Complete Script for Paypal's IPN Service

starkvegas

Here is the script for using Paypal's Instant Payment Verification Service with PHP. It requires cURL for posting to a secure server. My setup is on Win2K/Apache.

To setup cURL for Win2K/Apache.

It's easy to setup. Everything you need is included in the PHP 4.10 distribution. To enable cURL, just uncomment the cURL and openssl extensions in you php.ini file. You will then need to make sure that your extension path (defined in php.ini points to your extensions folder (php/extensions) that contains php_openssl.dll and php_curl.dll). You will also need to copy ssleay32.dll and libeay32.dll from php/dlls/ to somewhere in your path. Don't forget to restart apache. Now you should be able to rock.

Here is the Paypal IPN code:

Note: I'm not a programmer by profession, so don't make fun of my script. It works.

/ This script communicates with Paypal's Instant Payment Notification
System. It uses cURL and PHP. The original cURL function is by Aaron Web.
I have taken out the username/password attributes/

function execute_requests($server, $path, $qstring) {

/ Set up cURL with curl_init. $ch is for Curl Handle. /
$ch = curl_init();

/ Set the type of request to POST /
curl_setopt($ch, CURLOPT_POST, 1);

/ Suppress header in cURL's output /
curl_setopt($ch, CURLOPT_HEADER, 0);

/ Make curl return the results to a variable instead of STDOUT /
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);

/ Set maximum time for cURL request /
curl_setopt($ch, CURLOPT_TIMEOUT, 5);

/ Construct request /
$requestedurl = "$server" . "/$path";

/ Set URL for request /
curl_setopt($ch, CURLOPT_URL, "$requestedurl");

/ Set query string for post request /
curl_setopt($ch, CURLOPT_POSTFIELDS, "$qstring");

/ Execute request /
$result = curl_exec($ch);

if(curl_error($ch)) {
echo "Error retrieving $requestedurl ";
exit;
}

curl_close ($ch);

return $result;
}

// Parse incoming form data and prepare it for posing to Paypal.

foreach ($HTTP_POST_VARS as $key=>$value) $qstring .= "$key=$value&";
$qstring .= "cmd=_notify-validate";

// Set variables for the cURL function.

//$server = "http://localhost";
//$path = "/mysql_host/paypal/dummy_post.php";
$server = "https://www.paypal.com";
$path = "/cgi-bin/webscr";

// This output contains the response from Paypal.

$output = execute_requests($server, $path, $qstring);

/ Probably not necessary, but I searched the response for the text "VERIFIED"
or "INVALID"/

$verified = "ERROR";
if (ereg("VERIFIED",$output))
{
$verified = "VERIFIED";
}
if (ereg("INVALID",$output))
{
$verified = "INVALID";
}

/ The hard part is done. Now you can do what you like with the data./

Anon

Here's a version that doesn't require curl compiled into PHP, but just installed on the server. It's a lot simpler too.

// Pass it $HTTP_POST_VARS on the check page
function VerifyPayPalTransaction($payPalTransaction)
{
// Turn PayPal form array into a key/value string for CURL
foreach ($payPalTransaction as $key => $value) {
$payPalCheck .= $key . '=' . urlencode($value) . '&';
}

$payPalCheck .= "cmd=_notify-validate";

// Validate form data from PayPal with PayPal using CURL
$payPalVerificationURL = "https://www.paypal.com/cgi-bin/webscr";
exec('curl -d "' . $payPalCheck . '" ' . $payPalVerificationURL, $payPalValidationCode);

return $payPalValidationCode[0];

}