-2
我的目标是调试IPN或任何脚本在页面外运行。通常错误很容易处理,但是当他们在后台时很难做到。脚本本身在用户通过paypal支付时启动。我无法在该页面上进行调试。后台脚本错误
当您离开您的网站作为此PayPal示例运行时,您将如何记录错误关闭页面。 我所TREID到目前为止..
我添加
ini_set('log_errors', true); ini_set('error_log', dirname(__FILE__).'/ipn_errors.log');
用同一个文件夹中调用ipn_errors.log的页面我试图调试文件。
<?php
// Check to see there are posted variables coming into the script
if ($_SERVER['REQUEST_METHOD'] != "POST") die ("No Post Variables");
// Initialize the $req variable and add CMD key value pair
$req = 'cmd=_notify-validate';
// Read the post from PayPal
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
// Now Post all of that back to PayPal's server using curl, and validate everything with PayPal
// We will use CURL instead of PHP for this for a more universally operable script (fsockopen has issues on some environments)
//$url = "https://www.sandbox.paypal.com/cgi-bin/webscr";
$url = "https://www.paypal.com/cgi-bin/webscr";
$curl_result=$curl_err='';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/x-www-form-urlencoded", "Content-Length: " . strlen($req)));
curl_setopt($ch, CURLOPT_HEADER , 0);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$curl_result = @curl_exec($ch);
$curl_err = curl_error($ch);
curl_close($ch);
$req = str_replace("&", "\n", $req); // Make it a nice list in case we want to email it to ourselves for reporting
// Check that the result verifies
if (strpos($curl_result, "VERIFIED") !== false) {
$req .= "\n\nPaypal Verified OK";
} else {
$req .= "\n\nData NOT verified from Paypal!";
mail("[email protected]", "IPN interaction not verified", "$req", "From: [email protected]");
exit();
}
/* CHECK THESE 4 THINGS BEFORE PROCESSING THE TRANSACTION, HANDLE THEM AS YOU WISH
1. Make sure that business email returned is your business email
2. Make sure that the transaction’s payment status is “completed”
3. Make sure there are no duplicate txn_id
4. Make sure the payment amount matches what you charge for items. (Defeat Price-Jacking) */
// Check Number 1 ------------------------------------------------------------------------------------------------------------
$receiver_email = $_POST['receiver_email'];
if ($receiver_email != "[email protected]") {
$message = "Investigate why and how receiver email is wrong. Email = " . $_POST['receiver_email'] . "\n\n\n$req";
mail("[email protected]", "Receiver Email is incorrect", $message, "From: [email protected]");
exit(); // exit script
}
// Check number 2 ------------------------------------------------------------------------------------------------------------
if ($_POST['payment_status'] != "Completed") {
// Handle how you think you should if a payment is not complete yet, a few scenarios can cause a transaction to be incomplete
}
// Connect to database ------------------------------------------------------------------------------------------------------
require_once 'db_conx.php';
// Check number 3 ------------------------------------------------------------------------------------------------------------
//
$this_txn = $_POST['txn_id'];
$sql = "SELECT id FROM transactions WHERE txn_id='$this_txn' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$numRows = mysqli_num_rows($query);
//
if ($numRows > 0) {
$message = "Duplicate transaction ID occured so we killed the IPN script. \n\n\n$req";
mail("[email protected]", "Duplicate txn_id in the IPN system", $message, "From: [email protected]");
exit(); // exit script
}
// Check number 4 ------------------------------------------------------------------------------------------------------------
$product_id_string = $_POST['custom'];
$product_id_string = rtrim($product_id_string, ","); // remove last comma
// Explode the string, make it an array, then query all the prices out, add them up, and make sure they match the payment_gross amount
$id_str_array = explode(",", $product_id_string); // Uses Comma(,) as delimiter(break point)
$fullAmount = 0;
foreach ($id_str_array as $key => $value) {
$id_quantity_pair = explode("-", $value); // Uses Hyphen(-) as delimiter to separate product ID from its quantity
$product_id = $id_quantity_pair[0]; // Get the product ID
$product_quantity = $id_quantity_pair[1]; // Get the quantity
$sqlCommand = "SELECT price FROM products WHERE id='$product_id' LIMIT 1";
$query = mysqli_query($db_conx, $sqlCommand);
while($row = mysqli_fetch_array($query)){
$product_price = $row["price"];
}
$product_price = $product_price * $product_quantity;
$fullAmount = $fullAmount + $product_price;
}
$fullAmount = number_format($fullAmount, 2);
$grossAmount = $_POST['mc_gross'];
if ($fullAmount != $grossAmount) {
$message = "Possible Price Jack: " . $_POST['payment_gross'] . " != $fullAmount \n\n\n$req";
mail("[email protected]", "Price Jack or Bad Programming", $message, "From: [email protected]");
exit(); // exit script
}
//
//
// END ALL SECURITY CHECKS NOW IN THE DATABASE IT GOES ------------------------------------
////////////////////////////////////////////////////
// Homework - Examples of assigning local variables from the POST variables
$txn_id = $_POST['txn_id'];
$payer_email = $_POST['payer_email'];
$custom = $_POST['custom'];
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$payment_date = $_POST['payment_date'];
$mc_gross = $_POST['mc_gross'];
$payment_currency = $_POST['payment_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payment_type = $_POST['payment_type'];
$payment_status = $_POST['payment_status'];
$txn_type = $_POST['txn_type'];
$payer_status = $_POST['payer_status'];
$address_street = $_POST['address_street'];
$address_city = $_POST['address_city'];
$address_state = $_POST['address_state'];
$address_zip = $_POST['address_zip'];
$address_country = $_POST['address_country'];
$address_status = $_POST['address_status'];
$notify_version = $_POST['notify_version'];
$verify_sign = $_POST['verify_sign'];
$payer_id = $_POST['payer_id'];
$mc_currency = $_POST['mc_currency'];
$mc_fee = $_POST['mc_fee'];
//
require_once 'db_conx.php';
//$username .= substr($email, 0, strpos($email, '@'));
$user_name = $_POST['first_name'];
// Place the transaction into the database
$sql = "INSERT INTO transactions (product_id_array, email, first_name, last_name, payment_date, mc_gross, payment_currency, txn_id, receiver_email, payment_type, payment_status, txn_type, payer_status, address_street, address_city, address_state, address_zip, address_country, address_status, notify_version, verify_sign, payer_id, mc_currency, mc_fee, ip, username)
VALUES('$custom','$payer_email','$first_name','$last_name','$payment_date','$mc_gross','$payment_currency','$txn_id','$receiver_email','$payment_type','$payment_status','$txn_type','$payer_status','$address_street','$address_city','$address_state','$address_zip','$address_country','$address_status','$notify_version','$verify_sign','$payer_id','$mc_currency','$mc_fee','$ip','$user_name')";
$query = mysqli_query($db_conx, $sql);//or die (mysqli_error($myConnection)) add this before ; for error checking
$to = $payer_email;
$subject = '| Login Credentials';
$message = '
Your officially all ready to go. To login use the information below.
Your account login information
-------------------------
Email: '.$payer_email.'
Password: '.$password.'
-------------------------
You can now login at https://www.test.com/signin.php';
$headers = 'From:[email protected]' . "\r\n";
mail($to, $subject, $message, $headers);
// Mail yourself the details
mail("[email protected]", "NORMAL IPN RESULT YAY MONEY!", $req, "From: [email protected]");
?>
您可以在脚本中添加一个txt日志,用所需的所有消息写入 – Hackerman
添加调用tp PHP的[error_log()](http:/ /php.net/manual/en/function.error-log.php)函数将数据写入系统记录器,文件或电子邮件。 – 2013-08-06 22:22:08
@RobertRozas我试过 'ini_set('log_errors',true); ini_set('error_log',dirname(__ FILE __)。'/ ipn_errors.log');' 我没有在我的ipn_errors.log文件中得到任何东西 – Chris