4
使用位於GitHub上這裏的代碼:https://github.com/Quixotix/PHP-PayPal-IPN貝寶IPN的問題,而是工作在沙盒精美
好了,所以,我有一個PHP頁面一樣,所以我用我的ipnlistener的URL的sa=paypal_verify一部分變量,在按鈕創建的步驟3中,像這樣內:
notify_url=http://mydomain.com/index.php?page=paypaltest;sa=paypal_verify
return=http://mydomain.com/index.php?page=paypaltest;sa=thankyou
rm=2
這裏是鏈接到http://mydomain.com/index.php?page=paypaltest
if (!empty($_REQUEST['sa']) && $_REQUEST['sa'] != 'thankyou')
{
// Require file for loading up global variables, etc. Might not be needed, but just in here in case.
require_once('/public_html/Settings.php');
global $smcFunc, $context, $scripturl, $boarddir, $modSettings, $txt;
if ($_REQUEST['sa'] == 'paypal_verify')
{
ini_set('log_errors', true);
ini_set('error_log', '/ipn_errors.log');
// Here is where the actual IpnListener Class is defined
// and uses cURL or fSocket to post back to paypal.
require_once($boarddir . '/ipn/ipnlistener.php');
$listener = new IpnListener();
try {
$listener->requirePostMethod();
$verified = $listener->processIpn();
} catch (Exception $e) {
error_log($e->getMessage());
exit(0);
}
/*
The processIpn() method returned true if the IPN was "VERIFIED" and false if it
was "INVALID".
*/
if ($verified) {
$errmsg = ''; // stores errors from fraud checks
// 1. Make sure the payment status is "Completed"
if ($_POST['payment_status'] != 'Completed') {
// simply ignore any IPN that is not completed
exit(0);
}
// Database Query in here (excluded) that selects sellers_email, product_name, and price from within the database for the actual purchase, based on the $_POST['item_name'] from paypal.
// If return results are 0 from database table than do following:
$errmsg .= "Product Not Found in the database: ";
$errmsg .= $_POST['item_name']."\n";
// manually investigate errors from the fraud checking
$body = "IPN failed fraud checks: \n$errmsg\n\n";
$body .= $listener->getTextReport();
mail('[email protected]', 'IPN Fraud Warning', $body);
exit(0);
// Set $sellers_email, $item_name, and $price variables from the database table. And than free the mysql result.
// 2. Make sure seller email matches your primary account email.
if ($_POST['receiver_email'] != $sellers_email) {
$errmsg .= "'receiver_email' does not match: ";
$errmsg .= $_POST['receiver_email']."\n";
}
// 3. Make sure the amount(s) paid match
if ($_POST['mc_gross'] != $price) {
$errmsg .= "'mc_gross' does not match: ";
$errmsg .= $_POST['mc_gross']."\n";
}
// 4. Make sure the currency code matches
if ($_POST['mc_currency'] != 'USD') {
$errmsg .= "'mc_currency' does not match: ";
$errmsg .= $_POST['mc_currency']."\n";
}
// 5. Ensure the transaction is not a duplicate.
// Attempt to grab a transaction id from the table where it goes. The column is id_txn, if it exists
$errmsg .= "'txn_id' has already been processed: ".$_POST['txn_id']."\n";
// free database result.
// Set $txn_id from paypal to the $txn_id variable.
$txn_id = (string) $_POST['txn_id'];
if (!empty($errmsg)) {
// manually investigate errors from the fraud checking
$body = "IPN failed fraud checks: \n$errmsg\n\n";
$body .= $listener->getTextReport();
mail('[email protected]', 'IPN Fraud Warning', $body);
} else {
// send email to buyer.
// and just to be sure, send them to the sa=thankyou page!
}
} else {
// send email to self with the errors listed
}
}
}
if (!empty($_REQUEST['sa']) && $_REQUEST['sa'] == 'thankyou')
echo '
<div class="information">Thank you for purchasing this product. We sent you an email with your details and link to download this software.<br />';
echo '
<div class="cat_bar boardframe">
<h3 class="catbg">
PayPal Test Sale
</h3>
</div>
<div class="roundframe blockframe">
This is just a Test Selling Page to be sure that the PayPal electronic downloads actually work!
</div>
<span class="lowerframe"><span><!-- // --></span></span>
<br />
<div class="cat_bar boardframe">
<h3 class="catbg">
Purchase at 0.01 USD
</h3>
</div>
<div class="roundframe blockframe">
<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="FJAGXAC7GCFSY">
<input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_paynow_SM.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!" style="border: none; background: none;">
<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>
</div>
<span class="lowerframe"><span><!-- // --></span></span>
<br class="clear" />';
的ipnlisten代碼er.php文件中有如下代碼:
class IpnListener {
/**
* If true, the recommended cURL PHP library is used to send the post back
* to PayPal. If flase then fsockopen() is used. Default true.
*
* @var boolean
*/
public $use_curl = true;
/**
* If true, explicitly sets cURL to use SSL version 3. Use this if cURL
* is compiled with GnuTLS SSL.
*
* @var boolean
*/
public $force_ssl_v3 = true;
/**
* If true, cURL will use the CURLOPT_FOLLOWLOCATION to follow any
* "Location: ..." headers in the response.
*
* @var boolean
*/
public $follow_location = false;
/**
* If true, an SSL secure connection (port 443) is used for the post back
* as recommended by PayPal. If false, a standard HTTP (port 80) connection
* is used. Default true.
*
* @var boolean
*/
public $use_ssl = true;
/**
* If true, the paypal sandbox URI www.sandbox.paypal.com is used for the
* post back. If false, the live URI www.paypal.com is used. Default false.
*
* @var boolean
*/
public $use_sandbox = false;
/**
* The amount of time, in seconds, to wait for the PayPal server to respond
* before timing out. Default 30 seconds.
*
* @var int
*/
public $timeout = 30;
private $post_data = array();
private $post_uri = '';
private $response_status = '';
private $response = '';
const PAYPAL_HOST = 'www.paypal.com';
const SANDBOX_HOST = 'www.sandbox.paypal.com';
/**
* Post Back Using cURL
*
* Sends the post back to PayPal using the cURL library. Called by
* the processIpn() method if the use_curl property is true. Throws an
* exception if the post fails. Populates the response, response_status,
* and post_uri properties on success.
*
* @param string The post data as a URL encoded string
*/
protected function curlPost($encoded_data) {
if ($this->use_ssl) {
$uri = 'https://'.$this->getPaypalHost().'/cgi-bin/webscr';
$this->post_uri = $uri;
} else {
$uri = 'http://'.$this->getPaypalHost().'/cgi-bin/webscr';
$this->post_uri = $uri;
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO,
dirname(__FILE__)."/cert/api_cert_chain.crt");
curl_setopt($ch, CURLOPT_URL, $uri);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $encoded_data);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, $this->follow_location);
curl_setopt($ch, CURLOPT_TIMEOUT, $this->timeout);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, true);
if ($this->force_ssl_v3) {
curl_setopt($ch, CURLOPT_SSLVERSION, 3);
}
$this->response = curl_exec($ch);
$this->response_status = strval(curl_getinfo($ch, CURLINFO_HTTP_CODE));
if ($this->response === false || $this->response_status == '0') {
$errno = curl_errno($ch);
$errstr = curl_error($ch);
throw new Exception("cURL error: [$errno] $errstr");
}
}
/**
* Post Back Using fsockopen()
*/
protected function fsockPost($encoded_data) {
if ($this->use_ssl) {
$uri = 'ssl://'.$this->getPaypalHost();
$port = '443';
$this->post_uri = $uri.'/cgi-bin/webscr';
} else {
$uri = $this->getPaypalHost(); // no "http://" in call to fsockopen()
$port = '80';
$this->post_uri = 'http://'.$uri.'/cgi-bin/webscr';
}
$fp = fsockopen($uri, $port, $errno, $errstr, $this->timeout);
if (!$fp) {
// fsockopen error
throw new Exception("fsockopen error: [$errno] $errstr");
}
$header = "POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .= "Host: ".$this->getPaypalHost()."\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: ".strlen($encoded_data)."\r\n";
$header .= "Connection: Close\r\n\r\n";
fputs($fp, $header.$encoded_data."\r\n\r\n");
while(!feof($fp)) {
if (empty($this->response)) {
// extract HTTP status from first line
$this->response .= $status = fgets($fp, 1024);
$this->response_status = trim(substr($status, 9, 4));
} else {
$this->response .= fgets($fp, 1024);
}
}
fclose($fp);
}
private function getPaypalHost() {
if ($this->use_sandbox) return self::SANDBOX_HOST;
else return self::PAYPAL_HOST;
}
/**
* Get POST URI
*/
public function getPostUri() {
return $this->post_uri;
}
/**
* Get Response
*
* Returns the entire response from PayPal as a string including all the
* HTTP headers.
*
* @return string
*/
public function getResponse() {
return $this->response;
}
/**
* Get Response Status 200 if Successful
*/
public function getResponseStatus() {
return $this->response_status;
}
/**
* Get Text Report
*/
public function getTextReport() {
$r = '';
// date and POST url
for ($i=0; $i<80; $i++) { $r .= '-'; }
$r .= "\n[".date('m/d/Y g:i A').'] - '.$this->getPostUri();
if ($this->use_curl) $r .= " (curl)\n";
else $r .= " (fsockopen)\n";
// HTTP Response
for ($i=0; $i<80; $i++) { $r .= '-'; }
$r .= "\n{$this->getResponse()}\n";
// POST vars
for ($i=0; $i<80; $i++) { $r .= '-'; }
$r .= "\n";
foreach ($this->post_data as $key => $value) {
$r .= str_pad($key, 25)."$value\n";
}
$r .= "\n\n";
return $r;
}
/**
* Process IPN
*
* Handles the IPN post back to PayPal and parsing the response. Call this
* method from your IPN listener script. Returns true if the response came
* back as "VERIFIED", false if the response came back "INVALID", and
* throws an exception if there is an error.
*
* @param array
*
* @return boolean
*/
public function processIpn($post_data=null) {
$encoded_data = 'cmd=_notify-validate';
if ($post_data === null) {
if (!empty($_POST)) {
$this->post_data = $_POST;
$encoded_data .= '&'.file_get_contents('php://input');
} else {
throw new Exception("No POST data found.");
}
} else {
$this->post_data = $post_data;
foreach ($this->post_data as $key => $value) {
$encoded_data .= "&$key=".urlencode($value);
}
}
if ($this->use_curl) $this->curlPost($encoded_data);
else $this->fsockPost($encoded_data);
if (strpos($this->response_status, '200') === false) {
throw new Exception("Invalid response status: ".$this->response_status);
}
if (strpos($this->response, "VERIFIED") !== false) {
return true;
} elseif (strpos($this->response, "INVALID") !== false) {
return false;
} else {
throw new Exception("Unexpected response from PayPal.");
}
}
public function requirePostMethod() {
// require POST requests
if ($_SERVER['REQUEST_METHOD'] && $_SERVER['REQUEST_METHOD'] != 'POST') {
header('Allow: POST', true, 405);
throw new Exception("Invalid HTTP request method.");
}
}
}
沒有記錄在error_log中的錯誤(這個文件如果出現錯誤,實際上是被創建的,所以它甚至不存在)。它從不向數據庫中添加任何東西。我知道PayPal服務器上的item_name是正確的,並且也應該在數據庫表中匹配。
似乎ipnlistener有問題,或者它如何鏈接到它?或者從中返回什麼?
有沒有一種方法可以完全從ipnlistener.php文件測試返回值?這樣我才能真正看到它?也許,如果我什至可以看到什麼發送到以下網址(從貝寶):http://mydomain.com/index.php?page=paypaltest;sa=paypal_verify
我試圖能夠跟蹤這個,以便我可以弄清楚它究竟是哪裏出錯在...任何想法?
也許有事情做這一行的捲曲:服務器的實際文件結構中安裝SSL證書的
curl_setopt($ch, CURLOPT_CAINFO,
dirname(__FILE__)."/cert/api_cert_chain.crt");
我從來沒有聽說過知道。
此外,這可能是因爲它在notify_url內有index.php,它正在添加額外的標頭。如果是這樣,我可以在從PayPal獲取編碼數據並將其返回給PayPal進行驗證之前,以某種方式將所有內容都清除出文件?這種方式肯定與PayPal將其發送到notify_url時完全一樣。
我不明白爲什麼這必須是如此複雜!現在我已經連續7天拔掉頭髮,幾乎沒有睡覺!
我知道:我的服務器上啓用了cURL。如果我瀏覽到實際的notify_url頁面,它是空白的(就像一個完全空白的頁面),我相信這是正確的。當查看通知歷史記錄時,它說,發送和HTTP響應代碼是200.
這我不知道:它在哪裏失敗? PayPal通知在哪裏完全失敗?爲什麼它不接觸我的數據庫?我在任何地方都沒有錯誤...
此外,IPN是在我的配置文件中啓用,自動返回也是如此。但是,IPN從我的配置文件轉到另一個URL,但這不重要,因爲我在創建按鈕的第3步中設置了「notify_url」變量。 –
當我使用IPN模擬器時,它會將值添加到數據庫中,併發送電子郵件,當然,我將ipnlistener.php中'$ use_sandbox'的變量更改爲false,並將此變爲現實! –
也可以在Sandbox模式下工作得很好,但在實時中完全不起作用!我的意思是它重定向到返回url就好了,但它不會將用戶信息添加到數據庫中,並且它永遠不會向用戶發送電子郵件,而在沙箱模式中它完美無瑕! –