PHP-PayPal-IPN icon indicating copy to clipboard operation
PHP-PayPal-IPN copied to clipboard

Published 20 hours ago verified publisher icon Quixotix

Getting INVALID IPN status every time

Open digiogi opened this issue 11 years ago • 10 comments
trafficstars

I'm getting INVALID IPN status every time even the payment is made.

I'm using the php api.

Is there any way to do this properly?

digiogi avatar Oct 16 '14 07:10 digiogi

A month ago I was working with IPN, everything worked perfectly.

arvydaso avatar Oct 16 '14 07:10 arvydaso

I believe this is related to the 'force_ssl_v3' option. PayPal have recently disabled SSLv3.

petert82 avatar Oct 16 '14 09:10 petert82

@arvydaso With paypal ipn test tools, yeah I'm getting valid responses. But I was getting INVALID in the real life scenario even the payment is made and valid.

@petert82 With disabling SSL3, the api was broken. I've changed the line 109 with curl_setopt($ch, CURLOPT_SSLVERSION, 4);

It works again but the INVALID situation still continues.

digiogi avatar Oct 16 '14 09:10 digiogi

Pretty sure it's from the POODLE vulnerability. I just changed from 108:

if ($this->force_ssl_v3) {
    curl_setopt($ch, CURLOPT_SSLVERSION, 3);
}

to

if ($this->force_ssl_v3) {
    curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'SSLv3');
} else {
    curl_setopt($ch, CURLOPT_SSLVERSION, 3);
}

kicktraq avatar Oct 16 '14 19:10 kicktraq

@kicktraq After reading the answer from Archimedix here, I opted to just ditch the 'force_ssl_v3' option and replace that if statement in curlPost with:

curl_setopt($ch, CURLOPT_SSLVERSION, 1);

petert82 avatar Oct 17 '14 07:10 petert82

Ah perfect. Thanks for the link!

kicktraq avatar Oct 17 '14 14:10 kicktraq

Is fsock option any different? I have a lot of people depending on this for payments, can I switch to this?

    $listener->use_curl = false;

thefotolander avatar Oct 17 '14 14:10 thefotolander

Thank you @petert82 !! Works great for us.

mdriess avatar Oct 17 '14 23:10 mdriess

INVALID error response still continue.

@digiogi did you fix it?

afbora avatar Dec 25 '14 11:12 afbora

This project has not been updated since 2012. It is a shame because it was a simple, yet efficient, PayPal IPN script. Since this has not been maintained, it does not work anymore. PayPal has removed support for SSLv3 due to the POODLE vulnerability, which came about after the last update to this repo. PayPal has also updated their documentation and example code, which I have updated this project to reflect PayPal's recommendations.

I have forked this repo, fixed it, and I am now maintaining the current version. Please use my version found here: https://github.com/WadeShuler/PHP-PayPal-IPN

I give FULL credit to Quixotix for his great script.

CyberPunkCodes avatar Feb 03 '15 20:02 CyberPunkCodes