使用ipn进行PayPal动态定价

时间:2014-02-11 23:22:30

标签: php paypal paypal-ipn

我正在使用Micha的IPN。 error_log中没有任何内容,也没有数据库连接错误。 ipn返回无效。我使用了$ _REQUEST ['tid']所以我可以从URL中提取tid以匹配$ price与mc_gross。这段代码现在可以使用了!

表单代码     

$pid = $_REQUEST['pid'];
$tid = $_REQUEST['tid'];

$choice = @mysql_query("SELECT * 
FROM tourneys
WHERE tid = '". $_REQUEST['tid']."'");
    if (!$choice) {
    die('<p>Error retrieving tourney from database!<br />'.
    'Error: ' . mysql_error(). '</p>');
    }

while ($Tourney = mysql_fetch_array($choice)) {
$price = $Tourney['price'];
$tourney_name = $Tourney['tourney_name'];

}

echo $price; //dbg  checking if it elevates
?>
<form action=https://www.sandbox.paypal.com/cgi-bin/webscr method="post">
<input type="hidden" name="charset" value="utf-8">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="seller@my-domain.com">
<input type="hidden" name="item_name" value="<?=$tourney_name?>">
<input type="hidden" name="item_number" value="<?=$_REQUEST['pid']?>">
<input type="hidden" name="amount" value="<?=$price?>">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="lc" value="US">
<input type="hidden" name="return" value="../tournament-logon-team.php">
<input type="hidden" name="notify_url" value="../tournaments/player/paypal/ipn/ipn.php?tid=<?=$_REQUEST['tid']?>">
<input type="image"src="../tournaments/player/paypal/ipn/PayPal_button.gif" border="0" name="submit">
</form>

</body>
</html>

ipn代码     

$choice = @mysql_query("SELECT price
FROM tourneys
WHERE tid = '". $_REQUEST['tid']."'");
    if (!$choice) {
    die('<p>Error retrieving tourney from database!<br />'.
    'Error: ' . mysql_error(). '</p>');
    }

    while ($Tourney = mysql_fetch_array($choice)) {
    $price = $Tourney['price'];

    }
//echo $price; //dbg
/*
ipn.php 

PayPal IPN with PHP
How To Implement an Instant Payment Notification listener script in PHP
micahcarrick.com/paypal-ipn-with-php.html

(c) 2011 - Micah Carrick
*/
// tell PHP to log errors to ipn_errors.log in this directory
ini_set('log_errors', true);
ini_set('error_log', dirname(__FILE__).'/ipn_errors.log');

// intantiate the IPN listener
include('ipnlistener.php');
$listener = new IpnListener();

// tell the IPN listener to use the PayPal test sandbox
//$listener->use_sandbox = false;
$listener->use_sandbox = true;

// try to process the IPN POST
try {
$listener->requirePostMethod();
$verified = $listener->processIpn();
} catch (Exception $e) {
error_log($e->getMessage());
exit(0);
}

if ($verified) {


$errmsg = '';   // stores errors from fraud checks

// 1. Make sure the payment status is "Completed" 
if ($_POST['payment_status'] != 'Completed') { 
    // simply ignore any IPN that is not completed
    exit(0); 
}

// 2. Make sure seller email matches your primary account email.
if ($_POST['receiver_email'] != 'seller@my-domain.com') {
    $errmsg .= "'receiver_email' does not match: ";
    $errmsg .= $_POST['receiver_email']."\n";
}

// 3. Make sure the amount(s) paid match
if ($_POST['mc_gross'] != ''.$price.'') {   //made this a variable to match mc_gross
    $errmsg .= "'mc_gross' does not match: ";
    $errmsg .= $_POST['mc_gross']."\n";
}

// 4. Make sure the currency code matches
if ($_POST['mc_currency'] != 'USD') {
    $errmsg .= "'mc_currency' does not match: ";
    $errmsg .= $_POST['mc_currency']."\n";
}

// 5. Ensure the transaction is not a duplicate.
mysql_connect('localhost', 'user', 'pass') or exit(0);
mysql_select_db('premier_pgf') or exit(0);

$txn_id = mysql_real_escape_string($_POST['txn_id']);
$sql = "SELECT COUNT(*) FROM futures_paypal_regs WHERE txn_id = '$txn_id'";
$r = mysql_query($sql);

if (!$r) {
    error_log(mysql_error());

    exit(0);
}

$exists = mysql_result($r, 0);
mysql_free_result($r);

if ($exists) {
    $errmsg .= "'txn_id' has already been processed: ".$_POST['txn_id']."\n";
}

if (!empty($errmsg)) {

    // manually investigate errors from the fraud checking
    $body = "IPN failed fraud checks: \n$errmsg\n\n";
    $body .= $listener->getTextReport();

} else {

    // add this order to a table of completed orders
    $payer_email = mysql_real_escape_string($_POST['payer_email']);
    $mc_gross = mysql_real_escape_string($_POST['mc_gross']);
    $item_number = mysql_real_escape_string($_POST['item_number']);
    $item_name = mysql_real_escape_string($_POST['item_name']);
    $payment_date = mysql_real_escape_string($_POST['payment_date']);
    $first_name = mysql_real_escape_string($_POST['first_name']);
    $last_name = mysql_real_escape_string($_POST['last_name']);
    $address_street = mysql_real_escape_string($_POST['address_street']);
    $address_city = mysql_real_escape_string($_POST['address_city']);
    $address_state = mysql_real_escape_string($_POST['address_state']);
    $address_zip = mysql_real_escape_string($_POST['address_zip']);
    $payer_buisness_name = mysql_real_escape_string($_POST['payer_buisness_name']);
    $payment_status = mysql_real_escape_string($_POST['payment_status']);

//need to grab variables from db
$choice = @mysql_query("SELECT * 
    FROM players
WHERE pid = '". $item_number."'");
    if (!$choice) {
    die('<p>Error retrieving Teams from database!<br />'.
    'Error: ' . mysql_error(). '</p>');
    }

    while ($Team = mysql_fetch_array($choice)) {
      $pid = $Team['pid'];
    }
// end of db grab       

    $sql = "INSERT INTO player_paypal_regs SET 
paid_regs ='Y',
player_id ='$item_number', 
first_name ='$first_name', 
last_name ='$last_name', 
address_street ='$address_street', 
address_city ='$address_city',
    address_state ='$address_state', 
address_zip ='$address_zip', 
payment_date='$payment_date', 
payer_email='$payer_email', 
item_name='$item_name', 
item_number ='$item_number', 
payer_business_name ='$payer_business_name', 
payment_status ='$payment_status', 
txn_id ='$txn_id', 
mc_gross ='$mc_gross'
";


    if (!mysql_query($sql)) {
        error_log(mysql_error());
        exit(0);
    }

    // send user an email with a link to their digital download
    $to = filter_var($_POST['payer_email'], FILTER_SANITIZE_EMAIL);
    $subject = "Your PGF acceptance certificate is ready";
    mail($to, "Thank you for choosing PGF", "Log on to your PGF Team account to print your team's Acceptance Certificate");
    }

    } else {
// manually investigate the invalid IPN
mail('me@mydomain.com', 'Invalid IPN', $listener->getTextReport());
    }
?>

听众

<?php
/**
*  PayPal IPN Listener
*
*  A class to listen for and handle Instant Payment Notifications (IPN) from 
*  the PayPal server.
*
*  https://github.com/Quixotix/PHP-PayPal-IPN
*
*  @package    PHP-PayPal-IPN
*  @author     Micah Carrick
*  @copyright  (c) 2012 - Micah Carrick
*  @version    2.1.0
*/
class IpnListener {

/**
 *  If true, the recommended cURL PHP library is used to send the post back 
 *  to PayPal. If flase then fsockopen() is used. Default true.
 *
 *  @var boolean
 */
public $use_curl = true;     

/**
 *  If true, explicitly sets cURL to use SSL version 3. Use this if cURL
 *  is compiled with GnuTLS SSL.
 *
 *  @var boolean
 */
public $force_ssl_v3 = true;     

/**
 *  If true, cURL will use the CURLOPT_FOLLOWLOCATION to follow any 
 *  "Location: ..." headers in the response.
 *
 *  @var boolean
 */
public $follow_location = false;     

/**
 *  If true, an SSL secure connection (port 443) is used for the post back 
 *  as recommended by PayPal. If false, a standard HTTP (port 80) connection
 *  is used. Default true.
 *
 *  @var boolean
 */
public $use_ssl = true;      

/**
 *  If true, the paypal sandbox URI www.sandbox.paypal.com is used for the
 *  post back. If false, the live URI www.paypal.com is used. Default false.
 *
 *  @var boolean
 */

//public $use_sandbox = false; 
public $use_sandbox = true; 

/**
 *  The amount of time, in seconds, to wait for the PayPal server to respond
 *  before timing out. Default 30 seconds.
 *
 *  @var int
 */
public $timeout = 30;       

private $post_data = array();
private $post_uri = '';     
private $response_status = '';
private $response = '';

const PAYPAL_HOST = 'www.paypal.com';
const SANDBOX_HOST = 'www.sandbox.paypal.com';

/**
 *  Post Back Using cURL
 *
 *  Sends the post back to PayPal using the cURL library. Called by
 *  the processIpn() method if the use_curl property is true. Throws an
 *  exception if the post fails. Populates the response, response_status,
 *  and post_uri properties on success.
 *
 *  @param  string  The post data as a URL encoded string
 */
protected function curlPost($encoded_data) {

    if ($this->use_ssl) {
        $uri = 'https://'.$this->getPaypalHost().'/cgi-bin/webscr';
        $this->post_uri = $uri;
    } else {
        $uri = 'http://'.$this->getPaypalHost().'/cgi-bin/webscr';
        $this->post_uri = $uri;
    }

    $ch = curl_init();

    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
    curl_setopt($ch, CURLOPT_CAINFO, 
                        dirname(__FILE__)."/cert/api_cert_chain.crt");
    curl_setopt($ch, CURLOPT_URL, $uri);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $encoded_data);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, $this->follow_location);
    curl_setopt($ch, CURLOPT_TIMEOUT, $this->timeout);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_HEADER, true);

//changed 10-17-2014     
if ($this->force_ssl_v3) {
        curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'SSLv3');
} else {
        curl_setopt($ch, CURLOPT_SSLVERSION, 3);
}

    $this->response = curl_exec($ch);
    $this->response_status = strval(curl_getinfo($ch, CURLINFO_HTTP_CODE));

    if ($this->response === false || $this->response_status == '0') {
        $errno = curl_errno($ch);
        $errstr = curl_error($ch);
        throw new Exception("cURL error: [$errno] $errstr");
    }
}

/**
 *  Post Back Using fsockopen()
 *
 *  Sends the post back to PayPal using the fsockopen() function. Called by
 *  the processIpn() method if the use_curl property is false. Throws an
 *  exception if the post fails. Populates the response, response_status,
 *  and post_uri properties on success.
 *
 *  @param  string  The post data as a URL encoded string
 */
protected function fsockPost($encoded_data) {

    if ($this->use_ssl) {
        $uri = 'ssl://'.$this->getPaypalHost();
        $port = '443';
        $this->post_uri = $uri.'/cgi-bin/webscr';
    } else {
        $uri = $this->getPaypalHost(); // no "http://" in call to fsockopen()
        //$port = '80';
        $port = '30';
        $this->post_uri = 'http://'.$uri.'/cgi-bin/webscr';
    }

    $fp = fsockopen($uri, $port, $errno, $errstr, $this->timeout);

    if (!$fp) { 
        // fsockopen error
        throw new Exception("fsockopen error: [$errno] $errstr");
    } 

    $header = "POST /cgi-bin/webscr HTTP/1.1\r\n";
    $header .= "Host: ".$this->getPaypalHost()."\r\n";
    $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
    $header .= "Content-Length: ".strlen($encoded_data)."\r\n";
    $header .= "Connection: Close\r\n\r\n";

    fputs($fp, $header.$encoded_data."\r\n\r\n");

    while(!feof($fp)) { 
        if (empty($this->response)) {
            // extract HTTP status from first line
            $this->response .= $status = fgets($fp, 1024); 
            $this->response_status = trim(substr($status, 9, 4));
        } else {
            $this->response .= fgets($fp, 1024); 
        }
    } 

    fclose($fp);
}

private function getPaypalHost() {
    if ($this->use_sandbox) return self::SANDBOX_HOST;
    else return self::PAYPAL_HOST;
}

/**
 *  Get POST URI
 *
 *  Returns the URI that was used to send the post back to PayPal. This can
 *  be useful for troubleshooting connection problems. The default URI
 *  would be "ssl://www.sandbox.paypal.com:443/cgi-bin/webscr"
 *
 *  @return string
 */
public function getPostUri() {
    return $this->post_uri;
}

/**
 *  Get Response
 *
 *  Returns the entire response from PayPal as a string including all the
 *  HTTP headers.
 *
 *  @return string
 */
public function getResponse() {
    return $this->response;
}

/**
 *  Get Response Status
 *
 *  Returns the HTTP response status code from PayPal. This should be "200"
 *  if the post back was successful. 
 *
 *  @return string
 */
public function getResponseStatus() {
    return $this->response_status;
}

/**
 *  Get Text Report
 *
 *  Returns a report of the IPN transaction in plain text format. This is
 *  useful in emails to order processors and system administrators. Override
 *  this method in your own class to customize the report.
 *
 *  @return string
 */
public function getTextReport() {

    $r = '';

    // date and POST url
    for ($i=0; $i<80; $i++) { $r .= '-'; }
    $r .= "\n[".date('m/d/Y g:i A').'] - '.$this->getPostUri();
    if ($this->use_curl) $r .= " (curl)\n";
    else $r .= " (fsockopen)\n";

    // HTTP Response
    for ($i=0; $i<80; $i++) { $r .= '-'; }
    $r .= "\n{$this->getResponse()}\n";

    // POST vars
    for ($i=0; $i<80; $i++) { $r .= '-'; }
    $r .= "\n";

    foreach ($this->post_data as $key => $value) {
        $r .= str_pad($key, 25)."$value\n";
    }
    $r .= "\n\n";

    return $r;
}

/**
 *  Process IPN
 *
 *  Handles the IPN post back to PayPal and parsing the response. Call this
 *  method from your IPN listener script. Returns true if the response came
 *  back as "VERIFIED", false if the response came back "INVALID", and 
 *  throws an exception if there is an error.
 *
 *  @param array
 *
 *  @return boolean
 */    
public function processIpn($post_data=null) {

    $encoded_data = 'cmd=_notify-validate';

    if ($post_data === null) { 
        // use raw POST data 
        if (!empty($_POST)) {
            $this->post_data = $_POST;
            $encoded_data .= '&'.file_get_contents('php://input');
        } else {
            throw new Exception("No POST data found.");
        }
    } else { 
        // use provided data array
        $this->post_data = $post_data;

        foreach ($this->post_data as $key => $value) {
            $encoded_data .= "&$key=".urlencode($value);
        }
    }

    if ($this->use_curl) $this->curlPost($encoded_data); 
    else $this->fsockPost($encoded_data);
    if (strpos($this->response_status, '200') === false) { 
        throw new Exception("Invalid response status: ".$this->response_status);
    }


    if (strpos($this->response, "VERIFIED") !== false) { 
        return true;
    } elseif (strpos($this->response, "INVALID") !== false) { 
        return false;
    } else {
        throw new Exception("Unexpected response from PayPal.");
    }
}

/**
 *  Require Post Method
 *
 *  Throws an exception and sets a HTTP 405 response header if the request
 *  method was not POST. 
 */    
public function requirePostMethod() {
    // require POST requests
    if ($_SERVER['REQUEST_METHOD'] && $_SERVER['REQUEST_METHOD'] != 'POST') {
        header('Allow: POST', true, 405);
        throw new Exception("Invalid HTTP request method.");
    }
  }
}

2 个答案:

答案 0 :(得分:0)

只需使用print_r($_POST)

检查您是否从PayPal接收任何数据

答案 1 :(得分:0)

以下是将焦点加到价格上的代码部分。

// 3. Make sure the amount(s) paid match
if ($_POST['mc_gross'] != ''.$price.'') {   //made this a variable to match mc_gross
$errmsg .= "'mc_gross' does not match: ";
$errmsg .= $_POST['mc_gross']."\n";
}