0

我需要有关 PayPal 订阅付款 IPN 处理的建议。我已经基于 PayPal 代码示例编写了一个 IPN 处理程序/侦听器。侦听器将 IPN 消息复制回 PayPal,前面带有 cmd=_notify-validate。我可以毫无问题地设置订阅,即用户输入他们的详细信息,并将其连同他们的订单信息一起传递给他们登录到他们的帐户并同意订阅的 PayPal。在 PayPal 成功回复后,订单被确认并更新了我的数据库。我遇到的问题是定期付款通知。我已将订阅设置为每天通过 PayPal 沙盒进行,每次 PayPal 建议客户付款,等待客户登录到他们的 PayPal 帐户并接受付款,这会导致另一个 IPN 确认付款完成。我正在发回验证请求之前的 IPN 消息,并收到来自 PayPal Sandbox 的空响应。根据 PayPal 文档,我希望收到“已验证”或“无效”吗?但是,PayPal 对返回消息的响应是“”还是 null?IPN 验证码如下所示,使用“<a href="https://www.sandbox.paypal.com/cgi-bin/webscr" rel="nofollow">https://www.sandbox.paypal.com /cgi-bin/webscr”作为 URL:

  $url_parsed=parse_url($this->paypal_url);

  // generate the post string from the _POST vars and load the _POST vars into an array
  $post_string = "cmd=_notify-validate"; // start IPN response with validate command
  foreach ($_POST as $field=>$value) {
     $post_string .= '&';
     $this->ipn_data["$field"] = $value;
     $post_string .= $field.'='.urlencode(stripslashes($value));
  }

  // open the connection to PayPal
  $fp = fsockopen($url_parsed[host],443,$err_num,$err_str,30);

  if(!$fp) {

     // could not open the connection.  If logging is on, log the error message
     $this->last_error = "fsockopen error no. $errnum: $errstr";
     $this->log_ipn_results(false);
     return false;

  } else {

     // Post the data back to PayPal
     fputs($fp, "POST $url_parsed[path] HTTPS/1.1\r\n");
     fputs($fp, "Host: $url_parsed[host]\r\n");
     fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n");
     fputs($fp, "Content-length: ".strlen($post_string)."\r\n");
     fputs($fp, "Connection: close\r\n\r\n");
     fputs($fp, $post_string . "\r\n\r\n");

     // loop through the response from the server and append to variable
     while(!feof($fp)) {
        $this->ipn_response .= fgets($fp, 1024);
     }

     fclose($fp); // close connection

  /* PayPal sends a single word back, which is VERIFIED if the message originated with PayPal
     or INVALID if there is any discrepancy with what was originally sent */
  if (strcmp ("INVALID", $this->ipn_response) != 0) {
  // The above is a work around to address null response! For now!
     // Valid IPN transaction.
     $this->log_ipn_results(true);
     return true;

  } else {

     // Invalid IPN transaction.  Check the log for details.
     $this->last_error = 'IPN Validation Failed.';
     $this->log_ipn_results(false);
     return false;
  }

我已经测试了超时,并相信该过程完全在 30 秒的时间限制内,并确认 $post_string 的结构在开始时使用 cmd 复制了原始消息。我能想到的唯一其他问题是 IPN vars 的返回发布是从受 SSL 证书保护的页面发送的?无论如何,除非我遗漏了一些东西,否则我不相信 PayPal 沙盒实际上正在响应,因此结果为空?任何建议或指导将不胜感激,因为我依靠多个每日订阅付款期来通过沙盒进行测试。

4

2 回答 2

0

我实现了 PHP Curl 处理程序如下:

<?php

   function validate_ipn() {

      // CONFIG: Enable debug mode. This means we'll log requests into 'ipn.log' in the same directory.
      // Especially useful if you encounter network errors or other intermittent problems with IPN (validation).
      // Set this to 0 once you go live or don't require logging.
      define("DEBUG", 1);
      define("LOG_FILE", "../log/ipn.log");

      // Set to 0 once you're ready to go live
      define("USE_SANDBOX", 1);

      // Read POST data
      // reading posted data directly from $_POST causes serialization
      // issues with array data in POST. Reading raw POST data from input stream instead.
      $raw_post_data = file_get_contents('php://input');
      $raw_post_array = explode('&', $raw_post_data);
      $myPost = array();
      foreach ($raw_post_array as $keyval) {
              $keyval = explode ('=', $keyval);
              if (count($keyval) == 2)
                      $myPost[$keyval[0]] = urldecode($keyval[1]);
      }
      // read the post from PayPal system and add 'cmd'
      $req = 'cmd=_notify-validate';
      if (function_exists('get_magic_quotes_gpc')) {
         $get_magic_quotes_exists = true;
      }
      foreach ($myPost as $key => $value) {
              if ($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
                 $value = urlencode(stripslashes($value));
              } else {
                 $value = urlencode($value);
              }
              $req .= "&$key=$value";
      }

      // Post IPN data back to PayPal to validate the IPN data is genuine
      // Without this step anyone can fake IPN data
      if (USE_SANDBOX == true) {
         $paypal_url = "https://www.sandbox.paypal.com/cgi-bin/webscr";
      } else {
         $paypal_url = "https://www.paypal.com/cgi-bin/webscr";
      }

      $ch = curl_init($paypal_url);
      if ($ch == FALSE) {
         return FALSE;
      }

      curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
      curl_setopt($ch, CURLOPT_POST, 1);
      curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
      curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
      curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
      curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
      curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);

      if (DEBUG == true) {
         curl_setopt($ch, CURLOPT_HEADER, 1);
         curl_setopt($ch, CURLINFO_HEADER_OUT, 1);
      }

      // CONFIG: Optional proxy configuration
      //curl_setopt($ch, CURLOPT_PROXY, $proxy);
      //curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);

      // Set TCP timeout to 30 seconds
      curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
      curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));

      // CONFIG: Please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
      // of the certificate as shown below. Ensure the file is readable by the webserver.
      // This is mandatory for some environments.

      //$cert = __DIR__ . "./cacert.pem";
      //curl_setopt($ch, CURLOPT_CAINFO, $cert);

      $res = curl_exec($ch);
      if (curl_errno($ch) != 0) { // cURL error
         if (DEBUG == true) {
            error_log(date('[Y-m-d H:i e] '). "Can't connect to PayPal to validate IPN message: " . curl_error($ch) . PHP_EOL, 3, LOG_FILE);
         }
         curl_close($ch);
         exit;

      } else {
         // Log the entire HTTP response if debug is switched on.
         if (DEBUG == true) {
            error_log(date('[Y-m-d H:i e] '). "HTTP request of validation request:". curl_getinfo($ch, CURLINFO_HEADER_OUT) ." for IPN payload: $req" . PHP_EOL, 3, LOG_FILE);    
            error_log(date('[Y-m-d H:i e] '). "HTTP response of validation request: $res" . PHP_EOL, 3, LOG_FILE);

            // Split response headers and payload
            list($headers, $res) = explode("\r\n\r\n", $res, 2);
         }
         curl_close($ch);
      }

      // Inspect IPN validation result and act accordingly
      if (strcmp ($res, "VERIFIED") == 0) {

         if (DEBUG == true) {
            error_log(date('[Y-m-d H:i e] '). "Verified IPN: $req ". PHP_EOL, 3, LOG_FILE);
         }
         return true;
      } else if (strcmp ($res, "INVALID") == 0) {
         // log for manual investigation
         // Add business logic here which deals with invalid IPN messages
         if (DEBUG == true) {
            error_log(date('[Y-m-d H:i e] '). "Invalid IPN: $req" . PHP_EOL, 3, LOG_FILE);
         }
         return false;
      }

   }

?>

它奏效了!

于 2013-11-08T11:11:32.007 回答
0

当您回传参数以验证交易时,不要从值中去除斜线。它们必须在收到时寄回。

于 2013-11-06T21:36:34.860 回答