I have been using IPN to process individual items for years, where the processing takes part on the return page passed to paypal. Now I want to be able to process a basket containing several items and establish there have been no changes to the original order. So I have created processpp.php based on some code I found. I have no idea if it works because I cannot tell if it is being called at any point by paypal. In my pubs.php script (the order form) I have the following: <?php $processpp='http://'.$host.'/processpp.php'; ?> <html> <input type='hidden' name='notify_url' value='<?=$processpp?>'> And processpp.php looks like this: include 'functions.php'; $raw_post_data = file_get_contents('php://input'); $raw_post_array = explode('&', $raw_post_data); $myPost = array(); foreach ($raw_post_array as $keyval) { $keyval = explode ('=', $keyval); if (count($keyval) == 2) $myPost[$keyval[0]] = urldecode($keyval[1]); } // Read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; if(function_exists('get_magic_quotes_gpc')) { $get_magic_quotes_exists = true; } foreach ($myPost as $key => $value) { if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) { $value = urlencode(stripslashes($value)); } else { $value = urlencode($value); } $req .= "&$key=$value"; } /* * Post IPN data back to PayPal to validate the IPN data is genuine * Without this step anyone can fake IPN data */ $paypalURL = "https://www.sandbox.paypal.com/cgi-bin/webscr"; $ch = curl_init($paypalURL); if ($ch == FALSE) { return FALSE; } curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_POSTFIELDS, $req); curl_setopt($ch, CURLOPT_SSLVERSION, 6); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($ch, CURLOPT_FORBID_REUSE, 1); // Set TCP timeout to 30 seconds curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close', 'User-Agent: company-name')); $res = curl_exec($ch); /* * Inspect IPN validation result and act accordingly * Split response headers and payload, a better way for strcmp */ $tokens = explode("\r\n\r\n", trim($res)); $res = trim(end($tokens)); if (strcmp($res, "VERIFIED") == 0 || strcasecmp($res, "VERIFIED") == 0) { //Payment data $txn_id = $_POST['txn_id']; $payment_gross = $_POST['mc_gross']; $currency_code = $_POST['mc_currency']; $payment_status = $_POST['payment_status']; $payer_email = $_POST['payer_email']; //Enter orders into table $prepnml="insert into Paypal_Orders(payment_id,item_number,quantity,gross_amount) VALUES('".$payment_id."','".$order_item_number."','".$order_item_quantity."','".$order_item_gross_amount."')"; $nmlsearch=''; $nmlbinds=''; include $rootpath.'dbconnect1.php'; $wot=nmlquery($prepnml,$nmlsearch,$nmlbinds,$db); //nmlquery is a function that processes the MySQLi command } ?> I have even tried the IPN simulator but get the following error: IPN was not sent, and the handshake was not verified. Review your information. Can anyone help me get this working please?
... View more