PayPal IPN Listener - Receiving HTTP request

  • natas
  • PHP Ninja
  • Proficient
  • natas
  • Posts: 308
  • Loc: AFK

Post 3+ Months Ago

I'm helping a friend (still) on one of his forums. He wants to implement PayPal IPN to automatically handle subscriptions to the forums. I have been uploaded a sample IPN listener to his server, but when I click the "test" button on the PayPal sandbox site, it gives me a 404 error.

Right now his site is password protected via .htaccess. He doesn't want to alter the password protection yet for personal reasons. This is causing our problem. I need to be able to test the listener and have no experience at all with HTTP requests.
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Zealous
  • Guru
  • Guru
  • User avatar
  • Posts: 1241
  • Loc: Sydney

Post 3+ Months Ago

have you checked the forums main site for a mod that allows this in-case there is something pre-built all ready. As for the 404 error i guess there is something wrong in your config but going to need more info to help with the situation.
  • natas
  • PHP Ninja
  • Proficient
  • natas
  • Posts: 308
  • Loc: AFK

Post 3+ Months Ago

His forums are a heavily modded version of phpbb 2.x.xx, so there aren't any mods available that would help.
  • Bigwebmaster
  • Site Admin
  • Site Admin
  • User avatar
  • Posts: 9089
  • Loc: Seattle, WA & Phoenix, AZ

Post 3+ Months Ago

Are you initiating the IPN event from the developer.paypal.com website in the test tools area? In there you will find the Instant Payment Notification (IPN) simulator, and is that what you are filling out that is giving you the 404 error?

Or are you initiating the test transaction from your friend's website using the Paypal sandbox URL:

https://www.sandbox.paypal.com/cgi-bin/webscr

Please explain more, I have actually been doing a great deal over the last few weeks with the Paypal IPN and everything seems to be working okay for me for testing purposes.
  • natas
  • PHP Ninja
  • Proficient
  • natas
  • Posts: 308
  • Loc: AFK

Post 3+ Months Ago

I was inititating it from the sandbox.

I uploaded the exact same listener to one of my own websites and received no problem at all. It's just that his "test" site is login/pass protected. I'm positive that's what the problem is.

We can alter the .htaccess to temporarily get rid of the p/w protection, but he doesn't want to do that. I just was trying to find out if there is anyway around this problem?
  • Bigwebmaster
  • Site Admin
  • Site Admin
  • User avatar
  • Posts: 9089
  • Loc: Seattle, WA & Phoenix, AZ

Post 3+ Months Ago

The only thing I can think of is for the Paypal IPN URL that you have to enter, you could try puttting the username and password in that URL like so:

http(s)://username:password@server/resource.ext
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13502
  • Loc: Florida

Post 3+ Months Ago

Make sure you're using an encrypted form from Paypal if you include the credentials in the IPN URL like that. Otherwise the username/password to access that area will be available in plain text via the notify_url hidden form variable.

It's been awhile since I've worked with IPN so I'm not 100% sure it's called an "encrypted form" on their end, but basically you want to look at the <form> code they generate for you and make sure there's no "notify_url" visible with your password for all to see in it. :)
  • Bigwebmaster
  • Site Admin
  • Site Admin
  • User avatar
  • Posts: 9089
  • Loc: Seattle, WA & Phoenix, AZ

Post 3+ Months Ago

I think he is just sending the IPN via the Paypal Developer network IPN simulator which means he most likely would not be using the notify_url or anything yet, I think he is just testing the different signals that can be sent via IPN to his script which is apparently password protected.

In a live environment I would not recommend having the IPN script under a password protected area, but you should validate any information that is sent via an IPN by sending the exact data Paypal sends you back to them with the addition of:

cmd=_notify-validate

When you do that Paypal will return a result letting your script know if it was indeed a valid IPN, or something fake. If it was valid, Paypal would return and IPN response of "VERIFIED".
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13502
  • Loc: Florida

Post 3+ Months Ago

Ah ok.

Man, I remember my first experience with Paypals IPN. It was hard. It seems easy now, but it took forever it seems for me to get that initial ipn script working right,

I don't remember where exactly I ended up getting information, it was probably a bunch of places, but I do remember abandoning Paypal's reference materials. They confused me more than help me.
  • natas
  • PHP Ninja
  • Proficient
  • natas
  • Posts: 308
  • Loc: AFK

Post 3+ Months Ago

Just a quick update.

I found out that you can add permissions to specific files in a directory. specifically the IPN Listener file.

This was an acceptable solution for my friend as he didn't want to open up the whole site.

Post Information

  • Total Posts in this topic: 10 posts
  • Users browsing this forum: No registered users and 161 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.