IPN验证回发到HTTPS

时间:2016-06-02 10:33:46

标签: php paypal

我的PHP代码目前使用以下内容回发到PayPal。如何更新此项以满足新的付款安全标准生效?

$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) 
{
  $value = urlencode(stripslashes($value));
  $req .= "&$key=$value";
}
// post back to PayPal system to validate
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);

if (!$fp) 
{
  //an error occurred...
} 

else 
{
  fputs ($fp, $header . $req);

  while (!feof($fp)) 
  {
    $res = fgets ($fp, 1024);

    if(strcmp ($res, "VERIFIED") == 0) 
    {
      //all is well...
    }
  }
}

4 个答案:

答案 0 :(得分:1)

要启用IPN验证回传到HTTPS,请按以下步骤更改您的代码,

$fp = fsockopen( 'tls://ipnpb.paypal.com', 443, $errno, $errstr, 30);

PayPal建议在生产环境中使用ipnpb.paypal.com端点。

此外,您需要将HTTP / 1.0更改为HTTP / 1.1以符合PayPal升级。

您需要提交的标题,

$header = "POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .= "Host: www.paypal.com\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen( $req ) . "\r\n";
$header .= "Connection: close\r\n\r\n";

对于沙箱更改,

 $header .= "Host: www.paypal.com\r\n";


$header .= "Host: www.sandbox.paypal.com\r\n";

答案 1 :(得分:1)

还有一些事情需要做:

  • 您还在使用HTTP / 1.0;你需要切换到HTTP / 1.1。
  • 您需要切换到使用TLS。

现在大多数PHP设置都应该安装cURL,所以最简单的方法就是使用cURL。为此,代码的最后四行将更改为以下内容:

dataLabels: {
  formatter: function() {
    return this.y > 0 ? this.y : '';
  }
}

答案 2 :(得分:0)

上面建议的新代码现在有机会进行测试。

这不起作用:

// read the post from PayPal system and add 'cmd'

$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) 
{
  $value = urlencode(stripslashes($value));

  $req .= "&$key=$value";
}

// post back to PayPal system to validate

$header = "POST /cgi-bin/webscr HTTP/1.1\r\n";

$header .= "Content-Type: application/x-www-form-urlencoded\r\n";

$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

$fp = fsockopen( 'tls://ipnpb.paypal.com', 443, $errno, $errstr, 30);

这是有效的:

// read the post from PayPal system and add 'cmd'

$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) 
{
  $value = urlencode(stripslashes($value));

  $req .= "&$key=$value";
}

// post back to PayPal system to validate

$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";

$header .= "Content-Type: application/x-www-form-urlencoded\r\n";

$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);

如何使用HTTP / 1.0并发布到www.paypal.com而不是使用HTTP / 1.1并发布到tls://ipnpb.paypal.com?

答案 3 :(得分:0)

我对Paypal IPN验证和使用此代码有类似的问题

//回发到PayPal系统验证



 
// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);




如果我正确理解了解决方案,新代码应该是

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .= "Host: ipnpb.paypal.com\r\n";
$header .= "Connection: close\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen( 'tls://ipnpb.paypal.com', 443, $errno, $errstr, 30);
相关问题
最新问题