我的域名是否需要HTTPS才能立即使用PayPal标准付款?

时间:2016-05-27 11:24:53

标签: php paypal paypal-ipn

我对此非常困惑,已联系PayPal,但根本没有得到任何明确答案。还搜索过,但只找到旧的答案(在PayPal的最后路线图之前。)

对不起,如果这是基本的话。我仍然没有找到任何明确的信息让我保持最新。可能只是对词语和含义有些混淆(英语不是我母亲的想法。)

关于PayPal的更新:https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1916&viewlocale=en_US

1)我现在是否需要在我的域上使用HTTPS?(PayPal标准付款)

2)我需要在其他地方进行哪些更改?

因此,我使用隐藏表单将购买信息发布到PayPal。像这样:

<form name='form' action='https://www.paypal.com/cgi-bin/webscr' method='post' target='_top'>

        <input type='hidden' name='cmd' value='_xclick'>
        <input type='hidden' name='business' value='$MerchantId'>
        <input type='hidden' name='item_name' value='$Descripton'>
        <input type='hidden' name='return' value='$BackUrl&show=back'>
        <input type='hidden' name='cancel_return' value='$CancelUrl'>
        <input type='hidden' name='no_note' value='1'>
        <input type='hidden' name='currency_code' value='$Currency'>
        <input type='hidden' name='lc' value='US'>
        <input type='hidden' name='bn' value='PP-BuyNowBF'>
        <input type='hidden' name='amount' value='$GrandTotal'>
        <input type='hidden' name='notify_url' value='$BackUrl&payment=ipn&i=1'>


        <div align='center'>
        <div id='payNow1'>
            <div id=payNowLogo><img src='$ImgPath/paypal_logo.gif'></div>
            <div id=payNowContent>$IPNdesc</div>
            <div id=payNowButton><input type='submit' value='$IPNpay' id='payNowSubmit'></div>
    </div>
    </div>
    </form>

此站点仅限HTTP,因此notify_url仅为HTTP。

这是我的IPN接收器和处理程序的代码:

else {

// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";

注意:现在必须 HTTP / 1.1 ???? 

$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);

// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];

// mc_currency = CAD
// payment_status = Completed

if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
// check the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment


if(stristr(urldecode($_POST['item_name']),"#") && ($_POST['payment_status'] == 'Completed' || $_POST['payment_status'] == 'Pending')){
//echo $req.'<hr>'.urldecode($Kcart_order_id);

$idTransakcji = explode("#",urldecode($_POST['item_name']));
$orderId = explode("#",$_REQUEST['item_name']);

            // check if payment's amount is correct.
            if(checkPayment($orderId[1],$_REQUEST['mc_gross'],$_POST['mc_currency'])){
            // if result is TRUE, apply payment and finish.

                // applyPayment function will do everything to finish this order
                // it will send e-mails to admin/customer, if items were downloadable
                // links will be attached to mail and will be shown in customer's status area
                // also, order will be signed as "paid" in database.

                // applyPayment('paid',Order ID,Order Amount,Currency - may be null,Transaction Id - from payment gate,IPN ID to assign how order was paid)
                applyPayment('paid',$orderId[1],$_REQUEST['mc_gross'],$_POST['mc_currency'],$_REQUEST['txn_id'],1);
                //echo "OK"; // only this message is valid for DotPay.

            }

} // endof if stristr #

}
else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
// mail_($adminEmail,"FAILED!","1");
}
}
fclose ($fp);
}

感谢您为我澄清这一点。我已尽力通过搜索获得正确答案,但这只会让我更加困惑。

1 个答案:

答案 0 :(得分:1)

受到官方Paypal人员的更正:

这是link you provided

  

为了提高安全性,只允许使用HTTPS   回发到PayPal。

     

此时,不需要HTTPS   在从PayPal到商家的IPN收听者的出站IPN呼叫中。

注意:我将句子分开以显示不同的背景......

  • “第一个”句子表示任何/所有来电使 Paypal 必须使用HTTPS (TLS 1.2) - 尽管似乎TSL 1.2要求已从2016年6月原定移至2017年6月。

    当您POST(返回)到Paypal 在验证步骤中you'll need to connect (POST) to Paypal using HTTPS

  • “第二句”表示你的notify_url仍然可以成为HTTP。 从Paypal 接收数据的网址仍然可以是HTTP

... H个

相关问题
最新问题