dezkit Posted June 2, 2010 Share Posted June 2, 2010 I have these two codes: index.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>PIN shop</title> <link rel="stylesheet" type="text/css" media="All" href="css/style.css" /> </head> <body> <div id="wrap"> <h3>Purchase PINs</h3> <p>Please click the button below to receive login details for the download area. <br /> Already have an account? <a href="login.php">Login</a> here.</p> <form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_xclick"> <input type="hidden" name="business" value="dezkit@yahoo.com"> <input type="hidden" name="lc" value="US"> <input type="hidden" name="item_name" value="PIN Number"> <input type="hidden" name="amount" value="0.01"> <input type="hidden" name="currency_code" value="USD"> <input type="hidden" name="button_subtype" value="services"> <input type="hidden" name="notify_url" value="http://newzonemedia.com/henry/ipn.php" /> <input type="hidden" name="bn" value="PP-BuyNowBF:btn_buynowCC_LG.gif:NonHosted"> <table> <tr><td><input type="hidden" name="on0" value="Sythe Username">Sythe Username</td></tr><tr><td><input type="text" name="os0" maxlength="60"></td></tr> <tr><td><input type="hidden" name="on1" value="Email Address">Email Address</td></tr><tr><td><input type="text" name="os1" maxlength="60"></td></tr> </table> <input type="image" src="https://www.paypal.com/en_US/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!"> <img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> </div> </body> </html> ipn.php <?php mysql_connect("localhost", "dima1989_max", "xxxxx") or die(mysql_error()); mysql_select_db("dima1989_henry") or die(mysql_error()); // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30); if (!$fp) { // HTTP ERROR } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res, "VERIFIED") == 0) { // PAYMENT VALIDATED & VERIFIED! $sythename = $_POST['os0']; $payer_email = $_POST['payer_email']; $txn_id = $_POST['txn_id']; $get1pin = mysql_query("SELECT pins FROM pin ORDER BY RAND() LIMIT 1") or die(mysql_error()); $get1pin = mysql_escape_string($get1pin); $payer_email = mysql_escape_string($payer_email); $txn_id = mysql_escape_string($txn_id); $sythename = mysql_escape_string($sythename); mysql_query("INSERT INTO users (pin, paypal, transaction, name) VALUES('".$get1pin."', '".$txn_id."', '".$txn_id."','".$sythename."' ) ") or die(mysql_error()); echo "Your PIN number is ".$get1pin.". Keep it in a safe place."; mysql_query("INSERT INTO tes (test) VALUES('1') ") or die(mysql_error()); } else if (strcmp ($res, "INVALID") == 0) { // PAYMENT INVALID & INVESTIGATE MANUALY! echo "The payment is invalid."; } } fclose ($fp); } ?> No matter what I do, the debug (Insert 1 into database) never does it, and I never get returned to the main page ipn.php. Help? Thanks Quote Link to comment Share on other sites More sharing options...
premiso Posted June 2, 2010 Share Posted June 2, 2010 You probably want the fsockopen in the ipn.php page to point to www.sandbox.paypal.com as well. Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted June 2, 2010 Share Posted June 2, 2010 You probably want the fsockopen in the ipn.php page to point to www.sandbox.paypal.com as well. he's right. url's must match. and you see this: if (!$fp) { // HTTP ERROR } instead of //HTTP ERROR, perhaps you should actually log this so you know if the fsockopen() function is failing or not. Either log to file or have an email sent to you with error. Quote Link to comment Share on other sites More sharing options...
dezkit Posted June 3, 2010 Author Share Posted June 3, 2010 Hey, thanks for the replies, I just changed both of them to have sandbox url, but i still won't get an updated database, can somebody please look into this code? index.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>PIN shop</title> <link rel="stylesheet" type="text/css" media="All" href="css/style.css" /> </head> <body> <div id="wrap"> <h3>Purchase PINs</h3> <p>Please click the button below to receive login details for the download area. <br /> Already have an account? <a href="login.php">Login</a> here.</p> <form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_xclick"> <input type="hidden" name="business" value="dezkit@yahoo.com"> <input type="hidden" name="lc" value="US"> <input type="hidden" name="item_name" value="PIN Number"> <input type="hidden" name="amount" value="0.01"> <input type="hidden" name="currency_code" value="USD"> <input type="hidden" name="button_subtype" value="services"> <input type="hidden" name="notify_url" value="http://xxx.com/henry/ipn.php" /> <input type="hidden" name="bn" value="PP-BuyNowBF:btn_buynowCC_LG.gif:NonHosted"> <table> <tr><td><input type="hidden" name="on0" value="Sythe Username">Sythe Username</td></tr><tr><td><input type="text" name="os0" maxlength="60"></td></tr> <tr><td><input type="hidden" name="on1" value="Email Address">Email Address</td></tr><tr><td><input type="text" name="os1" maxlength="60"></td></tr> </table> <input type="image" src="https://www.paypal.com/en_US/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!"> <img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> </div> </body> </html> ipn.php <?php mysql_connect("localhost", "dima1989_max", "xx") or die(mysql_error()); mysql_select_db("dima1989_henry") or die(mysql_error()); // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen ('https://www.sandbox.paypal.com/', 443, $errno, $errstr, 30); if (!$fp) { // HTTP ERROR } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res, "VERIFIED") == 0) { // PAYMENT VALIDATED & VERIFIED! $sythename = $_POST['os0']; $payer_email = $_POST['payer_email']; $txn_id = $_POST['txn_id']; $get1pin = mysql_query("SELECT pins FROM pin ORDER BY RAND() LIMIT 1") or die(mysql_error()); $get1pin = mysql_escape_string($get1pin); $payer_email = mysql_escape_string($payer_email); $txn_id = mysql_escape_string($txn_id); $sythename = mysql_escape_string($sythename); mysql_query("INSERT INTO users (pin, paypal, transaction, name) VALUES('".$get1pin."', '".$txn_id."', '".$txn_id."','".$sythename."' ) ") or die(mysql_error()); echo "Your PIN number is ".$get1pin.". Keep it in a safe place."; mysql_query("INSERT INTO tes (test) VALUES('1') ") or die(mysql_error()); } else if (strcmp ($res, "INVALID") == 0) { // PAYMENT INVALID & INVESTIGATE MANUALY! echo "The payment is invalid."; } } fclose ($fp); } ?> Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted June 3, 2010 Share Posted June 3, 2010 Your script could be failing anywhere. Since this is being executed "behind the scenes", echo's will not help you whatsoever. As I stated earlier, you need to implement error logging so you know where your script is failing. For example, or die(mysql_error()); will never display. You need to do this: if (!@mysql_query("INSERT INTO tes (test) VALUES('1') ")) { @mail('your-email@email.com', 'Error at line# (enter line number of script here)', mysql_error()); } And so on for each if/else so you can determine where the script is failing. You could be missing a field in the db for all anybody knows, and we could all just waste our time while that was the problem all the while. Handle your errors, then we'll talk. Quote Link to comment Share on other sites More sharing options...
dezkit Posted June 3, 2010 Author Share Posted June 3, 2010 Thanks for the post, I have implemented your idea into debugging it <?php mysql_connect("localhost", "dima1989_max", "xxx") or die(mysql_error()); mysql_select_db("dima1989_henry") or die(mysql_error()); // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen ('https://www.sandbox.paypal.com/', 443, $errno, $errstr, 30); if (!$fp) { // HTTP ERROR } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res, "VERIFIED") == 0) { // PAYMENT VALIDATED & VERIFIED! /* $sythename = $_POST['os0']; $payer_email = $_POST['payer_email']; $txn_id = $_POST['txn_id']; $get1pin = mysql_query("SELECT pins FROM pin ORDER BY RAND() LIMIT 1") or die(mysql_error()); $get1pin = mysql_escape_string($get1pin); $payer_email = mysql_escape_string($payer_email); $txn_id = mysql_escape_string($txn_id); $sythename = mysql_escape_string($sythename); mysql_query("INSERT INTO users (pin, paypal, transaction, name) VALUES('".$get1pin."', '".$txn_id."', '".$txn_id."','".$sythename."' ) ") or die(mysql_error()); echo "Your PIN number is ".$get1pin.". Keep it in a safe place."; mysql_query("INSERT INTO tes (test) VALUES('1') ") or die(mysql_error()); */ if (!@mysql_query("INSERT INTO tes (test) VALUES('1') ")) { @mail('dezkit@yahoo.com', 'Error at 47', mysql_error()); } else { @mail('dezkit@yahoo.com', 'Success at 49', mysql_error()); } else if (strcmp ($res, "INVALID") == 0) { // PAYMENT INVALID & INVESTIGATE MANUALY! @mail('dezkit@yahoo.com', 'Success at 56', mysql_error()); } } fclose ($fp); } ?> I had received NO email. What can be the problem here? Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted June 3, 2010 Share Posted June 3, 2010 change out existing to: if (!$fp) { $mail = mail('dezkit@yahoo.com', 'Error', "{$errnum}: {$errstr}"); } and change out: $fp = fsockopen ('https://www.sandbox.paypal.com/', 443, $errno, $errstr, 30); to: $fp = fsockopen ('ssl://www.sandbox.paypal.com/', 443, $errno, $errstr, 30); *note the https:// change to ssl:// Quote Link to comment Share on other sites More sharing options...
dezkit Posted June 3, 2010 Author Share Posted June 3, 2010 <?php mysql_connect("localhost", "dima1989_max", "xxx") or die(mysql_error()); mysql_select_db("dima1989_henry") or die(mysql_error()); // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen ('ssl://www.sandbox.paypal.com/', 443, $errno, $errstr, 30) if (!$fp) { $mail = mail('dezkit@yahoo.com', 'Error at 21', "{$errnum}: {$errstr}"); } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res, "VERIFIED") == 0) { // PAYMENT VALIDATED & VERIFIED! /* $sythename = $_POST['os0']; $payer_email = $_POST['payer_email']; $txn_id = $_POST['txn_id']; $get1pin = mysql_query("SELECT pins FROM pin ORDER BY RAND() LIMIT 1") or die(mysql_error()); $get1pin = mysql_escape_string($get1pin); $payer_email = mysql_escape_string($payer_email); $txn_id = mysql_escape_string($txn_id); $sythename = mysql_escape_string($sythename); mysql_query("INSERT INTO users (pin, paypal, transaction, name) VALUES('".$get1pin."', '".$txn_id."', '".$txn_id."','".$sythename."' ) ") or die(mysql_error()); echo "Your PIN number is ".$get1pin.". Keep it in a safe place."; mysql_query("INSERT INTO tes (test) VALUES('1') ") or die(mysql_error()); */ if (!@mysql_query("INSERT INTO tes (test) VALUES('1') ")) { @mail('dezkit@yahoo.com', 'Error at 47', mysql_error()); } else { @mail('dezkit@yahoo.com', 'Success at 49', mysql_error()); } else if (strcmp ($res, "INVALID") == 0) { // PAYMENT INVALID & INVESTIGATE MANUALY! @mail('dezkit@yahoo.com', 'Success at 56', mysql_error()); } } fclose ($fp); } ?> No email's at all, emails work on my server I used a test php file and it works. Does paypal not read the file at all? Is it because I have to turn on the IPN settings in the sandbox seller account? Oh and is the hidden inputs in the form correct? I don't think it are correct, Please help me, Thanks Quote Link to comment Share on other sites More sharing options...
dezkit Posted June 3, 2010 Author Share Posted June 3, 2010 BTW: I receive two errors upon entering the ipn.php manually I also turned on the IPN in sandbox seller account. Warning: fsockopen() [function.fsockopen]: php_network_getaddresses: getaddrinfo failed: Name or service not known in /home/dima1989/public_html/henry/ipn.php on line 17 Warning: fsockopen() [function.fsockopen]: unable to connect to ssl://www.sandbox.paypal.com/:443 (php_network_getaddresses: getaddrinfo failed: Name or service not known) in /home/dima1989/public_html/henry/ipn.php on line 17 Current code: <?php mysql_connect("localhost", "dima1989_max", "xxx") or die(mysql_error()); mysql_select_db("dima1989_henry") or die(mysql_error()); // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen ('ssl://www.sandbox.paypal.com/', 443, $errno, $errstr, 30); if (!$fp) { $mail = mail('dezkit@yahoo.com', 'Error at 21', "{$errnum}: {$errstr}"); } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res, "VERIFIED") == 0) { // PAYMENT VALIDATED & VERIFIED! /* $sythename = $_POST['os0']; $payer_email = $_POST['payer_email']; $txn_id = $_POST['txn_id']; $get1pin = mysql_query("SELECT pins FROM pin ORDER BY RAND() LIMIT 1") or die(mysql_error()); $get1pin = mysql_escape_string($get1pin); $payer_email = mysql_escape_string($payer_email); $txn_id = mysql_escape_string($txn_id); $sythename = mysql_escape_string($sythename); mysql_query("INSERT INTO users (pin, paypal, transaction, name) VALUES('".$get1pin."', '".$txn_id."', '".$txn_id."','".$sythename."' ) ") or die(mysql_error()); echo "Your PIN number is ".$get1pin.". Keep it in a safe place."; mysql_query("INSERT INTO tes (test) VALUES('1') ") or die(mysql_error()); */ if (!@mysql_query("INSERT INTO tes (test) VALUES('1') ")) { @mail('dezkit@yahoo.com', 'Error at 47', mysql_error()); } else { @mail('dezkit@yahoo.com', 'Success at 49', mysql_error()); } }else if (strcmp ($res, "INVALID") == 0) { // PAYMENT INVALID & INVESTIGATE MANUALY! @mail('dezkit@yahoo.com', 'Success at 56', mysql_error()); } } fclose ($fp); } ?> Quote Link to comment Share on other sites More sharing options...
dezkit Posted June 3, 2010 Author Share Posted June 3, 2010 After googling for a fix, I had seen that changing the $fp would do the fix <?php mysql_connect("localhost", "dima1989_max", "xxx") or die(mysql_error()); mysql_select_db("dima1989_henry") or die(mysql_error()); // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; //$fp = fsockopen ('ssl://www.sandbox.paypal.com/', 443, $errno, $errstr, 30); $fp = fsockopen ('www.sandbox.paypal.com', 80, $errno, $errstr, 30); if (!$fp) { $mail = mail('dezkit@yahoo.com', 'Error at 21', "{$errnum}: {$errstr}"); } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res, "VERIFIED") == 0) { // PAYMENT VALIDATED & VERIFIED! /* $sythename = $_POST['os0']; $payer_email = $_POST['payer_email']; $txn_id = $_POST['txn_id']; $get1pin = mysql_query("SELECT pins FROM pin ORDER BY RAND() LIMIT 1") or die(mysql_error()); $get1pin = mysql_escape_string($get1pin); $payer_email = mysql_escape_string($payer_email); $txn_id = mysql_escape_string($txn_id); $sythename = mysql_escape_string($sythename); mysql_query("INSERT INTO users (pin, paypal, transaction, name) VALUES('".$get1pin."', '".$txn_id."', '".$txn_id."','".$sythename."' ) ") or die(mysql_error()); echo "Your PIN number is ".$get1pin.". Keep it in a safe place."; mysql_query("INSERT INTO tes (test) VALUES('1') ") or die(mysql_error()); */ if (!@mysql_query("INSERT INTO tes (test) VALUES('1') ")) { @mail('dezkit@yahoo.com', 'Error at 47', mysql_error()); } else { @mail('dezkit@yahoo.com', 'Success at 49', mysql_error()); } }else if (strcmp ($res, "INVALID") == 0) { // PAYMENT INVALID & INVESTIGATE MANUALY! @mail('dezkit@yahoo.com', 'Success at 56', mysql_error()); } } fclose ($fp); } ?> However after debugging, I had been emailed the error that says Success at 49, meaning that the process was verified and the database had been updated. Thanks everybody for your help, does anybody know how I do so that only Paypal can view the ipn.php, because whenever I view it I get an email, which is terrible debugging. Thank you. Also can anybody give me more information on how to improve this code, security measures, etc? Thanks again guys Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted June 3, 2010 Share Posted June 3, 2010 Also can anybody give me more information on how to improve this code, security measures, etc? yes, don't do that. I'm very surprised Paypal allows the transfer of user credentials over an unsecure socket/port such as 80. You have eliminated the ssl (Secure Socket Layer) and replaced with a regular http protocol, and have also switched out a secure port 443 for an unsecure, easily scraped port 80. While it may work for you, I highly discourage this. this line: $fp = fsockopen ('ssl://www.sandbox.paypal.com/', 443, $errno, $errstr, 30); works perfectly fine. There must be configuration issue on your server. Make sure you have OpenSSL installed/enabled on your server. Quote Link to comment Share on other sites More sharing options...
dezkit Posted June 3, 2010 Author Share Posted June 3, 2010 Also can anybody give me more information on how to improve this code, security measures, etc? yes, don't do that. I'm very surprised Paypal allows the transfer of user credentials over an unsecure socket/port such as 80. You have eliminated the ssl (Secure Socket Layer) and replaced with a regular http protocol, and have also switched out a secure port 443 for an unsecure, easily scraped port 80. While it may work for you, I highly discourage this. this line: $fp = fsockopen ('ssl://www.sandbox.paypal.com/', 443, $errno, $errstr, 30); works perfectly fine. There must be configuration issue on your server. Make sure you have OpenSSL installed/enabled on your server. I don't think the sandbox has a ssl connection thing, I tried doing it to the regular domain and it worked... Anyways, does anybody know how I do so that when they actually PAY they get back to the website where they can see the random sql row? Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted June 3, 2010 Share Posted June 3, 2010 It sure does, trust me. 100% of Paypal can be accessed via SSL. Install OpenSSL on your server. Quote Link to comment Share on other sites More sharing options...
dezkit Posted June 3, 2010 Author Share Posted June 3, 2010 OK So about echo'ing the PIN Number in a returning page after a person had made a payment, should I make a session that equals to the id in the database, then check if the session exists and get the id from the database and echo all the information? Also: why doesn't os0 and os1 get posted back into my site.... everything works fine $os0 = $_POST['os0']; $os1 = $_POST['os1']; $first_name = ucwords(strtolower($_POST["first_name"])); $last_name = ucwords(strtolower($_POST["last_name"])); $payer_email = $_POST['payer_email']; $txn_id = $_POST['txn_id']; Everything gets saved into the database except os0 and os1, they always end up being blank, even when being echo'ed. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.