PayPal IPN HTTP 错误 400 - PHP - 使用 PayPal GIT 代码

Posted 2023-02-22

【中文标题】PayPal IPN HTTP 错误 400 - PHP - 使用 PayPal GIT 代码

【英文标题】：PayPal IPN HTTP ERROR 400 - PHP - Using PayPal GIT Code

【发布时间】：2021-10-10 19:22:35

【问题描述】：

PayPal 沙盒测试不断提供以下错误：

http 400 - 错误请求 您的浏览器发送了一个请求该服务器 听不懂。

我正在使用 git 提供的 PayPal 示例代码，但无法解决此错误。

代码 [PayPalIPN.php]

<?php

class PaypalIPN

    /** @var bool Indicates if the sandbox endpoint is used. */
    private $use_sandbox = false;
    /** @var bool Indicates if the local certificates are used. */
    private $use_local_certs = true;

    /** Production Postback URL */
    const VERIFY_URI = 'https://ipnpb.paypal.com/cgi-bin/webscr';
    /** Sandbox Postback URL */
    const SANDBOX_VERIFY_URI = 'https://ipnpb.sandbox.paypal.com/cgi-bin/webscr';

    /** Response from PayPal indicating validation was successful */
    const VALID = 'VERIFIED';
    /** Response from PayPal indicating validation failed */
    const INVALID = 'INVALID';

    /**
     * Sets the IPN verification to sandbox mode (for use when testing,
     * should not be enabled in production).
     * @return void
     */
    public function useSandbox()
    
        $this->use_sandbox = true;
    

    /**
     * Sets curl to use php curl's built in certs (may be required in some
     * environments).
     * @return void
     */
    public function usePHPCerts()
    
        $this->use_local_certs = false;
    

    /**
     * Determine endpoint to post the verification data to.
     *
     * @return string
     */
    public function getPaypalUri()
    
        if ($this->use_sandbox) 
            return self::SANDBOX_VERIFY_URI;
         else 
            return self::VERIFY_URI;
        
    

    /**
     * Verification Function
     * Sends the incoming post data back to PayPal using the cURL library.
     *
     * @return bool
     * @throws Exception
     */
    public function verifyIPN()
    
        if ( ! count($_POST)) 
            throw new Exception("Missing POST Data");
        

        $raw_post_data = file_get_contents('php://input');
        $raw_post_array = explode('&', $raw_post_data);
        $myPost = array();
        foreach ($raw_post_array as $keyval) 
            $keyval = explode('=', $keyval);
            if (count($keyval) == 2) 
                // Since we do not want the plus in the datetime string to be encoded to a space, we manually encode it.
                if ($keyval[0] === 'payment_date') 
                    if (substr_count($keyval[1], '+') === 1) 
                        $keyval[1] = str_replace('+', '%2B', $keyval[1]);
                    
                
                $myPost[$keyval[0]] = urldecode($keyval[1]);
            
        

        // Build the body of the verification post request, adding the _notify-validate command.
        $req = 'cmd=_notify-validate';
        $get_magic_quotes_exists = false;
        if (function_exists('get_magic_quotes_gpc')) 
            $get_magic_quotes_exists = true;
        
        foreach ($myPost as $key => $value) 
            if ($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) 
                $value = urlencode(stripslashes($value));
             else 
                $value = urlencode($value);
            
            $req .= "&$key=$value";
        

        // Post the data back to PayPal, using curl. Throw exceptions if errors occur.
        $ch = curl_init($this->getPaypalUri());
        curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
        curl_setopt($ch, CURLOPT_SSLVERSION, 6);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);

        // This is often required if the server is missing a global cert bundle, or is using an outdated one.
        if ($this->use_local_certs) 
            curl_setopt($ch, CURLOPT_CAINFO, __DIR__ . "/cert/cacert.pem");
        
        curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
        curl_setopt($ch, CURLOPT_HTTPHEADER, array(
            'User-Agent: PHP-IPN-Verification-Script',
            'Connection: Close',
        ));
        $res = curl_exec($ch);
        if ( ! ($res)) 
            $errno = curl_errno($ch);
            $errstr = curl_error($ch);
            curl_close($ch);
            throw new Exception("cURL error: [$errno] $errstr");
        

        $info = curl_getinfo($ch);
        $http_code = $info['http_code'];
        if ($http_code != 200) 
            throw new Exception("PayPal responded with http code $http_code");
        

        curl_close($ch);

        // Check if PayPal verifies the IPN data, and if so, return true.
        if ($res == self::VALID) 
            return true;
         else 
            return false;
        
    

?>

代码[PaypalListener.php]

<?php namespace Listener;

require('PaypalIPN.php');

use PaypalIPN;

$ipn = new PaypalIPN();

// Use the sandbox endpoint during testing.
$ipn->useSandbox();
$verified = $ipn->verifyIPN();
if ($verified) 
    /*
     * Process IPN
     * A list of variables is available here:
     * https://developer.paypal.com/webapps/developer/docs/classic/ipn/integration-guide/IPNandPDTVariables/
     */


// Reply with an empty 200 response to indicate to paypal the IPN was received correctly.
header("HTTP/1.1 200 OK");
?>

使用 PayPals IPN 模拟器时，以下数据会发布到 PayPalIPN 页面：

payment_type=instant&payment_date=14%3A37%3A40%20Aug%2004%2C%202021%20PDT&payment_status=Completed&address_status=confirmed&payer_status=verified&first_name=John&last_name=Smith&payer_email=buyer@paypalsandbox.com&payer_id=TESTBUYERID01&address_name=John%20Smith&address_country=United%20States&address_country_code=US&address_zip=95131&address_state=CA&address_city=San%20Jose&address_street=123%20any%20street&business=seller@paypalsandbox.com&receiver_email=seller@paypalsandbox.com&receiver_id=seller@paypalsandbox.com&residence_country=US&item_name1=something&item_number1=AK-1234&tax=2.02&mc_currency=USD&mc_fee=0.44&mc_gross=12.34&mc_gross_1=12.34&mc_handling=2.06&mc_handling1=1.67&mc_shipping=3.02&mc_shipping1=1.02&txn_type=cart&txn_id=746114854&notify_version=2.1&custom=xyz123&invoice=abc1234&test_ipn=1&verify_sign=AqXxBxXlRxzzzTc3OqYNzyZnI8SaAdBMjOvZCSXfOj1cWp11HHkIrMRX

$req 返回的数据（应该发送回 PayPal）结果如下：

cmd=_notify-validate&payment_type=instant&payment_date=14%3A37%3A40+Aug+04%2C+2021+PDT&payment_status=Completed&address_status=confirmed&payer_status=verified&first_name=John&last_name=Smith&payer_email=buyer%40paypalsandbox.com&payer_id=TESTBUYERID01&address_name=John+Smith&address_country=United+States&address_country_code=US&address_zip=95131&address_state=CA&address_city=San+Jose&address_street=123+any+street&business=seller%40paypalsandbox.com&receiver_email=seller%40paypalsandbox.com&receiver_id=seller%40paypalsandbox.com&residence_country=US&item_name1=something&item_number1=AK-1234&tax=2.02&mc_currency=USD&mc_fee=0.44&mc_gross=12.34&mc_gross_1=12.34&mc_handling=2.06&mc_handling1=1.67&mc_shipping=3.02&mc_shipping1=1.02&txn_type=cart&txn_id=746114854&notify_version=2.1&custom=xyz123&invoice=abc1234&test_ipn=1&verify_sign=AqXxBxXlRxzzzTc3OqYNzyZnI8SaAdBMjOvZCSXfOj1cWp11HHkIrMRX

我注意到在返回编码中，“+”符号最初是 %20，而“@”符号已被替换为 %40，我已经替换了这些以匹配收到的原始代码，但没有任何改变错误。

我无法在 PayPal 论坛或其他地方找到解决此问题的方法。 我错过了什么？请帮忙！

【参考方案1】：

此问题与 PayPal 最近将沙盒迁移到云端有关。现在，将验证回发主机名从 ipnpb 更改为 www：

const SANDBOX_VERIFY_URI = 'https://www.sandbox.paypal.com/cgi-bin/webscr';

【讨论】：

这让我把头发扯了两天。它似乎有效，然后 BAM, 404 返回 2 天。我很高兴我找到了这个。