Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Quick snippet/plugin/dropin to test IPN support
<?php
/**
* Plugin Name: PayPal Sandbox IPN Tester
* Description: Pings the IPN endpoint to see if your server can connect. Just head to <a href="/?ipn-test=1">yoursite.com/?ipn-test=1</a> whilst logged in as admin.
* Version: 1.0.0
* Author: WooThemes
* Requires at least: 4.1
* Tested up to: 4.3
*/
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
add_action( 'wp_loaded', 'paypal_sandbox_ipn_tester' );
function paypal_sandbox_ipn_tester() {
if ( ! empty( $_GET['ipn-test'] ) && current_user_can( 'manage_options' ) ) {
$response = wp_safe_remote_post( 'https://www.sandbox.paypal.com/cgi-bin/webscr', array(
'body' => array(
'test_ipn' => 1,
'cmd' => '_notify-validate'
)
) );
if ( ! is_wp_error( $response ) ) {
wp_die( 'SUCCESS' );
} else {
wp_die( 'FAIL - ' . $response->get_error_message() );
}
}
}
@jcamomile

This comment has been minimized.

Copy link

commented Sep 16, 2015

Awesome! Paypal documentation on this issue.. lengthy, confusing and convoluted. This tool... simple and definitive. Priceless! Thanks!

@Pross

This comment has been minimized.

Copy link

commented Sep 17, 2015

Nice, simple.

@cheddar2014

This comment has been minimized.

Copy link

commented Sep 23, 2015

Thanks so much, appreciate this!

@anjmat

This comment has been minimized.

Copy link

commented Sep 23, 2015

perfect. Thank you.

@garrett-eclipse

This comment has been minimized.

Copy link

commented Sep 25, 2015

THANK YOU

@robin-scott

This comment has been minimized.

Copy link

commented Mar 7, 2016

Does this cover the 2016 stuff that PayPal has been sending round?

@craigcpaterson

This comment has been minimized.

Copy link

commented Mar 7, 2016

Like silicondales, I would like to know if this plugin covers the 2016 merchant security upgrades

@reidbiztech

This comment has been minimized.

Copy link

commented Mar 23, 2016

I suggest modifying it thus for a better test:

      $response = wp_safe_remote_post( 'https://www.sandbox.paypal.com/cgi-bin/webscr', array(
        'body'       => array(
            'test_ipn' => 1,
            'cmd'      => '_notify-validate'
        ),
        'httpversion' => '1.1'
      ) );

Because of: https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1914&viewlocale=en_US

@reidbiztech

This comment has been minimized.

Copy link

commented Mar 24, 2016

The response from my host (one of the big ones):

In order to utilize the TLS 1.2 cipher in accordance with Paypals new policies. You would need to contact the developer of the plugin or your site to have them update the cURLOPT to use TLS 1.2 specificlly. It is defaulting to TLS 1.0, but you can use up to TLS 1.2 if you specify it in your code.

My response to them:

WooCoommerce uses core WordPress functions to post to the PayPal IPN url. So, then we need to get the WordPress core code modified to use the proper curl settings. I have not had the best of luck getting modifications accepted to the wordpress core in the past. Perhaps if the request comes from someone like Hostgator they will listen?

This will affect every single WooCommerce/WordPress site that is hosted on your systems. On June 17th 2016 they will all stop working. I suggest we head this off at the pass while we have the opportunity.

Thanks for any additional help and weight you can add to the case to be made to Auttomatic.

@mikejolley

This comment has been minimized.

Copy link
Owner Author

commented Mar 24, 2016

@reidbiztech versions older than that can be disabled at host level. TBH, those older standards should be disabled anyway because they are nowhere near as secure.

WooCommerce core does set httpversion to 1.1. That part isn't an issue.

@reidbiztech

This comment has been minimized.

Copy link

commented Mar 24, 2016

No, they can't. Shared hosting environments need to consider more than just WordPress, as described here:
https://core.trac.wordpress.org/ticket/36320#comment:7

But here is my tentative fix anyway:

function rbst_http_api_transports() {
    return array( 'streams', 'curl' );
}
add_filter( 'http_api_transports', 'rbst_http_api_transports', 9999 );
@mozzak

This comment has been minimized.

Copy link

commented Mar 25, 2016

@reidbiztech, I just copied the code in one of my plugins and tested via IPN Simulator. No luck.

Can you let me know where to past this code ? Also, I am using a relative old php version 5.4 . Could that be an issue ?

thanks for your input.

Mike

@mozzak

This comment has been minimized.

Copy link

commented Mar 25, 2016

so interestingly, before adding your code to my plugin I received this error:

SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

after adding your code I receive this error:

FAIL - The SSL certificate for the host could not be verified.

Can you make sense of this ? Any idea where to go from here ?

thanks a lot,
Mike

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.