CODEWITHSUNDEEP
phppaypalpaypal-ipn
SobiborTreblinka
SobiborTreblinka

Reputation: 575

PayPal IPN Not Being Verified

I have the following CakePHP 2.x Code

<?php
App::uses('HttpSocket', 'Network/Http');

class PaypalUtility
{
    public static function isValidPayPalIPN( $data )
    {
        $result = false;
        $HttpSocket = new HttpSocket();
        $data[ "cmd" ] = "_notify-validate";
        $response = $HttpSocket->post( 'https://www.sandbox.paypal.com/cgi-bin/webscr', $data );

        if( trim( $response->body ) == "VERIFIED" )
        {
            $result = true;
        }

        return $result;
    }
}
?>

And the following code in my controller

debug( PaypalUtility::isValidPayPalIPN( $this->getTestIPN() ) );
debug( PaypalUtility::isValidPayPalIPN( $this->getRealIPN() ) );

public function getRealIPN()
{
    return json_decode
    (
        '{
            "mc_gross": "77.00",
            "protection_eligibility": "Eligible",
            "address_status": "confirmed",
            "payer_id": "",
            "tax": "0.00",
            "address_street": "",
            "payment_date": "16:58:02 Oct 28, 2013 PDT",
            "payment_status": "Completed",
            "charset": "windows-1252",
            "address_zip": "",
            "first_name": "",
            "mc_fee": "2.53",
            "address_country_code": "US",
            "address_name": "",
            "notify_version": "3.7",
            "custom": "5269cf50-b898-4c45-bff0-0eea48a70080",
            "payer_status": "unverified",
            "business": "",
            "address_country": "United States",
            "address_city": "",
            "quantity": "1",
            "verify_sign": "AnPnM9mwa.0sVUNKppvjyOwMkqbKAABVDC8dkcXYOK4e-cpFzVuF4YvS",
            "payer_email": "",
            "txn_id": "",
            "payment_type": "instant",
            "last_name": "",
            "address_state": "",
            "receiver_email": "",
            "payment_fee": "",
            "receiver_id": "",
            "txn_type": "web_accept",
            "item_name": "",
            "mc_currency": "USD",
            "item_number": "",
            "residence_country": "",
            "handling_amount": "0.00",
            "transaction_subject": "5269cf50-b898-4c45-bff0-0eea48a70080",
            "payment_gross": "77.00",
            "shipping": "0.00",
            "ipn_track_id": ""
        }',
        true
    );
}

public function getTestIPN()
{
    return json_decode
    (
        '{
            "residence_country": "US",
            "invoice": "abc1234",
            "address_city": "San Jose",
            "first_name": "John",
            "payer_id": "TESTBUYERID01",
            "shipping": "3.04",
            "mc_fee": "0.44",
            "txn_id": "611422392",
            "receiver_email": "[email protected]",
            "quantity": "1",
            "custom": "xyz123",
            "payment_date": "22:29:21 28 Oct 2013 PDT",
            "address_country_code": "US",
            "address_zip": "95131",
            "tax": "2.02",
            "item_name": "something",
            "address_name": "John Smith",
            "last_name": "Smith",
            "receiver_id": "[email protected]",
            "item_number": "AK-1234",
            "verify_sign": "AiPC9BjkCyDFQXbSkoZcgqH3hpacAaChsjNZq2jHG82F97aoFSMa6SED",
            "address_country": "United States",
            "payment_status": "Completed",
            "address_status": "confirmed",
            "business": "[email protected]",
            "payer_email": "[email protected]",
            "notify_version": "2.1",
            "txn_type": "web_accept",
            "test_ipn": "1",
            "payer_status": "verified",
            "mc_currency": "USD",
            "mc_gross": "12.34",
            "address_state": "CA",
            "mc_gross1": "12.34",
            "payment_type": "echeck",
            "address_street": "123, any street"
        }',
        true
    );
}

Fields have been removed from the realIPN function to protect my buyer's privacy.

Here is the output of the code: https://i.sstatic.net/vJN8i.png

You'll notice the the test IPN which is data from the IPN simulator is valid, yet the real data which I have captured as a request is determined to be invalid. (I have also verified that paypal is returning an 'INVALID' for the verification of the realipn.

Does anyone know what is wrong with my isValidPayPalIPN function, or why is the real IPN data not being verified? I have to imagine is has something to do with the notify version.

Upvotes: 0

Views: 368

Answers (1)

Drew Angell
Drew Angell

Reputation: 26036

That function is hard coding https://www.sandbox.paypal.com as the endpoint. When you go live that has to be switched to www.paypal.com. Otherwise, it's verifying against the wrong server so you will indeed get invalid.

The best way to handle it would be to dynamically populate that endpoint value based on a config file somewhere.

Upvotes: 1

Related Questions