我的PayPal IPN脚本未按预期插入新订单中的数据。它也没有记录任何错误,因此我无法查看错误。
我的浏览器没有检测到任何语法错误,因此看起来IPN监听器应该工作。我真的很感激任何人的帮助。
<?php
//Receive and read the post from PayPal
//After successful customer transaction in PayPal, its servers will send an IPN message to the IPN URL you provide in your PayPal business account.
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
//To ensure that the message is coming from PayPal, you are required by PayPal to post the entire IPN message back to PayPal for verification.
//This means that the same set of IPN messages are sent back to PayPal immediately after you receive them.
//It is recommended that you use port 443 for connecting to PayPal servers for security reasons because it will be an encrypted communication.
//Make sure your web host allows communication in this port number, also connecting using ssl in fsockopen requires your server to have OpenSSL installed.
//If you see errors, you need to contact and ask support to your web host.
//Since you are still testing this script in the sandbox, you will be connecting to http://www.sandbox.paypal.com/. Once everything is working well, you need to change this to www.paypal.com.
$header .= "POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .= "Content-Type: application/x-www-form-urlencodedrn";
$header .= "Content-Length: " . strlen($req) . "r\n";
$header .= "Connection: close\r\n\r\n";
$header .= "Host: www.sandbox.paypal.com\r\n";
$fp = fsockopen('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);
//Then you need to assign posted variables from PayPal to PHP variables
//There are a lot of variables that can be passed from PayPal to your IPN URL. You can see the complete list here: https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_html_IPNandPDTVariables
//However, for PayPal IPN implementation for digital downloads such as ebooks, mp3, etc, the following are the important variables that you need to receive, process, validate and insert to your database.
//Take note that the invoice and customer ip address variables are coming from the shopping page you set up in the second part of this tutorial, and are passed from PayPal to your script using IPN communication.
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$total = $_POST['amount'];
$quantity = $_POST['quantity'];
$color = $_POST['os2'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$invoice = $_POST['invoice'];
$customeripaddress=$_POST['custom'];
$productname=$_POST['item_name'];
//Connect to MySQL database
//This is discussed in the second part of this tutorial series
require("addrow_info.php");
// Opens a connection to a MySQL server
$connection=mysql_connect ("localhost", $username, $password);
if (!$connection) {
die('Not connected : ' . mysql_error());
}
// Set the active MySQL database
$db_selected = mysql_select_db($database, $connection);
if (!$db_selected) {
die ('Can\'t use db : ' . mysql_error());
}
if (!$fp) {
//HTTP ERROR, this is most likely caused by the issue relating to fsockopen transaction. For example, your web host prevents access to the secure port 443, or there is a syntax error in your fsockopen.
//It is important to log the error to the MySQL database for easy troubleshooting. The ipnlogs table was c created in the third part of this tutorial series. The error numbers of the fsockopen are also logged to your database. You can see more about error numbers here: http://php.net/manual/en/function.fsockopen.php
//Remember that if there are errors relating to fsockopen, you will not be able to send back the IPN message to PayPal or get the reply from PayPal, which is an important requirement for IPN verification.
$log='http error='.$errno;
$log = mysql_real_escape_string($log);
mysql_query("INSERT INTO ipnlogs (eventlog) VALUES ('$log')");
}
else {
fputs ($fp, $header . $req);
$res=stream_get_contents($fp, 1024);//while (!feof($fp)) {
//$res = fgets ($fp, 1024);
$res = trim($res); //NEW & IMPORTANT
if (strcmp (trim($res), "VERIFIED") == 0) {
//Now that the IPN transaction is "VERIFIED" according to PayPal, you can log this successful transaction to ipnlogs table for tracking purposes.
$log='Verified IPN Transaction';
$log = mysql_real_escape_string($log);
mysql_query("INSERT INTO ipnlogs (eventlog) VALUES ('$log')");
//For every verified IPN transaction, it is required by PayPal to check that the txn_id has not been previously processed. This will prevent duplicate transactions. So query the database to see if the $txn_id is or is not new.
$txn_id = mysql_real_escape_string($txn_id);
if (!($fetch = mysql_fetch_array( mysql_query("SELECT `TransactionID` FROM `orders` WHERE `TransactionID`='$txn_id'")))) {
//No records found in the orders table, transaction ID is new
//Proceed with validating the rest of the IPN variables
//check that receiver_email is your Primary PayPal email. This is very important to prevent spoofing the transaction and ensures that this payment belongs to you and not to other accounts.
if ($receiver_email=='kunpee24-facilitator@yahoo.com') {
$receiver_email = mysql_real_escape_string($receiver_email);
}
else {
die('ERROR: Invalid Paypal Seller Email address.');
}
//check if payment currency is USD
if ($payment_currency=='USD') {
$payment_currency = mysql_real_escape_string($payment_currency);
}
else {
die('ERROR: Incorrect currency');
}
//check to see if the payment_status is "Completed"
//It is highly important that you allow only customers that are fully paid in PayPal to download.
if ($payment_status=='Completed') {
$payment_status = mysql_real_escape_string($payment_status);
}
else {
die('ERROR: Payment status not completed');
}
//Validate invoice number
//The invoice number is generated by the invoice number generator function in your shopping page as discussed in Part 2.
//The generated invoice number uses the alpha numeric format.
if (ctype_alnum($invoice)){
$invoice = mysql_real_escape_string($invoice);
}
else {
die('ERROR: The submitted invoice data is NOT alphanumeric');
}
//Now that everything has been verified and validated, you can insert all validated records into the customerrecords database.
//Bear in mind that all of these variables are sanitized with mysql_real_escape_string before insertion into the database.
mysql_query("INSERT INTO orders (PaymentStatus,invoice_no,length,width,color,quantity,total,PayerEmail,ReceiverEmail,TransactionID,IPAddress) VALUES ('".$payment_status."','".$invoice."','".$length."','".$width."','".$color."','".$quantity. "','".$total."','".$payer_email."','".$receiver_email."',
'".$txn_id."','".$customeripaddress."')") or die(mysql_error());
//close MySQL database connection
mysql_close($dbhandle);
}
else {
//transaction ID already exists in the database, could not process request
//You can alternatively log this transaction into your database for investigation and monitoring purposes
die('Could not process request-transaction ID already exist');
}
}
else if (strcmp (trim($res), "INVALID") == 0) {
//Invalid IPN transaction
//You can alternatively log this transaction into your database for troubleshooting purposes
$log='Invalid IPN transaction';
$log = mysql_real_escape_string($log);
mysql_query("INSERT INTO ipnlogs (eventlog) VALUES ('$log')");
}
}
//close the connection
fclose ($fp);
?>