PayPal IPN Test works Live Fails to return item_number & item_name

BLottman

The script ipntest.php on http://www.eliteweaver.co.uk/testing/ipntest.php site works fine at submitting and returning variable values and updating my MySQL db table on my paymentsuccess.php file - (i.e., the notify.php script is embedded. All of the variables & values are passed to the test site successfully. When I change the paymentsuccess.php script to live mode, and actually use the paypal.com site, my return page paymentsucess.php display form notes all of the variables except for the item_number and item_name have values. Why?

Here's the Payment Submission form for both Live (i.e., Paypal IPN site) and the Test (i.e., eliteweaver site) versions:

Live form
<form target="paypal" action="https://www.paypal.com/cgi-bin/webscr\" method="post">
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="business" value="customerservice@mydomainname.com">
<input type="hidden" name="item_name" value="Record Listing Subscription Payment">
<input type="hidden" name="item_number" value="<?php echo $recordid; ?>">
<input type="hidden" name="custom" value="<?php echo $R602;?>">
<input type="hidden" name="amount" value="$01.00">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="return" value="http://www.mydomainname.com/paymentsuccess.php">
<input type="hidden" name="cancel_return" value="http://www.mydomainname.com/paymentcancel.html">
<input type="hidden" name="add" value="1">
<input type="image" src="https://www.paypal.com/images/sc-but-01.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
</form>

test form
<form action="http://www.eliteweaver.co.uk/testing/ipntest.php" method="post">
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="business" value="customerservice@mydomainname.com">
<input type="hidden" name="item_name" value="Record Listing Subscription Payment">
<input type="hidden" name="item_number" value="<?php echo $recordid; ?>">
<input type="hidden" name="custom" value="<?php echo $R602;?>">
<input type="hidden" name="amount" value="$01.00">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="return" value="http://www.mydomainname.com/paymentsuccess.php">
<input type="hidden" name="cancel_return" value="http://www.mydomainname.com/paymentcancel.html">
<input type="hidden" name="add" value="1">
<input type="image" src="https://www.paypal.com/images/sc-but-01.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
</form>

Here's my paymentsuccess.php code. Pay specific attention the VERIFIED conditional clause:

<?php
// IPN Posting Modes, Choose: 1 or 2

$postmode = "1";

      //* 1 = Live Via PayPal Network
      //* 2 = Test Via EliteWeaver UK

// PostMode 2: Test Via EliteWeaver UK

        elseif ($postmode == 2)
        {

$fp = fsockopen ("www.eliteweaver.co.uk", 80, $errno, $errstr, 30);
$header .= "POST /testing/ipntest.php HTTP/1.0\r\n";
$header .= "Host: www.eliteweaver.co.uk\r\n"; // Host on Shared IP
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen ($req) . "\r\n\r\n";
//* Note: "Connection: Close" is Not required Using HTTP/1.0
}

// Selected PostMode was Probably Not Set to 1 or 2

        else
        {

$pme=1;
echo "PostMode: $postmode is invalid!";
exit;
}

// Problem: Now is this your Firewall or your Ports?
// Maybe Setup a little email Notification here. . .

        if (!$fp && !$pme)
        {

echo "Problem: Error Number: $errno Error String: $errstr";
exit;
}

// If No Problems have Occured then we proceed with the Processing

        else
        {

// If globals is "off" but you are Not Security Conscious then Remove: #

#extract($_POST);

// Else, if globals is "off" and you are Security Conscious then you
// will have to assign all posted variables to local variables

// Note: If globals is "on" or you extracted then you don't need to localize

// Standard - Instant Payment Notifiction Variables (Localization)

              $receiver_email = $_POST['receiver_email'];
              $item_name = $_POST['item_name'];
              $item_number = $_POST['item_number'];
              $quantity = $_POST['quantity'];
              $invoice = $_POST['invoice'];
              $custom = $_POST['custom'];
              $option_name1 = $_POST['option_name1'];
              $option_selection1 = $_POST['option_selection1'];
              $option_name2 = $_POST['option_name2'];
              $option_selection2 = $_POST['option_selection2'];
              $num_cart_items = $_POST['num_cart_items'];
              $payment_status = $_POST['payment_status'];
              $pending_reason = $_POST['pending_reason'];
              $payment_date = $_POST['payment_date'];
              $payment_gross = $_POST['payment_gross'];
              $payment_fee = $_POST['payment_fee'];
              $mc_gross = $_POST['mc_gross']; // Live: 07/09/2002
              $mc_fee = $_POST['mc_fee']; // Live: 07/09/2002
              $mc_currency = $_POST['mc_currency']; // Live: 07/09/2002
              $txn_id = $_POST['txn_id'];
              $txn_type = $_POST['txn_type'];
              $first_name = $_POST['first_name'];
              $last_name = $_POST['last_name'];
              $address_street = $_POST['address_street'];
              $address_city = $_POST['address_city'];
              $address_state = $_POST['address_state'];
              $address_zip = $_POST['address_zip'];
              $address_country = $_POST['address_country'];
              $address_status = $_POST['address_status'];
              $payer_email = $_POST['payer_email'];
              $payer_id = $_POST['payer_id']; // Live: 09/09/2002
              $payer_status = $_POST['payer_status'];
              $payment_type = $_POST['payment_type'];
              $notify_version = $_POST['notify_version'];
              $verify_sign = $_POST['verify_sign'];

// Subscription - Instant Payment Notifiction Variables (Localization)
// You must Remove: # if you are Using the Subscription Variables

              #$subscr_date = $_POST['subscr_date'];
              #$period1 = $_POST['period1'];
              #$period2 = $_POST['period2'];
              #$period3 = $_POST['period3'];
              #$amount1 = $_POST['amount1'];
              #$amount2 = $_POST['amount2'];
              #$amount3 = $_POST['amount3'];
              #$recurring = $_POST['recurring'];
              #$reattempt = $_POST['reattempt'];
              #$retry_at = $_POST['retry_at'];
              #$recur_times = $_POST['recur_times'];
              #$username = $_POST['username'];
              #$password = $_POST['password'];
              #$subscr_id = $_POST['subscr_id'];

fputs ($fp, $header . $req);

        while (!feof($fp))
  {
              $res = fgets ($fp, 1024);
              $res = trim ($res); // Required on some Environments

// IPN was Confirmed as both Genuine and VERIFIED

        if (strcmp ($res, "VERIFIED") == 0)
        {

// Check that the "payment_status" variable is: Completed
// If it is Pending you may Want to Inform your Customer?
// Check your DB to Ensure this "txn_id" is Not a Duplicate
// You may want to Check the "payment_gross" matches listed Prices?
// You definately want to Check the "receiver_email" is yours
// Update your DB and Process this Payment accordingly

include("settings.inc");
mysql_select_db($mydb, $connection);
$sql = @("UPDATE mytable SET STATUS='Active' WHERE ID='$item_number'");
// $row1 = mysql_fetch_array($sql);
echo "<tr><td>Confirmation Number:</td><td>$txn_id</td></tr>";
echo "<tr><td>&nbsp</td><td>&nbsp</td></tr>";
echo "<tr><td>Payment By: </td><td>$first_name $last_name</td></tr>";
echo "<tr><td>Address: </td><td>$address_street</td></tr>";
echo "<tr><td>City: </td><td>$address_city, $address_state $address_zip</td></tr>";
echo "<tr><td>Country: </td><td>$address_country</td></tr>";
echo "<tr><td>Your Email: </td><td>$payer_email</td></tr>";
echo "<tr><td>&nbsp</td><td>&nbsp</td></tr>";
echo "<tr><td>Item Name: </td><td>$item_name</td></tr>";
echo "<tr><td>Item Number: </td><td>$item_number</td></tr>";
echo "<tr><td>Payment Status: </td><td>$payment_status</td></tr>";
echo "<tr><td>Payment Date: </td><td>$payment_date</td></tr>";
echo "<tr><td>&nbsp</td><td>&nbsp</td></tr>";
echo "<tr><td>Result: </td><td>$res</td></tr>"; // Remove: # for Testing
echo "<br><br>";
echo "<TR><TD>Thank you for making your payment.</TD></TR>";
echo "<TR><TD>Your record listing is now active.</TD></TR>";
echo "<br><br>";
echo("<tr><td><a href='managerecord.php?R601=$custom'>Click here to return to your records</A></td></tr>");
}

// IPN was Not Validated as Genuine and is INVALID

        elseif (strcmp ($res, "INVALID") == 0)
        {

// Check your code for any Post back Validation problems
// Investigate the Fact that this Could be a spoofed IPN
// If updating your DB, Ensure this "txn_id" is Not a Duplicate
echo "<tr><td>Result: $res</td></tr>"; // Remove: # for Testing
}}

// Terminate the Socket connection and Exit

fclose ($fp);
exit;
}
?>

Mystikal

This is quite interesting.. I've never really seen the ability for a site to intergrate into payPal before. I could probably give you quite a bit of help here if you'd like me to.. contact me on AIM via DMYSTIKALD if you want me to help.

BLottman

Credit: Marcus Cicero of eliteweaver.co.uk, It now works correctly.

The form post has a hidden input:

that was incorrect. I was using a Shopping Cart (i.e., "cmd" value="cart") when I should have been using a Single Item purchase (i.e., "cmd value = "xclick").

Once I changed the cart to xclick,

the item_number and item_name variables were returned to my return_URL by Paypal.

If anyone would like a complete copy of the working code, just email me.

Bill.

turbo99

Hi Bill,

I would like to take you up on your offer about the code.

thx

Alex

BLottman

The code attached is used for Single Item Purchases. The explaination for the cart vs xclick variable are explained by Marcus in the responses and the commented text.

Thank Marcus for the Paypal IPN test site www.eliteweaver.co.uk

Great place to test your payment success script.

Also note that the paymentsuccess.php script only implements the communication between the Paypal host server and your server's return_URL. It doesn't, but should, check the table for duplicate transaction ids (i.e., txn_id).

Regards,

Bill.

turbo99

Hey Bill,

thx for posting the code. How difficult would it be to change it to multi-item purchaces?

best regards,

alex

turbo99

in reading your text you referenced a post from marcus about multiple items.

"My suggestion, if you have multiple items that
can be entered to a shopping cart is to determine how to reference the array noted by
Marcus on the PHPbuilder posting."

Do you remember where this posting is located or Marcus username so I can search for it.

Thx
Alex

Inpresif

It is an old thread, but I have a question nonetheless.

You know if it is possible to have extra fields, like username / password in your form to store in the dbase when it comes back?

Also, do you have to send the client field to paypal as well, like street/city etc.., or are those stores in the $_POST as well.

Last, but not least ...

Isn't this:
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$value = str_replace("+"," ",$value);
$key = $value\n;
}

the same as:
$item_name = $POST['item_name'];
$item_number = $POST['item_number'];
$payment_status = $_POST['payment_status'];
etc....

I'm working on setting this up now, so any additional info is welcomed, Paypal is not most helpfull.

Thanks,
Paul.