Skip to content

Instantly share code, notes, and snippets.

@zahhar zahhar/func.patch
Last active Nov 13, 2018

Embed
What would you like to do?
--- func.php 2018-11-13 20:36:18.000000000 +0100
+++ func.php 2018-11-13 20:35:59.000000000 +0100
@@ -1096,7 +1096,8 @@
fn_pp_set_orders_lock($order_ids, true);
$mode = fn_pp_get_mode(reset($order_ids));
$url = ($mode == 'test') ? 'https://www.sandbox.paypal.com/cgi-bin/webscr' : 'https://www.paypal.com/cgi-bin/webscr';
- $result = Http::post($url, $data);
+ $extra['headers'] = ['User-Agent: php/'.phpversion()];
+ $result = Http::post($url, $data, $extra);
}
return array($result, $order_ids, $data);
/*
Find the function fn_pp_validate_ipn_payload in the /app/addons/paypal/func.php file (around line 1077 for CS-Cart 4.9)
and replace the whole function with the code below
*/
/**
* Checks if IPN is sent by PayPal.
*
* @param array $data Payload
*
* @return array Validation result, orders processed in the IPN and payload for ::fn_process_paypal_ipn()
*/
function fn_pp_validate_ipn_payload($data)
{
$result = '';
$order_ids = array();
unset($data['dispatch']);
$data['cmd'] = '_notify-validate';
$data = array_merge(array('cmd' => '_notify-validate'), $data);
// the txn_type variable absent in case of refund
if (!isset($data['txn_type']) || in_array($data['txn_type'], array('cart', 'express_checkout', 'web_accept', 'pro_api'))) {
$order_ids = fn_pp_get_ipn_order_ids($data);
// lock orders while processing IPN
fn_pp_set_orders_lock($order_ids, true);
$mode = fn_pp_get_mode(reset($order_ids));
$url = ($mode == 'test') ? 'https://www.sandbox.paypal.com/cgi-bin/webscr' : 'https://www.paypal.com/cgi-bin/webscr';
$extra['headers'] = ['User-Agent: php/'.phpversion()];
$result = Http::post($url, $data, $extra);
}
return array($result, $order_ids, $data);
}
<?php
error_reporting(E_ALL);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"https://www.paypal.com/cgi-bin/webscr");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HEADER,1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_POST, 1);
/* WITHOUT HEADERS AKAMAI RESPONDS WITH '403 Forbidden' */
$headers = [
'User-Agent: php/'.phpversion()
];
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
/* **************************************************** */
$data = "cmd=_notify-validate&mc_gross=0.01&invoice=myorder&protection_eligibility=Eligible&address_status=confirmed&item_number1=123&payer_id=QLA22AGAHCDKA&tax=0.00&address_street=Street&payment_date=11:21:40 Jun 26, 2018 PDT&payment_status=Completed&charset=windows-1252&address_zip=12345&mc_shipping=0.00&mc_handling=0.00&first_name=Firstname&mc_fee=0.01&address_country_code=CH&address_name=Fullname&notify_version=3.9&custom=8&payer_status=verified&business=test@example.com&address_country=Switzerland&num_cart_items=1&address_city=Zurich&verify_sign=AV8X4be9X6EA1.B-OoY02bwYnZt3Al7Jb0b8NDI4b2Li8E3VX0WqeeAf&payer_email=test2@example.com&tax1=0.00&txn_id=61D07975R7496973B&payment_type=instant&last_name=Lastname&address_state=ZH&item_name1=TEST&receiver_email=test@example.com&payment_fee=&shipping_discount=0.00&quantity1=1&insurance_amount=0.00&receiver_id=XAG53623ZWJ4U&txn_type=cart&discount=0.00&mc_gross_1=0.01&mc_currency=EUR&residence_country=CH&shipping_method=Default&transaction_subject=&payment_gross=&ipn_track_id=603724037b1c";
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$html = curl_exec($ch);
echo $html;
?>
@zahhar

This comment has been minimized.

Copy link
Owner Author

commented Nov 13, 2018

This is the patch for issue described here: https://forum.cs-cart.com/tracker/issue-7298-paypal-addon-does-not-handle-ipn-because-curl-settings-are-missing-user-agent-header/

How-to:
If you know how to apply patches, just take first gist and patch /app/addons/paypal/func.php file.
Otherwise copy-paste changed function from the next example.

If you are not sure that you are facing this issue, use responseTest.php file to verify assumption in two steps:

  1. Adjust the $data value
  2. Remove section enclosed with comment
  3. Run script from server root: you should get "403 Forbidden"; restore block enclosed in commends and you will get "200 OK" -> then you are affected by the missing header issue and should apply a patch.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.