我有一个IPN,它正在正确地将消息发送到我的文件,我已经确认我收到了它们,首先是我的代码:
echo "test";
// Response from Paypal
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$value = preg_replace('/(.*[^%^0^D])(%0A)(.*)/i','${1}%0D%0A${3}',$value);// IPN fix
$req .= "&$key=$value";
}
// assign posted variables to local variables
$data['item_name'] = $_POST['item_name'];
$data['item_number'] = $_POST['item_number'];
$data['payment_status'] = $_POST['payment_status'];
$data['payment_amount'] = $_POST['mc_gross'];
$data['payment_currency'] = $_POST['mc_currency'];
$data['txn_id'] = $_POST['txn_id'];
$data['receiver_email'] = $_POST['receiver_email'];
$data['payer_email'] = $_POST['payer_email'];
$data['custom'] = $_POST['custom'];
// post back to PayPal system to validate
$header = "POST /cgi-bin/webscr HTTP/1.1'r'n";
$header .= "Host: www.sanbox.paypal.com'r'n";
$header .= "Accept: */*'r'n";
$header .= "Connection: Close'r'n";
$header .= "Content-Length: " . strlen($req) . "'r'n";
$header .= "Content-Type: application/x-www-form-urlencoded'r'n";
$header .= "'r'n";
$fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);
if ($fp === FALSE) {
exit("Could not open socket");
}else{
if (!$fp) {
echo "Error code: 200";
}else{
fputs ($fp, $header . $req);
$res = stream_get_contents($fp, 2048);
echo "test2";
$res = trim($res);
if (strcmp($res, "VERIFIED") == 0){
echo "test3";
// Used for debugging
//@mail("you@youremail.com", "PAYPAL DEBUGGING", "Verified Response<br />data = <pre>".print_r($post, true)."</pre>");
// Validate payment (Check unique txnid & correct price)
$valid_txnid = check_txnid($data['txn_id']);
$valid_price = check_price($data['payment_amount'], $data['item_number']);
// PAYMENT VALIDATED & VERIFIED!
if($valid_txnid && $valid_price){
$orderid = updatePayments($data);
if($orderid){
echo "thanks for your payment!";
$lel = mysqli_query($con,"UPDATE stats SET stats.bankedgold = 10000 WHERE stats.id = $id4");
// Payment has been made & successfully inserted into the Database
}else{
echo "Error code: 100";
// E-mail admin or alert user
}
}else{
echo "Error code: 130";
// Payment made but data has been changed
// E-mail admin or alert user
}
}else if (strcmp ($res, "INVALID") == 0) {
echo "Error code: 170";
// PAYMENT INVALID & INVESTIGATE MANUALY!
// E-mail admin or alert user
// Used for debugging
//@mail("you@youremail.com", "PAYPAL DEBUGGING", "Invalid Response<br />data = <pre>".print_r($post, true)."</pre>");
}
echo strcmp($res,"VERIFIED" == 0);
fclose ($fp);
}
}
}
现在,$res的var_dump给出:
HTTP/1.1 200 OK
Date: Mon, 02 Mar 2015 11:24:35 GMT
Server: Apache X-Frame-
Options: SAMEORIGIN
Set-Cookie: <REDACTED_FOR_PRIVACY>
Set-Cookie: navcmd=_notify-validate; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Wed, 01-Mar-2017 11:24:35 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: Apache=10.72.108.11.1425295475397401; path=/; expires=Wed, 22-Feb-45 11:24:35 GMT
Vary: Accept-Encoding,User-Agent Connection: close
Set-Cookie: <REDACTED_FOR_PRIVACY>
Set-Cookie: X-PP-SILOVER=; Expires=Thu, 01 Jan 1970 00:00:01 GMT
Set-Cookie: Apache=10.72.128.11.1425295475383817; path=/; expires=Wed, 22-Feb-45 11:24:35 GMT
Strict-Transport-Security: max-age=14400
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8 8
VERIFIED 0
但我需要它说只是验证或无效,这样我就可以决定从那里做什么。
对我来说,一个简单的解决方案是添加"strpos",看看它是否包含单词,但我想向您的专家验证这是否是一个好的解决方案?
PayPal已开始使用HTTP/1.1发送响应。这意味着您在响应中得到Transfer-Encoding: chunked
。
分块编码需要解析。通常它看起来是这样的:
8
VERIFIED
0
翻译过来,这给出了"长度为8的块=VERIFIED
||长度为0的块=流结束"
如果您无法解析此响应,可以尝试通过在验证响应中指定HTTP/1.0
来强制PayPal不使用分块编码。或者,使用更好的库(如cURL)为您进行解析-PayPal的演示IPN代码是为一个非常旧的PHP版本编写的,或者至少是一个没有启用扩展的版本。程序员似乎对http_build_query
函数一无所知,无法正确编码$req
验证数据,这真的很可悲。你可能认为PayPal可以为有能力的开发人员提供%;嗯哼但无论如何。。。就我个人而言,我只需阅读Content-Length
标题就"解决"了这个问题——PayPal可以在这里发送的所有响应都有不同的长度。有点作弊,但奏效了。
希望这有帮助:)
更改此行:
$value = urlencode(stripslashes($value));
对此:
$value = urlencode($value);
如果你在运行带有Magic Quotes的PHP,你只需要在那里使用条带斜杠。从PHP 5.4开始,(谢天谢地)这已经不可能了。
Paypal允许用户数据包含反斜杠(我在address_street变量的IPN数据中看到过)。如果您从包含反斜杠的IPN数据中删除反斜杠,Paypal将返回INVALID响应。