Hello, fellow web developers. This is my first post. I have joined this forum after trawling the web for answers to my very frustrating problem.

Basically I am looking to set up subscriptions on a couple of my websites. After researching the options the simplest way to do this seemed to be PayPal's subscription service.

Of course, only members who are subscribed will have access to certain parts of the site so naturally I wanted something that automates payment and talks to my database to set permission levels based on succesful payments. PayPal's IPN (Instant Payment Notification) seems to be just the thing I need.

However, I'm having trouble getting it to work for me. I've set up my IPN Listener and have tested it in the PayPal Sandbox. It succesfully sends each time. But what it does NOT do is return VERIFIED. It keeps on returning INVALID or nothing at all! I can't work out why this is as I have followed all the instructions to a tee.

Here is my code:

// ***************** IPN LISTENER *********************
// PHP 4.1

// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
 $value = urlencode(stripslashes($value));
 $req .= "&$key=$value";
}

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

// In a live application send it back to www.paypal.com
// but during development you will want to use the paypal sandbox
// So comment out one of the following lines

// $fp = fsockopen ('www.sandbox.paypal.com', 80, $errno, $errstr, 30);
$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);

// or use port 443 for an SSL connection
//$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);


if (!$fp) {

 // HTTP ERROR

} else {

fputs ($fp, $header . $req);

 while (!feof($fp)) {

 $res = fgets ($fp, 1024);

 if (strcmp ($res, "VERIFIED") == 0) {

  // CODE TO UPDATE THE DATABASE TO SAY THAT 
  // IT HAS RETURNED VERIFIED

 } else if (strcmp ($res, "INVALID") == 0) {

  // CODE TO UPDATE THE DATABASE TO SAY THAT 
  // IT HAS RETURNED INVALID

 } else {

  // CODE TO UPDATE THE DATABASE TO SAY THAT 
  // IT HAS RETURNED NEITHER

 }

 }
fclose ($fp);
}

// ***************** END IPN LISTENER *********************

The only variety of code that I can find is the URL to send the Listener's reply to.

As you can see above, I have found:
1) $fp = fsockopen ('www.sandbox.paypal.com', 80, $errno, $errstr, 30);
2) $fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);
3) $fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);

Therefore I have tested the Listener from the PayPal Sandbox with each of these lines of code. The IPN is sent succesfully with each of them but none of them return VERIFIED. And for some reason if I use the sandbox.paypal line of code (number 1) it doesn't return anything ($res is blank). Even though I'm sending it from Sandbox and PayPal tells you to use the sandbox URL if this is so!

The only real advice I have found for fixing INVALID returns is from [x.com...]

REASONS FOR INVALID

- Make sure you are posting back ALL variables/values.

For PayPal to return VERIFIED, your IPN script needs to post back ALL the variables that were posted to it in the first place. In other words, if your script only needs to manipulate 1 or 2 variables, it is not enough to post back to PayPal only the variables/values your script is concerned with. Your script should post back EVERYTHING that was initially posted to it from PayPal. This is the only way PayPal will return VERIFIED

- Make sure you are not posting back to the wrong URL.

If you are testing in the Sandbox, you need to ensure your script posts back to www.sandbox.paypal.com. If you are on the live site, the script should post back to www.paypal.com. You will receive INVALID if you are testing in the Sandbox and your script posts back to the live site (or vice versa)

- Encoding

PayPal's IPN server expects that your script will POST back all variables that were posted to it and more importantly, that they are encoded the same way as they were sent to your script. If your script inadvertently changed the encoding of a character or interprets an encoded character as another character and POSTs back, you will likely see INVALID. This can happen sporadically and tends to occur, for example, when a payment is received and the buyer may have an accented character in their name or the order is for some item with a non-standard character in the item name. These instances are tricky to troubleshoot but it is listed here as it can cause INVALID when you would expect VERIFIED. Look for this issue when you are seeing that certain IPNs are INVALID and all the rest are VERIFIED.

As I said before, as far as I can see, I'm not doing anything wrong as suggested by the troubleshooting advice!

I'm really hoping that there is someone on here who is familiar with PayPal IPNs, who can take one look at my code and spot a really dumb schoolboy error somewhere and correct me on it. In the meantime though I am getting more and more frustrated at this apparently illogical error. ARRRGH!

Thank you very, very much in advance, anyone who sovles this issue for me!

PS: This is a graphic to explain pretty much everything I just typed but to also show you my exact code.

[i.imgur.com...]