Question

我的PHP代码目前使用以下内容回发到PayPal。如何更新此项以满足新的付款安全标准生效？

$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) 
{
  $value = urlencode(stripslashes($value));
  $req .= "&$key=$value";
}
// post back to PayPal system to validate
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);

if (!$fp) 
{
  //an error occurred...
} 

else 
{
  fputs ($fp, $header . $req);

  while (!feof($fp)) 
  {
    $res = fgets ($fp, 1024);

    if(strcmp ($res, "VERIFIED") == 0) 
    {
      //all is well...
    }
  }
}

Answer 1

要启用IPN验证回传到HTTPS，请按以下步骤更改您的代码，

$fp = fsockopen( 'tls://ipnpb.paypal.com', 443, $errno, $errstr, 30);

PayPal建议在生产环境中使用ipnpb.paypal.com端点。

此外，您需要将HTTP / 1.0更改为HTTP / 1.1以符合PayPal升级。

您需要提交的标题，

$header = "POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .= "Host: www.paypal.com\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen( $req ) . "\r\n";
$header .= "Connection: close\r\n\r\n";

对于沙箱更改，

 $header .= "Host: www.paypal.com\r\n";

到

$header .= "Host: www.sandbox.paypal.com\r\n";

Answer 2

还有一些事情需要做：

您还在使用HTTP / 1.0;你需要切换到HTTP / 1.1。
您需要切换到使用TLS。

现在大多数PHP设置都应该安装cURL，所以最简单的方法就是使用cURL。为此，代码的最后四行将更改为以下内容：

dataLabels: {
  formatter: function() {
    return this.y > 0 ? this.y : '';
  }
}

Answer 3

上面建议的新代码现在有机会进行测试。

这不起作用：

// read the post from PayPal system and add 'cmd'

$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) 
{
  $value = urlencode(stripslashes($value));

  $req .= "&$key=$value";
}

// post back to PayPal system to validate

$header = "POST /cgi-bin/webscr HTTP/1.1\r\n";

$header .= "Content-Type: application/x-www-form-urlencoded\r\n";

$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

$fp = fsockopen( 'tls://ipnpb.paypal.com', 443, $errno, $errstr, 30);

这是有效的：

// read the post from PayPal system and add 'cmd'

$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) 
{
  $value = urlencode(stripslashes($value));

  $req .= "&$key=$value";
}

// post back to PayPal system to validate

$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";

$header .= "Content-Type: application/x-www-form-urlencoded\r\n";

$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);

如何使用HTTP / 1.0并发布到www.paypal.com而不是使用HTTP / 1.1并发布到tls：//ipnpb.paypal.com？

Answer 4

我对Paypal IPN验证和使用此代码有类似的问题

//回发到PayPal系统验证

＆＃13;

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);

＆＃13;

如果我正确理解了解决方案，新代码应该是

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .= "Host: ipnpb.paypal.com\r\n";
$header .= "Connection: close\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen( 'tls://ipnpb.paypal.com', 443, $errno, $errstr, 30);

IPN验证回发到HTTPS

4 个答案: