所以,我有一个脚本,paypal-listener.php。它使用PaypalIPN类来验证付款。现在,当我使用模拟器时,它说握手成功,它甚至将模拟信息放入我的数据库。但是,当我尝试在沙盒上使用它时,我的脚本失败了。这是HTML:
<form action="<?php echo $pplink; ?>" method="post">
<input type="hidden" name="business" value="info@inmatescribes.com">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="amount" value="10.00">
<input type="hidden" name="item_number" value="1-
<?php echo $row['customer_id'] ?>">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="transaction_subject"
value="1,000 Credit Fill Up">
<input type="hidden" name="item_name" value="1,000 Credit Fill Up">
<!--Custom code for the site user's ID-->
<input type="hidden" name="custom" value="
<?php echo $_SESSION['customer_id']; ?>">
<input type="hidden" name="return"
value="http://www.i-scribes.com/inmatescribes/payment-complete.php">
<input type="hidden" name="cancel_return"
value="http://www.i-scribes.com/inmatescribes/payment-cancel.php">
<input type="image" name="submit" border="0"
src="https://www.paypalobjects.com/webstatic/en_US
/i/btn/png/btn_buynow_107x26.png" alt="Buy Now">
<img alt="" border="0" width="1" height="1"
src="https://www.paypalobjects.com/
en_US/i/scr/pixel.gif">
</form>
我的PHP类是:
<?php
class PaypalIPN
{
/**
* @var bool $use_sandbox -- Indicates if the sandbox endpoint is used.
*/
private $use_sandbox = false;
/**
* @var bool $use_local_certs Indicates if the local certificates are used.
*/
private $use_local_certs = true;
/** Production Postback URL */
const VERIFY_URI = 'https://ipnpb.paypal.com/cgi-bin/webscr';
/** Sandbox Postback URL */
const SANDBOX_VERIFY_URI = 'https://ipnpb.sandbox.paypal.com/cgi-bin/webscr';
/** Response from PayPal indicating validation was successful */
const VALID = 'VERIFIED';
/** Response from PayPal indicating validation failed */
const INVALID = 'INVALID';
/**
* Sets the IPN verification to sandbox mode (for use when testing,
* should not be enabled in production).
* @return void
*/
public function useSandbox()
{
$this->use_sandbox = true;
}
/**
* Sets curl to use php curl's built in certs (may be required in some
* environments).
* @return void
*/
public function usePHPCerts()
{
$this->use_local_certs = false;
}
/**
* Determine endpoint to post the verification data to.
* @return string
*/
public function getPaypalUri()
{
if ($this->use_sandbox) {
return self::SANDBOX_VERIFY_URI;
} else {
return self::VERIFY_URI;
}
}
/**
* Verification Function
* Sends the incoming post data back to PayPal using the cURL library.
*
* @return bool
* @throws Exception
*/
public function verifyIPN()
{
if ( ! count($_POST)) {
throw new Exception("Missing POST Data");
}
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
$keyval = explode('=', $keyval);
if (count($keyval) == 2) {
// Since we do not want the plus in the datetime string to be encoded to a space, we manually encode it.
if ($keyval[0] === 'payment_date') {
if (substr_count($keyval[1], '+') === 1) {
$keyval[1] = str_replace('+', '%2B', $keyval[1]);
}
}
$myPost[$keyval[0]] = urldecode($keyval[1]);
}
}
// Build the body of the verification post request, adding the _notify-validate command.
$req = 'cmd=_notify-validate';
$get_magic_quotes_exists = false;
if (function_exists('get_magic_quotes_gpc')) {
$get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {
if ($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
$value = urlencode(stripslashes($value));
} else {
$value = urlencode($value);
}
$req .= "&$key=$value";
}
// Post the data back to PayPal, using curl. Throw exceptions if errors occur.
$ch = curl_init($this->getPaypalUri());
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSLVERSION, 6);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
// This is often required if the server is missing a global cert bundle, or is using an outdated one.
if ($this->use_local_certs) {
curl_setopt($ch, CURLOPT_CAINFO, __DIR__ . "/cert/cacert.pem");
}
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
$res = curl_exec($ch);
if ( ! ($res)) {
$errno = curl_errno($ch);
$errstr = curl_error($ch);
curl_close($ch);
throw new Exception("cURL error: [$errno] $errstr");
}
$info = curl_getinfo($ch);
$http_code = $info['http_code'];
if ($http_code != 200) {
throw new Exception("PayPal responded with http code $http_code");
}
curl_close($ch);
// Check if PayPal verifies the IPN data, and if so, return true.
if ($res == self::VALID) {
return true;
} else {
return false;
}
}
}`
And my actual listener is:
`<?php
namespace Listener;
require( 'PaypalIPN.php' );
require('db-connect.php');
use PaypalIPN;
$ipn = new PaypalIPN();
// Use the sandbox endpoint during testing.
$ipn->useSandbox();
$verified = $ipn->verifyIPN();
if ( $verified ) {
$array = $_POST;
$arrayDump = json_encode( $array );
file_put_contents( 'payment-record.txt', $arrayDump );
// Now lets get those files back out.
$fileContents = file_get_contents( 'payment-record.txt' );
// Put them back in a usable array
$pp_array = json_decode( $fileContents, true );
// Now we need to decode that string...
$vals = array();
// Now lets get the item number and customer ID by exploding that string from "custom"; this can be anything we like, and in most instances, it will be customer_id and product_id
// Or, as we call them, "package_id"'s
$item_info = $pp_array[ 'item_number1' ];
// Split these two strings from "item_number"-- the first number is the package id, the second is the customer_id
$strings = explode( "-", $item_info );
// Get the package # that was bought -- correlated to "paypal_packages" table and row "package_id".
$package_bought = $strings[ 0 ];
// Get the customer ID
$cid = $strings[ 1 ];
// Enter all the relevant info into this array.
$vals[ 'customer_id' ] = $cid;
$vals[ 'amount_paid' ] = $pp_array[ 'mc_gross' ];
$vals[ 'pp_payer_id' ] = $pp_array[ 'payer_id' ];
$vals[ 'package_bought' ] = $package_bought;
$vals[ 'buyer_email' ] = $pp_array[ 'payer_email' ];
$vals[ 'paypal_fee' ] = $pp_array[ 'payment_fee' ];
$vals[ 'buyer_l_name' ] = $pp_array[ 'last_name' ];
$vals[ 'buyer_f_name' ] = $pp_array[ 'first_name' ];
// I have my custom field set to be the actual customer who made the order for the inamte. This is from the session variable.
$vals[ 'online_customer_id' ] = intval( $pp_array[ 'custom' ] );
// If the payment is complete, make it so on the database.
if ( $pp_array[ 'payment_status' ] == "Completed" ) {
$vals[ 'pp_payment_status' ] = 1;
}
$vals[ 'finished' ] = 0;
$vals[ 'array_dump' ] = $arrayDump;
$vals[ 'date_entered' ] = mktime();
$db->insertRecords( "paypal_payments", $vals );
}
// Reply with an empty 200 response to indicate to paypal the IPN was received correctly.
header( "HTTP/1.1 200 OK" );
?>