Has anyone have a paypal ipn.php code that will work with Register globals off? I turned them on via .htaccess but it doesn't appear to be working. The one I am using doesn't appear to be working properly and I was unable to find one using search. It may be my security on my server. Is there anything I can advise my server admin to open up to allow this to work?
I would think changing it to not require Register Globals wouldn't be too difficult to do. Try adding this code to the top of the script and see of it helps: if($_GET){ foreach($_GET as $key => $value){ $key = 'tmp_'.$key; $$key = $value; } } if($_POST){ foreach($_POST as $key => $value){ $key = 'tmp_'.$key; $$key = $value; } } Code (markup):
Thanks for the tip. I have tested Paypal's ipn test script and it keeps coming back saying invalid pin. I call it using www.domain.com/ipn.php?ipn_email=me@myemail.com Could it be a function on my server or security setting preventing it from sending data to Paypal's server? If I get this working I have no problem paying whoever helps for their time in assisting me. <?php $email = $_GET['ipn_email']; //This script is pointing at the Live paypal server $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = @fsockopen ('www.paypal.com', 80, $errno, $errstr, 30); $ip = $_SERVER['REMOTE_ADDR']; $message = <<<my_msg The IP address that called this script was $ip ----------------------------------------- -------Begin Query String------------ $req my_msg; if (!$fp) { // HTTP ERROR } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res, "VERIFIED") == 0) { // check the payment_status is Completed // check that txn_id has not been previously processed // check that receiver_email is your Primary PayPal email // check that payment_amount/payment_currency are correct // process payment mail($email,"LiveSite-VERIFIED IPN",$message, "From: webmaster@{$_SERVER['SERVER_NAME']}\r\n"); } else if (strcmp ($res, "INVALID") == 0) { // log for manual investigation mail($email,"LiveSite-INVALID IPN",$message, "From: webmaster@{$_SERVER['SERVER_NAME']}\r\n"); } } fclose ($fp); } ?> PHP: