Search code examples
phpcurlpaypal-ipn

Access Denied on Paypal IPN verification


I'm getting the the following error when trying to verify payments using the IPN. The same code was tested on the sandbox (before and after the error) and is verifying properly.

<HTML>
<HEAD>
    <TITLE>Access Denied</TITLE>
</HEAD>
<BODY>
    <H1>Access Denied</H1>

    You don't have permission to access "https://www.paypal.com/cgi-bin/webscr" on this server.<P>
    Reference #18.........    
</BODY>
</HTML>

The code I'm using is as follows:

$raw_post_data = file_get_contents('php://input');
pplog("Processing POSTed data");
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
    $keyval = explode ('=', $keyval);
    if (count($keyval) == 2)
        $myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the IPN message sent from PayPal and prepend 'cmd=_notify-validate'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
    $get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {
    if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
        $value = urlencode(stripslashes($value));
    } else {
         $value = urlencode($value);
    }
     $req .= "&$key=$value";
}

$ch = curl_init("https://www.paypal.com/cgi-bin/webscr");
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));

if(!($res = curl_exec($ch)) ) {
    error_log("Got " . curl_error($ch) . " when processing IPN data");
    curl_close($ch);
    exit;
}
curl_close($ch);
log($res);

I'm on Ubuntu 14.04, with openssl, curl and phpcurl installed, and four hours of debugging.


Solution

  • Finally found the fix for this after speaking with PayPal Technical Support. It was an issue with something they have changed and are working to fix but to get it to work again you simply have to send a "User-Agent" HTTP Header with the Curl request, so something like:

    curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close', 'User-Agent: company-name'));
    

    As for what the "User-Agent" should be set as, it just needs to be at least 5 characters, probably your company name as the example shows but it doesn't have to be.

    The Technical Support agent also pointed me to: https://ppmts.custhelp.com/app/answers/detail/a_id/92 if the above fix does not work, but it did for me.