Paypal IPN PHP脚本无法插入数据库

时间:2015-06-24 19:59:30

标签: php mysql paypal

我读了一些试图解决我的问题的答案,但没有任何效果。以下代码来自https://github.com/Quixotix/PHP-PayPal-IPN

我已经做过的事情:

  • 在paypal设置ipn url(不是localhost);
  • 删除了“已完成”条件;
  • 删除了“txn_id”以及其他试图使其有效的条件;

即使我使用ipn模拟器,这些尝试都不适合我。

<?php

// tell PHP to log errors to ipn_errors.log in this directory
ini_set('log_errors', true);
ini_set('error_log', dirname(__FILE__).'/ipn_errors.log');

  // intantiate the IPN listener
include('PHP-PayPal-IPN-master/ipnlistener.php');
$listener = new IpnListener();

// tell the IPN listener to use the PayPal test sandbox
$listener->use_sandbox = true;

  // try to process the IPN POST
try {
    $listener->requirePostMethod();
    $verified = $listener->processIpn();
} catch (Exception $e) {
   error_log($e->getMessage());
   exit(0);
}

if ($verified) {

$errmsg = ' <br/>';   // stores errors from fraud checks

// 1. Make sure the payment status is "Completed" 
if ($_POST['payment_status'] != 'Completed') { 
    //simply ignore any IPN that is not completed
    exit(0); 
}

// 2. Make sure seller email matches your primary account email.
if ($_POST['receiver_email'] != 'seller@sandbox.com') {
    $errmsg .= "'receiver_email' does not match: ";
    $errmsg .= $_POST['receiver_email']."\n";
}

// 3. Make sure the amount(s) paid match
if ($_POST['mc_gross'] != '10') {
    $errmsg .= "'mc_gross' does not match: ";
    $errmsg .= $_POST['mc_gross']."\n";
}


// 4. Make sure the currency code matches
if ($_POST['mc_currency'] != 'USD') {
    $errmsg .= "'mc_currency' does not match: ";
    $errmsg .= $_POST['mc_currency']."\n";
}

// 5. Ensure the transaction is not a duplicate.
include_once("../includes/psl-config.php");
$mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);

$txn_id = mysqli_real_escape_string($mysqli, $_POST['txn_id']);
$sql = "SELECT COUNT(*) FROM paypal WHERE txn_id = '$txn_id'";
$r = mysqli_query($mysqli, $sql);

if (!$r) {
    error_log(mysqli_error($mysqli));
    exit(0);
}

$exists = $r;

if ($exists) {
    $errmsg .= "'txn_id' has already been processed: ".$_POST['txn_id']."\n";
} */

if (!empty($errmsg)) {

    // manually investigate errors from the fraud checking
    $body = "IPN failed fraud checks: \n$errmsg\n\n";
    $body .= $listener->getTextReport();
    mail('habitodigital@hotmail.com', 'IPN Fraud Warning', $body);

} else {

    // add this order to a table of completed orders
    if (isset($_POST['item_number'])) {
        $item_number = $_POST['item_number'];
    }

if($stmt = $mysqli->prepare("INSERT INTO paypal (item_number) VALUES (?)")){
            $stmt->bind_param('s', $item_number);
            $stmt->execute();   
        }else{
            $errmsg .= "Error trying to insert into DB<br/>";
            error_log(mysqli_error($mysqli));
        }                               

    // free user ads here
}

} else {
   // manually investigate the invalid IPN
   mail('habitodigital@hotmail.com', 'Invalid IPN', $listener->getTextReport());
}

?>

我一直收到欺诈邮件。有时候它会给我带来txn_id已经被处理了,但是如果没有插入数据库,怎么检查呢?

1 个答案:

答案 0 :(得分:0)

当脚本为IPN验证返回INVALID时,您似乎收到了欺诈电子邮件,

$verified = $listener->processIpn();

IPN验证只有在发回PayPal时才会通过,与发送到您服务器的内容完全相同,除了真实的欺诈案例或恶意篡改数据外,语言编码很可能会导致差异。 PayPal与您的网站之间的IPN数据,最终导致无效结果。

最佳做法是,您可能需要检查您的PayPal帐户编码设置并将其设置为UTF-8,以确保所有类型的字符都可以正确格式化并避免验证失败。

  

登录PayPal帐户&gt;我的帐户&gt;个人资料&gt;语言编码&gt;更多选项