Geek Answers Handbook

IPN validation in PayPal sandbox always returns INVALID

I searched this question and tried all the suggestions, but nothing works.

I tried this code: https://developer.paypal.com/docs/classic/ipn/ht_ipn/ but it does not work. Just copy it and remove the old magick_quotes utilities.

I tried this code: http://samples.geekality.net/view-source.php?file=ipn/ipn_handler.class.php and it also does not work.

In all cases, I tried to do the following:

$req = 'cmd=_notify-validate&' . file_get_contents('php://input');

So I send on IPN exactly what it sent to me. In addition, I used a debugging proxy (Fiddler) and saved what the IPN sent to me and what I sent to the IPN. The byte-byte request bodies are identical, except that my request has the line prefix cmd=_notify-validate& .

Yes, I verified that I am using the correct sandbox URL. Here are the whole tel requests:

Which IPN sent me: (I just replaced the personal data with XXX)

 POST http://localhost.loc/en/payment/success/1 HTTP/1.1 Host: localhost.loc Connection: keep-alive Content-Length: 921 Cache-Control: max-age=0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Origin: null User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4 mc_gross=1.00&protection_eligibility=Ineligible&payer_id=5XNKM66NSDKC4&tax=0.00&payment_date=05%3A34%3A11+Jun+01%2C+2015+PDT&payment_status=Completed&charset=utf-8&first_name=XXX&mc_fee=0.33&notify_version=3.8&custom=topup%3A262262%3A1%3A1433162020&payer_status=verified&business=XXX&quantity=1&payer_email=XXX&verify_sign=AG58dBsn5g2z8O8NEjotbuJGP14PAIpZ4k26VL8IyhaDPkcDRj002Keq&memo=hmgvjgjhgfjhfggjhfjtfgjh&txn_id=4CN141026K278934Y&payment_type=instant&last_name=XXX&receiver_email=XXX&payment_fee=0.33&receiver_id=DCMXPXGX4QX6J&txn_type=web_accept&item_name=Account+top+up&mc_currency=USD&item_number=Account+262262+top+up&residence_country=US&test_ipn=1&handling_amount=0.00&transaction_subject=topup%3A262262%3A1%3A1433162020&payment_gross=1.00&shipping=0.00&auth=ANSTBwT3znll-gJQZO2cLoV5QJFW9v8W.FqyWxffdtI0L-9mfsoe2xRL44M86Sn2XtYGtcqG4Fjjel1kdYZyxpQ

What I sent to IPN:

 POST https://www.sandbox.paypal.com/cgi-bin/webscr HTTP/1.1 Host: www.sandbox.paypal.com Accept: */* Content-Length: 942 Content-Type: application/x-www-form-urlencoded cmd=_notify-validate&mc_gross=1.00&protection_eligibility=Ineligible&payer_id=5XNKM66NSDKC4&tax=0.00&payment_date=05%3A34%3A11+Jun+01%2C+2015+PDT&payment_status=Completed&charset=utf-8&first_name=XXX&mc_fee=0.33&notify_version=3.8&custom=topup%3A262262%3A1%3A1433162020&payer_status=verified&business=XXX&quantity=1&payer_email=XXX&verify_sign=AG58dBsn5g2z8O8NEjotbuJGP14PAIpZ4k26VL8IyhaDPkcDRj002Keq&memo=hmgvjgjhgfjhfggjhfjtfgjh&txn_id=4CN141026K278934Y&payment_type=instant&last_name=XXX&receiver_email=XXX&payment_fee=0.33&receiver_id=DCMXPXGX4QX6J&txn_type=web_accept&item_name=Account+top+up&mc_currency=USD&item_number=Account+262262+top+up&residence_country=US&test_ipn=1&handling_amount=0.00&transaction_subject=topup%3A262262%3A1%3A1433162020&payment_gross=1.00&shipping=0.00&auth=ANSTBwT3znll-gJQZO2cLoV5QJFW9v8W.FqyWxffdtI0L-9mfsoe2xRL44M86Sn2XtYGtcqG4Fjjel1kdYZyxpQ

Can someone help me what am I doing wrong? Thanks.

+5
source share
2 answers

AARRRRGH !!!!!!!! I have only dirty words in PayPal !!!!!!! The problem was ... (drumroll ... tadam!) In the charset field! No, its value should be the same as IPN, sent it to you, but ... in UPPERCASE! IPN sends it in lowercase! Therefore, you MUST change the IPN data to verify this, even though management is telling us to return the data โ€œas isโ€. PayPal Error?

So my last working code: (using HTTP_Request2)

 protected function verifyPostData() { $this->request->setBody('cmd=_notify-validate&' . str_replace('=utf-8', '=UTF-8', file_get_contents('php://input'))); $response = $this->request->send(); if ($response->getStatus() != 200) { throw new \RuntimeException("Transaction data verification request failed with code {$response->getStatus()}"); } $content = trim($response->getBody()); return ($content == 'VERIFIED'); }

How I did it: I sent a PDT request for this transaction and received the transaction data. Then I made a field to compare PDT and IPN data fields. PDT does not have any IPN fields like auth , verify_sign and test_ipn . But all the other fields seem to be the same. And only the difference was in the case of charset field characters. Then I tried to check the changed data and unexpectedly became successful!

+3
source

This is a recent PayPal error when the client completes the payment and clicks the "Click here to return .." button instead of waiting for a few seconds, the parameters passed to the PDT script to your site are sent in lower case.

It will also ruin things like case sensitive or encoded cm / custom parameter.

Obviously, PayPal knows about this.

0
source

More articles:


All Articles