Question

我有一个IPN，它正确地将消息发送到我的文件，我已经确认我收到了它们，首先是我的代码：

echo "test";
// Response from Paypal

// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
    $value = urlencode(stripslashes($value));
    $value = preg_replace('/(.*[^%^0^D])(%0A)(.*)/i','${1}%0D%0A${3}',$value);// IPN fix
    $req .= "&$key=$value";
}

// assign posted variables to local variables
$data['item_name']          = $_POST['item_name'];
$data['item_number']        = $_POST['item_number'];
$data['payment_status']     = $_POST['payment_status'];
$data['payment_amount']     = $_POST['mc_gross'];
$data['payment_currency']   = $_POST['mc_currency'];
$data['txn_id']             = $_POST['txn_id'];
$data['receiver_email']     = $_POST['receiver_email'];
$data['payer_email']        = $_POST['payer_email'];
$data['custom']             = $_POST['custom'];

// post back to PayPal system to validate
$header  = "POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .= "Host: www.sanbox.paypal.com\r\n";
$header .= "Accept: */*\r\n";
$header .= "Connection: Close\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "\r\n";

$fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30); 
if ($fp === FALSE) {
exit("Could not open socket");
}else{
if (!$fp) {
    echo "Error code: 200";
}else{

    fputs ($fp, $header . $req);
$res = stream_get_contents($fp, 2048);
echo "test2";
$res = trim($res);
        if (strcmp($res, "VERIFIED") == 0){
        echo "test3";
            // Used for debugging
            //@mail("you@youremail.com", "PAYPAL DEBUGGING", "Verified Response<br />data = <pre>".print_r($post, true)."</pre>");

            // Validate payment (Check unique txnid & correct price)
            $valid_txnid = check_txnid($data['txn_id']);
            $valid_price = check_price($data['payment_amount'], $data['item_number']);
            // PAYMENT VALIDATED & VERIFIED!
            if($valid_txnid && $valid_price){
                $orderid = updatePayments($data);       
                if($orderid){       
                   echo "thanks for your payment!";
                   $lel = mysqli_query($con,"UPDATE stats SET stats.bankedgold = 10000 WHERE stats.id = $id4");
                    // Payment has been made & successfully inserted into the Database                              
                }else{                          
                    echo "Error code: 100";
                    // E-mail admin or alert user
                }
            }else{
                echo "Error code: 130";
                // Payment made but data has been changed
                // E-mail admin or alert user
            }                       

        }else if (strcmp ($res, "INVALID") == 0) {
             echo "Error code: 170";
            // PAYMENT INVALID & INVESTIGATE MANUALY! 
            // E-mail admin or alert user

            // Used for debugging
            //@mail("you@youremail.com", "PAYPAL DEBUGGING", "Invalid     Response<br />data = <pre>".print_r($post, true)."</pre>");
        }       
    echo strcmp($res,"VERIFIED" == 0);      
fclose ($fp);
}   

}
}

现在，$ res的var_dump给出：

HTTP/1.1 200 OK
Date: Mon, 02 Mar 2015 11:24:35 GMT 
Server: Apache X-Frame-  
Options: SAMEORIGIN 
Set-Cookie: <REDACTED_FOR_PRIVACY>
Set-Cookie: navcmd=_notify-validate; domain=.paypal.com; path=/; Secure; HttpOnly 
Set-Cookie: navlns=0.0; expires=Wed, 01-Mar-2017 11:24:35 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: Apache=10.72.108.11.1425295475397401; path=/; expires=Wed, 22-Feb-45 11:24:35 GMT
Vary: Accept-Encoding,User-Agent Connection: close 
Set-Cookie: <REDACTED_FOR_PRIVACY>
Set-Cookie: X-PP-SILOVER=; Expires=Thu, 01 Jan 1970 00:00:01 GMT    
Set-Cookie: Apache=10.72.128.11.1425295475383817; path=/; expires=Wed, 22-Feb-45 11:24:35 GMT
Strict-Transport-Security: max-age=14400 
Transfer-Encoding: chunked 
Content-Type: text/html; charset=UTF-8 8

VERIFIED 0

但是我需要它说只有VERIFIED或INVALID所以我可以决定从那里做什么。

对我来说，一个简单的解决方法是添加“strpos”并查看它是否包含单词但我想与您的专家核实这将是一个很好的解决方案吗？

Answer 1

PayPal已开始使用HTTP / 1.1发送其响应。除其他外，这意味着您在回复中获得Transfer-Encoding: chunked。

分块编码需要解析。通常它看起来像这样：

8
VERIFIED

0

翻译，这给出了＃8;长度为8 = VERIFIED ||的块长度为0的块=流的结束＆＃34;

如果您无法解析此响应，则可以尝试通过在验证响应中指定HTTP/1.0来强制PayPal不使用分块编码。或者，使用更好的库（如cURL）为您进行解析 - PayPal的演示IPN代码是为非常旧版本的PHP编写的，或者至少有一个没有启用扩展。似乎程序员不知道http_build_query函数来正确编码$req验证数据，这真的很难过。您认为PayPal可以负担得起的开发人员_{^{* ahem *}}但是无论如何......我个人已经解决了＃34;只需阅读Content-Length标题 - PayPal可以在此发送的所有响应都有不同的长度。作弊，但它的确有效。

希望这会有所帮助：）

Answer 2

更改此行：

$value = urlencode(stripslashes($value));

对此：

$value = urlencode($value);

如果您使用Magic Quotes运行PHP，则只需要在那里使用stripslashes。从PHP 5.4开始，（谢天谢地）就不再可能了。

Paypal允许用户数据包含反斜杠（我在address_street变量中的IPN数据中看到过）。如果从具有它们的IPN数据中剥离反斜杠，Paypal将返回INVALID响应。

PayPal IPN验证

2 个答案: