PayPal Community

I checked the IPN history as suggested. Our last successful payment with paypal was on the 3rd Sept.

Then 4 subsequent payments starting on the 10th Sept went through OK with Paypal but failed to trigger our backend/admin processes.

The IPN history states all payments went through with a 200 and 'completed'. However if you look at the server logs  you can see the IPN code we are posting has changed since the 10th as follows:

"POST /ipn.php HTTP/1.1" 200 407 "-" "PayPal IPN ( https://www.paypal.com/ipn )"

//Note the 407 following the 200.

Compare this with the IPN we previously sent when payments completed our end too on the 3rd with the following:

"POST /ipn.php HTTP/1.1" 200 3 "-" "PayPal IPN ( https://www.paypal.com/ipn )" 

//Note the 3 following the 200.

So something has changed with Paypal. I don't really know how to fix this issue for my client, will it pass with time once Paypal are made aware? It seems many loyal paypal customers are having the same frustration. Or do I need a developer to have a look? We have made no changes to the payment flow or IPN ‘listener page’ so I am open to your best advice.

Here is the complete IPN:

<?php
// PHP 4.1
$paypal_sandbox = false;

// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {

$value = urlencode(stripslashes($value));

$req .= "&$key=$value";

}

// post back to PayPal system to validate

$header .= "POST /cgi-bin/webscr HTTP/1.1\r\n";

if ($paypal_sandbox)
$header .= "Host: www.sandbox.paypal.com\r\n";

$header .= "Content-Type: application/x-www-form-urlencoded\r\n";

$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

if ($paypal_sandbox)
$fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);
else
$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);

// assign posted variables to local variables

$item_name = $_POST['item_name'];

$item_number = $_POST['item_number'];

$payment_status = $_POST['payment_status'];

$payment_amount = $_POST['mc_gross'];

$payment_currency = $_POST['mc_currency'];

$txn_id = $_POST['txn_id'];

$receiver_email = $_POST['receiver_email'];

$payer_email = $_POST['payer_email'];

if (!$fp) {
mail('<an email address>', 'ERROR CONNECTING', $errno.' '.$errstr);
// HTTP ERROR

} else {
fputs ($fp, $header . $req);

while (!feof($fp)) {

$res = fgets ($fp, 1024);


if (strcmp ($res, "VERIFIED") == 0) {

session_id($_POST['custom']);

session_start();

$data = file_get_contents('temp/data/'.$_POST['custom']);
mail('<an email address>', 'DATA', $data);

$_SESSION = unserialize($data);

include_once('config.php');
if(isset($_SESSION['uid']) && $_SESSION['uid'] != 0)
$order_number = orderpayment(1);
else
$order_number = orderpayment();

if (is_file('temp/data/'.$_POST['custom'])) {
//@unlink('temp/data/'.$_POST['custom']);

$_SESSION['order_number'] = $order_number;

// append the order number to the file
$h = fopen('temp/data/'.$_POST['custom'], 'w');
fwrite($h, serialize($_SESSION));
fclose($h);
}

} else if (strcmp ($res, "INVALID") == 0) {

// log for manual investigation

}

}

fclose ($fp);

}

?>

Did you ever resolve this? We are having the exact same issue with same timing and everything. We can see in the IPN history that the transactions are there but it didn't get registered into our backend. This has been working for 8+ years and then at the beginning of Sept. stopped for no apparent reason. It would be great if you could share how you resolved it!

Thanks

Is your site/server running on HTTP 1.1 and TLS 1.2?  This is now required or communication with PayPal's servers will fail.  

Here is some information PayPal provides on the matter.  Here is an article I wrote on the topic of PayPal security that explains things in a different way that some seem to understand a little better.

If you're a server admin then you should understand everything in those articles just fine.  If not, then give the info to your server person or talk to your hosting company about it and they should be able to get it resolved for you.

Now, I'm only assuming this is your issue.  If you can verify that is not your problem, then I would suggest you follow standard PayPal IPN testing procedures to track down your issue.

Hope that helps!

Thank you very much for your link to your security article relating to the paypal HTTP 1.1 and TLS 1.2 upgrade.

Yes I moved the site to a server offering such protocols in readiness for the changes last year.

The server is currently running PHP 5.3 however I verified the protocols to be working correcty using the https://tlstest.paypal.com/  end point test.

I also experimented switching PHP version higher to 5.6 but still the payments didn't work as expected.

A point to note is the payments do go through OK as far as paypal is concerned ie we receive both the user/account receipts following payment. It is just the backend processes to be triggered by the IPN which appear to be failing; for no apparent reason.

Fortunately we have a second payment gateway in place (Barclay Card EPDQ) which we are currently using while we try and figure out what's wrong with paypal.

However I do have a second site which accepts payments through Paypal running on the same server which seems to be working as normal post upgrade. This site is built using a different paypal configuration, namely paypal express. So maybe adapting the original site to use similar functions is the way forward.

We havn't solved it yet even though we have verified the server to be running HTTP 1.1 and TLS 1.2 required now for communication with paypal's server.

We have also experimented with higher PHP versions as advised without any success.

As I point out below, I have a second site which accepts payments through Paypal running on the same server which seems to be working as normal post upgrade. This site is built using a different paypal configuration, namely paypal express. So maybe adapting the original site to use similar functions is the way forward.

I will update the post when it is fixed. Any further ideas your end welcome.