我目前正在开发一个开源论坛软件的修改。此修改允许用户通过该论坛软件进行捐赠。
但是,最近用户报告了可能由我的代码引起的问题。我使用另一个开源库来处理IPN连接 - An IPN Listener PHP class。
报告此问题的用户收到以下电子邮件:
您好
<My Name>,请检查处理PayPal即时付款的服务器 通知(IPN)。即时付款通知已发送至 以下网址失败:
http://www.MySite.com/donate/handler.php如果您无法识别此网址,则表示您可能正在使用服务提供商 即代表您使用IPN。请联系您的服务提供商 有了上述信息。如果这个问题继续存在,IPN可能会 已停用您的帐户。
感谢您及时关注此问题。
真诚的,PayPal
我担心这个问题来自我的身边,因此我必须对此进行调查并确保。
我轻轻修改了IPN Listener脚本,这让我认为我的修改导致了这个问题。 Paypal最近也有一些变化可能会引发这个问题。
这是how该课程暂时的样子:
/**
* PayPal IPN Listener
*
* A class to listen for and handle Instant Payment Notifications (IPN) from
* the PayPal server.
*
* https://github.com/Quixotix/PHP-PayPal-IPN
*
* @package PHP-PayPal-IPN
* @author Micah Carrick
* @copyright (c) 2011 - Micah Carrick
* @version 2.0.5
* @license http://opensource.org/licenses/gpl-license.php
*
* This library is originally licensed under GPL v3, but I received
* permission from the author to use it under GPL v2.
*/
class ipn_handler
{
/**
* If true, the recommended cURL PHP library is used to send the post back
* to PayPal. If flase then fsockopen() is used. Default true.
*
* @var boolean
*/
public $use_curl = true;
/**
* If true, explicitly sets cURL to use SSL version 3. Use this if cURL
* is compiled with GnuTLS SSL.
*
* @var boolean
*/
public $force_ssl_v3 = true;
/**
* If true, cURL will use the CURLOPT_FOLLOWLOCATION to follow any
* "Location: ..." headers in the response.
*
* @var boolean
*/
public $follow_location = false;
/**
* If true, an SSL secure connection (port 443) is used for the post back
* as recommended by PayPal. If false, a standard HTTP (port 80) connection
* is used. Default true.
*
* @var boolean
*/
public $use_ssl = true;
/**
* If true, the paypal sandbox URI www.sandbox.paypal.com is used for the
* post back. If false, the live URI www.paypal.com is used. Default false.
*
* @var boolean
*/
public $use_sandbox = false;
/**
* The amount of time, in seconds, to wait for the PayPal server to respond
* before timing out. Default 30 seconds.
*
* @var int
*/
public $timeout = 60;
private $post_data = array();
private $post_uri = '';
private $response_status = '';
private $response = '';
const PAYPAL_HOST = 'www.paypal.com';
const SANDBOX_HOST = 'www.sandbox.paypal.com';
/**
* Post Back Using cURL
*
* Sends the post back to PayPal using the cURL library. Called by
* the processIpn() method if the use_curl property is true. Throws an
* exception if the post fails. Populates the response, response_status,
* and post_uri properties on success.
*
* @param string The post data as a URL encoded string
*/
protected function curlPost($encoded_data)
{
global $user;
if ($this->use_ssl)
{
$uri = 'https://' . $this->getPaypalHost() . '/cgi-bin/webscr';
$this->post_uri = $uri;
}
else
{
$uri = 'http://' . $this->getPaypalHost() . '/cgi-bin/webscr';
$this->post_uri = $uri;
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $uri);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $encoded_data);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, $this->follow_location);
curl_setopt($ch, CURLOPT_TIMEOUT, $this->timeout);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, true);
if ($this->force_ssl_v3)
{
curl_setopt($ch, CURLOPT_SSLVERSION, 3);
}
$this->response = curl_exec($ch);
$this->response_status = strval(curl_getinfo($ch, CURLINFO_HTTP_CODE));
if ($this->response === false || $this->response_status == '0')
{
$errno = curl_errno($ch);
$errstr = curl_error($ch);
throw new Exception($user->lang['CURL_ERROR'] . "[$errno] $errstr");
}
}
/**
* Post Back Using fsockopen()
*
* Sends the post back to PayPal using the fsockopen() function. Called by
* the processIpn() method if the use_curl property is false. Throws an
* exception if the post fails. Populates the response, response_status,
* and post_uri properties on success.
*
* @param string The post data as a URL encoded string
*/
protected function fsockPost($encoded_data)
{
global $user;
if ($this->use_ssl)
{
$uri = 'ssl://' . $this->getPaypalHost();
$port = '443';
$this->post_uri = $uri . '/cgi-bin/webscr';
}
else
{
$uri = $this->getPaypalHost(); // no "http://" in call to fsockopen()
$port = '80';
$this->post_uri = 'http://' . $uri . '/cgi-bin/webscr';
}
$fp = fsockopen($uri, $port, $errno, $errstr, $this->timeout);
if (!$fp)
{
// fsockopen error
throw new Exception($user->lang['FSOCKOPEN_ERROR'] . "[$errno] $errstr");
}
$header = "POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .= "Content-Length: " . strlen($encoded_data) . "\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Host: " . $this->getPaypalHost() . "\r\n";
$header .= "Connection: close\r\n\r\n";
fputs($fp, $header . $encoded_data . "\r\n\r\n");
while(!feof($fp))
{
if (empty($this->response))
{
// extract HTTP status from first line
$this->response .= $status = fgets($fp, 1024);
$this->response_status = trim(substr($status, 9, 4));
}
else
{
$this->response .= fgets($fp, 1024);
}
}
fclose($fp);
}
private function getPaypalHost()
{
if ($this->use_sandbox)
{
return ipn_handler::SANDBOX_HOST;
}
else
{
return ipn_handler::PAYPAL_HOST;
}
}
/**
* Get POST URI
*
* Returns the URI that was used to send the post back to PayPal. This can
* be useful for troubleshooting connection problems. The default URI
* would be "ssl://www.sandbox.paypal.com:443/cgi-bin/webscr"
*
* @return string
*/
public function getPostUri()
{
return $this->post_uri;
}
/**
* Get Response
*
* Returns the entire response from PayPal as a string including all the
* HTTP headers.
*
* @return string
*/
public function getResponse()
{
return $this->response;
}
/**
* Get Response Status
*
* Returns the HTTP response status code from PayPal. This should be "200"
* if the post back was successful.
*
* @return string
*/
public function getResponseStatus()
{
return $this->response_status;
}
/**
* Get Text Report
*
* Returns a report of the IPN transaction in plain text format. This is
* useful in emails to order processors and system administrators. Override
* this method in your own class to customize the report.
*
* @return string
*/
public function getTextReport()
{
$r = '';
// date and POST url
for ($i = 0; $i < 80; $i++)
{
$r .= '-';
}
$r .= "\n[" . date('m/d/Y g:i A') . '] - ' . $this->getPostUri();
if ($this->use_curl)
{
$r .= " (curl)\n";
}
else
{
$r .= " (fsockopen)\n";
}
// HTTP Response
for ($i = 0; $i < 80; $i++)
{
$r .= '-';
}
$r .= "\n{$this->getResponse()}\n";
// POST vars
for ($i = 0; $i < 80; $i++)
{
$r .= '-';
}
$r .= "\n";
foreach ($this->post_data as $key => $value)
{
$r .= str_pad($key, 25) . "$value\n";
}
$r .= "\n\n";
return $r;
}
/**
* Process IPN
*
* Handles the IPN post back to PayPal and parsing the response. Call this
* method from your IPN listener script. Returns true if the response came
* back as "VERIFIED", false if the response came back "INVALID", and
* throws an exception if there is an error.
*
* @param array
*
* @return boolean
*/
public function processIpn($post_data = null)
{
global $user;
$encoded_data = 'cmd=_notify-validate';
if ($post_data === null)
{
// use raw POST data
if (!empty($_POST))
{
$this->post_data = $_POST;
$encoded_data .= '&' . file_get_contents('php://input');
}
else
{
throw new Exception($user->lang['NO_POST_DATA']);
}
}
else
{
// use provided data array
$this->post_data = $post_data;
foreach ($this->post_data as $key => $value)
{
$encoded_data .= "&$key=" . urlencode($value);
}
}
if ($this->use_curl)
{
$this->curlPost($encoded_data);
}
else
{
$this->fsockPost($encoded_data);
}
if (strpos($this->response_status, '200') === false)
{
throw new Exception($user->lang['INVALID_RESPONSE'] . $this->response_status);
}
if (strpos(trim($this->response), "VERIFIED") !== false)
{
return true;
}
elseif (trim(strpos($this->response), "INVALID") !== false)
{
return false;
}
else
{
throw new Exception($user->lang['UNEXPECTED_ERROR']);
}
}
/**
* Require Post Method
*
* Throws an exception and sets a HTTP 405 response header if the request
* method was not POST.
*/
public function requirePostMethod()
{
global $user;
// require POST requests
if ($_SERVER['REQUEST_METHOD'] && $_SERVER['REQUEST_METHOD'] != 'POST')
{
header('Allow: POST', true, 405);
throw new Exception($user->lang['INVALID_REQUEST_METHOD']);
}
}
}
此脚本是否存在导致此问题的问题?
P.S:URL donate / handler.php 确实是IPN处理程序/侦听器文件,因此它是一个可识别的URL。
答案 0 :(得分:6)
对于调试部分
您还可以在Paypal上查看您的IPN状态。
我的帐户&gt;历史&gt; IPN历史。
它将列出发送到您服务器的所有IPN。您将看到每个人的状态。它可能有所帮助。但正如Andrew Angell所说,请看一下你的日志。
对于PHP部分
Paypal在他们Github上提供了很多善意的东西。你应该明确地仔细看看。
他们应该使用a dead simple IPNLister sample(而不是自定义的 - 即使看起来不错)。它使用Paypal本身的内置功能。我个人也使用它。 你不应该重新发明轮子:)
<?php
require_once('../PPBootStrap.php');
// first param takes ipn data to be validated. if null, raw POST data is read from input stream
$ipnMessage = new PPIPNMessage(null, Configuration::getConfig());
foreach($ipnMessage->getRawData() as $key => $value) {
error_log("IPN: $key => $value");
}
if($ipnMessage->validate()) {
error_log("Success: Got valid IPN data");
} else {
error_log("Error: Got invalid IPN data");
}
如您所见,这很简单。
我以略微的方式使用它:
$rawData = file_get_contents('php://input');
$ipnMessage = new PPIPNMessage($rawData);
$this->forward404If(!$ipnMessage->validate(), 'IPN not valid.');
$ipnListener = new IPNListener($rawData);
$ipnListener->process();
IPNListener类对我来说是自定义的:它确实处理了如何处理IPN。它解析响应并根据状态执行操作:
function __construct($rawData)
{
$rawPostArray = explode('&', $rawData);
foreach ($rawPostArray as $keyValue)
{
$keyValue = explode ('=', $keyValue);
if (count($keyValue) == 2)
{
$this->ipnData[$keyValue[0]] = urldecode($keyValue[1]);
}
}
// log a new IPN and save in case of error in the next process
$this->ipn = new LogIpn();
$this->ipn->setContent($rawData);
$this->ipn->setType(isset($this->ipnData['txn_type']) ? $this->ipnData['txn_type'] : 'Not defined');
$this->ipn->save();
}
/**
* Process a new valid IPN
*
*/
public function process()
{
if (null === $this->ipnData)
{
throw new Exception('ipnData is empty !');
}
if (!isset($this->ipnData['txn_type']))
{
$this->ipn->setSeemsWrong('No txn_type.');
$this->ipn->save();
return;
}
switch ($this->ipnData['txn_type'])
{
// handle statues
}
}
答案 1 :(得分:3)
检查您的网络服务器日志。这将显示当IPN脚本被命中时会出现什么结果,并且由于它失败,您必须得到某种500内部服务器错误。日志将为您提供通常在屏幕上看到的错误信息,如语法错误,行号等。
我喜欢做的故障排除方法是通过构建一个基本HTML表单来创建我自己的模拟器,并将操作设置为我的IPN侦听器的URL。添加隐藏字段,其中包含您希望从IPN获取的名称/值,然后您可以在浏览器中加载它并直接提交,以便您可以在屏幕上看到结果。您可能会发现代码中的某个错误导致脚本无法完成。
请记住,以这种方式测试数据不是来自PayPal,因此无法验证。您需要确保设置代码逻辑以相应地处理它。
一旦你能够以这种方式顺利运行一切,我会使用PayPal IPN监听器作为另一个确认,然后你可以放心,你已经解决了这个问题。
答案 2 :(得分:2)
我强烈建议您使用Paypal开发者网站中的IPN simulator。它可以为您构建IPN请求并将其发送到您的服务器并报告它所获得的内容。
答案 3 :(得分:1)
检查您的Paypal帐户下的日志,它会显示已发送的IPN请求列表以及结果。如果您遇到一些重大问题,可以使用提供的GET字符串来测试用例。
答案 4 :(得分:1)
我的代码确实存在问题。我做了一些铸造错误,导致IPN失败。此问题已得到解决。
感谢大家的帮助。