0

I've problem to veryfied the paypal payment on my joomla 1.5 website. I always get "INVALID" although the payment is success. i cannot get POST value from paypal, only can GET value. what's wrong with these code or the setting.

my paypal setting in sandbox.paypal.com

IPN : Turn On 
Message delivery : enabled
notification url : http://mysite.com/index.php?option=com_order&type=orders
auto return : on
return url : http://mysite.com/index.php?option=com_order&type=orders
PDT : on
Encrypted Website Payments : off
PayPal Account Optional : off

in mycomponent joomla
payment.php

<form method="post" action="https://www.sandbox.paypal.com/cgi-bin/webscr" name="paypal">
  <input type="hidden" value="_xclick" name="cmd">
  <input type="hidden" value="myname_1335697493_biz@gmail.com" name="business">
  <input type="hidden" value="test payment" name="item_name" id="item_name">
  <input type="hidden" value="11" name="item_number" id="item_number">
  <input type="hidden" value="0.1" name="amount" id="amount">
  <input type="hidden" value="USD" name="currency_code" id="currency_code">
  <input type="hidden" value="<?php echo JURI::base();?>index.php?option=com_order&type=orders" name="return" id="return">
  <input type="hidden" value="<?php echo JURI::base();?>index.php?option=com_order&type=orders" name="cancel_return" id="cancel_return">
  <input type="hidden" value="<?php echo JURI::base();?>index.php?option=com_order&task=orders" name="notify_url" id="notify_url">
  <input type="hidden" name="rm" value="2">
  <table class="tblpay">
  .....
  </table>
</form>

on my controller.php

function display()
{   
    $user =& JFactory::getUser();
    $type = JRequest::getVar('type');
    switch($type) {
        ...
            case 'orders':
            $viewName    = 'orders'; 
            $viewLayout  = 'orderslayout';
            if (JRequest::getVar('tx') != null){
                $this->processpayment();
                $viewLayout  = 'paymentlayout';
            }
            break;
        ...
}

function processpayment(){
    // Response from Paypal

    // read the post from PayPal system and add 'cmd'
    $req = 'cmd=_notify-validate';
    $get = JRequest::get('get');
    foreach ($get as $key => $value) {
        $value = urlencode(stripslashes($value));
        $req .= "&$key=$value";
    }
    // assign posted variables to local variables
    $data['amount']         = JRequest::getVar('amt');
    $data['currency']       = JRequest::getVar('cc');
    $data['cm']             = JRequest::getVar('cm');
    $data['idorder']        = JRequest::getVar('item_number');
    $data['st']             = JRequest::getVar('st');
    $data['tx']             = JRequest::getVar('tx');
    $data['option']         = JRequest::getVar('option');
    $data['type']           = JRequest::getVar('type');
    $data['paymentresult']  = "";

    // post back to PayPal system to validate
    $header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
    $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
    $header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

    $fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30); 
    if (!$fp) {
        // HTTP ERROR
    } else {    

        fputs ($fp, $header . $req);
        while (!feof($fp)) {
            $res = fgets ($fp, 1024);
            if (strcmp($res, "VERIFIED") == 0) {
                ...
            }else if (strcmp ($res, "INVALID") == 0) {
                ...
            }       
        }       
    fclose ($fp);
    }

    //$redirectTo = str_replace("amp;","",JRoute::_('index.php?option='.JRequest::getVar('option').'&type=orders&layout=paymentlayout')); 
    //$this->setRedirect($redirectTo, '');
}

this is the result i get from paypal (use jdump):

[string] option = "com_order"
[string] type = "orders"
[string] tx = "9D9224627W344360N"
[string] st = "Completed"
[string] amt = "0.10"
[string] cc = "USD"
[string] cm = ""
[string] item_number = "41"
[string] Itemid = "" --> why i get this because i never send itemid?
satria
  • 35
  • 1
  • 9
  • I have the same issue, not sure what has happenned, it seems perhaps paypal have tightened their sucurity or something so that the sent string does not match any more. Its a real bugger, I have been struggling with this all day- will post if I get a resolution... – David O'Sullivan May 01 '12 at 14:17

1 Answers1

0

Ok I have had a similar issue today and I think usually these 'INVALID' responses are usually when the submitted data is not exactly the same as the received data.

For me it was an issue with addressses but for you it probably is that Itemid. With my problem (which I'll just mention here since it may help others), paypal had been requested to send back the users address. Because paypal allows the street address to be multiple lines long it adds \r\n in between the lines of the address.

Its usually best practice to use something line this to send values back...

$value = urlencode( stripslashes( $value ) );

but this won't work if you have requested an address because it will strip the slashes from the \r\n so you just want to do a conditional so that if the key is address_street you just urlencode (or just get the address another way which I ended up doing)

In your case you can change the above code to

foreach ( $post as $key => $value ) {
        if ($key != 'Itemid')
        {
        $value = urlencode( stripslashes( $value ) );
        $req .= "&$key=$value";
        }
    }

Hope that solves it for you ;)

David O'Sullivan
  • 2,969
  • 4
  • 21
  • 24