如何从IPN内部停止PayPal交易?

时间:2012-02-14 01:00:15

标签: php paypal payment-processing paypal-ipn

如果我检查的详细信息不正确,我希望能够停止交易。

我的代码示例

// check that receiver_email is your Primary PayPal email
if($_POST['receiver_email'] != "my_email@mail.co.uk") {
exit(); // exit script
}

我使用exit()但在使用sandbox.paypal.com进行测试时,如果电子邮件不正确且调用exit(),则交易仍会处理,实质上会为沙箱帐户提供资金。

1 个答案:

答案 0 :(得分:1)

如上所述,这当然是可能的。理想情况下,您希望从IPN处理程序卸载任何处理,以便IPN处理程序可以专注于从PayPal接收POST数据。
但您可以使用以下内容检查支付金额是否与预期金额相匹配,并在金额不同时自动退款。

例如(基于PayPal PHP示例代码,并快速抛出在一起)。 注意:此代码仅用于说明其背后的逻辑。

<?php

// Set this dynamically.
$amountToBeExpected = "0.99";


// PHP 4.1

// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);

// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];

if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
// check the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment


    if($payment_amount != $amountToBeExpected) {
        /** RefundTransaction NVP example; last modified 08MAY23.
         *
         *  Issue a refund for a prior transaction. 
        */

        $environment = 'sandbox';   // or 'beta-sandbox' or 'live'

        /**
         * Send HTTP POST Request
         *
         * @param   string  The API method name
         * @param   string  The POST Message fields in &name=value pair format
         * @return  array   Parsed HTTP Response body
         */
        function PPHttpPost($methodName_, $nvpStr_) {
            global $environment;

            // Set up your API credentials, PayPal end point, and API version.
            $API_UserName = urlencode('my_api_username');
            $API_Password = urlencode('my_api_password');
            $API_Signature = urlencode('my_api_signature');
            $API_Endpoint = "https://api-3t.paypal.com/nvp";
            if("sandbox" === $environment || "beta-sandbox" === $environment) {
                $API_Endpoint = "https://api-3t.$environment.paypal.com/nvp";
            }
            $version = urlencode('51.0');

            // Set the curl parameters.
            $ch = curl_init();
            curl_setopt($ch, CURLOPT_URL, $API_Endpoint);
            curl_setopt($ch, CURLOPT_VERBOSE, 1);

            // Turn off the server and peer verification (TrustManager Concept).
            curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
            curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);

            curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
            curl_setopt($ch, CURLOPT_POST, 1);

            // Set the API operation, version, and API signature in the request.
            $nvpreq = "METHOD=$methodName_&VERSION=$version&PWD=$API_Password&USER=$API_UserName&SIGNATURE=$API_Signature$nvpStr_";

            // Set the request as a POST FIELD for curl.
            curl_setopt($ch, CURLOPT_POSTFIELDS, $nvpreq);

            // Get response from the server.
            $httpResponse = curl_exec($ch);

            if(!$httpResponse) {
                exit("$methodName_ failed: ".curl_error($ch).'('.curl_errno($ch).')');
            }

            // Extract the response details.
            $httpResponseAr = explode("&", $httpResponse);

            $httpParsedResponseAr = array();
            foreach ($httpResponseAr as $i => $value) {
                $tmpAr = explode("=", $value);
                if(sizeof($tmpAr) > 1) {
                    $httpParsedResponseAr[$tmpAr[0]] = $tmpAr[1];
                }
            }

            if((0 == sizeof($httpParsedResponseAr)) || !array_key_exists('ACK', $httpParsedResponseAr)) {
                exit("Invalid HTTP Response for POST request($nvpreq) to $API_Endpoint.");
            }

            return $httpParsedResponseAr;
        }

        // Set request-specific fields.
        $transactionID = urlencode($txn_id);
        $refundType = urlencode('Full');                        // or 'Partial'
        //$amount;                                              // required if Partial.
        //$memo;                                                    // required if Partial.
        $currencyID = urlencode('USD');                         // or other currency ('GBP', 'EUR', 'JPY', 'CAD', 'AUD')

        // Add request-specific fields to the request string.
        $nvpStr = "&TRANSACTIONID=$transactionID&REFUNDTYPE=$refundType&CURRENCYCODE=$currencyID";

        if(isset($memo)) {
            $nvpStr .= "&NOTE=$memo";
        }

        if(strcasecmp($refundType, 'Partial') == 0) {
            if(!isset($amount)) {
                exit('Partial Refund Amount is not specified.');
            } else {
                $nvpStr = $nvpStr."&AMT=$amount";
            }

            if(!isset($memo)) {
                exit('Partial Refund Memo is not specified.');
            }
        }

        // Execute the API operation; see the PPHttpPost function above.
        $httpParsedResponseAr = PPHttpPost('RefundTransaction', $nvpStr);

        if("SUCCESS" == strtoupper($httpParsedResponseAr["ACK"]) || "SUCCESSWITHWARNING" == strtoupper($httpParsedResponseAr["ACK"])) {
            exit('Refund Completed Successfully: '.print_r($httpParsedResponseAr, true));
        } else  {
            exit('RefundTransaction failed: ' . print_r($httpParsedResponseAr, true));
        }



    }



}
else if (strcmp ($res, "INVALID") == 0) {

}
}
fclose ($fp);
}
?>