Paypal IPN 在沙盒中有效 直播时无效
Posted
技术标签:
【中文标题】Paypal IPN 在沙盒中有效 直播时无效【英文标题】:Paypal IPN Valid in sandbox INVALID when live 【发布时间】:2012-08-25 19:05:41 【问题描述】:我一直在尝试将 paypal IPN 系统实施到客户站点中。每当我在 IPN 沙盒工具中测试此脚本时,都会对其进行验证并执行我的操作,但是当我将其实时移动时,IPN 将作为无效返回。 我在墙上,提前感谢您的帮助。 这是 IPN 侦听器脚本:
<?php
/**
* PayPal IPN Listener
*
* A class to listen for and handle Instant Payment Notifications (IPN) from
* the PayPal server.
*
* https://github.com/Quixotix/PHP-PayPal-IPN
*
* @package PHP-PayPal-IPN
* @author Micah Carrick
* @copyright (c) 2011 - Micah Carrick
* @version 2.0.5
* @license http://opensource.org/licenses/gpl-3.0.html
*/
class IpnListener
/**
* If true, the recommended cURL PHP library is used to send the post back
* to PayPal. If flase then fsockopen() is used. Default true.
*
* @var boolean
*/
public $use_curl = true;
/**
* If true, explicitly sets cURL to use SSL version 3. Use this if cURL
* is compiled with GnuTLS SSL.
*
* @var boolean
*/
public $force_ssl_v3 = true;
/**
* If true, cURL will use the CURLOPT_FOLLOWLOCATION to follow any
* "Location: ..." headers in the response.
*
* @var boolean
*/
public $follow_location = false;
/**
* If true, an SSL secure connection (port 443) is used for the post back
* as recommended by PayPal. If false, a standard HTTP (port 80) connection
* is used. Default true.
*
* @var boolean
*/
public $use_ssl = true;
/**
* If true, the paypal sandbox URI www.sandbox.paypal.com is used for the
* post back. If false, the live URI www.paypal.com is used. Default false.
*
* @var boolean
*/
public $use_sandbox = false;
/**
* The amount of time, in seconds, to wait for the PayPal server to respond
* before timing out. Default 30 seconds.
*
* @var int
*/
public $timeout = 30;
private $post_data = array();
private $post_uri = '';
private $response_status = '';
private $response = '';
const PAYPAL_HOST = 'www.paypal.com';
const SANDBOX_HOST = 'www.sandbox.paypal.com';
/**
* Post Back Using cURL
*
* Sends the post back to PayPal using the cURL library. Called by
* the processIpn() method if the use_curl property is true. Throws an
* exception if the post fails. Populates the response, response_status,
* and post_uri properties on success.
*
* @param string The post data as a URL encoded string
*/
protected function curlPost($encoded_data)
if ($this->use_ssl)
$uri = 'https://'.$this->getPaypalHost().'/cgi-bin/webscr';
$this->post_uri = $uri;
else
$uri = 'http://'.$this->getPaypalHost().'/cgi-bin/webscr';
$this->post_uri = $uri;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $uri);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $encoded_data);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, $this->follow_location);
curl_setopt($ch, CURLOPT_TIMEOUT, $this->timeout);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, true);
if ($this->force_ssl_v3)
curl_setopt($ch, CURLOPT_SSLVERSION, 3);
$this->response = curl_exec($ch);
$this->response_status = strval(curl_getinfo($ch, CURLINFO_HTTP_CODE));
if ($this->response === false || $this->response_status == '0')
$errno = curl_errno($ch);
$errstr = curl_error($ch);
throw new Exception("cURL error: [$errno] $errstr");
/**
* Post Back Using fsockopen()
*
* Sends the post back to PayPal using the fsockopen() function. Called by
* the processIpn() method if the use_curl property is false. Throws an
* exception if the post fails. Populates the response, response_status,
* and post_uri properties on success.
*
* @param string The post data as a URL encoded string
*/
protected function fsockPost($encoded_data)
if ($this->use_ssl)
$uri = 'ssl://'.$this->getPaypalHost();
$port = '443';
$this->post_uri = $uri.'/cgi-bin/webscr';
else
$uri = $this->getPaypalHost(); // no "http://" in call to fsockopen()
$port = '80';
$this->post_uri = 'http://'.$uri.'/cgi-bin/webscr';
$fp = fsockopen($uri, $port, $errno, $errstr, $this->timeout);
if (!$fp)
// fsockopen error
throw new Exception("fsockopen error: [$errno] $errstr");
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Host: ".$this->getPaypalHost()."\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: ".strlen($encoded_data)."\r\n";
$header .= "Connection: Close\r\n\r\n";
fputs($fp, $header.$encoded_data."\r\n\r\n");
while(!feof($fp))
if (empty($this->response))
// extract HTTP status from first line
$this->response .= $status = fgets($fp, 1024);
$this->response_status = trim(substr($status, 9, 4));
else
$this->response .= fgets($fp, 1024);
fclose($fp);
private function getPaypalHost()
if ($this->use_sandbox) return IpnListener::SANDBOX_HOST;
else return IpnListener::PAYPAL_HOST;
/**
* Get POST URI
*
* Returns the URI that was used to send the post back to PayPal. This can
* be useful for troubleshooting connection problems. The default URI
* would be "ssl://www.sandbox.paypal.com:443/cgi-bin/webscr"
*
* @return string
*/
public function getPostUri()
return $this->post_uri;
/**
* Get Response
*
* Returns the entire response from PayPal as a string including all the
* HTTP headers.
*
* @return string
*/
public function getResponse()
return $this->response;
/**
* Get Response Status
*
* Returns the HTTP response status code from PayPal. This should be "200"
* if the post back was successful.
*
* @return string
*/
public function getResponseStatus()
return $this->response_status;
/**
* Get Text Report
*
* Returns a report of the IPN transaction in plain text format. This is
* useful in emails to order processors and system administrators. Override
* this method in your own class to customize the report.
*
* @return string
*/
public function getTextReport()
$r = '';
// date and POST url
for ($i=0; $i<80; $i++) $r .= '-';
$r .= "\n[".date('m/d/Y g:i A').'] - '.$this->getPostUri();
if ($this->use_curl) $r .= " (curl)\n";
else $r .= " (fsockopen)\n";
// HTTP Response
for ($i=0; $i<80; $i++) $r .= '-';
$r .= "\n$this->getResponse()\n";
// POST vars
for ($i=0; $i<80; $i++) $r .= '-';
$r .= "\n";
foreach ($this->post_data as $key => $value)
$r .= str_pad($key, 25)."$value\n";
$r .= "\n\n";
return $r;
/**
* Process IPN
*
* Handles the IPN post back to PayPal and parsing the response. Call this
* method from your IPN listener script. Returns true if the response came
* back as "VERIFIED", false if the response came back "INVALID", and
* throws an exception if there is an error.
*
* @param array
*
* @return boolean
*/
public function processIpn($post_data=null)
$encoded_data = 'cmd=_notify-validate';
if ($post_data === null)
// use raw POST data
if (!empty($_POST))
$this->post_data = $_POST;
$encoded_data .= '&'.file_get_contents('php://input');
else
throw new Exception("No POST data found.");
else
// use provided data array
$this->post_data = $post_data;
foreach ($this->post_data as $key => $value)
$encoded_data .= "&$key=".urlencode($value);
if ($this->use_curl) $this->curlPost($encoded_data);
else $this->fsockPost($encoded_data);
if (strpos($this->response_status, '200') === false)
throw new Exception("Invalid response status: ".$this->response_status);
if (strpos($this->response, "VERIFIED") !== false)
return true;
elseif (strpos($this->response, "INVALID") !== false)
return false;
else
throw new Exception("Unexpected response from PayPal.");
/**
* Require Post Method
*
* Throws an exception and sets a HTTP 405 response header if the request
* method was not POST.
*/
public function requirePostMethod()
// require POST requests
if ($_SERVER['REQUEST_METHOD'] && $_SERVER['REQUEST_METHOD'] != 'POST')
header('Allow: POST', true, 405);
throw new Exception("Invalid HTTP request method.");
?>
这是我的处理程序脚本:
<?php
/*
ipn.php - example code used for the tutorial:
PayPal IPN with PHP
How To Implement an Instant Payment Notification listener script in PHP
http://www.micahcarrick.com/paypal-ipn-with-php.html
(c) 2011 - Micah Carrick
*/
// tell PHP to log errors to ipn_errors.log in this directory
ini_set('log_errors', true);
ini_set('error_log', dirname(__FILE__).'/ipn_errors.log');
// intantiate the IPN listener
include('ipnlistener.php');
$listener = new IpnListener();
// tell the IPN listener to use the PayPal test sandbox
$listener->use_sandbox = true;
// try to process the IPN POST
try
$listener->requirePostMethod();
$verified = $listener->processIpn();
catch (Exception $e)
error_log($e->getMessage());
exit(0);
if ($verified)
$errmsg = ''; // stores errors from fraud checks
// 1. Make sure the payment status is "Completed"
if ($_POST['payment_status'] != 'Completed')
// simply ignore any IPN that is not completed
exit(0);
// 2. Make sure seller email matches your primary account email.
if ($_POST['receiver_email'] != 'mail@example.com')
$errmsg .= "'receiver_email' does not match: ";
$errmsg .= $_POST['receiver_email']."\n";
// 3. Make sure the amount(s) paid match
//if ($_POST['mc_gross'] != '9.99')
//$errmsg .= "'mc_gross' does not match: ";
//$errmsg .= $_POST['mc_gross']."\n";
//
// 4. Make sure the currency code matches
if ($_POST['mc_currency'] != 'USD')
$errmsg .= "'mc_currency' does not match: ";
$errmsg .= $_POST['mc_currency']."\n";
// 5. Ensure the transaction is not a duplicate.
mysql_connect('dfdesignzstudiocom.ipagemysql.com','root2121','******') or exit(0);
mysql_select_db('paypal') or exit(0);
if (!empty($errmsg))
// manually investigate errors from the fraud checking
$body = "IPN failed fraud checks: \n$errmsg\n\n";
$body .= $listener->getTextReport();
mail('myemail@example.com', 'IPN Fraud Warning', $body);
else
// add this order to a table of completed orders
$payer_email = mysql_real_escape_string($_POST['payer_email']);
$first_name = mysql_real_escape_string($_POST['first_name']);
$last_name = mysql_real_escape_string($_POST['last_name']);
$contact_phone = mysql_real_escape_string($_POST['contact_phone']);
$item_name = mysql_real_escape_string($_POST['item_name']);
$quantity = mysql_real_escape_string($_POST['quantity']);
$mc_fee = mysql_real_escape_string($_POST['mc_fee']);
$sql = "INSERT INTO orders (payer_email, first_name, last_name, contact_phone, item_name, quantity, mc_fee) VALUES
('$payer_email', '$first_name', '$last_name', '$contact_phone', '$item_name', '$quantity', '$mc_fee')";
if (!mysql_query($sql))
error_log(mysql_error());
exit(0);
// send seller an email with buyer information
$to = filter_var('myemail@example.com', FILTER_SANITIZE_EMAIL);
$subject = "New Class Registration";
$message = "Registration Information: \n$first_name $last_name\n$payer_email\nItem Name: $item_name \nQuantity: $quantity\nTotal paid: $mc_fee";
mail($to, $subject, $message);
$command="mysqldump --xml --host=dfdesignzstudiocom.ipagemysql.com --user=root2121 --password=****** paypal > database.xml";
system($command);
else
// manually investigate the invalid IPN
mail('myemail@example.com', 'Invalid IPN', $listener->getTextReport());
?>
【问题讨论】:
【参考方案1】:设置 $listener->use_sandbox 为 false
$listener->use_sandbox = false;
【讨论】:
刚刚自己实现了 IPN,并做了同样的事情:忘记将处理程序切换到实时 PayPal。就在您认为自己已经检查了所有内容时,却是简单的事情让您大吃一惊!幸运的是,我在管理页面中内置了该功能,以便能够使用 PayPal 交易中的详细信息创建后端记录和客户端通知。【参考方案2】:您是否检查了您的 PayPal 帐户 > IPN 历史记录并通过单击相关交易的消息 ID 查看了 HTML 错误代码?
【讨论】:
我已经为我的情况这样做了,但没有运气。 HTTP Response code 为 200,表示成功!这里根本没有显示错误... WTF?我已经重新发送了大约 10 次相同的通知,都具有相同的响应代码:200,但它甚至从未触及我的数据库......我该如何调试这个?以上是关于Paypal IPN 在沙盒中有效 直播时无效的主要内容,如果未能解决你的问题,请参考以下文章
Paypal IPN 在沙盒 ipn sinulator 中有效,但在交易中无效
Paypal IPN 在 paypal 帐户中不起作用,但在沙盒中正常工作