Why I can't access my $_POST variables in a form PayPal listener in PHP

Question

I'm wondering where are my $_POST variables if I can't access them in my listener.php file and then how can I send these variables to this file correctly.

form code :

<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="TTTTJP9E36G6W">
<input type="hidden" name="hosted_button_id" value="TTTTJP9E36G6W">
<input type="hidden" name="osoba" value="<?=$query?>">
<input type="hidden" name="login" value="<?=$_SESSION['zalogowany']?>">
<input type="hidden" name="idmecz" value="<?=$x?>">
<input type="hidden" name="notify_url" value="http://xxxxxx/listener">
<input type="submit" value="Zapłać" class="butonek" border="0" name="submit" alt="PayPal – Płać wygodnie i bezpiecznie">
<img alt="" border="0" src="https://www.paypalobjects.com/pl_PL/i/scr/pixel.gif" width="1" height="1">

</form>

listener code :

<?php
    session_start();



    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, 'https://www.paypal.com/cgi-bin/webscr');
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, "cmd=_notify-validate&" . http_build_query($_POST));
    $response = curl_exec($ch);
    curl_close($ch);

    if ($response == "VERIFIED" && $_POST['receiver_email'] == "jxxxxm@.....") {

        $paymentStatus = $_POST['payment_status'];

        if ($paymentStatus == "Completed") {
            $id = $_POST['idmecz'];
            file_put_contents("file.txt",$id);


        }
    }

This file doesn't have access to any of the variables even the $_SESSION variables.

Answer 1

In my case helped the input named "custom" -> it sends the post variable to my listener, we can access it by simple $_POST or if it contains more than 1 word I separated it with space in the first file, then created a list by explode function in listener and then inserted into database. Hope this one might help others.

Answer 2

IPN listeners receive a direct POST from PayPal when there is an IPN event message. As such, $_SESSION will be irrelevant -- it is a one-time post, there is no session.

If you are expecting a customer's $_SESSION to appear, you are looking for the wrong thing in the wrong place, since the customer's browser is not communicating with your IPN listener.

If you want additional data to be available to you as part of a PayPal IPN message, you can include that data as part of the PayPal transaction using the fields INVNUM (invoice number, which must be unique, never before used for a transaction on your account) and CUSTOM, which may contain anything. These data values will appear somewhere in the IPN $_POST data (print out the array to find what the parameter name is)

Reviewing your listener.php, the problem may be that the verification step is failing. You should debug the curl call -- log curl_error ( $ch ) to a file, and also log $response and a dump of the original $_POST received, so you can review what's actually happening.

( If the certificate can't be verified, you probably need to download an updated Certificate Authority bundle .pem file, and pass a path to that file in CURLOPT_CAINFO )