DragonflyCMS Projects > Treasury and Supporters > PayPal Update Required? > Community Forums > Phoenix Netology
Forum Index > eCommerce > Treasury and Supporters

PayPal Update Required? Reply to topic


I got this email from Paypal today, so just passing it along.

Starting the 7th of October, 2013, we will require all incoming requests to have a “Host” header which complies with HTTP 1.1 Specifications. This header was not required under HTTP 1.0. IPN and PDT scripts using HTTP 1.0 may start failing with “HTTP/1.0 400 Bad Request” errors after the 7th of October, 2013, which will result in IPN messages not being validated successfully, or PDT scripts not being able to retrieve transaction information.

Action Required before the 7th of October, 2013

Merchants need to update their IPN and/or PDT scripts to use HTTP 1.1, and include the “Host” and “Connection: close” HTTP header in the IPN postback script.

Example with Host as www.paypal.com (please make necessary changes if you are using ipnpb.paypal.com):

ASP
//Set values for the request back
req.Method="POST";
req.Host="'www.paypal.com'";
req.ContentType="application/x-www-form-urlencoded";

Perl
$req=HTTP::Request->new('POST', 'https://www.paypal.com/cgi-bin/webscr');
$req->content_type('application/x-www-form-urlencoded');
$req->header(Host=> 'www.paypal.com');
$req->header(Connection=> 'close');
PHP
// post back to PayPal system to validate
$header="POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .="Content-Type: application/x-www-form-urlencoded\r\n";
$header .="Host: www.paypal.com\r\n";
$header .="Connection: close\r\n\r\n";

Java
HttpsURLConnection uc=(HttpsURLConnection) u.openConnection();
uc.setDoOutput(true);
uc.setRequestProperty("Content-Type","application/x-www-form-urlencoded");
uc.setRequestProperty("Host", "www.paypal.com");
uc.setRequestProperty("Connection", "Close");

The PayPal Sandbox has been configured to reject any HTTP requests without the “Host” header with HTTP 400 error. Merchants can use the Sandbox environment to certify the changes to their IPN and PDT scripts.

For more information on PDT and IPN, please refer to www.paypal.com/pdt and www.paypal.com/ipn. For additional information or questions about this change, please contact PayPal's Merchant Technical Support team via www.paypal.com/mts.

Please enter your server specs in your user profile! 😢


Thanks - there's a bit more to it than that, but no problem. I also have to update Storez.

I modified the SMF versions last year and updated them again last month, and they work fine. Just a matter of getting to the DF, VB and MYBB versions, soon.

Donations & Audit for DragonflyCMS

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):


Any news?

Please enter your server specs in your user profile! 😢


Updates are in downloads section.

Donations & Audit for DragonflyCMS

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):


Thanks Phoenix! This update work on Dragonfly v9.2.1?

Please enter your server specs in your user profile! 😢


Treasury will, for now, but Storez won't.

Donations & Audit for DragonflyCMS

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):


Thanks! Great news.

Please enter your server specs in your user profile! 😢


@Witewolf - I may have misled you regarding Storez and DF 9.2.1.

The ipnstorez.php file itself should work for all versions of Storez and DF - as I recall, it isn't using a language file.

Donations & Audit for DragonflyCMS

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):


Is there a language file missing for supporters? Or did i just do something horribly wrong like usual???

www.junglewraiths.net/...Supporters

Please enter your server specs in your user profile! 😢


hmm, not something you did - looks like something I did.

For some reason, I had upgraded Supporters language to DF 9.3 style i.e. the lang file is now within modules/Supporters/l10n/

You will need to delete the file language/english/supporters.php

Donations & Audit for DragonflyCMS

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):


All fixed, thanks. Smile

Please enter your server specs in your user profile! 😢


Bummer, someone just used it for the first time, the payment worked, and is in our account, but treasury shows no record, of anything!?

so of course he sees nothing in his profile, or block etc etc.

any thoughts on what I might have screwed up there? I pretty much just uploaded the files, disabled treasury, updated, then re-enabled it again.

Please enter your server specs in your user profile! 😢


Was it just delayed (can happen sometimes) or did you add that (poogs) manually?

Your ipntreas.php debug link works fine.

Donations & Audit for DragonflyCMS

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):


Mmm, I didn't think about it being delayed, so added him manually.

I will leave the next one overnight and see what happens.

Also we don't have this in the footer, is it needed?

require_once('modules/Treasury/update.inc');

Please enter your server specs in your user profile! 😢


If you check the log section, any PayPal visit should be there.

Somewhere in your PayPal account is an area that lets you know of any return IPN issues - if it can't reach your site for whatever reason, it pauses and comes back several times. Mind you, if that becomes a frequent occurrence, PayPal gets a little testy and lets you know.

Basically update.inc monitors elapsed subscribers, so it won't affect your IPN.

Since I had already tested the changes on SMF, vB and MyBB sites, I didn't run a sandbox test on DF - looks like I'll have to do it after all.

Edit: hmm, just did a test and got this - you have an extra url in your return address - not sure yet whether this arises from you or me, though I don't get it on my site, albeit the DonationsPro version.
<div style="text-align:center; margin-top:5px;"> <input type="hidden" name="no_shipping" value="1" /> <input type="hidden" name="cn" value="Comments" /> <input type="hidden" name="image_url" value="http://junglewraiths.net/images/http://www.junglewraiths.net/images/logo.gif" /> <input type="hidden" name="notify_url" value="http://junglewraiths.net/http://www.junglewraiths.net/ipntreas.php" /> <input type="hidden" name="cancel_return" value="http://junglewraiths.net/http://www.junglewraiths.net/index.php?name=Treasury" /> <input type="hidden" name="return" value="http://junglewraiths.net/http://www.junglewraiths.net/index.php?name=Treasury&file=thanks" /> <input type="image" src="modules/Treasury/images/x-click-but04.gif" name="I1" style="border:0; width:62px; height:31px;" /> </div>
Attachment: jungle.png
Description
Filesize 20.00 KiB
Viewed 0 Time(s)
You are not allowed to view/download this attachment

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):

All times are Australia/Adelaide


Jump to: