Paypal IPN-It's all set up, but one issue.

[the 7th Hokage]

Hello, I've been struggling with an issue for a few days now and I was hoping someone could help.

I bought a php script that allows me to create paypal adaptive payments. It works great, it's all set up.

My only issue is that I can't find the proper place to set my code so that it will make an update call to my php database. The problem with that is I'm not sure how to set up paypal url forwarding to forward them to a webpage where the php code could run, so I either have to give them what they paid for BEFORE they pay and cancel the sale if they choose not to continue on with the transaction(which is my current problem)

-OR-

Call the code to update my database after I receive the transaction complete from POST data (which is what I would like to do.)

 

I have 3 scripts. Buy.php which handles the actual transaction Paypal_API script which has the method definitions within it, and an IPN script which has the IPN listener within.

 

Which three of these scripts should I place the code to update my database? I've tried placing it inside all three at various places, it doesn't seem to work in the IPN script at all, and the other two scripts give me the first problem I mentioned.

Any help would be greatly appreciated and you might just win the "internets".

 

[requinix]

The IPN script. That's the one that PayPal posts data to and that's the place where you know the transaction went through.

 

What's the IPN script look like and where did you try putting your code?

[the 7th Hokage]

<?php
session_start();
?>

<?php
$myFile = "IPNDump.txt";
include("connect.txt");
// ===================================================================================================

// This IPN listener will dump results to a text file. Make sure you have IPN ENABLED in your PayPal

// control panel, and the correct URL set to point to this file on your server.

// ===================================================================================================
if ($_POST["payment_status"] == "COMPLETED")
{
	$_SESSION['amt']=$_POST['amount'];
	$amount = $_POST['amount'];
	$playerKey=$_SESSION['userid'];//
	$GQ="SELECT `donorpoints` FROM `bwwa_purchase` WHERE `userid`='$playerKey' LIMIT 1";
	$result1= mysqli_query($cxn,$GQ)or die("Couldn't find in database.");
	$grabbedInfo=mysqli_fetch_assoc($result1);
	$tamt=$grabbedInfo["donorpoints"]+$amount*10;
	$UQ="UPDATE `bwwa_purchase` SET  `donorpoints` =  '$tamt' WHERE  `userid` =  '$playerKey'";
	$result2= mysqli_query($cxn,$UQ)or die("Couldn't update the db, please contact the game master in order to have your donor points manually added to database or sort out the problem.");

}


$fh = fopen($myFile, 'w') or die("can't open file");

$stringData = "==== " . date('r') . " ====" . chr(13) . chr(10);



while (list($key, $value) = each($_POST))

{

	if ("" != $value)

	{

		$stringData .= "POST: $key = $value" . chr(13) . chr(10);
		
	}
	
}



fwrite($fh, $stringData);

fclose($fh);



echo "This is an IPN listener. Make sure you have IPN ENABLED in your PayPal control panel, and the correct URL set to point to this file on your server.";

?>

that's the code in it's entirety, at my latest attempt. Atleast I was in the right place!

[requinix]

Is that the IPN script you bought? It's... incomplete. Assuming you added in the stuff with the payment_status=COMPLETE, the only thing in the script was the part that dumped the message into a text file?

[the 7th Hokage]

Yes, I guess that would explain why it was cheap. (like 7$).

When I contacted the owner though he wanted 15$ an hour to "help". I guess that would explain why

 

In the mean time I've been scouring paypal and tutorials. 

 

I found this script-

<?php
session_start();//start up the session. 1st page opened by Byond.
?>






<?php
include("connect.txt");
// PHP 4.1


// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';


foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}


// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);


// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];


if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
if ($_POST["payment_status"] == "COMPLETED")
{
$_SESSION['amt']=$_POST['amount'];
$amount = $_POST['amount'];
$playerKey=$_SESSION['userid'];//
$GQ="SELECT `donorpoints` FROM `bwwa_purchase` WHERE `userid`='$playerKey' LIMIT 1";
$result1= mysqli_query($cxn,$GQ)or die("Couldn't find in database.");
$grabbedInfo=mysqli_fetch_assoc($result1);
$tamt=$grabbedInfo["donorpoints"]+$amount*10;
$UQ="UPDATE `bwwa_purchase` SET  `donorpoints` =  '$tamt' WHERE  `userid` =  '$playerKey'";
$result2= mysqli_query($cxn,$UQ)or die("Couldn't update the db, please contact the game master in order to have your donor points manually added to database or sort out the problem.");


}
}
else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
}
}
fclose ($fp);
}
?>

But it also doesn't seem to do anything.

I'm starting to wonder if it has anything to do with the PHP session I'm trying to run at the top of the page.

[the 7th Hokage]

Literally my only problem with the script I had though *even though it wasn't complete* was that I had to update the database before the user purchased anything.

 

Do you by any chance know how to set the script to trigger an auto return to my own success page?

If I could do it that way then I could just place the script on the success page. I can't seem to find any info anywhere that suggests how to set that up though.

[requinix]

That second script is much better. Still could use a bit of work but it actually looks like an IPN script.

 

First it seems like you need a bit of a primer on how IPN works.

 

When enabled, users go through your site, then to PayPal to make a purchase, then return to somewhere on your site depending on success or failure. That place is only for a thank you message (success) or something else, like returning to the "checkout" page (failure) - not for taking any real actions.

PayPal, in the background, processes the purchase from the user. It may be successful or not. They then send an IPN message directly to your server - no user involvement whatsoever - indicating what has happened with the transaction: success, failure, amount, some user information, that kind of stuff. As far as your PHP code is concerned it looks like someone POSTed a form to a page. It is at that point that your site decides what to do for a successful transaction. Such as grant those "point" things. Normally the IPN message will arrive shortly after checkout (like, seconds) but that's certainly not guaranteed.

 

An important part of this process is what your PHP script does with the IPN message: before taking any actions it has to verify the message with PayPal by sending the message back almost verbatim. PayPal then tells you whether it's good or not. That's what the first script was missing and why I said it was incomplete. The second script has that.

 

However there is one important fact you might have missed in all that: PayPal is the one sending the IPN message, not the user. The user has no idea this is happening and are not involved in it at all. So the answer to

Do you by any chance know how to set the script to trigger an auto return to my own success page?

is "This is not possible due to how IPN works". All you can do is send the user back to a thank you page once they've finished checkout. You could find ways to redirect the user (by storing something in the database when the IPN message comes through, then making your website's normal code check for that on every page load and act appropriately) but I wouldn't recommend a redirect. If anything, maybe a sort of "Your transaction has been completed and you now have X points" popup message.

 

Now, to your code.

if ($_POST["payment_status"] == "COMPLETED")

I'm not sure the payment_status is an uppercase "COMPLETED".

session_start();

$_SESSION['amt']=$_POST['amount'];

Don't use the session in this script. All you're doing is setting up a session for PayPal and they don't care about it.

$playerKey=$_SESSION['userid'];

Not available because this is PayPal accessing the page, not the user. You have to grab the user information from the IPN message, and what it is depends on what you put in your checkout form.

or die("Couldn't find in database.");

die()ing with a message won't do anything. Nobody will see it. Edited November 25, 2013 by requinix

[the 7th Hokage]

Your explanation explains why I could really never get it to work- it seems all I have is a barebones script used to parse information from paypal and dump it into a txt file.

 

As far as the capitalized COMPLETED- I assumed it was supposed to be capitalized because the dump text said so, if that's wrong then I'm not sure I should fully trust the Dump text- I'm also now wondering if I can use that dump txt to fill in the blanks of the script up above and run it successfully. The script becomes somewhat vague about how to do the steps it listed however.

 

This is the dump text:

==== Mon, 25 Nov 2013 01:21:00 -0500 ====
POST: transaction = Array
POST: log_default_shipping_address_in_transaction = false
POST: action_type = CREATE
POST: ipn_notification_url = http://knodos.hostavo.com/BWWA/BWWAIPN.php
POST: charset = windows-1252
POST: transaction_type = Adaptive Payment PAY
POST: notify_version = UNVERSIONED
POST: cancel_url = http://knodos.hostavo.com/BWWA/canceled.html
POST: verify_sign = A**************************
POST: sender_email = hydra***************
POST: fees_payer = PRIMARYRECEIVER
POST: return_url = http://knodos.hostavo.com/BWWA/success.php
POST: memo = 10 Donor Points for avidanimefan
POST: reverse_all_parallel_payments_on_error = false
POST: tracking_id = INV-GUB4LRD5G5
POST: pay_key = AP-2YT1818342723913W
POST: status = COMPLETED
POST: payment_request_date = Sun Nov 24 22:20:48 PST 2013

This is contains some of the information I need to pass back to paypal correct?

 

I'll fix those other things you mentioned as well.

Edited November 25, 2013 by the 7th Hokage

[the 7th Hokage]

I stumbled upon something while Google searching- as well as looking at another one of the original 3 script files.

 

It seems all of the IPN calls are handled in a seperate file in a method called hash_call:

function hash_call($methodName, $nvpStr, $isTest)
{
	if($isTest){
       $API_UserName 	= "hydrabreathh**************"; // Sandbox API_UserName
	    $API_Password 	= "1****************"; // Sandbox API_Password
	    $API_Signature 	= "An*****************"; // Sandbox API_Signature
	    $API_AppID 		= "AP*******************"; // Sandbox (generic) AppID
	    $API_Endpoint 	= "https://svcs.sandbox.paypal.com/AdaptivePayments"; // Sandbox API_Endpoint
    }else{
        $API_UserName 	= "hydrabr************"; // Live API_UserName
	    $API_Password 	= "***************"; // Live API_Password
	    $API_Signature 	= "A******************"; // Live API_Signature
	    $API_AppID 		= "APP-***************";
	    $API_Endpoint 	= "https://svcs.paypal.com/AdaptivePayments"; // LIVE
    }
    
    $PROXY_HOST = '127.0.0.1';
    $PROXY_PORT = '808';
    $USE_PROXY = false;

	//die($nvpStr);
	
    $nvpStr = Replace($nvpStr, "<br>", ""); // get rid of HTML line breaks

	//die($nvpStr);
	
	// =====================================================
	$FinalEndPoint = $API_Endpoint . "/" . $methodName;
	// =====================================================
	$myFile = "IPNDump.txt";

	$fh = fopen($myFile, 'w') or die("can't open file");

	fwrite($fh,"Progress");

    //die($FinalEndPoint);

	//setting the curl parameters.
	$ch = curl_init();
	curl_setopt($ch, CURLOPT_URL, $FinalEndPoint);
	curl_setopt($ch, CURLOPT_VERBOSE, 1);

	//turning off the server and peer verification(TrustManager Concept).
	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
	curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);

	curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
	curl_setopt($ch, CURLOPT_POST, 1);
	
	$headers = array(
	'X-PAYPAL-REQUEST-DATA-FORMAT: NV',
	'X-PAYPAL-RESPONSE-DATA-FORMAT: NV',
	'X-PAYPAL-SECURITY-USERID: ' . $API_UserName,
	'X-PAYPAL-SECURITY-PASSWORD: ' .$API_Password,
	'X-PAYPAL-SECURITY-SIGNATURE: ' . $API_Signature,
	'X-PAYPAL-SERVICE-VERSION: 1.3.0',
	'X-PAYPAL-APPLICATION-ID: ' . $API_AppID
	);
	fwrite($fh,"H-Progress");
	//outputarrayvalues($headers);
	//die();
	
	// Set the HTTP Headers
	curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

	//if USE_PROXY constant set to TRUE in Constants.php, then only proxy will be enabled.
	//Set proxy name to PROXY_HOST and port number to PROXY_PORT in constants.php 
	if($USE_PROXY)
		curl_setopt ($ch, CURLOPT_PROXY, $PROXY_HOST. ":" . $PROXY_PORT); 

	// NVPRequest for submitting to server
	$nvpreq = "requestEnvelope.errorLanguage=en_US&requestEnvelope.detailLevel=ReturnAll";
	$nvpreq .= "&$nvpStr";
	fwrite($fh,$nvpreq);

	fclose($fh);
    //die($nvpreq);

	//setting the nvpreq as POST FIELD to curl
	curl_setopt($ch, CURLOPT_POSTFIELDS, $nvpreq);

	//getting response from server
	$response = curl_exec($ch);
	
	//converting NVPResponse to an Associative Array
	$nvpResArray=deformatNVP($response);
	$nvpReqArray=deformatNVP($nvpreq);
	$_SESSION['nvpReqArray']=$nvpReqArray;

	if (curl_errno($ch)) 
	{
		// moving to display page to display curl errors
		  $_SESSION['curl_error_no']=curl_errno($ch) ;
		  $_SESSION['curl_error_msg']=curl_error($ch);

		  //Execute the Error handling module to display errors. 
	} 
	else 
	{
		 //closing the curl
		curl_close($ch);
	}
	

		return $nvpResArray;
}

If that is the case,wouldn't I need to insert the database entry somewhere in this method?

Edited November 25, 2013 by the 7th Hokage

[the 7th Hokage]

I think it's best I post all three files here in their original blank forms.

 

If you have a whole picture you may be able to help me better.

 

Specifically I just need to know if 1) this code works given the 3 files(which it seems to, I've been using it until a weakness was pointed out to me-but that has to do with database updating)

2) where do i place the database call so that it will update the database after the user finishes their payment.

<?
require_once("PayPal_API.php");

$isTest = true;

$companyName = "EmeralDreams";
$amount = $_POST['amount'];
$itemName = $_POST['itemname']; 
$primaryRecipientEmail = $_POST['business']; 

$secondaryRecipientEmail = $_POST['business2']; 





$response = Pay($isTest, $itemName, $amount, $primaryRecipientEmail, $secondaryRecipientEmail);

//die(outputArrayValues($response));

// Did we get an error back from PayPal?  Did PayPal not give us a token?  If so, fail now.
if($response["responseEnvelope.ack"] != "Success"){
	$errorMessage1 = $response["error(0).message"];
	
	
	echo "<center><table border='1' bgcolor='#FF0000'><tr><th>Failure in PayPal API call: PAY()<br><hr>";
	echo $amount;
echo $itemname;
echo $primaryRecipientEmail;
	echo(OutputArrayValues($response) . "<br><input type='button' onClick=parent.location=parent.location value='Close this window'><br><br></th></tr><br></center>");
	echo $amount;
echo $itemname;
echo $primaryRecipientEmail;	
	if(Contains($errorMessage1, "API credentials are incorrect", false))
		echo "<br><b><font color='red'>Make sure you entered your sandbox or live credentials in PayPal_API.php lines 123-133.</font></b><br>";
		
	die();
}

$payKey = $response["payKey"];
$response = SetPaymentOptions($payKey, $companyName, $isTest);

//die(OutputArrayValues($response));

// Did we get an error back from PayPal?  Did PayPal not give us a token?  If so, fail now.
if($response["responseEnvelope.ack"] != "Success"){
	echo "Failure in PayPal API call: SetPaymentOptions()<br>";
	echo $amount;
echo $itemname;
echo $primaryRecipientEmail;
	die(outputArrayValues($response));
	
}

//echo OutputArrayValues($response);
//die($payKey);

if($isTest){
    header("Location: https://www.sandbox.paypal.com/webapps/adaptivepayment/flow/pay?paykey=" . $payKey); // SANDBOX PayPal URL
}else{
    header("Location: https://www.paypal.com/webapps/adaptivepayment/flow/pay?paykey=" . $payKey); // LIVE PayPal URL  
}

?>

Second Script

<?

// Put here your root url here
	$rootURL = "http://www.knodos.thegamesitehost.com";

function Pay($isTest, $itemName, $amount, $primaryRecipientEmail, $secondaryRecipientEmail)
{
	global $rootURL;
	$primaryRecipientEmail="";
	if(is_null($secondaryRecipientEmail))
		{
			$secondaryRecipientEmail="";
		}
	$nvpstr         = "";
	$lineBreak      = "<br>";
	
	// =========================================================================================
	// This is the URL to your IPN listener. It is optional, but many merchants like to have it
	// because it enables you to receive data back from PayPal about each transaction. 
	$ipnURL = $rootURL . "/ipn.php"; 
    // =========================================================================================
	
	$secondaryCut	= 0.2; // represents 20% of the total amount -- you can change this to ANYTHING -- you can do percent or fixed amount, up to you
	$returnURL      = $rootURL . "success.html"; // this page is 100% customizable
	$cancelURL      = $rootURL . "canceled.html";  // this page is 100% customizable
    $invoiceID      = "INV-" . generateTrackingID(); // change this to whatever you want, but make sure that each Invoice ID is unique!

    $actionType = "CREATE";
    $nvpstr .= "actionType=" . $actionType . $lineBreak; // standard payment
	$nvpstr .= "&currencyCode=USD" . $lineBreak; // use any valid currency code EUR,USD...
    $nvpstr .= "&returnUrl=" . urlencode($returnURL) . $lineBreak; // the URL where customer is returned to after purchase
	$nvpstr .= "&cancelUrl=" .urlencode($cancelURL) . $lineBreak; // the URL where customer is returned to after cancellation or abandonded purchase
    $nvpstr .= "&feesPayer=SECONDARYONLY" . $lineBreak; // Possible options in most cases: PRIMARYRECEIVER or SECONDARYONLY
	$nvpstr .= "&memo=" . urlencode($itemName) . $lineBreak; // a note/description for this purchase
	$nvpstr .= "&trackingId=" . $invoiceID . $lineBreak; // can be used to store your Invoice ID, or anything else you want
	
    if($ipnURL) // only include this if you actually have an IPN listener
        $nvpstr .= "&ipnNotificationUrl=" . urlencode($ipnURL) . $lineBreak;
	
    // PRIMARY Recipient
    $nvpstr .= "&receiverList.receiver(0).email=" . urlencode($primaryRecipientEmail) . $lineBreak; // must be a VERIFIED paypal account
	$nvpstr .= "&receiverList.receiver(0).amount=" . $amount . $lineBreak; // must be the FULL amount before any splits to secondary recipients
	$nvpstr .= "&receiverList.receiver(0).invoiceId=" . $invoiceID . $lineBreak; // recommend making this the same as the secondary invoiceId(s), but it can be different
    $nvpstr .= "&receiverList.receiver(0).primary=true" . $lineBreak; // PRIMARY recipient (you can only have one PRIMARY!)
    $nvpstr .= "&receiverList.receiver(0).paymentType=DIGITALGOODS" . $lineBreak; // for DIGITAL GOODS ONLY (see notes below for possible Payment Types)

	/*
	Possible Payment Types (paymentType):
	GOODS – This is a payment for non-digital goods
	SERVICE – This is a payment for services (default)
	DIGITALGOODS – This is a payment for digital goods
	*/
	
    // SECONDARY Recipient
    $nvpstr .= "&receiverList.receiver(1).email=" . urlencode($secondaryRecipientEmail) . $lineBreak; // must be a VERIFIED paypal account
	$nvpstr .= "&receiverList.receiver(1).amount=" . round(($amount * $secondaryCut),2) . $lineBreak; // must be equal to or less than the full transaction amount
	$nvpstr .= "&receiverList.receiver(1).invoiceId=" . $invoiceID . $lineBreak; // recommend making this the same as the primary invoiceId, but it can be different
	$nvpstr .= "&receiverList.receiver(1).primary=false" . $lineBreak; // SECONDARY recipient (you can have multiple SECONDARYs)
    $nvpstr .= "&receiverList.receiver(1).paymentType=DIGITALGOODS" . $lineBreak; // for DIGITAL GOODS ONLY 
	
	// ================================================================================================================================================
	// IMPORTANT: You can add up to 5 more SECONDARY recipients by simply repeating the SECONDARY Recipient block above, but incrementing the index. For example:
	
	// SECONDARY Recipient #2 (3rd recipient)
    //$nvpstr .= "&receiverList.receiver(2).email=" . urlencode($anotherEmail) . $lineBreak;
	//$nvpstr .= "&receiverList.receiver(2).amount=" . ($amount) . $lineBreak;
	//$nvpstr .= "&receiverList.receiver(2).invoiceId=" . $invoiceID . $lineBreak;
	//$nvpstr .= "&receiverList.receiver(2).primary=false" . $lineBreak;
    //$nvpstr .= "&receiverList.receiver(2).paymentType=DIGITALGOODS" . $lineBreak; // see notes below for possible Payment Types
	// ================================================================================================================================================
	
	//die($nvpstr); // view the payload data and halt processing
	
	/* Make the Pay call to PayPal */
	$response = hash_call("Pay", $nvpstr, $isTest);

	/* Return the response array */
	return $response;
}

function SetPaymentOptions($payKey, $companyName, $isTest)
{
	$nvpstr 	= "";
	$lineBreak 	= "<br>";
	$nvpstr 	.= "payKey=" . $payKey . $lineBreak;
	
	if($companyName != "")
		$nvpstr .= "&displayOptions.businessName=" . urlencode($companyName) . $lineBreak;
		
	if($headerImageURL != "") // optionally specify a header image via URL
		$nvpstr .= "&displayOptions.headerImageUrl=" . urlencode($headerImageURL) . $lineBreak;

    //$nvpstr .= "&senderOptions.requireShippingAddressSelection=true" . $lineBreak; // uncomment this line if you're shipping physical goods
    
    //die($nvpstr);

	/* Make the Pay call to PayPal */
	$response = hash_call("SetPaymentOptions", $nvpstr, $isTest);

	/* Return the response array */
	return $response;
}

function GetShippingAddress($payKey, $isTest)
{
	$nvpstr 	= "";
	$lineBreak 	= "<br>";
	$nvpstr 	.= "key=" . $payKey . $lineBreak;
	
    //die($nvpstr);

	/* Make the Pay call to PayPal */
	$response = hash_call("GetShippingAddresses", $nvpstr, $isTest);

	/* Return the response array */
	return $response;
}

function hash_call($methodName, $nvpStr, $isTest)
{
	if($isTest){
       $API_UserName 	= ""; // Sandbox API_UserName
	    $API_Password 	= ""; // Sandbox API_Password
	    $API_Signature 	= ""; // Sandbox API_Signature
	    $API_AppID 		= ""; // Sandbox (generic) AppID
	    $API_Endpoint 	= "https://svcs.sandbox.paypal.com/AdaptivePayments"; // Sandbox API_Endpoint
    }else{
        $API_UserName 	= ""; // Live API_UserName
	    $API_Password 	= ""; // Live API_Password
	    $API_Signature 	= ""; // Live API_Signature
	    $API_AppID 		= ""; // Live API_AppID (you must go through the app approval process to get your LIVE AppID: https://www.x.com/developers/paypal/documentation-tools/going-live-with-your-application#register)
	    $API_Endpoint 	= "https://svcs.paypal.com/AdaptivePayments"; // LIVE
    }
    
    $PROXY_HOST = '127.0.0.1';
    $PROXY_PORT = '808';
    $USE_PROXY = false;

	//die($nvpStr);
	
    $nvpStr = Replace($nvpStr, "<br>", ""); // get rid of HTML line breaks

	//die($nvpStr);
	
	// =====================================================
	$FinalEndPoint = $API_Endpoint . "/" . $methodName;
	// =====================================================
	
    //die($FinalEndPoint);

	//setting the curl parameters.
	$ch = curl_init();
	curl_setopt($ch, CURLOPT_URL, $FinalEndPoint);
	curl_setopt($ch, CURLOPT_VERBOSE, 1);

	//turning off the server and peer verification(TrustManager Concept).
	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
	curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);

	curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
	curl_setopt($ch, CURLOPT_POST, 1);
	
	$headers = array(
	'X-PAYPAL-REQUEST-DATA-FORMAT: NV',
	'X-PAYPAL-RESPONSE-DATA-FORMAT: NV',
	'X-PAYPAL-SECURITY-USERID: ' . $API_UserName,
	'X-PAYPAL-SECURITY-PASSWORD: ' .$API_Password,
	'X-PAYPAL-SECURITY-SIGNATURE: ' . $API_Signature,
	'X-PAYPAL-SERVICE-VERSION: 1.3.0',
	'X-PAYPAL-APPLICATION-ID: ' . $API_AppID
	);
	
	//outputarrayvalues($headers);
	//die();
	
	// Set the HTTP Headers
	curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

	//if USE_PROXY constant set to TRUE in Constants.php, then only proxy will be enabled.
	//Set proxy name to PROXY_HOST and port number to PROXY_PORT in constants.php 
	if($USE_PROXY)
		curl_setopt ($ch, CURLOPT_PROXY, $PROXY_HOST. ":" . $PROXY_PORT); 

	// NVPRequest for submitting to server
	$nvpreq = "requestEnvelope.errorLanguage=en_US&requestEnvelope.detailLevel=ReturnAll";
	$nvpreq .= "&$nvpStr";

    //die($nvpreq);

	//setting the nvpreq as POST FIELD to curl
	curl_setopt($ch, CURLOPT_POSTFIELDS, $nvpreq);

	//getting response from server
	$response = curl_exec($ch);
	
	//converting NVPResponse to an Associative Array
	$nvpResArray=deformatNVP($response);
	$nvpReqArray=deformatNVP($nvpreq);
	$_SESSION['nvpReqArray']=$nvpReqArray;

	if (curl_errno($ch)) 
	{
		// moving to display page to display curl errors
		  $_SESSION['curl_error_no']=curl_errno($ch) ;
		  $_SESSION['curl_error_msg']=curl_error($ch);

		  //Execute the Error handling module to display errors. 
	} 
	else 
	{
		 //closing the curl
		curl_close($ch);
	}

	return $nvpResArray;
}

function OutputArrayValues($array){
	while (list($key, $value) = each($array))
	{
		if ("" != $value)
		{
			echo "$key = $value<br>";
		}
	}
}

function NVPEncode($nvps) {
	$out = array();
	foreach($nvps as $index => $value) {
		$out[] = $index . "=" . urlencode($value);
	}
	
	return implode("&", $out);
}

function NVPDecode($nvp) {
	$split = explode("&", $nvp);
	$out = array();
	foreach($split as $value) {
		$sub = explode("=", $value);
		$out[$sub[0]] = urldecode($sub[1]);
	}
	
	return $out;
}

function PaymentError() {
	die("An error occurred.");
}

function writeme($str) {
	echo $str . "<br>";
}

function generateTrackingID () {
	$GUID = generateCharacter().generateCharacter().generateCharacter().generateCharacter().generateCharacter();
	$GUID .= generateCharacter().generateCharacter().generateCharacter().generateCharacter().generateCharacter();
	return $GUID;
}

function GenerateCharacter(){
	$possible = "12345678901234567890123456789012345678901234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ";
	$char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
	return $char;
}

function Replace($subject, $find, $repl){
    return str_replace($find, $repl, $subject);
}

function deformatNVP($nvpstr)
{
	$intial=0;
	$nvpArray = array();

	while(strlen($nvpstr))
	{
		//postion of Key
		$keypos= strpos($nvpstr,'=');
		//position of value
		$valuepos = strpos($nvpstr,'&') ? strpos($nvpstr,'&'): strlen($nvpstr);

		/*getting the Key and Value values and storing in a Associative Array*/
		$keyval=substr($nvpstr,$intial,$keypos);
		$valval=substr($nvpstr,$keypos+1,$valuepos-$keypos-1);
		//decoding the respose
		$nvpArray[urldecode($keyval)] = urldecode( $valval);
		$nvpstr=substr($nvpstr,$valuepos+1,strlen($nvpstr));
	 }
	return $nvpArray;
}

function Contains($string, $find, $caseSensitive = true)
{
    if ($caseSensitive) {
        return strpos($string, $find, 0);
    } else {
        return stripos($string, $find, 0);
    }
    return $result;
}

?>

Final Script

<?php

// ===================================================================================================
// This IPN listener will dump results to a text file. Make sure you have IPN ENABLED in your PayPal
// control panel, and the correct URL set to point to this file on your server.
// ===================================================================================================

$myFile = "IPNDump.txt";
$fh = fopen($myFile, 'w') or die("can't open file");
$stringData = "==== " . date('r') . " ====" . chr(13) . chr(10);

while (list($key, $value) = each($_POST))
{
	if ("" != $value)
	{
		$stringData .= "POST: $key = $value" . chr(13) . chr(10);
	}
}

fwrite($fh, $stringData);
fclose($fh);

echo "This is an IPN listener. Make sure you have IPN ENABLED in your PayPal control panel, and the correct URL set to point to this file on your server.";
?>

I'd also like to say thanks for all your help thus far, it's greatly appreciated.

Edited November 25, 2013 by the 7th Hokage

[requinix]

That "final script" is still missing the part that verifies the IPN message. That was the problem. Big problem. You need to write code so that it verifies the message or else use a different script.

[the 7th Hokage]

Did you even read the last post I made?

Literally all the things in the script that you say is missing is in those three files- they just aren't in the IPN file.

Edited November 25, 2013 by the 7th Hokage

[the 7th Hokage]

Either way this is hardly resolved, you didn't even tell me how to fix my problem.

My original question is where do I place the database call in that final script.

I've identified that the part you thought was missing is in fact included in those three scripts- that's why I posted it.

 

If you don't know how to help me fix my problem, you should just say so and not mark the post as solved.

[the 7th Hokage]

Actually nevermind. I'm just going to seek help somewhere else, thanks anyway.

[requinix]

You're welcome

 

Did you even read the last post I made?

Literally all the things in the script that you say is missing is in those three files- they just aren't in the IPN file.

No. The part I'm talking about isn't there. Not in any of the files you posted. None of them. Only that second script you found (and discarded) way back when had it.

 

I'm sorry that you don't know anything about IPN. I'm sorry that you went out and bought something incomplete. I'm sorry that you think you have all the pieces when you don't.

But I'm not sorry that you're leaving.