Thank you very much for the reply @MTS_Ciaran Would you please give us some more details so we can get to the bottom of the issue because we have a quite busy website which can no longer work properly? I will also involve the developers of our Joomla integration (readybytes.net, the software is called "PayPlans") and our Hosting provider. So, this is our setup. We offer membership plans. When a user creates an account on our website, he's been forwarded to PayPal to do the payment. Once the payment is completed, PayPal sends an IPN to our system, which then activates the user's account. So we rely on the IPNs entirely. For the last 18 months our system was working without any issues. We were using the ipnpb.paypal.com endpoint, the payments were always successful and the IPNs we received were always valid. Since the "encrypted_cross_dispatch" issue occured on Wednesday, we changed the endpoint in our code to www.paypal.com. Now we do not get an error when we forward the users to PayPal, they can do the payments without any issues, but we now receive "Invalid IPNs" so our system cannot validate the payment and therefore it does not activate the accounts. So, the question here is - what is different between ipnpb.paypal.com and www.paypal.com? Why do we used to receive valid IPNs with ipnpb.paypal.com and now we receive invalid IPNs with www.paypal.com? Would you please give us some direction so we can troubleshoot the issue further? Where do you think the issue comes from - the software we use (PayPlans) or our Hosting provider? Regarding our Hosting provider - I had a very long discussion with them about the "Invalid IPN" issue so they double-checked everything and said that our server is 100% SHA-256 compliant and the VeriSign’s G5 root certificate is installed. And regarding the PayPlans software that we use - it forces HTTP1.1 connection, here's the function for the IPN verification: /**
* Checks the validity of given IPN
* @param $data
*/
function _validateIPN(array $data, $payment , $invoice )
{
// this is for test cases only
// if sandbox value is 2, validation must not be there
if($this->getAppParam('sandbox', false) == 2){
return true;
}
$paypal_url = $this->_getPaypalUrl();
$req = 'cmd=_notify-validate';
foreach ($data as $key => $value) {
//ignore joomla url variables
if (in_array($key, array('option','task','view','layout'))) {
continue;
}
$req .= "&" . $key . "=" . urlencode(stripslashes($value));
}
// Set up request to PayPal
$curl_result = '';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$paypal_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('User-Agent:Firefox 1.0', 'Connection: Close'));
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/x-www-form-urlencoded", "Content-Length: " . strlen($req)));
curl_setopt($ch, CURLOPT_HEADER , 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$curl_result = curl_exec($ch);
curl_close($ch);
if(strcmp ($curl_result, 'VERIFIED') === 0){
return true;
}
$transaction = PayplansTransaction::getInstance();
$transaction->set('user_id', $payment->getBuyer())
->set('invoice_id', $invoice->getId())
->set('payment_id', $payment->getId())
->set('gateway_txn_id', 0)
->set('gateway_subscr_id', 0)
->set('gateway_parent_txn', 0)
->set('params', PayplansHelperParam::arrayToIni($data))
->set('amount', 0)
->set('message', 'COM_PAYPLANS_APP_PAYPAL_INVALID_IPN')
->save();
return false;
} Could you please let me know how to troubleshoot the issue further and where in your opinion the issue comes from (the Hosting Provider or the software)? Thanks again!
... View more