I'm struggling with this problem for some days now but with no success, I'm relatively new to paypal ipn but have used it succesfully in the past few monhts, now maybe I'm doing some silly mistake or paypal sandbox ipn server is unresponsible.
The payment is processed properly, the money goes from the buyer account to the seller but still no details are entered in the database.
So this is the html form code:
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="POST">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="sanboxselleremail">
<input type="hidden" name="item_name" value="Product">
<input type="hidden" name="item_number" value="1">
<input type="hidden" name="amount" value="15">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="lc" value="EN">
<input type="hidden" name="bn" value="PP-BuyNowBF">
<input type="hidden" name="return" value="http://mysite.com/testipn/">
<input type="hidden" name="cancel_return" value="http://mysite.com/testipn/">
<input type="hidden" name="rm" value="2">
<input type="hidden" name="notify_url" value="http://mysite.com/testipn/ipn.php" />
<input type="submit" value="submit" />
</form>
And this is the ipn code that I found at paypal:
include('db.php');
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);
// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
if($payment_status=='Completed'){
$paylog = $db->query("INSERT INTO....);
}
else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
}
}
fclose ($fp);
}
I've double checked everything, I know that you must post back all the variables so I checked them too. The sql syntax has no problems because I've tested it and it enters the values to the database table I want.
Can you please take a quick look and please point any errors you might find?
Thank you. This problem is costing me lot of time and stress... :(
Your code is outdated and doesn't include the HTTP 'Host' header, which is (now) required.
So with this code, it would never get back 'VERIFIED', but instead get a HTTP/1.1 400 'Bad Request' back from PayPal.
To fix this, simply change:
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
To:
$header .= "POST /cgi-bin/webscr HTTP/1.1\r\n";
And add:
$header .= "Host: www.sandbox.paypal.com\r\n";
Should you just wish to use updated sample code, you can find this at https://www.paypal.com/ipn/