Problem setting up paypal verification using IPN

PHP
1

Hi friends

So I am trying to set up my own Paypal payment system with IPN following this tutorial : http://www.micahcarrick.com/paypal-ipn-with-php.html

My ipn.php and ipllistener.php are done and uploaded.

Now, I tried https://developer.paypal.com/developer/ipnSimulator/ and found “IPN was sent and the handshake was verified” message. However, no emails in either of the two sandbox emails, neither anything in the ipn_errors.log.

Wondering if there is anyone who has installed IPN earlier and could give me a helping hand sharind his / her experience.

Thanks guys.
Best.

2

Hi Jeremy,

I had a quick look over the tutorial and one thing that comes to mind is that your server might not be configured correctly to send email. Have you previously been able to send emails using PHP’s mail() function?

Here’s a simple script you could use to test that:

<?php

ini_set( 'display_errors', 1 );
error_reporting( E_ALL );

$to = "youremail@example.com";
$subject = "PHP Mail() Test";
$message = "Hello, world!";

$wasSent = mail($to, $subject, $message);

if ($wasSent) {
    echo "Test email sent";
} else {
    echo "Email NOT sent";
}

Be aware that emails sent from shared hosting and local development servers (eg. WAMP) sometimes get flagged as spam by mail software.

1 Like
3

Hi fretburner, thanks for your reply. Yes the mail server is working properly. However, I have the following in the error log while testing the previous code. Not sure if they are related

cURL error: [77] error setting certificate verify locations:
CAfile: /var/www/domain.com/web/cert/api_cert_chain.crt
CApath: /etc/ssl/certs
4

If I’m not mistaken emails sending is not allowed in sandbox mode.

5

In the cURL section, make sure you have.

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
6

Thanks Iorenw, its true in my case. What changes between true and false, can you share a bit on this please ?

7

False does not verify the SSL certificate from paypal.
This is the easiest way to do things. If there is a possibility of a “man in the middle” between your server and paypal, the data could be compromised.
So, if your server is in a data center, no problem. If your server is in your home, you may worry.
The IPN data is not mission critical and is the reason I use false.

If set to true you will need a CA cert and a few more curl options.
http://php.net/manual/en/function.curl-setopt.php

Honestly you should be fine setting it to false.

8

Hmm, thanks a lot for the explanation Lorenw :smile:

9

Now setting that to false, I am getting this :

cURL error: [35] error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

10

The IPN library that the tutorial recommends is several years old and no longer maintained. Someone has forked and updated it here: https://github.com/WadeShuler/PHP-PayPal-IPN/

You might want to download that before going any further to ensure you’re not running into any bugs that have already been solved.

11

Thanks fretburner. I tried that, and still no result - the WadeShuler project is very unclear.

  1. I created 3 files api_cert_chain.crt, ipnlistener.php and ipn.php and uploaded to my domain.com/ location.
  2. Changed paths in ipnlistener.php & ipn.php. They are now : require_once( ‘IpnListener.php’); and curl_setopt($ch, CURLOPT_CAINFO, dirname(dirname(FILE)) . ‘/api_cert_chain.crt’); since I am using all files at the same location.
  3. I have namespace wadeshuler\paypalipn; and use wadeshuler\paypalipn\IpnListener; in the two files respectively. Do I need to create a folder wadeshuler ? And why are the slashes reversed ?
  4. In ipn.php, it would have been good to finish it with error handling and database updating // this is rather a feature request.
  5. I have loaded ipn.php both via paypal button via actual payment and directly, I have nothing in either ipn_success.log or ipn_error.log
12

This is very old but works. after the foreach I write the data to a file in case something goes wrong.

$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}

// post back to PayPal system to validate
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Host: www.paypal.com:443\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);


if (!$fp) {
// HTTP ERROR
} 
else {
fputs ($fp, $header . $req);
	while (!feof($fp)) {
	$res = fgets ($fp, 1024);
		if (strcmp ($res, "VERIFIED") == 0) { // ========== PAYMENT SUCCESS
		}
		else if (strcmp ($res, "INVALID") == 0) { // ====== log for manual investigation
		}
	}
fclose ($fp);
}
13

Sounds like Windows filesystem path format to me. eg.
On Nix it might be
C:/something/bin/start.exe
but on Windows it would be
C:\something\bin\start.exe

Don’t confuse filesystem paths with HTTP paths which are all “/”

14

Thanks Mittineague.

15

Thanks lorenw. Do you mean that to put this code in a file linked via notify_url ? And then by reading a few forums I understood that there is always a few risks unless we go through the ipn method - have you come across that idea ?

16

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.