我现在需要在我的域上使用 HTTPS 才能使用 PayPal 标准付款吗?

Do I need HTTPS on my domain for using PayPal Standard Payment now?

我对此感到很困惑,已经联系了 PayPal,但根本没有得到任何明确的答复。也进行了搜索,但只找到了旧答案(在 PayPal 的最新路线图之前。)

对不起,如果这是基本的。我仍然没有找到任何明确的信息来让我保持最新状态。可能只是对单词和含义有些混淆(英语不是我的母语。)

关于 PayPal 的更新:https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1916&viewlocale=en_US

1) 我现在是否需要在我的域上使用 HTTPS?(PayPal 标准付款)

2) 我需要在其他地方做任何更改吗?


因此,我使用隐藏表格 post 向 PayPal 购买信息。像这样:

<form name='form' action='https://www.paypal.com/cgi-bin/webscr' method='post' target='_top'>

        <input type='hidden' name='cmd' value='_xclick'>
        <input type='hidden' name='business' value='$MerchantId'>
        <input type='hidden' name='item_name' value='$Descripton'>
        <input type='hidden' name='return' value='$BackUrl&show=back'>
        <input type='hidden' name='cancel_return' value='$CancelUrl'>
        <input type='hidden' name='no_note' value='1'>
        <input type='hidden' name='currency_code' value='$Currency'>
        <input type='hidden' name='lc' value='US'>
        <input type='hidden' name='bn' value='PP-BuyNowBF'>
        <input type='hidden' name='amount' value='$GrandTotal'>
        <input type='hidden' name='notify_url' value='$BackUrl&payment=ipn&i=1'>


        <div align='center'>
        <div id='payNow1'>
            <div id=payNowLogo><img src='$ImgPath/paypal_logo.gif'></div>
            <div id=payNowContent>$IPNdesc</div>
            <div id=payNowButton><input type='submit' value='$IPNpay' id='payNowSubmit'></div>
    </div>
    </div>
    </form>

此站点仅支持 HTTP,因此 notify_url 仅支持 HTTP。

这是我的 IPN 接收器和处理程序的代码:

else {

// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";

注意:上面现在必须是HTTP/1.1 ?????

$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);

// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];

// mc_currency = CAD
// payment_status = Completed

if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
// check the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment


if(stristr(urldecode($_POST['item_name']),"#") && ($_POST['payment_status'] == 'Completed' || $_POST['payment_status'] == 'Pending')){
//echo $req.'<hr>'.urldecode($Kcart_order_id);

$idTransakcji = explode("#",urldecode($_POST['item_name']));
$orderId = explode("#",$_REQUEST['item_name']);

            // check if payment's amount is correct.
            if(checkPayment($orderId[1],$_REQUEST['mc_gross'],$_POST['mc_currency'])){
            // if result is TRUE, apply payment and finish.

                // applyPayment function will do everything to finish this order
                // it will send e-mails to admin/customer, if items were downloadable
                // links will be attached to mail and will be shown in customer's status area
                // also, order will be signed as "paid" in database.

                // applyPayment('paid',Order ID,Order Amount,Currency - may be null,Transaction Id - from payment gate,IPN ID to assign how order was paid)
                applyPayment('paid',$orderId[1],$_REQUEST['mc_gross'],$_POST['mc_currency'],$_REQUEST['txn_id'],1);
                //echo "OK"; // only this message is valid for DotPay.

            }

} // endof if stristr #

}
else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
// mail_($adminEmail,"FAILED!","1");
}
}
fclose ($fp);
}

感谢您为我澄清这一点。我已尽力通过搜索获得正确答案,但这只会让我更加困惑。

有待 Paypal 官方人员更正:

这是在link you provided:

For increased security going forward, only HTTPS will be allowed for postbacks to PayPal.

At this time, there is no requirement for HTTPS on the outbound IPN call from PayPal to the merchant’s IPN listener.

注意:我将句子分开以显示不同的上下文...

  • “第一”句说 any/all calls you make to Paypal 必须使用HTTPS (TLS 1.2) - though it seems the TSL 1.2 requirement has moved from June 2016 originally to June 2017.

    So when you POST (back) to Paypal in the validate step, you'll need to connect (POST) to Paypal using HTTPS.

  • “第二句”说你的notify_url是HTTP还是可以的。 从 Paypal 接收数据 的 url/s 仍然可以是 HTTP.

第...