PayPal订购付款和定期IPN处理

我需要关于PayPal订购付款IPN处理的建议。 我已经写了一个基于PayPal代码示例的IPN处理程序/监听器。 监听器将IPN消息复制回以PayPal为前缀的cmd = _notify-validate。 我可以设置一个没有问题的订阅,即用户输入他们的详细信息,并将这些订单信息连同他们的订单信息一起传递到PayPal,登录到他们的账户并同意订阅。 在PayPal的成功回应中,订单得到确认并更新了我的数据库。 我遇到的问题是经常性付款通知。 我已经通过PayPal Sandbox设置了每日订阅,并且每次PayPal都会建议客户付款,等待客户登录到其PayPal账户并接受付款,这会导致另一个IPN确认付款已完成。 我回发验证请求前面的IPN消息,并从PayPal沙盒接收到空响应。 根据PayPal文档,我希望收到“VERIFIED”或“INVALID”? 但是,对返回的消息的PayPal响应是“”还是null? IPN验证码如下所示,并使用“https://www.sandbox.paypal.com/cgi-bin/webscr”作为URL:

  $url_parsed=parse_url($this->paypal_url);

  // generate the post string from the _POST vars and load the _POST vars into an array
  $post_string = "cmd=_notify-validate"; // start IPN response with validate command
  foreach ($_POST as $field=>$value) {
     $post_string .= '&';
     $this->ipn_data["$field"] = $value;
     $post_string .= $field.'='.urlencode(stripslashes($value));
  }

  // open the connection to PayPal
  $fp = fsockopen($url_parsed[host],443,$err_num,$err_str,30);

  if(!$fp) {

     // could not open the connection.  If logging is on, log the error message
     $this->last_error = "fsockopen error no. $errnum: $errstr";
     $this->log_ipn_results(false);
     return false;

  } else {

     // Post the data back to PayPal
     fputs($fp, "POST $url_parsed[path] HTTPS/1.1rn");
     fputs($fp, "Host: $url_parsed[host]rn");
     fputs($fp, "Content-type: application/x-www-form-urlencodedrn");
     fputs($fp, "Content-length: ".strlen($post_string)."rn");
     fputs($fp, "Connection: closernrn");
     fputs($fp, $post_string . "rnrn");

     // loop through the response from the server and append to variable
     while(!feof($fp)) {
        $this->ipn_response .= fgets($fp, 1024);
     }

     fclose($fp); // close connection

  /* PayPal sends a single word back, which is VERIFIED if the message originated with PayPal
     or INVALID if there is any discrepancy with what was originally sent */
  if (strcmp ("INVALID", $this->ipn_response) != 0) {
  // The above is a work around to address null response! For now!
     // Valid IPN transaction.
     $this->log_ipn_results(true);
     return true;

  } else {

     // Invalid IPN transaction.  Check the log for details.
     $this->last_error = 'IPN Validation Failed.';
     $this->log_ipn_results(false);
     return false;
  }

我测试了超时时间,并且相信该过程在30秒的时间限制内,并且确认了$ post_string的结构在开始时用cmd复制了原始消息。 我能想到的唯一的其他问题是IPN vars的返回发布是从SSL证书保护的页面发送的? 无论如何,除非我错过了一些东西,我不相信PayPal沙箱实际上是响应,因此为空效果? 任何建议或指导将不胜感激,因为我依靠多个每日订阅付款期限来通过沙盒测试。


当您回传用于验证交易的参数时,请勿从该值中去除斜杠。 必须按收到的方式发回。


我实现了PHP Curl处理程序,如下所示:

<?php

   function validate_ipn() {

      // CONFIG: Enable debug mode. This means we'll log requests into 'ipn.log' in the same directory.
      // Especially useful if you encounter network errors or other intermittent problems with IPN (validation).
      // Set this to 0 once you go live or don't require logging.
      define("DEBUG", 1);
      define("LOG_FILE", "../log/ipn.log");

      // Set to 0 once you're ready to go live
      define("USE_SANDBOX", 1);

      // Read POST data
      // reading posted data directly from $_POST causes serialization
      // issues with array data in POST. Reading raw POST data from input stream instead.
      $raw_post_data = file_get_contents('php://input');
      $raw_post_array = explode('&', $raw_post_data);
      $myPost = array();
      foreach ($raw_post_array as $keyval) {
              $keyval = explode ('=', $keyval);
              if (count($keyval) == 2)
                      $myPost[$keyval[0]] = urldecode($keyval[1]);
      }
      // read the post from PayPal system and add 'cmd'
      $req = 'cmd=_notify-validate';
      if (function_exists('get_magic_quotes_gpc')) {
         $get_magic_quotes_exists = true;
      }
      foreach ($myPost as $key => $value) {
              if ($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
                 $value = urlencode(stripslashes($value));
              } else {
                 $value = urlencode($value);
              }
              $req .= "&$key=$value";
      }

      // Post IPN data back to PayPal to validate the IPN data is genuine
      // Without this step anyone can fake IPN data
      if (USE_SANDBOX == true) {
         $paypal_url = "https://www.sandbox.paypal.com/cgi-bin/webscr";
      } else {
         $paypal_url = "https://www.paypal.com/cgi-bin/webscr";
      }

      $ch = curl_init($paypal_url);
      if ($ch == FALSE) {
         return FALSE;
      }

      curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
      curl_setopt($ch, CURLOPT_POST, 1);
      curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
      curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
      curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
      curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
      curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);

      if (DEBUG == true) {
         curl_setopt($ch, CURLOPT_HEADER, 1);
         curl_setopt($ch, CURLINFO_HEADER_OUT, 1);
      }

      // CONFIG: Optional proxy configuration
      //curl_setopt($ch, CURLOPT_PROXY, $proxy);
      //curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);

      // Set TCP timeout to 30 seconds
      curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
      curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));

      // CONFIG: Please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
      // of the certificate as shown below. Ensure the file is readable by the webserver.
      // This is mandatory for some environments.

      //$cert = __DIR__ . "./cacert.pem";
      //curl_setopt($ch, CURLOPT_CAINFO, $cert);

      $res = curl_exec($ch);
      if (curl_errno($ch) != 0) { // cURL error
         if (DEBUG == true) {
            error_log(date('[Y-m-d H:i e] '). "Can't connect to PayPal to validate IPN message: " . curl_error($ch) . PHP_EOL, 3, LOG_FILE);
         }
         curl_close($ch);
         exit;

      } else {
         // Log the entire HTTP response if debug is switched on.
         if (DEBUG == true) {
            error_log(date('[Y-m-d H:i e] '). "HTTP request of validation request:". curl_getinfo($ch, CURLINFO_HEADER_OUT) ." for IPN payload: $req" . PHP_EOL, 3, LOG_FILE);    
            error_log(date('[Y-m-d H:i e] '). "HTTP response of validation request: $res" . PHP_EOL, 3, LOG_FILE);

            // Split response headers and payload
            list($headers, $res) = explode("rnrn", $res, 2);
         }
         curl_close($ch);
      }

      // Inspect IPN validation result and act accordingly
      if (strcmp ($res, "VERIFIED") == 0) {

         if (DEBUG == true) {
            error_log(date('[Y-m-d H:i e] '). "Verified IPN: $req ". PHP_EOL, 3, LOG_FILE);
         }
         return true;
      } else if (strcmp ($res, "INVALID") == 0) {
         // log for manual investigation
         // Add business logic here which deals with invalid IPN messages
         if (DEBUG == true) {
            error_log(date('[Y-m-d H:i e] '). "Invalid IPN: $req" . PHP_EOL, 3, LOG_FILE);
         }
         return false;
      }

   }

?>

它的工作!

链接地址: http://www.djcxy.com/p/27867.html

上一篇: PayPal subscription payments and recurring IPN handling

下一篇: Several questions about paypal pro subscriptions flow