PayPal IPN txn_check 然后处理付款
几天前,我询问了有关 PayPal IPN txn_id 检查的问题,并得到了信息丰富的答复。对于那些想了解 txn_id 的作用的人来说,它是用来检查交易是否之前未被处理过的。所以现在我的问题是,在检查并发现它不存在后,您将其(txn_id)存储在数据库中,然后处理付款,但是PayPal如何知道付款是否可以处理过程中,您发现 0 行包含 txn_id?
<?php
// PHP 4.1
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
// check the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment
}
else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
}
}
fclose ($fp);
}
?>
Couple of days ago, I asked a question about PayPal IPN txn_id check and I got an informative response. For those that want to find out what the role of txn_id is, its there to check if the transaction has not been previously processed. So now my question is, after checking and seeing that it doesn't exist, you store it (txn_id) in database and then the payment is processed, but how does PayPal know if the payment is ok to process and you found 0 rows with txn_id?
<?php
// PHP 4.1
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
// check the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment
}
else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
}
}
fclose ($fp);
}
?>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
嗯,不确定你的意思,但 PayPal 是一开始向你发送此信息的人吗?他们是告诉您付款是否已完成的人,因此显然知道这一点。他们只是让您知道,以便您可以使用该信息做任何您想做的事情。
Um, not sure what you mean, but PayPal is kind of the one sending you this information to begin with? They are the ones telling you if a payment has gone through or not, and therefore knows this, obviously. They are just letting you know so you can do whatever you want to do with that information.
他们向您发送此信息,以便您可以传回给他们并验证该信息是否真实,而不仅仅是有人将垃圾信息发布到您的服务器。
txn_id是 PayPal 上该交易的完全唯一的 ID“号码”,因此您应该只看到它一次(理论上)。这样做有两个目的:允许您通过发回所有信息来向 PayPal 进行验证。只有一笔交易具有此 ID,因此您发送回给他们的每一条信息都应与该交易的文件中的信息相匹配。然后他们发送“是”或“否”来表明该消息是否有效。如果是“否”,您就知道这是虚假信息。
允许您确定交易是否已被您处理,并防止用户一遍又一遍地将重复信息发布到您的服务器。交易是有效的,是的,但是您不希望他们在只支付一件产品的情况下获得 10 件产品。
They send you this information so that you can transmit back to them and verify that the information is real, and not just someone POSTing crap information to your server. The
txn_idis a completely unique ID "number" for that transaction on PayPal, so you should only ever see it once (theoretically). This serves two purposes:Allows you to verify with PayPal by sending back all the information. Only one transaction exists with this ID, so every single piece of information you send back to them should match what is on file for that transaction. They then send either a Yay or Nay of whether it was valid. If it's Nay, you know it's fake information.
Allows you to determine if the transaction has already been processed by you, and prevents users from POSTing duplicate information to your server over and over. The transaction is valid, yes, but you don't want them to be getting 10 of a product when they only paid for one.
IPN(即时付款通知)与付款处理无关。 IPN 仅在交易发生后才发挥作用。交易ID是已经发生的交易的ID。
如果您想防止重复付款,您应该使用 PayPal您的 PayPal 帐户资料中的发票 ID 和重复付款设置。
IPN (instant payment notification) has nothing to do with the processing of payments. IPN only comes into play after a transaction has occurred. The transaction ID is the ID of the transaction that has occurred.
If you are trying to prevent duplicate payments, you should utilize PayPal's invoice ID and duplicate payment settings within your PayPal account's profile.