I have a wordpress 1 page site that has an option to download a music track after a paypal donation – with a minimum amount of $3.99.
the button works fine and the paypal payment goes through – but I’m only getting INVALID back from paypal – it doesnt seem to be writing back the content to paypal correctly.
Also – How can I see what paypal is posting back to me?
Any help is greatly appreciated!
inside the included php file:
<?php echo "<p class='small-donate'>Minimum ammount for donation is $3.99</p>
<form method='POST' action='' target='_top'>
$<input type='text' name='donate_amount' value='0' size='4' class='donate-input'>
<input type='submit' name='submit' value='Donate' class='donate-submit'></form>";
if(!empty($_POST['submit'])) {
// Form has been submitted
if($_POST['donate_amount'] >= 3.99) {
// Redirect to PayPal
$myurl = site_url();
$fileurl = site_url('wp-content/themes/MY_THEME/content-download-file.php');
header('Location: https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_donations&item_name=Donation for music track&amount='.$_POST['donate_amount'].'¤cy_code=USD&business=MY_SANDBOX_TEST_EMAIL&cbt=Download the file&return='.$fileurl.'&cancel_return='.$myurl);
}
else {
echo '<span class="error">Donation must be at least $3.99</span>';
}
}
?>
inside content-download-file.php
(I got this from paypal developers)
<?php
// STEP 1: read POST data
// Reading POSTed data directly from $_POST causes serialization issues with array data in the POST.
// Instead, read raw POST data from the input stream.
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
$keyval = explode ('=', $keyval);
if (count($keyval) == 2)
$myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the IPN message sent from PayPal and prepend 'cmd=_notify-validate'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
$get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {
if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
$value = urlencode(stripslashes($value));
} else {
$value = urlencode($value);
}
$req .= "&$key=$value";
}
// Step 2: POST IPN data back to PayPal to validate
$ch = curl_init('https://www.sandbox.paypal.com/cgi-bin/webscr');
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
// In wamp-like environments that do not come bundled with root authority certificates,
// please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set
// the directory path of the certificate as shown below:
// curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
if( !($res = curl_exec($ch)) ) {
//error_log("Got " . curl_error($ch) . " when processing IPN data");
curl_close($ch);
exit;
}
curl_close($ch);
// inspect IPN validation result and act accordingly
if (strcmp ($res, "VERIFIED") == 0) {
echo '<section id="download">
<h2>Download song</h2>
<a href="FILE_PATH">FILE Here</a>
</section>';
}
else if (strcmp ($res, "INVALID") == 0) {
echo "The response from IPN was: <b>" .$res ."</b>";
}
?>
Here is the script I mentioned:
In the “address-here” sections are where you’ll need to add in the appropriate e-mail address. This posts everything back to PayPal and it just returned a “VERIFIED” response back.
It’s all set for the Sandbox now.