Home/ Questions/Q 7920161
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-03T16:06:44+00:00

After fully testing in PayPal’s sandbox and getting the process to work perfectly. I’ve

  • 0

After fully testing in PayPal’s sandbox and getting the process to work perfectly. I’ve taken it live and it’s not working.

I’m receiving the POST data from PayPal via the notify_url. I then send it back to PayPal with cmd=_notify-validate infront of the data.

Using PayPals documented code, I’m using this to send the message to PayPal.

$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);

(using this code to get the response)

$res = stream_get_contents($fp, 1024);

The response I’m getting back is:

HTTP/1.1 200 OK
Date: Fri, 11 May 2012 20:51:28 GMT
X-Frame-Options: SAMEORIGIN
Set-Cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=SdeBuKBN39mjr3w791CHr_MlSkoBdDmbxpQOjT_WOicyD_Sg6BYZm8koiEv2-5XBUkCjpXQwFqIxIQgIyo3e7arO8015CVw96dpne2CNjbgc1CvpDlqXn72IBWq%7cW7uYn6Za7ljG4iLtLVcyFoPk8gZD7sr_S8WjwZrZWD8UXzE7KAH3bll9TVik3wbdCFlrZG%7csxrZZHSH5SWBGfrKsIU6Dz-K43j4h37efIkWFcVJVER0ncRxNJ0wANN1Dp3pZpV2PLxC1m%7c1336769488; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: cookie_check=yes; expires=Mon, 09-May-2022 20:51:28 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navcmd=_notify-validate; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 06-May-2032 20:51:28 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: Apache=10.73.8.50.1336769488653443; path=/; expires=Sun, 04-May-42 20:51:28 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=14400
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: TSe9a623=bb3c8ce40a7f3f6d1c018255c9

What I’m not getting is the INVALID or VERIFIED response in this. This is the entire output from PayPal. In the sandbox, I was getting VERIFIED in the last line, and no Set-Cookie.

It seems weird that I’m not receiving an INVALID or VERIFIED response.

Any suggestions would be appreciated.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Did you write the request to the socket using fwrite/fputs? Also, judging by the length of that response, you may need to read more than 1024 bytes from the stream. That’s getting awfully close.

    You may want to read the response in a loop:

    $resp = '';
while (!feof($fp)) {
    $resp .= stream_get_contents($fp, 1024);
}

    Then you can separate the headers from the body using:

    list($headers, $response) = explode("\r\n\r\n", 2);
    • 0