$firstname = $keyarray['first_name'];
$lastname = $keyarray['last_name'];
$payer_email = $keyarray['payer_email'];
$amount = $keyarray['mc_gross'];
$payment_date = $keyarray['payment_date'];
$payment_status = $keyarray['payment_status'];
$payment_type = $keyarray['payment_type'];
$mc_currency = $keyarray['mc_currency'];
$transactionid = $keyarray['txn_id'];
$itemname = $keyarray['item_name'];
$address1 = $keyarray['address1'];
$address_street = $keyarray['address_street'];
$address_city = $keyarray['address_city'];
$address_state = $keyarray['address_state'];
$address_zip = $keyarray['address_zip'];
$address_country = $keyarray['address_country'];
$gbtax = $keyarray['gbTaxPayer_radio'];
echo ("<p><strong>Payment Details</strong></p>\n");
echo ("<ul>\n");
echo ("<li><b>Address</b>: $address12</li>\n");
echo ("<li><b>Item Number</b>: $item_number</li>\n");
echo ("<li><b>Donation Type</b>: $itemname</li>\n");
echo ("<li><b>Date</b>: $payment_date</li>\n");
echo ("<li><b>Name</b>: $firstname $lastname ($payer_email)</li>\n");
echo ("<li><b>Street Address</b>: $address1</li>\n");
echo ("<li><b>Town/City</b>: $address_city</li>\n");
echo ("<li><b>County/State</b>: $address_state</li>\n");
echo ("<li><b>Postcode/ZIP</b>: $address_zip</li>\n");
echo ("<li><b>Country</b>: $address_country</li>\n");
echo ("<li><b>Amount</b>: £$amount</li>\n");
echo ("<li><b>Payment status</b>: $payment_status</li>\n");
echo ("<li><b>Transaction ID</b>: $transactionid</li>\n");
echo ("<li><b>UK Tax Payer?</b> $gbtax</li>\n");
echo ("</ul>\n");
// send e-mail
$today = date("F j, Y, g:i a");
mail("charityemail#internet.com", "Donation made - $itemname", "A donation was made on $today \n Payment Details \r\n\r\n Donation type: $itemname \r\n\r\n Name: $firstname $lastname \n Amount: $amount \n Donator Email: $payer_email \r\n\r\n Address: $address1 \n $address_city \n $address_state \n $address_zip \n $address_country \r\n\r\n Payment date: $payment_date \n Payment status: $payment_status \n Currency: $mc_currency \n Transaction ID: $transactionid \n UK Tax Payer? $gbtax \n", "From: Charity Donation <charityemail#internet.com>");
}
else if (strcmp ($lines[0], "FAIL") == 0) {
// log for manual investigation
}
}
fclose ($fp);
At the moment all I need to get working is the address to show on the email, return_url page and PayPal website (currently says Postal Address: Not Specified.)
Are you entering in an address when testing? Try passing over the variable "no_shipping" and setting the value to "2", and see if this makes a difference. Also PayPal will not pass back variables/values that are not valid PayPal variables, meaning you would not be able to make up your own variables and pass them over.

paypal ipn and mysql

I'm struggling with this problem for some days now but with no success, I'm relatively
new to paypal ipn but have used it succesfully in the past few monhts, now maybe I'm
doing some silly mistake or paypal sandbox ipn server is unresponsible.
The payment is processed properly, the money goes from the buyer account to the seller but still no details are entered in the database.
So this is the html form code:
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="POST">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="sanboxselleremail">
<input type="hidden" name="item_name" value="Product">
<input type="hidden" name="item_number" value="1">
<input type="hidden" name="amount" value="15">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="lc" value="EN">
<input type="hidden" name="bn" value="PP-BuyNowBF">
<input type="hidden" name="return" value="http://mysite.com/testipn/">
<input type="hidden" name="cancel_return" value="http://mysite.com/testipn/">
<input type="hidden" name="rm" value="2">
<input type="hidden" name="notify_url" value="http://mysite.com/testipn/ipn.php" />
<input type="submit" value="submit" />
</form>
And this is the ipn code that I found at paypal:
include('db.php');
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);
// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
if($payment_status=='Completed'){
$paylog = $db->query("INSERT INTO....);
}
else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
}
}
fclose ($fp);
}
I've double checked everything, I know that you must post back all the variables so I checked them too. The sql syntax has no problems because I've tested it and it enters
the values to the database table I want.
Can you please take a quick look and please point any errors you might find?
Thank you.
This problem is costing me lot of time and stress... :(
Your code is outdated and doesn't include the HTTP 'Host' header, which is (now) required.
So with this code, it would never get back 'VERIFIED', but instead get a HTTP/1.1 400 'Bad Request' back from PayPal.
To fix this, simply change:
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
To:
$header .= "POST /cgi-bin/webscr HTTP/1.1\r\n";
And add:
$header .= "Host: www.sandbox.paypal.com\r\n";
Should you just wish to use updated sample code, you can find this at https://www.paypal.com/ipn/
hi it seems to me its blocked as dont regcongnise you when it trys to complete the process ,ive read alot of people are experiencing problems with the sandbox theres a thing on paypal that tells you about it brb ill find
easily solved you need a buyer sandbox account and a seller one do you have both sorry for my spelling hope this helps
use this to test it
https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_testing_SBAccessing

Paypal Sandbox payment problem

I have the following post button that i use for paypal transactions:
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="my#email.com">
<input type="hidden" name="item_name" value="Item description">
<input type="hidden" name="item_number" value="1">
<input type="hidden" name="amount" value="00.30">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="lc" value="US">
<input type="hidden" name="bn" value="PP-BuyNowBF">
<input type="hidden" name="return" value="website.com/index.php" />
<input type="hidden" name="cancel_return" value="website.com/index.php" />
<input type="hidden" name="rm" value="2">
<input type="hidden" name="notify_url" value="website.com/ipn/ipn.php">
<input type="hidden" name="custom" value="user_id">
<input type="submit" value="upgrade" />
</form>
and the following code in ipn.php
<?php
include_once 'config.php';
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
//$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
$fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);
// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
// check the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment
mysql_query("UPDATE table SET column='1' WHERE column2='13'");
}
else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
}
}
fclose ($fp);
}
?>
when i click the upgrade button and pay, it doesnt show me a go back to the website button... but there is a go back to my#email.com button, which has a 10 sec delay and takes me back to my website... although it popups a warning about encrypted data, which i dont know what it is.
Also the query i use in ipn.php does not execute.I dont even know if it goes to ipn.php.
Regarding go back to "my#email.com", this could happen if the email you specified doesn't map to an account in the PayPal sandbox. Perhaps you're using your real email in the button instead of a sandbox account email?
Another possibility is that your test account at "my#email.com" is not a business account. If you have a business account it should reflect your business name instead.
As for not receiving the IPNs, the sandbox doesn't always do a great job at delivering IPNs on time, if at all. I'd actually suggest that you try integrating using Express Checkout instead of Website Payments Standard. Express Checkout is a little bit of a confusing dance initially but it is easy to implement after you try to understand it. Here's what I think is the best doc explaining how Express Checkout works:
https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_api_ECSimpleIntegration
And when you're ready to dive into the implementation you should look here:
https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/howto_api_reference
The nice thing about using Express Checkout instead of relying on IPN is that you get to figure out the payment status the moment your user returns to your site, and you don't have to sit around waiting for the IPN to show up.
With Express Checkout you also get to override your business name with a custom "brand name" so you can use the same receiving PayPal account on different sites with different "brands".
Good luck!