使用 fsockopen 的警报握手失败 paypal IPN 集成

【问题标题】:Alert Handshake failure paypal IPN integration using fsockopen使用 fsockopen 的警报握手失败 paypal IPN 集成
【发布时间】:2016-04-29 22:49:39
【问题描述】:

将 paypal IPN 集成到我的网站时遇到问题。 警告是

“警告:fsockopen() [function.fsockopen]: SSL 操作失败 代码 1

OpenSSL 错误消息:

错误:14077410:SSL 例程:SSL23_GET_SERVER_HELLO:sslv3 警报 /home/...中的握手失败”在这一行:$fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);

我使用 fsockopen,因为我只能在几个月前找到工作示例。但是当我两天前尝试时,它显示了错误。这是我的代码:

<?php

$return_url = "http://www.domain.com.au/member/payment.php";
$cancel_url = "http://www.domain.com.au/member/request.php";
$notify_url = "http://www.domain.com.au/member/payment.php";

// Check if paypal request or response
if (!isset($_POST["txn_id"]) && !isset($_POST["txn_type"])){            
    $querystring = '';
    $paypalQueryString = "?business=".urlencode('my-facilitator@yahoo.com')."&";

    $paypalQueryString .= "item_name=".urlencode('Item Name')."&";
    $paypalQueryString .= "amount=".urlencode($totalPrice)."&";
    $paypalQueryString .= "cmd=_xclick&no_note=1&lc=AU&currency_code=AUD&bn=PP-BuyNowBF%3Abtn_buynow_LG.gif%3ANonHostedGuest&";
    $paypalQueryString .= "first_name=".urlencode($niceName)."&";
    $paypalQueryString .= "last_name=&";
    $paypalQueryString .= "payer_email=".urlencode($payerEmail)."&";
    $paypalQueryString .= "item_number=".urlencode($accountID)."&";
    $paypalQueryString .= "submit=Submit+Payment&";
    $paypalQueryString .= "return=".urlencode(stripslashes($return_url))."&";
    $paypalQueryString .= "cancel_return=".urlencode(stripslashes($cancel_url))."&";
    $paypalQueryString .= "notify_url=".urlencode($notify_url);

    // Redirect to paypal IPN
    header('location:https://www.sandbox.paypal.com/cgi-bin/webscr'.$paypalQueryString);
    //header('location:https://www.paypal.com/cgi-bin/webscr'.$paypalQueryString);
    exit();
}
else {
    //Response from Paypal
    //echo "<pre>".var_dump($_POST)."</pre>";

    // read the post from PayPal system and add 'cmd'
    $req = 'cmd=_notify-validate';
    foreach ($_POST as $key => $value) {
        $value = urlencode(stripslashes($value));
        $value = preg_replace('/(.*[^%^0^D])(%0A)(.*)/i','${1}%0D%0A${3}',$value);// IPN fix
        $req .= "&$key=$value";
    }

    // assign posted variables to local variables
    $data['item_name']      = $_POST['item_name'];
    $data['item_number']        = $_POST['item_number'];
    $data['payment_status']     = $_POST['payment_status'];
    $data['payment_amount']     = $_POST['mc_gross'];
    $data['payment_currency']   = $_POST['mc_currency'];
    $data['txn_id']         = $_POST['txn_id'];
    $data['receiver_email']     = $_POST['receiver_email'];
    $data['payer_email']        = $_POST['payer_email'];
    $data['custom']         = $_POST['custom'];

    $header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
    $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
    $header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

    $fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);
    //$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);

    if (!$fp) {
        echo "HTTP Error";
    } 
    else {
        fputs($fp, $header . $req);
        $res = stream_get_contents($fp, 2048);
        if (strpos(trim($res), "VERIFIED") !== false) {
               // update transaction --> paid status
        }
        else if (strpos (trim($res), "INVALID") !== false) {
        }
        else{
        }
        fclose ($fp);
    }
}
?>

希望任何人都可以帮助我。谢谢

【问题讨论】:

    标签: php paypal paypal-ipn


    【解决方案1】:

    我的情况类似,但我使用的是 cURL 而不是 fsockopen。 PayPal 刚刚开始要求与沙盒的所有连接都通过 TLS 1.2(和 HTTP 1.1)完成。

    https://devblog.paypal.com/upcoming-security-changes-notice/

    也许尝试改变这一行

    $fp = fsockopen('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);

    这个?

    $fp = fsockopen('tls://www.sandbox.paypal.com', 443, $errno, $errstr, 30);

    【讨论】:

    • 我做了,但它仍然有同样的错误。您认为我们应该在我们的网站上使用 https(ssl 证书)吗?
    【解决方案2】:

    您必须使用新的 CURL 方法并放弃旧的 fsockopen 方法,这似乎是新的 Paypal TLS 1.2 活动的一部分。 我测试了 tls:// ssl:// 和简单的 https://www.sandbox.paypal.com/cgi-bin/webscr ,直到我实现了下面的 PHP Curl apprach。

    https://github.com/paypal/ipn-code-samples/blob/master/paypal_ipn.php

    <?php
// CONFIG: Enable debug mode. This means we'll log requests into 'ipn.log' in the same directory.
// Especially useful if you encounter network errors or other intermittent problems with IPN (validation).
// Set this to 0 once you go live or don't require logging.
define("DEBUG", 1);
// Set to 0 once you're ready to go live
define("USE_SANDBOX", 1);
define("LOG_FILE", "./ipn.log");
// Read POST data
// reading posted data directly from $_POST causes serialization
// issues with array data in POST. Reading raw POST data from input stream instead.
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
    $keyval = explode ('=', $keyval);
    if (count($keyval) == 2)
        $myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
    $get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {
    if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
        $value = urlencode(stripslashes($value));
    } else {
        $value = urlencode($value);
    }
    $req .= "&$key=$value";
}
// Post IPN data back to PayPal to validate the IPN data is genuine
// Without this step anyone can fake IPN data
if(USE_SANDBOX == true) {
    $paypal_url = "https://www.sandbox.paypal.com/cgi-bin/webscr";
} else {
    $paypal_url = "https://www.paypal.com/cgi-bin/webscr";
}
$ch = curl_init($paypal_url);
if ($ch == FALSE) {
    return FALSE;
}
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
if(DEBUG == true) {
    curl_setopt($ch, CURLOPT_HEADER, 1);
    curl_setopt($ch, CURLINFO_HEADER_OUT, 1);
}
// CONFIG: Optional proxy configuration
//curl_setopt($ch, CURLOPT_PROXY, $proxy);
//curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
// Set TCP timeout to 30 seconds
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
// CONFIG: Please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
// of the certificate as shown below. Ensure the file is readable by the webserver.
// This is mandatory for some environments.
//$cert = __DIR__ . "./cacert.pem";
//curl_setopt($ch, CURLOPT_CAINFO, $cert);
$res = curl_exec($ch);
if (curl_errno($ch) != 0) // cURL error
    {
    if(DEBUG == true) { 
        error_log(date('[Y-m-d H:i e] '). "Can't connect to PayPal to validate IPN message: " . curl_error($ch) . PHP_EOL, 3, LOG_FILE);
    }
    curl_close($ch);
    exit;
} else {
        // Log the entire HTTP response if debug is switched on.
        if(DEBUG == true) {
            error_log(date('[Y-m-d H:i e] '). "HTTP request of validation request:". curl_getinfo($ch, CURLINFO_HEADER_OUT) ." for IPN payload: $req" . PHP_EOL, 3, LOG_FILE);
            error_log(date('[Y-m-d H:i e] '). "HTTP response of validation request: $res" . PHP_EOL, 3, LOG_FILE);
        }
        curl_close($ch);
}
// Inspect IPN validation result and act accordingly
// Split response headers and payload, a better way for strcmp
$tokens = explode("\r\n\r\n", trim($res));
$res = trim(end($tokens));
if (strcmp ($res, "VERIFIED") == 0) {
    // check whether the payment_status is Completed
    // check that txn_id has not been previously processed
    // check that receiver_email is your PayPal email
    // check that payment_amount/payment_currency are correct
    // process payment and mark item as paid.
    // assign posted variables to local variables
    //$item_name = $_POST['item_name'];
    //$item_number = $_POST['item_number'];
    //$payment_status = $_POST['payment_status'];
    //$payment_amount = $_POST['mc_gross'];
    //$payment_currency = $_POST['mc_currency'];
    //$txn_id = $_POST['txn_id'];
    //$receiver_email = $_POST['receiver_email'];
    //$payer_email = $_POST['payer_email'];

    if(DEBUG == true) {
        error_log(date('[Y-m-d H:i e] '). "Verified IPN: $req ". PHP_EOL, 3, LOG_FILE);
    }
} else if (strcmp ($res, "INVALID") == 0) {
    // log for manual investigation
    // Add business logic here which deals with invalid IPN messages
    if(DEBUG == true) {
        error_log(date('[Y-m-d H:i e] '). "Invalid IPN: $req" . PHP_EOL, 3, LOG_FILE);
    }
}
?>

    【讨论】:

    • 虽然此链接可能会回答问题,但最好在此处包含答案的基本部分并提供链接以供参考。如果链接页面发生更改,仅链接的答案可能会失效。
    • 您好,谢谢,我的代码在测试模式(沙盒)下工作。一切正常,但是当我切换到实时模式时,它没有响应。没有 txn_id 和 txn_type。我仍然找不到任何解决方案。问候
    猜你喜欢
    • 2016-07-05
    • 2014-12-10
    • 2016-07-01
    • 2016-05-04
    • 2016-05-26
    • 2016-02-20
    • 1970-01-01
    • 1970-01-01
    • 2020-05-15
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode