ipnpb.paypal.com error - encrypted_cross_dispatch

ivovalkov
Contributor
Contributor

Hey guys,

 

Since Wednesday we started getting the following error message when our users try to pay with PayPal:

 

 

encrypted_cross_dispatch=0XxmEYQZCCvvS9xFhmAlcOBNRPWGtQd5vrH0ObYXID8wQo7jLtJPeo3yqJRFbkScZWXT5zvvamAy6LND4uHFLR4ohRrSkE3E9_6T0G

 

 

Yes, it is about the same issue discussed here, but I'm opening this new discussion for several reasons...

The first reason is that in the other discussion they talk about WordPress only, while it is not related to a specific CMS (we are on Joomla). The issue is related to the ipnpb.paypal.com endpoint and the changes made to it.

And the second and most important reason is that in the other discussion the moderator @MTS_Ciaran says that using the ipnpb.paypal.com endpoint is not correct which is a contradiction to what PayPal suggests.

Here, go to this address and click on the "IPN Verification Postback to HTTPS Microsite" link in the "Common Questions" section. You will see the following texts:

 

PayPal strongly recommends the use of ipnpb.paypal.com going forward.

 

The ipnpb.paypal.com and ipnpb.sandbox.paypal.com endpoints only accept HTTPS connections. If you currently use www.paypal.com, you should move to ipnpb.paypal.com when you update your code to use HTTPS.

 

Have a look at this screenshot.

 

So, our question is - what changes have been made to the ipnpb.paypal.com endpoint and when will this issue be fixed?

Thank you in advance!

Login to Me Too
6 REPLIES 6

MTS_Ciaran
Moderator
Moderator

So, the ipnpb URL is not correct for redirecting customer to PayPal in HTML forms as I mentioned, it is only used for IPN postbacks, which is a post processing procedure, so the documentation is correct. 

 

With your Joomla integration, you will still need to amend the PayPal button form that you have on your site so that it redirects customers to "https://www.paypal.com/cgi-bin/webscr" for the transaction flow. 

 

The change on our side was that we fixed a bug that allowed users to access the checkout flow on our side via the IPNPB URL which not have been allowed. 

Login to Me Too

ivovalkov
Contributor
Contributor

Thank you very much for the reply @MTS_Ciaran

Would you please give us some more details so we can get to the bottom of the issue because we have a quite busy website which can no longer work properly?

 

I will also involve the developers of our Joomla integration (readybytes.net, the software is called "PayPlans") and our Hosting provider.

 

So, this is our setup. We offer membership plans. When a user creates an account on our website, he's been forwarded to PayPal to do the payment. Once the payment is completed, PayPal sends an IPN to our system, which then activates the user's account.

So we rely on the IPNs entirely.

 

For the last 18 months our system was working without any issues. We were using the ipnpb.paypal.com endpoint, the payments were always successful and the IPNs we received were always valid.

Since the "encrypted_cross_dispatch" issue occured on Wednesday, we changed the endpoint in our code to www.paypal.com. Now we do not get an error when we forward the users to PayPal, they can do the payments without any issues, but we now receive "Invalid IPNs" so our system cannot validate the payment and therefore it does not activate the accounts.

 

So, the question here is - what is different between ipnpb.paypal.com and www.paypal.com? Why do we used to receive valid IPNs with ipnpb.paypal.com and now we receive invalid IPNs with www.paypal.com?

Would you please give us some direction so we can troubleshoot the issue further? Where do you think the issue comes from - the software we use (PayPlans) or our Hosting provider?

Regarding our Hosting provider - I had a very long discussion with them about the "Invalid IPN" issue so they double-checked everything and said that our server is 100% SHA-256 compliant and the VeriSign’s G5 root certificate is installed.

And regarding the PayPlans software that we use - it forces HTTP1.1 connection, here's the function for the IPN verification:

 

	/**
	 * Checks the validity of given IPN
	 * @param $data
	 */
	function _validateIPN(array $data, $payment , $invoice )
    {
    	// this is for test cases only
    	// if sandbox value is 2, validation must not be there
    	if($this->getAppParam('sandbox', false) == 2){
    		return true;
    	}
    	
    	$paypal_url	=  $this->_getPaypalUrl();

        $req = 'cmd=_notify-validate';

	   foreach ($data as $key => $value) {
	      //ignore joomla url variables
	      if (in_array($key, array('option','task','view','layout'))) {
				continue;
	      }
	      $req .= "&" . $key . "=" . urlencode(stripslashes($value));
	   }

	     // Set up request to PayPal
	     $curl_result = '';
	     $ch = curl_init();
	     curl_setopt($ch, CURLOPT_URL,$paypal_url);
	     curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
	     curl_setopt($ch, CURLOPT_POST, 1);
          curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
		curl_setopt($ch, CURLOPT_HTTPHEADER, array('User-Agent:Firefox 1.0', 'Connection: Close'));
	     curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
	     curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/x-www-form-urlencoded", "Content-Length: " . strlen($req)));
	     curl_setopt($ch, CURLOPT_HEADER , 0);
	     curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
	     curl_setopt($ch, CURLOPT_TIMEOUT, 30);

	     $curl_result = curl_exec($ch);
	     curl_close($ch);
	     
	     if(strcmp ($curl_result, 'VERIFIED') === 0){
		 	return true;
	     }
	     
		$transaction = PayplansTransaction::getInstance();
		$transaction->set('user_id', $payment->getBuyer())
					->set('invoice_id', $invoice->getId())
					->set('payment_id', $payment->getId())
					->set('gateway_txn_id', 0)
					->set('gateway_subscr_id', 0)
					->set('gateway_parent_txn', 0)
					->set('params', PayplansHelperParam::arrayToIni($data))
					->set('amount', 0)
					->set('message', 'COM_PAYPLANS_APP_PAYPAL_INVALID_IPN')
					->save();
		
		return false;
     }

 

Could you please let me know how to troubleshoot the issue further and where in your opinion the issue comes from (the Hosting Provider or the software)?

Thanks again!

 

Login to Me Too

MTS_Ciaran
Moderator
Moderator

To answer your question, the difference between ipnpb.paypal.com and www.paypal.com is that ipnpb is for IPN postbacks and should only be used to IPN's, its specific designed to handle the validation request from your IPN handler, and doesnt have a web interface. www.paypal.com is PayPal's front end website so where to use these URL's?

 

- ipnpb.paypal.com - only for IPN postbacks

- www.paypal.com/cgi-bin/webscr - For customer redirects to checkout flow

 

This is a problem in the software, not the hosting provider. It looks like the software is using the same "$paypal_url" for both IPN's and checkout, which is not correct

Login to Me Too

ivovalkov
Contributor
Contributor

Thank you for the details @MTS_Ciaran

Please keep this discussion opened because I'm inviting the developers of the software (PayPlans) and my Hosting support here.

Thanks!

Login to Me Too

ivovalkov
Contributor
Contributor

Hey @MTS_Ciaran

 

Just a quick update and a quick question...

 

The developers of the software (PayPlans) provided the following code which seperates the URLs (now it uses two different URLs for the customer checkout and for the IPN validation/postback.

 

Here's the function that generates the customer checkout URL:

 

 

	function _getPaypalUrl()
	{
		$language	= XiHelperJoomla::getLanguageCode();
		$language	= $lang['local'];
		$url		= $this->getAppParam('sandbox') ? 'www.sandbox.paypal.com' : 'www.paypal.com';
		return 'https://' . $url . '/cgi-bin/webscr?lc='.$language;
	}

 

 

And here's the function that generates the IPN verification/postback URL:

 

	function _getPaypalUrlNotify()
	{
		$language	= XiHelperJoomla::getLanguageCode();
		$language	= $lang['local'];
		$url		= $this->getAppParam('sandbox') ? 'www.sandbox.paypal.com' : 'ipnpb.paypal.com';
		return 'https://' . $url . '/cgi-bin/webscr?lc='.$language;
	}

 

So, the first function will generate the URL that you suggested in a previous comment - www.paypal.com/cgi-bin/webscr

 

And the second function will generae the following URL - ipnpb.paypal.com/cgi-bin/webscr

 

So, I was wondering if the second URL (IPN verification/postback) is correct. Should it have the /cgi-bin/webscr part at the end or not?

 

Thanks a lot for your help!

Login to Me Too

MTS_Ciaran
Moderator
Moderator

No, the IPN url should not include the cgi-bin/webscr portion you mentioned. 

Login to Me Too

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.