SitePoint Sponsor

User Tag List

Results 1 to 25 of 25
  1. #1
    SitePoint Enthusiast AmandaArias's Avatar
    Join Date
    Sep 2001
    Location
    Houston, TX USA
    Posts
    82
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PayPal IPN - My code that works..I'm nice enough to post it!!

    Main code is from PayPal itself, but since people have not been able to figure it out, here is mine.


    PHP Code:
    <?php

    //Name: paypal.php

    //Connect to my database
    $db=mysql_connect("localhost""---""---");
    mysql_select_db("---",$db);

    // Read post from PayPal system and add 'cmd'
    $postvars = array();
    while (list (
    $key$value) = each ($HTTP_POST_VARS)) {
    $postvars[] = $key;
    }
    $req 'cmd=_notify-validate';
    for (
    $var 0$var count ($postvars); $var++) {
    $postvar_key $postvars[$var];
    $postvar_value = $$postvars[$var];
    $req .= "&" $postvar_key "=" urlencode ($postvar_value);
    }

    // Post back to PayPal system to validate
    $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
    $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
    $header .= "Content-Length: " strlen ($req) . "\r\n\r\n";
    $fp fsockopen ("www.paypal.com"80$errno$errstr30);

    // Assign posted variables to local variables
    //These are most of the ones PayPal uses - check site for others
    $receiver_email $HTTP_POST_VARS['receiver_email'];
    $payer_email $HTTP_POST_VARS['payer_email'];
    $payer_status $HTTP_POST_VARS['payer_status'];
    $payment_fee $HTTP_POST_VARS['payment_fee'];
    $payment_type $HTTP_POST_VARS['payment_type'];
    $payment_status $HTTP_POST_VARS['payment_status'];
    $pending_reason $HTTP_POST_VARS['pending_reason'];
    $txn_id $HTTP_POST_VARS['txn_id'];

    //My own variables for code below
    $member_id $HTTP_POST_VARS['item_number'];
    $sum $HTTP_POST_VARS['payment_gross'];

    //Get date to add to my e-mails sent out in code below
    $startdate =  strftime("%m/%d/%y",time());

    if (!
    $fp) {
    // HTTP ERROR
    echo "$errstr ($errno)";
    } else {
    fputs ($fp$header $req);
    while (!
    feof($fp)) {
    $res fgets ($fp1024);
    if (
    strcmp ($res"VERIFIED") == 0) {

    // Process payment - You are also supposed to do 
    //a few other things here before processing...
    //see orig PayPal script for more info on that

    if($payment_status == "Completed") {

    //Add amount paid to amount already in database 
    //or whatever your script is to do should go here..
    if($sum  0) {
    mysql_query("UPDATE members SET account=account+$sum WHERE member_id=$member_id",$db);

    //e-mail templates - send mail to myself and to client
    include ("paypalfunds_admin.inc");

    include (
    "paypalfunds_client.inc");
    }
    }
    if(
    $payment_status == "Pending") {

    //e-mail templates - send pending e-mail to myself and to client - once completed PayPal
    //will send another post to this page and then the completed functions above will occur
    include ("paypalfunds_pending.inc");

    include (
    "paypalfunds_pending_admin.inc");

    }
    }
    else if (
    strcmp ($res"INVALID") == 0) {
    // mail myself for manual investigation, or log it to a file, or whatever...
    mail("paypal@yourdomain.com""Invalid Response @ PayPal""$REMOTE_ADDR""From: [email]paypal@yourdomain.com[/email]");
    }
    }
    fclose ($fp);
    }
    ?>
    So basically upload the file to your site, add the URL under PayPal IPN in your PayPal account, and it will work for you. It does for me, so if you can't figure it out let me know.

    Amanda
    Arias Web Hosting - Affordable, Multi-Domain Linux Hosting
    http://ariaswebhosting.com

    PhpShop Customization "Manual" - http://phpshop.ariaswebhosting.com/

  2. #2
    SitePoint Guru
    Join Date
    Mar 2002
    Posts
    608
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I am confused. HOw is this different from the paypal html form you are provided with from paypal?

    Did they provide this complicated code or is this a php/workaround?

    Just a bit confused, thank you

  3. #3
    SitePoint Enthusiast AmandaArias's Avatar
    Join Date
    Sep 2001
    Location
    Houston, TX USA
    Posts
    82
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is PayPal instant payment notification... it is not a form. PayPal instant payment notification allows you to know when someone has paid you and allows you to process their payment accordingly. Here is how mine works...

    1. So and so comes to my site..
    2. They want to add funds to their account to purchase domain names so they click the link to make payment at PayPal...
    3. They pay..
    4. PayPal sends a post to my script and lets the script know if they paid or not and if it is completed payment or still pending...
    5. Script then does what it is told to do. In my case it adds the amount paid to the database under the member who paid...

    That's all it does.

    Here is more info from PayPal about IPN: http://www.paypal.com/cgi-bin/webscr...n-info-outside

    Amanda

  4. #4
    SitePoint Guru
    Join Date
    Mar 2002
    Posts
    608
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks. All I do is wait for the email lol, I had no idea this existed. I will check this out.

  5. #5
    SitePoint Evangelist thewitt's Avatar
    Join Date
    Apr 2001
    Posts
    468
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Shouldn't you be verifying that this was initiated from the PayPal site, and not just executed by a user somewhere, adding funds into their account on your system?

    -t
    myOstrich Internet
    OpenSRS Domain Registration, Digital Certificates
    Website Design, Hosted Email and now Blogware!

  6. #6
    SitePoint Enthusiast AmandaArias's Avatar
    Join Date
    Sep 2001
    Location
    Houston, TX USA
    Posts
    82
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi. I am still working on the code. It has been tested as is and it works, but it is not on a live site yet.

    Thats why I mentioned
    // Process payment - You are also supposed to do
    //a few other things here before processing...
    //see orig PayPal script for more info on that
    in the code.

    I just thought it would help others get started. I didn't mean it was compltete.

    Amanda

  7. #7
    SitePoint Enthusiast Goldfinger's Avatar
    Join Date
    Dec 2001
    Posts
    70
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i looked all around my paypal account where can i download the original script?

  8. #8
    SitePoint Enthusiast AmandaArias's Avatar
    Join Date
    Sep 2001
    Location
    Houston, TX USA
    Posts
    82
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Here is more info from PayPal about IPN: http://www.paypal.com/cgi-bin/webscr...n-info-outside

    The original script is there...

    Amanda
    Last edited by AmandaArias; Mar 7, 2002 at 14:30.

  9. #9
    SitePoint Enthusiast AmandaArias's Avatar
    Join Date
    Sep 2001
    Location
    Houston, TX USA
    Posts
    82
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Shouldn't you be verifying that this was initiated from the PayPal site, and not just executed by a user somewhere, adding funds into their account on your system?

    -t
    So what is the best way to do that anyway? Any ideas?

    Thanks!!!

    Amanda

  10. #10
    SitePoint Enthusiast AmandaArias's Avatar
    Join Date
    Sep 2001
    Location
    Houston, TX USA
    Posts
    82
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Here Goldfinger

    Here is the PayPal code without any changes:


    PHP Code:
    <?php

    // read post from PayPal system and add 'cmd'
    $postvars = array();
    while (list (
    $key$value) = each ($HTTP_POST_VARS)) {
    $postvars[] = $key;
    }
    $req 'cmd=_notify-validate';
    for (
    $var 0$var count ($postvars); $var++) {
    $postvar_key $postvars[$var];
    $postvar_value = $$postvars[$var];
    $req .= "&" $postvar_key "=" urlencode ($postvar_value);
    }

    // post back to PayPal system to validate
    $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
    $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
    $header .= "Content-Length: " strlen ($req) . "\r\n\r\n";
    $fp fsockopen ("www.paypal.com"80$errno$errstr30);

    // assign posted variables to local variables
    $receiver_email $HTTP_POST_VARS['receiver_email'];
    $item_number $HTTP_POST_VARS['item_number'];
    $invoice $HTTP_POST_VARS['invoice'];
    $payment_status $HTTP_POST_VARS['payment_status'];
    $payment_gross $HTTP_POST_VARS['payment_gross'];
    $txn_id $HTTP_POST_VARS['txn_id'];
    $payer_email $HTTP_POST_VARS['payer_email'];

    if (!
    $fp) {
    // HTTP ERROR
    echo "$errstr ($errno)";
    } else {
    fputs ($fp$header $req);
    while (!
    feof($fp)) {
    $res fgets ($fp1024);
    if (
    strcmp ($res"VERIFIED") == 0) {
    // check the payment_status=Completed
    // check that txn_id has not been previously processed
    // check that receiver_email is an email address in your PayPal account
    // process payment
    }
    else if (
    strcmp ($res"INVALID") == 0) {
    // log for manual investigation
    }
    }
    fclose ($fp);
    }
    ?>
    Find it at: http://www.paypal.com/cgi-bin/webscr...ns-ipn-outside

    Amanda

  11. #11
    SitePoint Enthusiast Goldfinger's Avatar
    Join Date
    Dec 2001
    Posts
    70
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    it does all the verify on the paypal server thats the reason for having fsockopen function in the script . and if i get it right i think you have to sign in under your account for it to actually transfer money. sooo.. i think its pretty safe.

  12. #12
    SitePoint Enthusiast AmandaArias's Avatar
    Join Date
    Sep 2001
    Location
    Houston, TX USA
    Posts
    82
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    See I am just a lucky coder I guess. I just play around with stuff until it works for me and if I can't get it working I ask the nice people here or on phpbuilder.com. I don't really know what I am doing or what anything means. Well, I do know a little bit. I bought a book a few days ago and I am reading it, but with 2 small children, a home business, and endless amounts of housework... well, you can say my reading time is limited.

    Amanda

  13. #13
    SitePoint Enthusiast Goldfinger's Avatar
    Join Date
    Dec 2001
    Posts
    70
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think the best way of learning php or any programming language is to learn as much of the basics as you can then download some simplier scripts (on a site like hotscripts.com) and just modify them and figure out what happens when you do this or that to the script. Also try causing errors in the scripts and solve those problems. That way you when you start writing your own you'll know how to solve those kind of errors.

  14. #14
    SitePoint Enthusiast AmandaArias's Avatar
    Join Date
    Sep 2001
    Location
    Houston, TX USA
    Posts
    82
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, now I am getting off topic, but I'm sure no one minds. I am not a complete newbie, but new enough that I can't write a script from scratch. I can take someone else's script and modify it out the wazzoo though. My first PHP script was phpShop and I am a wiz with that now. Then I borrowed an online course script called Learnloop and modified it to a paid course site that generates certificates and all. I did that with no help and was amazed at myself. I go back to the code now and realize I have a lot of bad coding, but hey, it works. I am going to rewrite it soon with all that I know now. I just know that I love PHP and it is so much fun. I started out designing web sites and now all I want to do is write PHP... I LOVE IT!!!! Okay, now that you all think I am a nut case...

    Amanda
    Arias Web Hosting - Affordable, Multi-Domain Linux Hosting
    http://ariaswebhosting.com

    PhpShop Customization "Manual" - http://phpshop.ariaswebhosting.com/

  15. #15
    SitePoint Enthusiast Goldfinger's Avatar
    Join Date
    Dec 2001
    Posts
    70
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    try using phpedit for writing your code . Its a VERY NICE coding program. Give you the syntax of functions, saves the time going for your coding to the php site for reference . I love it and would request it to anyone.


    www.phpedit.com

  16. #16
    SitePoint Enthusiast AmandaArias's Avatar
    Join Date
    Sep 2001
    Location
    Houston, TX USA
    Posts
    82
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks! I had heard of it, but never used it. I think I may download it... now that I think about it, the book I bought (PHP: Your visual blueprint for creating open source, server-side content - www.hungryminds.com) has it on the included software... hmmm... going to check it out now.

    Thanks again!!

    Amanda
    Arias Web Hosting - Affordable, Multi-Domain Linux Hosting
    http://ariaswebhosting.com

    PhpShop Customization "Manual" - http://phpshop.ariaswebhosting.com/

  17. #17
    SitePoint Enthusiast AmandaArias's Avatar
    Join Date
    Sep 2001
    Location
    Houston, TX USA
    Posts
    82
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Nevermind.. the software it includes is PHPed by www.soysal.com. Ever heard of it.. Is it a good program?

    Amanda
    Arias Web Hosting - Affordable, Multi-Domain Linux Hosting
    http://ariaswebhosting.com

    PhpShop Customization "Manual" - http://phpshop.ariaswebhosting.com/

  18. #18
    SitePoint Enthusiast Goldfinger's Avatar
    Join Date
    Dec 2001
    Posts
    70
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    never heard of it.. wont try anything different either . PHPEdit is the best program ever.

  19. #19
    SitePoint Enthusiast AmandaArias's Avatar
    Join Date
    Sep 2001
    Location
    Houston, TX USA
    Posts
    82
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Just downloaded i (PHPedit). Looks good so far. Thanks.

    Amanda

  20. #20
    SitePoint Evangelist thewitt's Avatar
    Join Date
    Apr 2001
    Posts
    468
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by Goldfinger
    it does all the verify on the paypal server thats the reason for having fsockopen function in the script . and if i get it right i think you have to sign in under your account for it to actually transfer money. sooo.. i think its pretty safe.
    Except that I can simply execute this script on her site and her program will believe I came in through PayPal and that I paid.

    I would say that as a minimum you need to check the HTTP_REFERER environment variable and make sure the call to your routine comes from the PayPal server.

    -t
    myOstrich Internet
    OpenSRS Domain Registration, Digital Certificates
    Website Design, Hosted Email and now Blogware!

  21. #21
    SitePoint Wizard gold trophysilver trophy
    Join Date
    Nov 2000
    Location
    Switzerland
    Posts
    2,479
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Great script!

    Think thewitt's point is the whole idea of IPN is to use it to automate your site - i.e. when PayPal posts to the script, whatever actions the script takes are meant to save you time, there for you need to be able to trust the script to have checked PayPal submitted the notification and not someone else, or you'll be giving people a free ride.

    To validate, you can probably do something like this, right at the top of the script;

    Code:
    // Get the host name making the incoming post to the script
    $REMOTE_HOST = @getHostByAddr($REMOTE_ADDR);
    
    // If it's not from the paypal.com domain, exit
    if ( !eregi ( "paypal.com" , $REMOTE_HOST ) ) {
       exit ();
    } else {
    
    // Rest of the script here
    
    }
    One question? I haven't seen it mentioned anywhere but do paypal have a test server, where you can check IPN works correctly and such like? I dont really want to sign up for a second account with them just to test.

  22. #22
    SitePoint Enthusiast AmandaArias's Avatar
    Join Date
    Sep 2001
    Location
    Houston, TX USA
    Posts
    82
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    They dont offer a testing facility. I signed up for a second account to test mine. I just set the amount to something like .01 and then refund back to myself when done.

    Amanda
    Arias Web Hosting - Affordable, Multi-Domain Linux Hosting
    http://ariaswebhosting.com

    PhpShop Customization "Manual" - http://phpshop.ariaswebhosting.com/

  23. #23
    SitePoint Member
    Join Date
    Jun 2002
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by thewitt
    Shouldn't you be verifying that this was initiated from the PayPal site, and not just executed by a user somewhere, adding funds into their account on your system?

    -t
    Actually, her script based on the paypal script DOES verify that the results came from www.paypal.com with the fsock open to paypal, then the search for the VERIFIED variable. If you try to work this script from another site, it still opens the fsock to paypal, but this time paypal returns INVALID. If you try to override this by just sending it a VERIFIED variable, it STILL opens up the fsock to paypal, which then sends back INVALID. So for what I can see, unless the hacker can change the script to redirect the fsock, or remove it all together, then you are safe! (If they had access to change that, then I'm sure they could just get what your offering with out the script.)

    If you were to read the paypal IPN page (every last word of it) while they are not too clear about how the programing works, they do tell you what the server does to verify the variables.
    Man, Real life sucks, there's no "undo" button. (knoj)

  24. #24
    SitePoint Addict
    Join Date
    Jan 2003
    Posts
    232
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Smile

    Thank you amanda for the script.

    Do you have a latest script now??

  25. #25
    SitePoint Enthusiast AmandaArias's Avatar
    Join Date
    Sep 2001
    Location
    Houston, TX USA
    Posts
    82
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ezguy,

    Amanda sold her web hosting and domain name business in October. We no longer use the PayPal IPN. I looked around on our servers for updated code, but couldn't find any.

    Sorry.

    Scott Campbell
    Arias Web Hosting
    Arias Web Hosting - Affordable, Multi-Domain Linux Hosting
    http://ariaswebhosting.com

    PhpShop Customization "Manual" - http://phpshop.ariaswebhosting.com/


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •