Paypal IPN 响应适用于 Paypal 但不适用于 sandbox-Paypal?
Paypal IPN response works for Paypal but not sandbox-Paypal?
所以我正在使用 Paypal 提供的示例代码,以便正确通信和验证传入的 IPN 消息。使用提供的 Paypal 开发工具 "IPN Simulator" 我能够确认我的 IPN 侦听器代码能够成功地与 Paypal 服务器握手,但是当需要重新发送信息进行验证时,我只能成功连接paypal 的非沙盒版本(returns 无效,因为一切都设置为与沙盒 paypal 通信)。当我尝试连接到沙盒版本时,我收到一个 http 错误,这意味着我无法连接到服务器。
我想我已经将问题隔离到这行代码:
$fh = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30); //HTTP error
下面的代码演示了我的测试,看看哪些 url 可以工作:
$fh = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);//works, returns invalid
$fh = fsockopen ('tls://www.paypal.com', 443, $errno, $errstr, 30);//works, returns invalid
$fh = fsockopen ('www.paypal.com', 443, $errno, $errstr, 30);//Does not work but does not throw HTTP Error (does not return Verified or Invalid either)
$fh = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);//HTTP error
$fh = fsockopen ('tls://www.sandbox.paypal.com', 443, $errno, $errstr, 30);//HTTP error
$fh = fsockopen ('www.sandbox.paypal.com', 443, $errno, $errstr, 30);//Does not work but does not throw HTTP Error (does not return Verified or Invalid either)
这是我服务器上当前的 IPN 侦听器代码(为简单起见,未显示用于在我的数据库中记录 IPN 数据的额外代码;此外,此代码基于 link:https://developer.paypal.com/docs/classic/ipn/gs_IPN/):
<?php
// STEP 1 - acknowledge PayPal's notification
header('HTTP/1.1 200 OK');
// STEP 2 - create the response we need to send back to PayPal for them to confirm that it's legit
$resp = 'cmd=_notify-validate';
foreach ($_POST as $parm => $var)
{
$var = urlencode(stripslashes($var));
$resp .= "&$parm=$var";
}
// STEP 3 - Get the HTTP header into a variable and send back the data we received so that PayPal can confirm it's genuine
$httphead = "POST /cgi-bin/webscr HTTP/1.1\r\n";
$httphead .= "Content-Type: application/x-www-form-urlencoded\r\n";
$httphead .= "Content-Length: " . strlen($resp) . "\r\n\r\n";
// Now create a ="file handle" for writing to a URL to paypal.com on Port 443 (the IPN port)
$errno ='';
$errstr='';
$fh = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30); //PROBLEM?
// STEP 4 - Nearly done. Now send the data back to PayPal so it can tell us if the IPN notification was genuine
if (!$fh) {
// Uh oh. This means that we have not been able to get thru to the PayPal server. It's an HTTP failure
}
// Connection opened, so spit back the response and get PayPal's view whether it was an authentic notification
else {
fputs ($fh, $httphead . $resp);
while (!feof($fh))
{
$readresp = fgets ($fh, 1024);
// $readresp = trim($readresp);
if (strcmp ($readresp, "VERIFIED") == 0) //yay verified data!
{
}
else if (strcmp ($readresp, "INVALID") == 0) //Invalid data! :(
{
}
}
fclose ($fh);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title></title>
</head>
<body>
</body>
</html>
这是我的按钮代码:
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post" target="_top">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="M8IC3G88S5WFQ">
<input type="image" src="https://www.sandbox.paypal.com/en_US/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.sandbox.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>
对我应该使用的 fsockopen() 配置有什么帮助吗?
正确的 HTTPS 端点是:
- ipnpb.paypal.com
- ipnpb.sandbox.paypal.com
也许试试第二个 (ssl://ipnpb.sandbox.paypal.com) ?
好吧,我在我的域上安装了一个私有 SSL 证书(必须是 2048 位和 SHA-256),这意味着你必须有 HTTPS。
我也开始使用官方 Paypal 侦听器 php 示例代码,可在此处找到:https://github.com/paypal/ipn-code-samples/blob/master/paypal_ipn.php.
此外,我在示例代码 curl 语句中添加了 curl_setopt($ch, CURLOPT_SSLVERSION, 6); 以使用 TSLv1.2 通信,这是必需的,因为当前 Paypal 正在进行安全更新。
我目前使用 Hostgator 托管(如果这与任何人相关)(私有 ssl 证书自动为 2048 位和 SHA-256,这很好)。
希望我这几天奋斗的成果也能帮助到遇到同样问题的人,干杯!
我认为 paypal 沙箱只能在 https 协议中使用。
$fp = fsockopen('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);
http 连接失败。
但是https连接成功
所以我正在使用 Paypal 提供的示例代码,以便正确通信和验证传入的 IPN 消息。使用提供的 Paypal 开发工具 "IPN Simulator" 我能够确认我的 IPN 侦听器代码能够成功地与 Paypal 服务器握手,但是当需要重新发送信息进行验证时,我只能成功连接paypal 的非沙盒版本(returns 无效,因为一切都设置为与沙盒 paypal 通信)。当我尝试连接到沙盒版本时,我收到一个 http 错误,这意味着我无法连接到服务器。
我想我已经将问题隔离到这行代码:
$fh = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30); //HTTP error
下面的代码演示了我的测试,看看哪些 url 可以工作:
$fh = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);//works, returns invalid
$fh = fsockopen ('tls://www.paypal.com', 443, $errno, $errstr, 30);//works, returns invalid
$fh = fsockopen ('www.paypal.com', 443, $errno, $errstr, 30);//Does not work but does not throw HTTP Error (does not return Verified or Invalid either)
$fh = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);//HTTP error
$fh = fsockopen ('tls://www.sandbox.paypal.com', 443, $errno, $errstr, 30);//HTTP error
$fh = fsockopen ('www.sandbox.paypal.com', 443, $errno, $errstr, 30);//Does not work but does not throw HTTP Error (does not return Verified or Invalid either)
这是我服务器上当前的 IPN 侦听器代码(为简单起见,未显示用于在我的数据库中记录 IPN 数据的额外代码;此外,此代码基于 link:https://developer.paypal.com/docs/classic/ipn/gs_IPN/):
<?php
// STEP 1 - acknowledge PayPal's notification
header('HTTP/1.1 200 OK');
// STEP 2 - create the response we need to send back to PayPal for them to confirm that it's legit
$resp = 'cmd=_notify-validate';
foreach ($_POST as $parm => $var)
{
$var = urlencode(stripslashes($var));
$resp .= "&$parm=$var";
}
// STEP 3 - Get the HTTP header into a variable and send back the data we received so that PayPal can confirm it's genuine
$httphead = "POST /cgi-bin/webscr HTTP/1.1\r\n";
$httphead .= "Content-Type: application/x-www-form-urlencoded\r\n";
$httphead .= "Content-Length: " . strlen($resp) . "\r\n\r\n";
// Now create a ="file handle" for writing to a URL to paypal.com on Port 443 (the IPN port)
$errno ='';
$errstr='';
$fh = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30); //PROBLEM?
// STEP 4 - Nearly done. Now send the data back to PayPal so it can tell us if the IPN notification was genuine
if (!$fh) {
// Uh oh. This means that we have not been able to get thru to the PayPal server. It's an HTTP failure
}
// Connection opened, so spit back the response and get PayPal's view whether it was an authentic notification
else {
fputs ($fh, $httphead . $resp);
while (!feof($fh))
{
$readresp = fgets ($fh, 1024);
// $readresp = trim($readresp);
if (strcmp ($readresp, "VERIFIED") == 0) //yay verified data!
{
}
else if (strcmp ($readresp, "INVALID") == 0) //Invalid data! :(
{
}
}
fclose ($fh);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title></title>
</head>
<body>
</body>
</html>
这是我的按钮代码:
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post" target="_top">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="M8IC3G88S5WFQ">
<input type="image" src="https://www.sandbox.paypal.com/en_US/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.sandbox.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>
对我应该使用的 fsockopen() 配置有什么帮助吗?
正确的 HTTPS 端点是:
- ipnpb.paypal.com
- ipnpb.sandbox.paypal.com
也许试试第二个 (ssl://ipnpb.sandbox.paypal.com) ?
好吧,我在我的域上安装了一个私有 SSL 证书(必须是 2048 位和 SHA-256),这意味着你必须有 HTTPS。
我也开始使用官方 Paypal 侦听器 php 示例代码,可在此处找到:https://github.com/paypal/ipn-code-samples/blob/master/paypal_ipn.php.
此外,我在示例代码 curl 语句中添加了 curl_setopt($ch, CURLOPT_SSLVERSION, 6); 以使用 TSLv1.2 通信,这是必需的,因为当前 Paypal 正在进行安全更新。
我目前使用 Hostgator 托管(如果这与任何人相关)(私有 ssl 证书自动为 2048 位和 SHA-256,这很好)。
希望我这几天奋斗的成果也能帮助到遇到同样问题的人,干杯!
我认为 paypal 沙箱只能在 https 协议中使用。
$fp = fsockopen('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);
http 连接失败。
但是https连接成功