Hi
I'm using CUrl to handle IPN postings from PayPal. Currently I'm testing with my sandbox. Here's a quick rundown of how this works:
- Someone makes a payment on my site (or performs a chargeback, or has their card rejected or whatever)
- PayPal's server posts off a record of this action to my IPN receiver script
- My script fires back the request to PayPal basically saying 'did this come from you?'. This script contains the exact sequence of fields which PayPal sent to me.
- PayPal sends back a simple response of either 'VERIFIED' or 'INVALID' to let me know that the original post was indeed genuinely from PayPal
- My script then takes action depending upon the outcome.
(apologies to anyone who already knows all the above!)
So my script is working (almost) faultlessly. Here's the problem. The string I send to PayPal always sends back 'INVALID' and looks like this
?cmd=_notify-validate&test_ipn=1&payment_type=instant&payment_date=02:39:41 Oct 06, 2011 PDT&payment_status=Completed&address_status=confirmed&payer_status=verified&first_name=John&last_name=Smith&payer_email=buyer@paypalsandbox.com&payer_id=TESTBUYERID01&address_name=John Smith&address_country=United States&address_country_code=US&address_zip=95131&address_state=CA&address_city=San Jose&address_street=123, any street&business=seller@paypalsandbox.com&receiver_email=seller@paypalsandbox.com&receiver_id=TESTSELLERID1&residence_country=US&item_name=something&item_number=AK-1234&quantity=1&shipping=3.04&tax=2.02&mc_currency=USD&mc_fee=0.44&mc_gross=12.34&mc_gross_1=9.34&txn_type=web_accept&txn_id=41106939¬ify_version=2.1&custom=xyz123&charset=windows-1252&verify_sign=AB3bSjvFd3wXL7rCt.OOGW-nSKg-Ahh5RbboVG4bn9LSAon94Wjt2Oj9
The problem is on the last line, the '¬' character after &txn_id=41106939
This seems to be an encoding issue? When I send the above string to my email account, the character is there, but, if I view the raw source of the email, here's what it's showing:
'&txn_id=41106939¬ify_version=2.1'
you can see that the raw source code shows a proper interpretation of the txn_id and notify_version variables. I'm guessing that the first version, with incorrect character is what is being sent to PayPal and that's why I'm getting my 'INVALID' return. Is there some way I can force the string sent to PayPal not to use that character. Am I right to presume that maybe '6939&' is maybe being misinterpreted as a hex character or something similar? Any help appreciated,
Here's the business end of my PHP CUrl request:
First, how I create the string to send back to PayPal from their original post:
$method = '?cmd=_notify-validate';
foreach ($_POST as $key => $value){
$method .= '&' . $key . '=' . $value;
}
Then the CUrl code:
function pp_authenticate($method)
{
$ppalPath = 'https://www.sandbox.paypal.com/cgi-bin/webscr';
$requestPath = $ppalPath.$method;
$pp_request = curl_init($requestPath);
curl_setopt($rpc_request, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($pp_request);
return $result;
}
cheers,
Mike
