I’m getting INVALID IPN returns using MAMP for development and testing with the PayPal Sandbox.
I have reviewed a few dozen of the more recent posts that relate to this issue and found no successful advice.
My MAMP setup passed the PayPal test for compliance with TLS 1.2 and HTTP/1.1 I have the May 2019 casert.pem bundle in the same directory as the listener.
All of the transaction variables in the Pay Now button are integers, money_format or urlencoded text. The transactions are COMPLETED. Sandbox IPN history has been unavailable since I started this test so HTTP code and other data are not available. (Can any one else access IPN history in the sandbox?)
The setup is essentially the same as a live application that has been working on a production site with SSL. So the obvious differences are: MAMP and no SSL (notify_url and return URLs are http and not https). However, I ran similar code in MAMP several months ago without problems.
I get a quick take on the error by holding the listener file open in my browser and refreshing it after I receive the correct ‘return’ PDT data. When live, the code sends emails on errors.
My code—leaving out the application code that runs if IPN verified--is pretty much a copy of the example code.
<?php
$paypal_url = “'https://www.sandbox.paypal.com/cgi-bin/webscr';
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
$keyval = explode ('=', $keyval);
if (count($keyval) == 2)
$myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
$get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {
if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
$value = urlencode(stripslashes($value));
} else {
$value = urlencode($value);
}
$req .= "&$key=$value";
}
$ch = curl_init($paypal_url);
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
if( !($res = curl_exec($ch)) ) {
echo "curl_error($ch)";
exit:
}
if (strcmp ($res, "VERIFIED") == 0) {
echo "VERIFIED";
} elseif (strcmp ($res, “INVALID”) == 0) {
echo “INVALID”;
}
else {
echo “NO IPN”;
}
?>