Using Paypal IPN (ipn.php) requires SSL Certificate ?

wish18
Contributor
Contributor
Posted on
‎Mar-22-2016 05:17 AM

Hi,

 

I want to ask if using paypal IPN requires a SSL Certificate, because our current web host is just HTTP. 

The IPN (ipn.php) is working fine before the 2016 Merchant security upgrade. I am testing it with the Paypal Sandbox before live and it's causing a lot of issues.

 

I don't think we need SSL certificate (HTTPS) because it will redirect people to the paypal payment page and it already is HTTPS. Then I want to send them an email after payment is successful, so that's why I am using IPN.

I am using the code below: (not working)

 

<?php

header('HTTP/1.1 200 OK');

$firstName 		= $_POST['first_name'];
$lastName 		= $_POST['last_name'];
$payerEmail 	= $_POST['payer_email'];
$addressStreet 	= $_POST['address_street'];
$addressZip 	= $_POST['address_zip'];
$addressCity 	= $_POST['address_city'];
$txnID 			= $_POST['txn_id'];
$donateAmount		= $_POST['mc_gross'];
$recipient_fullname = $_POST['custom'];
$recipient_email 	= $_POST['option_name2'];


$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
	$value = urlencode(stripslashes($value));
	$req .= "&$key=$value";
}

// Set up the acknowledgement request headers
$header  = "POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";             
$header .= "Host: www.sandbox.paypal.com\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";


// Open a socket for the acknowledgement request
//$fp = fsockopen('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);
$fp = fsockopen('www.sandbox.paypal.com', 443, $errno, $errstr, 30);


if(!$fp){
	//Can not connect to PayPal to validate IPN message
}
else{

	fputs($fp, $header . $req);
	
	while(!feof($fp)) { 
	
		$res = fgets($fp, 1024); 
		
		file_put_contents('result.txt', var_export($_POST, true));
	
		
		if (strcmp($res, "VERIFIED") == 0) {
			$headers = "MIME-Version: 1.0" . "\r\n";
			$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
			$headers .= "From: <myemail>" . "\r\n";
			
			$subject = 'Subject line -VERIFIED';
			
			$message="VERIFIED";
			mail("myemail",$subject,$message,$headers);
			
		}else if(strcmp($res, "INVALID") == 0) {
			$headers = "MIME-Version: 1.0" . "\r\n";
			$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
			$headers .= "From: <myemail>" . "\r\n";
			
			$subject = 'Subject line -INVALID';
			
			$message="INVALID";
			mail("myemail",$subject,$message,$headers);

		}		
	}
	fclose ($fp);
}
?>
Login to Me Too
0 Kudos
Login to Reply or Kudo
1 REPLY 1

alan_sd
Contributor
Contributor
‎Mar-30-2016 11:45 AM

My IPN is a HTTP URL. No problems. But it is several years old. There is some evidence to suggest that new IPN URLS must start with HTTPS. It would be nice for somebody from paypal to confirm this, however.  And also to let us know when our old IPN URLS must be upgraded (my server doesn't support SSL, so it's going to be somewhat expensive).

Login to Me Too
0 Kudos
Login to Reply or Kudo

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.