Paypal IPN Donations

I have a wordpress 1 page site that has an option to download a music track after a paypal donation – with a minimum amount of $3.99.

the button works fine and the paypal payment goes through – but I’m only getting INVALID back from paypal – it doesnt seem to be writing back the content to paypal correctly.

Read More

Also – How can I see what paypal is posting back to me?

Any help is greatly appreciated!

inside the included php file:

<?php echo "<p class='small-donate'>Minimum ammount for donation is $3.99</p>
<form method='POST' action=''  target='_top'>
$<input type='text' name='donate_amount' value='0' size='4' class='donate-input'>
<input type='submit' name='submit' value='Donate' class='donate-submit'></form>";
if(!empty($_POST['submit'])) {
// Form has been submitted
  if($_POST['donate_amount'] >= 3.99) {
// Redirect to PayPal
$myurl = site_url();
$fileurl = site_url('wp-content/themes/MY_THEME/content-download-file.php');
header('Location: https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_donations&item_name=Donation for music track&amount='.$_POST['donate_amount'].'&currency_code=USD&business=MY_SANDBOX_TEST_EMAIL&cbt=Download the file&return='.$fileurl.'&cancel_return='.$myurl);
}
else {
echo '<span class="error">Donation must be at least $3.99</span>';
}
}
?> 

inside content-download-file.php

(I got this from paypal developers)

<?php
// STEP 1: read POST data

// Reading POSTed data directly from $_POST causes serialization issues with array data in the POST.
// Instead, read raw POST data from the input stream. 
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
  $keyval = explode ('=', $keyval);
  if (count($keyval) == 2)
     $myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the IPN message sent from PayPal and prepend 'cmd=_notify-validate'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
   $get_magic_quotes_exists = true;
} 
foreach ($myPost as $key => $value) {        
   if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) { 
        $value = urlencode(stripslashes($value)); 
   } else {
        $value = urlencode($value);
   }
   $req .= "&$key=$value";
}


// Step 2: POST IPN data back to PayPal to validate

$ch = curl_init('https://www.sandbox.paypal.com/cgi-bin/webscr');
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));


// In wamp-like environments that do not come bundled with root authority certificates,
// please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set 
// the directory path of the certificate as shown below:
// curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
if( !($res = curl_exec($ch)) ) {
    //error_log("Got " . curl_error($ch) . " when processing IPN data");
    curl_close($ch);
    exit;
}
curl_close($ch);
// inspect IPN validation result and act accordingly

if (strcmp ($res, "VERIFIED") == 0) {
         echo '<section id="download">
<h2>Download song</h2>
 <a href="FILE_PATH">FILE Here</a>
</section>';

    }

 else if (strcmp ($res, "INVALID") == 0) {
    echo "The response from IPN was: <b>" .$res ."</b>";
}
?>

Related posts

Leave a Reply

1 comment

  1. Here is the script I mentioned:

    <?php
    // read the post from PayPal system and add 'cmd'
    $req = 'cmd=_notify-validate';
    
    foreach ($_POST as $key => $value) {
    $value = urlencode(stripslashes($value));
    $req .= "&$key=$value";
    }
    
    // post back to PayPal system to validate
    
    $header = "POST /cgi-bin/webscr HTTP/1.1rn";
    
        // If testing on Sandbox use: 
    $header .= "Host: www.sandbox.paypal.comrn";
    $header .= "Connection: closern";
    //$header .= "Host: www.paypal.com:443rn";
    $header .= "Content-Type: application/x-www-form-urlencodedrn";
    $header .= "Content-Length: " . strlen($req) . "rnrn";
    
        // If testing on Sandbox use:
    $fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);
    
    
    // assign posted variables to local variables
    $item_name = $_POST['item_name'];
    $item_number = $_POST['item_number'];
    $payment_status = $_POST['payment_status'];
    $payment_amount = $_POST['mc_gross'];
    $payment_currency = $_POST['mc_currency'];
    $txn_id = $_POST['txn_id'];
    $receiver_email = $_POST['receiver_email'];
    $payer_email = $_POST['payer_email'];
    
    if (!$fp) {
    // HTTP ERROR
    } else {
    fputs ($fp, $header . $req);
    while (!feof($fp)) {
    $res = fgets ($fp, 1024);
    if (strcmp (trim($res), "VERIFIED") == 0) {
    // check the payment_status is Completed
    // check that txn_id has not been previously processed
    // check that receiver_email is your Primary PayPal email
    // check that payment_amount/payment_currency are correct
    // process payment
    
    $mail_From = "From: address-here";
    $mail_To = "address-here";
    $mail_Subject = "VERIFIED IPN";
    $mail_Body = $req;
    
    //error_log($res, 1, "address-here");
    
    foreach ($_POST as $key => $value){
    $emailtext .= $key . " = " .$value ."nn";
    }
    
    mail($mail_To, $mail_Subject, $emailtext . "nn" . $mail_Body, $mail_From);
    
    
    }
    else if (strcmp (trim($res), "INVALID") == 0) {
    
    
    $mail_From = "From: address-here";
    $mail_To = "address-here";
    $mail_Subject = "INVALID IPN";
    $mail_Body = $req;
    
    //error_log($res, 1, "address-here");
    
    foreach ($_POST as $key => $value){
    $emailtext .= $key . " = " .$value ."nn";
    }
    
    mail($mail_To, $mail_Subject, $emailtext . "nn" . $mail_Body, $mail_From);
    
    }
    }
    fclose ($fp);
    }
    ?>
    

    In the “address-here” sections are where you’ll need to add in the appropriate e-mail address. This posts everything back to PayPal and it just returned a “VERIFIED” response back.

    It’s all set for the Sandbox now.