php - Paypal IPN 问题 - 不处理某些付款

Question

我目前正在开发一个开源论坛软件的修改。此修改允许用户通过该论坛软件进行捐赠。

但是，最近一位用户报告了一个可能由我的代码引起的问题。我使用另一个开源库来处理 IPN 连接 -一个 IPN 侦听器 PHP 类。

报告此问题的用户正在收到以下电子邮件：

你好<My Name>，

请检查您处理 PayPal 即时付款通知 (IPN) 的服务器。发送到以下 URL 的即时付款通知失败：

http://www.MySite.com/donate/handler.php

如果您不认识此 URL，您可能正在使用代表您使用 IPN 的服务提供商。请与您的服务提供商联系并提供上述信息。如果此问题继续存在，您的帐户可能会禁用 IPN。

感谢您及时关注此问题。

此致， 贝宝

我担心这个问题来自我这边，因此我必须对此进行调查并确定。

我稍微修改了 IPN Listener 脚本，这让我认为我的修改导致了这个问题。Paypal 最近也有一些变化，这可能会引发这个问题。

这就是该类暂时的样子：

/**
* PayPal IPN Listener
*
* A class to listen for and handle Instant Payment Notifications (IPN) from 
* the PayPal server.
*
* https://github.com/Quixotix/PHP-PayPal-IPN
*
* @package    PHP-PayPal-IPN
* @author     Micah Carrick
* @copyright  (c) 2011 - Micah Carrick
* @version    2.0.5
* @license    http://opensource.org/licenses/gpl-license.php
*
* This library is originally licensed under GPL v3, but I received
* permission from the author to use it under GPL v2.
*/
class ipn_handler 
{
    /**
     *  If true, the recommended cURL PHP library is used to send the post back 
     *  to PayPal. If flase then fsockopen() is used. Default true.
     *
     *  @var boolean
     */
    public $use_curl = true;     

    /**
     *  If true, explicitly sets cURL to use SSL version 3. Use this if cURL
     *  is compiled with GnuTLS SSL.
     *
     *  @var boolean
     */
    public $force_ssl_v3 = true;     

    /**
     *  If true, cURL will use the CURLOPT_FOLLOWLOCATION to follow any 
     *  "Location: ..." headers in the response.
     *
     *  @var boolean
     */
    public $follow_location = false;     

    /**
     *  If true, an SSL secure connection (port 443) is used for the post back 
     *  as recommended by PayPal. If false, a standard HTTP (port 80) connection
     *  is used. Default true.
     *
     *  @var boolean
     */
    public $use_ssl = true;      

    /**
     *  If true, the paypal sandbox URI www.sandbox.paypal.com is used for the
     *  post back. If false, the live URI www.paypal.com is used. Default false.
     *
     *  @var boolean
     */
    public $use_sandbox = false; 

    /**
     *  The amount of time, in seconds, to wait for the PayPal server to respond
     *  before timing out. Default 30 seconds.
     *
     *  @var int
     */
    public $timeout = 60;       

    private $post_data = array();
    private $post_uri = '';     
    private $response_status = '';
    private $response = '';

    const PAYPAL_HOST = 'www.paypal.com';
    const SANDBOX_HOST = 'www.sandbox.paypal.com';

    /**
     *  Post Back Using cURL
     *
     *  Sends the post back to PayPal using the cURL library. Called by
     *  the processIpn() method if the use_curl property is true. Throws an
     *  exception if the post fails. Populates the response, response_status,
     *  and post_uri properties on success.
     *
     *  @param  string  The post data as a URL encoded string
     */
    protected function curlPost($encoded_data) 
    {
        global $user;

        if ($this->use_ssl) 
        {
            $uri = 'https://' . $this->getPaypalHost() . '/cgi-bin/webscr';
            $this->post_uri = $uri;
        }
        else 
        {
            $uri = 'http://' . $this->getPaypalHost() . '/cgi-bin/webscr';
            $this->post_uri = $uri;
        }

        $ch = curl_init();

        curl_setopt($ch, CURLOPT_URL, $uri);
        curl_setopt($ch, CURLOPT_POST, true);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $encoded_data);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, $this->follow_location);
        curl_setopt($ch, CURLOPT_TIMEOUT, $this->timeout);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_HEADER, true);

        if ($this->force_ssl_v3) 
        {
            curl_setopt($ch, CURLOPT_SSLVERSION, 3);
        }

        $this->response = curl_exec($ch);
        $this->response_status = strval(curl_getinfo($ch, CURLINFO_HTTP_CODE));

        if ($this->response === false || $this->response_status == '0') 
        {
            $errno = curl_errno($ch);
            $errstr = curl_error($ch);
            throw new Exception($user->lang['CURL_ERROR'] . "[$errno] $errstr");
        }
    }

    /**
     *  Post Back Using fsockopen()
     *
     *  Sends the post back to PayPal using the fsockopen() function. Called by
     *  the processIpn() method if the use_curl property is false. Throws an
     *  exception if the post fails. Populates the response, response_status,
     *  and post_uri properties on success.
     *
     *  @param  string  The post data as a URL encoded string
     */
    protected function fsockPost($encoded_data) 
    {
        global $user;

        if ($this->use_ssl) 
        {
            $uri = 'ssl://' . $this->getPaypalHost();
            $port = '443';
            $this->post_uri = $uri . '/cgi-bin/webscr';
        } 
        else 
        {
            $uri = $this->getPaypalHost(); // no "http://" in call to fsockopen()
            $port = '80';
            $this->post_uri = 'http://' . $uri . '/cgi-bin/webscr';
        }

        $fp = fsockopen($uri, $port, $errno, $errstr, $this->timeout);

        if (!$fp) 
        { 
            // fsockopen error
            throw new Exception($user->lang['FSOCKOPEN_ERROR'] . "[$errno] $errstr");
        } 

        $header = "POST /cgi-bin/webscr HTTP/1.1\r\n";
        $header .= "Content-Length: " . strlen($encoded_data) . "\r\n";
        $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
        $header .= "Host: " . $this->getPaypalHost() . "\r\n";
        $header .= "Connection: close\r\n\r\n";

        fputs($fp, $header . $encoded_data . "\r\n\r\n");

        while(!feof($fp)) 
        { 
            if (empty($this->response)) 
            {
                // extract HTTP status from first line
                $this->response .= $status = fgets($fp, 1024); 
                $this->response_status = trim(substr($status, 9, 4));
            } 
            else 
            {
                $this->response .= fgets($fp, 1024); 
            }
        } 

        fclose($fp);
    }

    private function getPaypalHost() 
    {
        if ($this->use_sandbox) 
        {
            return ipn_handler::SANDBOX_HOST;
        }
        else
        {
            return ipn_handler::PAYPAL_HOST;
        }
    }

    /**
     *  Get POST URI
     *
     *  Returns the URI that was used to send the post back to PayPal. This can
     *  be useful for troubleshooting connection problems. The default URI
     *  would be "ssl://www.sandbox.paypal.com:443/cgi-bin/webscr"
     *
     *  @return string
     */
    public function getPostUri() 
    {
        return $this->post_uri;
    }

    /**
     *  Get Response
     *
     *  Returns the entire response from PayPal as a string including all the
     *  HTTP headers.
     *
     *  @return string
     */
    public function getResponse() 
    {
        return $this->response;
    }

    /**
     *  Get Response Status
     *
     *  Returns the HTTP response status code from PayPal. This should be "200"
     *  if the post back was successful. 
     *
     *  @return string
     */
    public function getResponseStatus() 
    {
        return $this->response_status;
    }

    /**
     *  Get Text Report
     *
     *  Returns a report of the IPN transaction in plain text format. This is
     *  useful in emails to order processors and system administrators. Override
     *  this method in your own class to customize the report.
     *
     *  @return string
     */
    public function getTextReport() 
    {
        $r = '';

        // date and POST url
        for ($i = 0; $i < 80; $i++) 
        { 
            $r .= '-'; 
        }

        $r .= "\n[" . date('m/d/Y g:i A') . '] - ' . $this->getPostUri();
        if ($this->use_curl) 
        {
            $r .= " (curl)\n";
        }
        else
        {
            $r .= " (fsockopen)\n";
        }

        // HTTP Response
        for ($i = 0; $i < 80; $i++) 
        { 
            $r .= '-'; 
        }

        $r .= "\n{$this->getResponse()}\n";

        // POST vars
        for ($i = 0; $i < 80; $i++) 
        { 
            $r .= '-'; 
        }

        $r .= "\n";

        foreach ($this->post_data as $key => $value) 
        {
            $r .= str_pad($key, 25) . "$value\n";
        }

        $r .= "\n\n";

        return $r;
    }

    /**
     *  Process IPN
     *
     *  Handles the IPN post back to PayPal and parsing the response. Call this
     *  method from your IPN listener script. Returns true if the response came
     *  back as "VERIFIED", false if the response came back "INVALID", and 
     *  throws an exception if there is an error.
     *
     *  @param array
     *
     *  @return boolean
     */    
    public function processIpn($post_data = null) 
    {
        global $user;

        $encoded_data = 'cmd=_notify-validate';

        if ($post_data === null) 
        { 
            // use raw POST data 
            if (!empty($_POST)) 
            {
                $this->post_data = $_POST;
                $encoded_data .= '&' . file_get_contents('php://input');
            } 
            else 
            {
                throw new Exception($user->lang['NO_POST_DATA']);
            }
        } 
        else 
        { 
            // use provided data array
            $this->post_data = $post_data;

            foreach ($this->post_data as $key => $value) 
            {
                $encoded_data .= "&$key=" . urlencode($value);
            }
        }

        if ($this->use_curl) 
        {
            $this->curlPost($encoded_data); 
        }
        else
        {
            $this->fsockPost($encoded_data);
        }

        if (strpos($this->response_status, '200') === false) 
        {
            throw new Exception($user->lang['INVALID_RESPONSE'] . $this->response_status);
        }

        if (strpos(trim($this->response), "VERIFIED") !== false) 
        {
            return true;
        } 
        elseif (trim(strpos($this->response), "INVALID") !== false) 
        {
            return false;
        } 
        else 
        {
            throw new Exception($user->lang['UNEXPECTED_ERROR']);
        }
    }

    /**
     *  Require Post Method
     *
     *  Throws an exception and sets a HTTP 405 response header if the request
     *  method was not POST. 
     */    
    public function requirePostMethod() 
    {
        global $user;

        // require POST requests
        if ($_SERVER['REQUEST_METHOD'] && $_SERVER['REQUEST_METHOD'] != 'POST') 
        {
            header('Allow: POST', true, 405);
            throw new Exception($user->lang['INVALID_REQUEST_METHOD']);
        }
    }
}

此脚本是否存在导致此问题的任何问题？

PS：URL donate/handler.php确实是IPN handler/listener 文件，所以它是一个公认的URL。

Answer 1

对于调试部分

您还可以在 Paypal 上查看您的 IPN 状态。

我的帐户 > 历史 > IPN 历史。

它将列出发送到您的服务器的所有 IPN。您将看到他们每个人的状态。它可能会有所帮助。但正如 Andrew Angell 所说，看看你的日志。

对于 PHP 部分

Paypal 在他们的Github上提供了很多好东西。你应该明确地仔细看看。

他们有一个非常简单的IPNLister 示例，您应该使用它（而不是自定义的 - 即使它看起来不错）。它使用 Paypal 本身的内置功能。我个人也使用它。你不应该重新发明轮子:)

<?php
require_once('../PPBootStrap.php');
// first param takes ipn data to be validated. if null, raw POST data is read from input stream
$ipnMessage = new PPIPNMessage(null, Configuration::getConfig());
foreach($ipnMessage->getRawData() as $key => $value) {
    error_log("IPN: $key => $value");
}

if($ipnMessage->validate()) {
    error_log("Success: Got valid IPN data");       
} else {
    error_log("Error: Got invalid IPN data");   
}

如您所见，这很简单。

我以稍微不同的方式使用它：

$rawData    = file_get_contents('php://input');
$ipnMessage = new PPIPNMessage($rawData);

$this->forward404If(!$ipnMessage->validate(), 'IPN not valid.');

$ipnListener = new IPNListener($rawData);
$ipnListener->process();

这IPNListener门课对我来说是定制的：它确实处理了如何处理 IPN。它解析响应并根据状态执行操作：

function __construct($rawData)
{
  $rawPostArray = explode('&', $rawData);
  foreach ($rawPostArray as $keyValue)
  {
    $keyValue = explode ('=', $keyValue);
    if (count($keyValue) == 2)
    {
      $this->ipnData[$keyValue[0]] = urldecode($keyValue[1]);
    }
  }

  // log a new IPN and save in case of error in the next process
  $this->ipn = new LogIpn();
  $this->ipn->setContent($rawData);
  $this->ipn->setType(isset($this->ipnData['txn_type']) ? $this->ipnData['txn_type'] : 'Not defined');
  $this->ipn->save();
}

/**
 * Process a new valid IPN
 *
 */
public function process()
{
  if (null === $this->ipnData)
  {
    throw new Exception('ipnData is empty !');
  }

  if (!isset($this->ipnData['txn_type']))
  {
    $this->ipn->setSeemsWrong('No txn_type.');
    $this->ipn->save();

    return;
  }

  switch ($this->ipnData['txn_type'])
  {
    // handle statues
  }
}

Answer 2

检查您的网络服务器日志。这将向您显示当 IPN 脚本被命中时会出现什么结果，并且由于它失败了，您一定会遇到某种 500 内部服务器错误。日志将为您提供通常在屏幕上看到的错误信息，例如语法错误、行号等。

我也喜欢为故障排除做的是，通过构建一个基本的 HTML 表单来创建我自己的模拟器，并将操作设置为我的 IPN 侦听器的 URL。使用您希望从 IPN 获得的名称/值添加隐藏字段，然后您可以将其加载到浏览器中并直接提交，以便您可以在屏幕上看到结果。您可能会发现您的代码中有错误导致脚本无法完成。

请记住，以这种方式进行测试时，数据不是来自 PayPal，因此不会被验证。您需要确保您的代码逻辑已设置为相应地处理它。

一旦您能够以这种方式顺利进行测试，我将使用 PayPal IPN 侦听器作为另一个确认，然后您可以放心，您已经解决了这个问题。

Answer 3

我强烈推荐使用 Paypal 开发者网站中的IPN 模拟器。它可以为您构建一个 IPN 请求并将其发送到您的服务器并报告它得到了什么。

Answer 4

检查您的 Paypal 帐户下的日志，它将显示已发送的 IPN 请求列表以及结果。如果您有一些重大问题，您可以使用提供的 GET 字符串来测试用例。

Answer 5

我的代码确实存在问题。我犯了一些铸造错误，导致 IPN 失败。此问题已得到解决。

感谢大家的帮助。