Paypal IPN 总是返回 INVALID
Posted
技术标签:
【中文标题】Paypal IPN 总是返回 INVALID【英文标题】:Paypal IPN always returns INVALID 【发布时间】:2016-10-10 21:45:04 【问题描述】:我正在使用我在这里下载的这个监听器Paypal-IPN-listener。问题是我总是收到“无效”响应。我检查了我的主机提供商,他们确认服务器具有支持 TLS1.2 的 OpenSSL v1.0.1。任何帮助将不胜感激。
我得到的回应:
HTTP/1.1 200 OK 日期:2016 年 6 月 10 日星期五 03:32:59 GMT 服务器:Apache X-Frame-Options:SAMEORIGIN Set-Cookie: c9MWDuvPtT9GIMyPc3jwol1VSlO = M5RZRbR9O0p3RyZcCd57VOjVO7vQahSBxti78obb5GWSaRge7FbInlJm9xeF6VIGA8jPMUyenYAZxlLOd4-YqTmucvLu0i7lWMg5RM94Q0SFZOVZ1_ysAo5Y_G3ISqMX_oc5Ts8Xqy5z9q8YKYW-RCBOKKo6ZpkXYUKF2RyjbOQIV3jeUWUSBBtkl4SxeDFi4MUm49opYTa6CvKAqQZ4vr6cWpOQghPpmEsz0s175Z8k6UtTfB99JV14faev1SBZUafmOkyNWCT3XSUF_dRWx-RAQ9L_T8MPetd5beRMm5fXBY1rvehFXw33aUvhTxckwGBJrdrKW2bOQa0Ry6YaRdp1uvdMC6uCuesozTjKXBFgSf0g0cDdHXoxV0rgVPTMlTRoVoV9xNJJ1CNKZzxeCvaFBZNSQdSTT888w0; 域=.paypal.com;路径=/;安全的; HttpOnly Set-Cookie: cookie_check=是; expires=周一,2026 年 6 月 8 日 03:32:59 GMT; 域=.paypal.com;路径=/;安全的; HttpOnly Set-Cookie: navcmd=_通知验证;域=.paypal.com;路径=/;安全的; HttpOnly 设置 Cookie:navlns=0.0; expires=星期日,2018 年 6 月 10 日 03:32:59 GMT; 域=.paypal.com;路径=/;安全的; HttpOnly Set-Cookie: 阿帕奇=10.72.108.11.1465529579669687;路径=/; expires=Sun, 03-Jun-46 03:32:59 GMT 变化:接受编码,用户代理 X-Cnection:关闭 HTTP_X_PP_AZ_LOCATOR:sandbox.slc Paypal-Debug-Id:5d6d91989f423 设置 Cookie: X-PP-SILOVER=名称%3DSANDBOX3.WEB.1%26silo_version%3D1880%26app%3Dappdispatcher%26TIME%3D3946076759%26HTTP_X_PP_AZ_LOCATOR%3Dsandbox.slc; 过期=格林威治标准时间 2016 年 6 月 10 日星期五 04:03:00;域=.paypal.com;路径=/; 安全的; HttpOnly Set-Cookie: X-PP-SILOVER=;过期=周四,1970 年 1 月 1 日 00:00:01 GMT Strict-Transport-Security: max-age=14400 传输编码:分块内容类型:text/html; charset=UTF-8
无效 -------------------------------------------------- ------------------ payment_type Instant payment_date 6 月 10 日星期五 2016 年 11:02:14 GMT 0800 (PHT) payment_status 完成 address_status 已确认 payer_status 已验证 名 约翰 姓 史密斯 payer_email 买家@paypalsandbox.com payer_id TESTBUYERID01 address_name John Smith address_country 美国地址_country_code 美国地址_zip 95131 address_state CA address_city 圣何塞 address_street 123 任何街头商业 卖家@paypalsandbox.com 接收者电子邮件 卖家@paypalsandbox.com 接收者ID 卖家@paypalsandbox.com 居住国家/地区美国商品名称1 东西 item_number1 AK-1234 税 2.02 mc_currency USD mc_fee 0.44 mc_gross 12.34 mc_gross_1 12.34 mc_handling 2.06 mc_handling1 1.67 mc_shipping 3.02 mc_shipping1 1.02 txn_type 购物车 txn_id 331854069 notify_version 2.1 定制xyz123发票abc1234 test_ipn 1 verify_sign AFcWxV21C7fd0v3bYYYRCps-s-rl31AfWDVp14NjdjOS60QpDQiiFYCMSm
ipn.php:
<?php
include('listener/ipnlistener.php');
$listener = new IpnListener();
$listener->use_sandbox = true;
try
$listener->requirePostMethod();
$verified = $listener->processIpn();
catch (Exception $e)
$file = fopen("log.txt","w");
fwrite($file,$e->getMessage());
fclose($file);
exit(0);
if ($verified)
$file = fopen("log.txt","w");
fwrite($file,$listener->getTextReport());
fclose($file);
else
$file = fopen("log.txt","w");
fwrite($file,$listener->getTextReport());
fclose($file);
?>
ipnlistener.php
<?php
/**
* PayPal IPN Listener
*
* A class to listen for and handle Instant Payment Notifications (IPN) from
* the PayPal server.
*
* https://github.com/Quixotix/PHP-PayPal-IPN
*
* @package PHP-PayPal-IPN
* @author Micah Carrick
* @copyright (c) 2012 - Micah Carrick
* @version 2.1.0
*/
class IpnListener
/**
* If true, the recommended cURL PHP library is used to send the post back
* to PayPal. If flase then fsockopen() is used. Default true.
*
* @var boolean
*/
public $use_curl = true;
/**
* If true, explicitly sets cURL to use SSL version 3. Use this if cURL
* is compiled with GnuTLS SSL.
*
* @var boolean
*/
public $force_ssl_v3 = true;
/**
* If true, cURL will use the CURLOPT_FOLLOWLOCATION to follow any
* "Location: ..." headers in the response.
*
* @var boolean
*/
public $follow_location = false;
/**
* If true, an SSL secure connection (port 443) is used for the post back
* as recommended by PayPal. If false, a standard HTTP (port 80) connection
* is used. Default true.
*
* @var boolean
*/
public $use_ssl = true;
/**
* If true, the paypal sandbox URI www.sandbox.paypal.com is used for the
* post back. If false, the live URI www.paypal.com is used. Default false.
*
* @var boolean
*/
public $use_sandbox = true;
/**
* The amount of time, in seconds, to wait for the PayPal server to respond
* before timing out. Default 30 seconds.
*
* @var int
*/
public $timeout = 30;
private $post_data = array();
private $post_uri = '';
private $response_status = '';
private $response = '';
const PAYPAL_HOST = 'www.paypal.com';
const SANDBOX_HOST = 'www.sandbox.paypal.com';
/**
* Post Back Using cURL
*
* Sends the post back to PayPal using the cURL library. Called by
* the processIpn() method if the use_curl property is true. Throws an
* exception if the post fails. Populates the response, response_status,
* and post_uri properties on success.
*
* @param string The post data as a URL encoded string
*/
protected function curlPost($encoded_data)
if ($this->use_ssl)
$uri = 'https://'.$this->getPaypalHost().'/cgi-bin/webscr';
$this->post_uri = $uri;
else
$uri = 'http://'.$this->getPaypalHost().'/cgi-bin/webscr';
$this->post_uri = $uri;
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO,
dirname(__FILE__)."/cert/cacert.pem");
curl_setopt($ch, CURLOPT_URL, $uri);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $encoded_data);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, $this->follow_location);
curl_setopt($ch, CURLOPT_TIMEOUT, $this->timeout);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, true);
if ($this->force_ssl_v3)
curl_setopt($ch, CURLOPT_SSLVERSION, 6);
$this->response = curl_exec($ch);
$this->response_status = strval(curl_getinfo($ch, CURLINFO_HTTP_CODE));
if ($this->response === false || $this->response_status == '0')
$errno = curl_errno($ch);
$errstr = curl_error($ch);
throw new Exception("cURL error: [$errno] $errstr");
/**
* Post Back Using fsockopen()
*
* Sends the post back to PayPal using the fsockopen() function. Called by
* the processIpn() method if the use_curl property is false. Throws an
* exception if the post fails. Populates the response, response_status,
* and post_uri properties on success.
*
* @param string The post data as a URL encoded string
*/
protected function fsockPost($encoded_data)
if ($this->use_ssl)
$uri = 'ssl://'.$this->getPaypalHost();
$port = '443';
$this->post_uri = $uri.'/cgi-bin/webscr';
else
$uri = $this->getPaypalHost(); // no "http://" in call to fsockopen()
$port = '80';
$this->post_uri = 'http://'.$uri.'/cgi-bin/webscr';
$fp = fsockopen($uri, $port, $errno, $errstr, $this->timeout);
if (!$fp)
// fsockopen error
throw new Exception("fsockopen error: [$errno] $errstr");
$header = "POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .= "Host: ".$this->getPaypalHost()."\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: ".strlen($encoded_data)."\r\n";
$header .= "Connection: Close\r\n\r\n";
fputs($fp, $header.$encoded_data."\r\n\r\n");
while(!feof($fp))
if (empty($this->response))
// extract HTTP status from first line
$this->response .= $status = fgets($fp, 1024);
$this->response_status = trim(substr($status, 9, 4));
else
$this->response .= fgets($fp, 1024);
fclose($fp);
private function getPaypalHost()
if ($this->use_sandbox) return self::SANDBOX_HOST;
else return self::PAYPAL_HOST;
/**
* Get POST URI
*
* Returns the URI that was used to send the post back to PayPal. This can
* be useful for troubleshooting connection problems. The default URI
* would be "ssl://www.sandbox.paypal.com:443/cgi-bin/webscr"
*
* @return string
*/
public function getPostUri()
return $this->post_uri;
/**
* Get Response
*
* Returns the entire response from PayPal as a string including all the
* HTTP headers.
*
* @return string
*/
public function getResponse()
return $this->response;
/**
* Get Response Status
*
* Returns the HTTP response status code from PayPal. This should be "200"
* if the post back was successful.
*
* @return string
*/
public function getResponseStatus()
return $this->response_status;
/**
* Get Text Report
*
* Returns a report of the IPN transaction in plain text format. This is
* useful in emails to order processors and system administrators. Override
* this method in your own class to customize the report.
*
* @return string
*/
public function getTextReport()
$r = '';
// date and POST url
for ($i=0; $i<80; $i++) $r .= '-';
$r .= "\n[".date('m/d/Y g:i A').'] - '.$this->getPostUri();
if ($this->use_curl) $r .= " (curl)\n";
else $r .= " (fsockopen)\n";
// HTTP Response
for ($i=0; $i<80; $i++) $r .= '-';
$r .= "\n$this->getResponse()\n";
// POST vars
for ($i=0; $i<80; $i++) $r .= '-';
$r .= "\n";
foreach ($this->post_data as $key => $value)
$r .= str_pad($key, 25)."$value\n";
$r .= "\n\n";
return $r;
/**
* Process IPN
*
* Handles the IPN post back to PayPal and parsing the response. Call this
* method from your IPN listener script. Returns true if the response came
* back as "VERIFIED", false if the response came back "INVALID", and
* throws an exception if there is an error.
*
* @param array
*
* @return boolean
*/
public function processIpn($post_data=null)
$encoded_data = 'cmd=_notify-validate';
if ($post_data === null)
// use raw POST data
if (!empty($_POST))
$this->post_data = $_POST;
$encoded_data .= '&'.file_get_contents('php://input');
else
throw new Exception("No POST data found.");
else
// use provided data array
$this->post_data = $post_data;
foreach ($this->post_data as $key => $value)
$encoded_data .= "&$key=".urlencode($value);
if ($this->use_curl) $this->curlPost($encoded_data);
else $this->fsockPost($encoded_data);
if (strpos($this->response_status, '200') === false)
throw new Exception("Invalid response status: ".$this->response_status);
if (strpos($this->response, "VERIFIED") !== false)
return true;
elseif (strpos($this->response, "INVALID") !== false)
return false;
else
throw new Exception("Unexpected response from PayPal.");
/**
* Require Post Method
*
* Throws an exception and sets a HTTP 405 response header if the request
* method was not POST.
*/
public function requirePostMethod()
// require POST requests
if ($_SERVER['REQUEST_METHOD'] && $_SERVER['REQUEST_METHOD'] != 'POST')
header('Allow: POST', true, 405);
throw new Exception("Invalid HTTP request method.");
【问题讨论】:
代码?什么触发“无效”? 如果您使用沙盒进行测试,您是否将$use_sandbox变量更改为true?听起来您的听众正在发回直播网站 @user6439245 是的,该属性设置为 true。 @Dagon OP 更新了代码 在 ipn.php 和 ipnlistener.php 中都应该设置为 true。如果您已经这样做了,请通过编辑您的问题在此处发布您的 ipn.php 和 ipnlistener.php 文件的代码。 【参考方案1】:调试步骤
-
检查脚本是否在您的 IPN 侦听器和输出生成脚本中都指向正确的路径。
ssl://www.sandbox.paypal.com:443/cgi-bin/webscr 用于沙盒(包括 IPN 模拟器)
ssl://www.paypal.com:443/cgi-bin/webscr 用于实时站点
沙盒仅允许 SSL 连接。 在撰写本文时,HTTP 协议仍可用于实时站点。
检查您的服务器是否支持 TLS 1.2 PayPal 正在更新其服务,要求所有 HTTPS/TLS 都使用 TLS v1.2
如果您使用 fsockopen()m,请确保该功能已在您的 PHP 配置中启用
如果您使用 curl() 函数,请确保它们已在您的 PHP 配置中启用
检查 curl_setopt($ch, CURLOPT_SSLVERSION, ) 是否设置为正确的版本,即在撰写本文时为 6
如果以上都检查过了,还是不能正常使用,可以尝试在IPN模拟器的payment date字段中输入NULL,看是否返回VERIFIED结果。
付款日期中用于时区的加号可能会导致问题 当使用 urlencode() 解析 URL 时。
【讨论】:
没有任何改变。 $listener->use_sandbox = true; 应该将该对象中的属性设置为 true。 public $use_sandbox = false; 只是默认值。 你可能看错地方了,$listener->use_sandbox = true;在您的 ipn.php 脚本中,public $use_sandbox = false;在你的 ipnlistener.php 脚本中 你需要将ipnlistener.php中的默认值从$use_sandbox = false;到 $use_sandbox = true;否则,它将发布到实时站点,因此响应无效。请参阅有关 IPN 测试的 Paypal 开发人员手册developer.paypal.com/docs/classic/ipn/integration-guide/… 尝试改变 curl_setopt($ch, CURLOPT_SSLVERSION, 3);到 curl_setopt($curl, CURLOPT_SSLVERSION, 6);出于测试目的如果我没记错的话 PayPal 已经在 2 年前禁用了 SSLv3。 是的,它已经是 curl_setopt($curl, CURLOPT_SSLVERSION, 6); 你可以在 ipnlistener.php 中看到以上是关于Paypal IPN 总是返回 INVALID的主要内容,如果未能解决你的问题,请参考以下文章
Rails 监听器 Paypal IPN 总是返回 INVALID