我正在编辑Ultimate Frisbee组织的网站,当用户尝试登录时,我需要验证会员付款。
为此,我使用PHP Paypal API(NVP版本,而非SOAP版本)向Paypal发送请求(称为TransactionSearch),要求从开始日期开始使用特定电子邮件地址进行交易。这里的问题是Paypal返回我的请求是成功但没有结果。如果我在paypal网站上登录并尝试执行相同的搜索,它会让我回复我想要的交易。
以下是创建要发送给paypal的参数字符串以及响应分析的代码。
$nvpStr; //The parameters string to send to paypal (will contain the start date and the email address)
if (date('m') < 9)
$startDateStr= '08/01/' . (date('y') - 1); //the 1st of april of last year
else
$startDateStr= '08/01/' . date('y'); //the 1st of april this year
if(isset($startDateStr)) {
$start_time = strtotime($startDateStr);
$iso_start = date('Y-m-d\T00:00:00\Z', $start_time);
$nvpStr="&STARTDATE=$iso_start"; //we apply the format paypal requires
}
$nvpStr .= "&EMAIL=" . $_SESSION['Email']; //the user's email address
/* Make the API call to PayPal, using API signature.
The API response is stored in an associative array called $resArray */
$resArray = PPHttpPost("TransactionSearch", $nvpStr);
/* After that we check the values returned by paypal to verify if there is a
transaction related to this email address after the 1st of April*/
这是paypal请求执行(代码直接来自paypal网站)。
session_start();
$environment = 'live'; //"live" or 'beta-sandbox' or 'sandbox'
/**
* Send HTTP POST Request
*
* @param string The API method name
* @param string The POST Message fields in &name=value pair format
* @return array Parsed HTTP Response body
*/
function PPHttpPost($methodName_, $nvpStr_) {
global $environment, $API_UserName, $API_Password, $API_Signature;
// Set up your API credentials, PayPal end point, and API version.
$API_UserName = urlencode($API_UserName);
$API_Password = urlencode($API_Password);
$API_Signature = urlencode($API_Signature);
$API_Endpoint = "https://api-3t.paypal.com/nvp";
if("sandbox" === $environment || "beta-sandbox" === $environment) {
$API_Endpoint = "https://api-3t.$environment.paypal.com/nvp";
}
$version = urlencode('51.0');
// Set the curl parameters.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $API_Endpoint);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
// Turn off the server and peer verification (TrustManager Concept).
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
// Set the API operation, version, and API signature in the request.
$nvpreq = "METHOD=$methodName_&VERSION=$version&PWD=$API_Password&USER=$API_UserName&SIGNATURE=$API_Signature$nvpStr_";
// Set the request as a POST FIELD for curl.
curl_setopt($ch, CURLOPT_POSTFIELDS, $nvpreq);
// Get response from the server.
$httpResponse = curl_exec($ch);
if(!$httpResponse) {
exit("$methodName_ failed: ".curl_error($ch).'('.curl_errno($ch).')');
}
// Extract the response details.
$httpResponseAr = explode("&", $httpResponse);
$httpParsedResponseAr = array();
foreach ($httpResponseAr as $i => $value) {
$tmpAr = explode("=", $value);
if(sizeof($tmpAr) > 1) {
$httpParsedResponseAr[$tmpAr[0]] = $tmpAr[1];
}
}
if((0 == sizeof($httpParsedResponseAr)) || !array_key_exists('ACK', $httpParsedResponseAr)) {
exit("Invalid HTTP Response for POST request($nvpreq) to $API_Endpoint.");
}
return $httpParsedResponseAr;
}
然后我为你var_dump一些变量:
//$nvpStr we use as the second parameter for the PPHttpPost (I hid the email address)
string(60) "&STARTDATE=2011-08-01T00:00:00Z&EMAIL=account@domain.com"
//$nvpreq we use to create the message to send to paypal (I hid the password, user and signature)
string(222) "METHOD=TransactionSearch&VERSION=51.0&PWD=XXX&USER=YYY&SIGNATURE=ZZZ&STARTDATE=2011-08-01T00:00:00Z&EMAIL=diableraph@hotmail.com"
//$resArray the response from paypal
array(5) {
["TIMESTAMP"]=>
string(28) "2011%2d12%2d07T17%3a55%3a13Z"
["CORRELATIONID"]=>
string(13) "8f1c9593e26c0"
["ACK"]=>
string(7) "Success"
["VERSION"]=>
string(6) "51%2e0"
["BUILD"]=>
string(7) "2230381"
}
//$resArray the response from paypal that works when I use the sandbox (I hid the email address)
array(16) {
["L_TIMESTAMP0"]=>
string(28) "2011%2d12%2d07T00%3a26%3a12Z"
["L_TIMEZONE0"]=>
string(3) "GMT"
["L_TYPE0"]=>
string(7) "Payment"
["L_EMAIL0"]=>
string(26) "account%40domain%2ecom"
["L_NAME0"]=>
string(24) "Raphael%20Royer%2dRivard"
["L_TRANSACTIONID0"]=>
string(17) "25V35432PY2041246"
["L_STATUS0"]=>
string(9) "Completed"
["L_AMT0"]=>
string(7) "20%2e00"
["L_CURRENCYCODE0"]=>
string(3) "CAD"
["L_FEEAMT0"]=>
string(9) "%2d0%2e88"
["L_NETAMT0"]=>
string(7) "19%2e12"
["TIMESTAMP"]=>
string(28) "2011%2d12%2d07T18%3a19%3a40Z"
["CORRELATIONID"]=>
string(13) "53733eef8b4e2"
["ACK"]=>
string(7) "Success"
["VERSION"]=>
string(6) "51%2e0"
["BUILD"]=>
string(7) "2230381"
}
对于我的测试,我使用的是PayPal沙箱而且它很棒(我们可以看到我们有一个交易)......我不知道为什么它不适用于真实的。我们可以看到,我的creedentials很好,因为它没有给我一个身份验证错误。