PHP - Paypal Openssl Help
Hi,
I'm setting up a website with a custom built shopping basket which I want to link in with Paypal. I have it all done except I'm having trouble getting the button encryption working using OpenSSL. I have all the certificates done and uploaded to Paypal but when I use this function; Code: [Select] $myPublicKey = openssl_pkey_get_public("requires/paypal/my-pubcert.pem"); openssl_public_encrypt($data, $crypttext, $myPublicKey); It produces this error; Quote openssl_public_encrypt(): key parameter is not a valid public key Now I originally did my own research to try to solve this problem but have been unable to do so which is why I'm hear, My findings indicated towards the openssl.cnf which could well be the issue as I haven't indicated in any code the location of the file, but I don't know how or where I do that. Any help with this is appreciated. Scarz Similar TutorialsHi, Im trying to convert a cert on the server its a .p12 file to a .pem. i first tried doing system(); commands but that never worked so i dont know what i can do now, i looked at some of the openssl php code but i cant find something that will do it, that or im doing it wrong.. heres what i was wanting to do; Code: [Select] system('openssl pkcs12 -clcerts -nokeys -out apns-dev-cert.pem -in apns-dev-cert.p12 -passin pass:'); system('openssl pkcs12 -nocerts -out apns-dev-key.pem -in apns-dev-key.p12 -passout pass:1234 -passin pass:'); system('openssl rsa -in apns-dev-key.pem -out apns-dev-key-noenc.pem -passin pass:1234'); system('cat apns-dev-cert.pem apns-dev-key-noenc.pem > apns-dev.pem'); this works on my mac, but i dont know how to do it online. thanks for reading hope someone can help. Code: [Select] <?php // Fill in data for the distinguished name to be used in the cert // You must change the values of these keys to match your name and // company, or more precisely, the name and company of the person/site // that you are generating the certificate for. // For SSL certificates, the commonName is usually the domain name of // that will be using the certificate, but for S/MIME certificates, // the commonName will be the name of the individual who will use the // certificate. $dn = array( "countryName" => "UK", "stateOrProvinceName" => "Somerset", "localityName" => "Glastonbury", "organizationName" => "The Brain Room Limited", "organizationalUnitName" => "PHP Documentation Team", "commonName" => "Wez Furlong", "emailAddress" => "wez@example.com" ); // Generate a new private (and public) key pair $privkey = openssl_pkey_new(); // Generate a certificate signing request $csr = openssl_csr_new($dn, $privkey); // You will usually want to create a self-signed certificate at this // point until your CA fulfills your request. // This creates a self-signed cert that is valid for 365 days $sscert = openssl_csr_sign($csr, null, $privkey, 365); // Now you will want to preserve your private key, CSR and self-signed // cert so that they can be installed into your web server, mail server // or mail client (depending on the intended use of the certificate). // This example shows how to get those things into variables, but you // can also store them directly into files. // Typically, you will send the CSR on to your CA who will then issue // you with the "real" certificate. openssl_csr_export($csr, $csrout) and var_dump($csrout); openssl_x509_export($sscert, $certout) and var_dump($certout); openssl_pkey_export($privkey, $pkeyout, "mypassword") and var_dump($pkeyout); ?> Openssl is a php ext which can be enabled in a php build. If I enable this ext in my application on my own computer will it generate an ssl certificate or only speak to a certificate. Facebook suddenly requires SSL HTTPS secure canvas after 6 yrs of working with the interface all my apps are down can someone pls tell me what is going on!! I would like to know how to incorporate or use the OpenSSL in my forms, particulary in logging in. Hi i have php script which i have been running on on my web server which is dreamhost which is working fine... but here's the twist i have just set-up a xampp server apache 2.2 on my windows 7 machine my website is running fine expect for the openssl encrypt script which is filing to encrypt here's a sample of my code. $MY_KEY_FILE = "c:\\xampp\\apache\\bin\\my-prvkey.pem"; # public certificate file to use $MY_CERT_FILE = "c:\\xampp\\apache\\bin\\my-pubcert.pem"; # Paypal's public certificate $PAYPAL_CERT_FILE = "c:\\xampp\\apache\\bin\\paypal_cert_pem.txt"; # path to the openssl binary $OPENSSL = "c:\\xampp\\apache\\bin\\openssl.exe"; $form = array('cmd' => '_xclick', 'business' => 'removed business name for security ', 'cert_id' => 'removed cert id for security', 'lc' => 'AU', 'custom' => ''.$id.'', 'invoice' => removed business name for security', 'currency_code' => 'AUD', 'no_shipping' => '1', 'item_name' => 'removed business name for security', 'item_number' => '1', 'amount' => $total ); $encrypted = paypal_encrypt($form); function paypal_encrypt($hash) { //Sample PayPal Button Encryption: Copyright 2006-2010 StellarWebSolutions.com //Not for resale - license agreement at //http://www.stellarwebsolutions.com/en/eula.php global $MY_KEY_FILE; global $MY_CERT_FILE; global $PAYPAL_CERT_FILE; global $OPENSSL; if (!file_exists($MY_KEY_FILE)) { echo "ERROR: MY_KEY_FILE $MY_KEY_FILE not found\n"; } if (!file_exists($MY_CERT_FILE)) { echo "ERROR: MY_CERT_FILE $MY_CERT_FILE not found\n"; } if (!file_exists($PAYPAL_CERT_FILE)) { echo "ERROR: PAYPAL_CERT_FILE $PAYPAL_CERT_FILE not found\n"; } //Assign Build Notation for PayPal Support $hash['bn']= 'StellarWebSolutions.PHP_EWP2'; $data = ""; foreach ($hash as $key => $value) { if ($value != "") { //echo "Adding to blob: $key=$value\n"; $data .= "$key=$value\n"; } } // here's where i believe the problem is when creating and signing the my_cert_file i had to specify where the openssl.cnf file was do i need to do same here.. -config c:\\xampp\\apache\\bin\\openssl.cnf $openssl_cmd = "($OPENSSL smime -sign -signer $MY_CERT_FILE -inkey $MY_KEY_FILE " . "-outform der -nodetach -binary <<_EOF_\n$data\n_EOF_\n) | " . "$OPENSSL smime -encrypt -des3 -binary -outform pem $PAYPAL_CERT_FILE"; exec($openssl_cmd, $output, $error); if (!$error) { return implode("\n",$output); } else { return "ERROR: encryption failed"; } echo $output; }; Hi I develop a system using OPenSSL for Rijndael-256 (RSA-256) encryption. It works weel on an Apache server with PHP 5.3.2 on Windows and on a Linux server. But, on a Mac, I experience a weird problem. When I send a block to be decrypted, it works some times, and, without any reason, it stops and stays blocked for a while. And suddenly, it works again. When it crashes, I have the error message : Code: [Select] Wrong request for connection error:0906D06C:PEM routines:PEM_read_bio:no start line I searched on Google and couldn't really find any solution. I read it seemed to be related to the keys format. The public key used for encryption is like : Code: [Select] -----BEGIN PUBLIC KEY----- ... -----END PUBLIC KEY----- And the private is like : Code: [Select] -----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY----- Has anybody met that problem before and/or know where it comes from and how to fix it ? Thanks Hello guys, i need to create a code for making connections with SSL servers (particularly SMTPS and POP3S) and i know about the existence of OpenSSL extension. However, i'm in doubt about a basic issue: 1. Is this extension useful for creating SSL clients or SSL servers? I'm not a SSL expert, so maybe i'm misunderstanding something; i hope you can help me. Kind regards. I am trying to use SSH2 functions in PHP and I read the documentation for each LIBSSH2, OpenSSL and PECL SSH2 and I can't figure out how to install any of them on the Windows Server X64 box. Does anyone know how to do this? http://www.php.net/manual/en/ssh2.requirements.php http://pecl.php.net/package/ssh2 http://www.openssl.org/ http://www.libssh2.org/ Thanks, sanchez I have an ecommerce site on shared hosting enviroment. My ecommerce site stores customer data (name, address, email, phone, and item purchase) in mySQL database. (No super private data like credit card numbers or social security numbers.) Using openssl (openssl_cipher, iv, etc.), I've been encrypting this customer data and storing the encrypted data in mySQL. Today, I'm thinking "what's the point." It's like having a lockbox with the key on the wall above...
My thoughts: What do you all think? Sorry for my bad english. I am not from around these parts.
Hey guys i have created a paypal IPN script and it takes various info from users via paypal. Anyways i store their info into a database along with their email however i dont want them to be able to purchase again with the same email (long story) anways by the time i receive the info from paypal the payments already gone through so its too late for me to do the checking against the database. Is there anyway i can auto refund the payment do paypal allow this? Hope someone can help. Thanks! I just did the ipn page to store paypal transactions into my database but it doesnt seem to be working. Is there anything else that i need to do other than creating the ipn page? <?php mysql_connect("localhost", "root", "") or die(mysql_error()); mysql_select_db("pbstore") or die(mysql_error()); // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30); if (!$fp) { // HTTP ERROR } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res, "VERIFIED") == 0) { // PAYMENT VALIDATED & VERIFIED! $email = $_POST['payer_email']; $name = $_POST['item_name']; mysql_query("INSERT into sales (name, email) VALUES('".$name."', '".$email."')")or die(mysql_error()); mysql_query("INSERT INTO users (email, password) VALUES('". mysql_escape_string($email) ."', '".md5($password)."' ) ") or die(mysql_error()); } else if (strcmp ($res, "INVALID") == 0) { // PAYMENT INVALID & INVESTIGATE MANUALY! } } fclose ($fp); } ?> Hi, I am new here, so hello everyone. I really need some help with getting Paypal IPN working correctly. This is what I am trying to do. I have a user database, when the user logs in, they have the option to upgrade/subscribe to our website. So when they subscribe and payment is validated, I want a specific field in a specific table updated based on the user's unique ID, not based on [payer_email], so how do I pass on that parameter using IPN? right now I added the "userId" to a hidden field in the Paypal subscription form named "on1".... I hope this isn't confusing - would really appreciate your help - I added code below. Code: [Select] <?php DB info -- // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30); if (!$fp) { // HTTP ERROR } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res, "VERIFIED") == 0) { // PAYMENT VALIDATED & VERIFIED! $email = $_POST['payer_email']; $userId=$_POST['on1']; $membership = '2'; mysql_query("UPDATE users SET membership=".$membership." WHERE userId=".$userId) or die(mysql_error()); $to = $email; $subject = 'subject line'; $message = ' message here '; mail($to, $subject, $message, $headers); } else if (strcmp ($res, "INVALID") == 0) { // PAYMENT INVALID & INVESTIGATE MANUALY! $to = 'my_email'; $subject = 'subject lin'; $message = ' Dear Administrator, A payment has been made but is flagged as INVALID. Please verify the payment manualy and contact the buyer. Buyer Email: '.$email.' '; $headers = 'From:my_email' . "\r\n"; mail($to, $subject, $message, $headers); } } fclose ($fp); } ?> Hi all I have a quick PayPal IPN question, is this the right group to post the message and does anyone know much about the PayPal IPN? Thanks Hi guys, my code below works with sanbox for paypal IPN but since it has gone live it doesnt do anything, so i made emails to send me where the issue is and it keep sending me $req = 'cmd=_notify-validate'; could you please tell me what im doing wrong here? my db connection should be fine as it does update the users on sanbox. the account im paying with in paypal keep saying payment status unclaimed. it means the reciever has not recieved the money. I checked the paypal account where i recieve the moeny and looked into my ipn history, nothing there. the same ipn address is used for my account when i tested it on sanbox, thanks <?php $email="princeofpersia@hotmail.co.uk"; include 'global.php'; // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30); //$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);//Live // assign posted variables to local variables if (!$fp)// failed to connect to url { //write to file $fh = fopen("logipn.txt", 'a');//open file and create if does not exist fwrite($fh, "\r\n/////////////////////////////////////////\r\n HTTP ERROR \r\n");//Just for spacing in log file fwrite($fh, $errstr);//write data fclose($fh);//close file $mail_From = "From: IPN@tester.com"; $mail_To = $email; $mail_Subject = "HTTP ERROR"; $mail_Body = $errstr;//error string from fsockopen mail($mail_To, $mail_Subject, $mail_Body, $mail_From); } else//successful connect to url { fputs ($fp, $header . $req);//send request while (!feof($fp)) //while not end of file { $res = fgets ($fp, 1024);//get response if (strcmp ($res, "VERIFIED") == 0) { //write to file $fh = fopen("logipn.txt", 'a');//open file and create if does not exist fwrite($fh, "\r\n/////////////////////////////////////////\r\n Verified \r\n");//Just for spacing in log file fwrite($fh, $req);//write data fclose($fh);//close file $mail_From = "From: IPN@tester.com"; $mail_To = $email; $mail_Subject = "VERIFIED IPN"; $mail_Body = $req; mail($mail_To, $mail_Subject, $mail_Body, $mail_From); } else if (strcmp ($res, "INVALID") == 0) { //write to file $fh = fopen("logipn.txt", 'a');//open file and create if does not exist fwrite($fh, "\r\n/////////////////////////////////////////\r\n Invalid \r\n");//Just for spacing in log file fwrite($fh, $req);//write data fclose($fh);//close file $mail_From = "From: IPN@tester.com"; $mail_To = $email; $mail_Subject = "INVALID IPN"; $mail_Body = $req; mail($mail_To, $mail_Subject, $mail_Body, $mail_From); } } fclose ($fp);//close file pointer } $item_name = $_POST['item_name']; $item_number = $_POST['item_number']; $payment_status = $_POST['payment_status']; $payment_amount = $_POST['mc_gross']; $payment_currency = $_POST['mc_currency']; $txn_id = $_POST['txn_id']; $receiver_email = $_POST['receiver_email']; $payer_email = $_POST['payer_email']; //$username=$_POST['username']; if (!$fp) { // HTTP ERROR } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res, "VERIFIED") == 0) { if (strtolower($payment_status)=="completed") { if ($payment_amount==0.01&&$payment_currency=="GBP") { $update = mysql_query("UPDATE users SET credit= credit+5 WHERE email='$payer_email'"); } } // check the payment_status is Completed // check that txn_id has not been previously processed // check that receiver_email is your Primary PayPal email // check that payment_amount/payment_currency are correct // process payment } else if (strcmp ($res, "INVALID") == 0) { // log for manual investigation } } fclose ($fp); } ?> I am trying to get a Paypal IPN working using PHP. I have attached the code I have written that is not working. I have no real way to test it other than nothing is being posted to the databases. The transactions seem to complete with paypal, but I get no information and no emails are generated. Any help would be much appreciated. Hey Guys, i have another problem, i am using paypal IPN, and i want the details of the order to be stored in my orders table of the databse as well as sending me an email. Im pretty sure the code is ok, but it is not working. Can some one please take a look? <?php include('db_fns.php'); // change these to your paypal settings $paypal_email = "benmunns@gmail.com"; $paypal_currency = 'USD'; $shipping = 10.00; /** * checks if paypal trans id is already in database * @param int $trans_id * @return bool */ function no_paypal_trans_id($trans_id) { $connection = db_connect(); $query = sprintf("SELECT id from orders WHERE paypal_trans_id = '%s'", mysql_real_escape_string($trans_id)); $result = mysql_query($query); $num_results = mysql_num_rows($result); if($num_results == 0) { return true; } return false; } /** * checks to make sure that paypal payment amount is correct * @param int $shipping * @param array $params * @return bool */ function payment_amount_correct($shipping, $params) { $amount = 0.00; for ($i=1; $i <= $params['num_cart_items']; $i++) { $query = sprintf("SELECT price from products where id='%s'", mysql_real_escape_string($params["item_number{$i}"])); $result = mysql_query($query); if($result) { $item_price = mysql_result($result, 0, 'price'); $amount += $item_price * $params["quantity{$i}"]; } } if(($amount+$shipping) == $params['mc_gross']) { return true; } else { return false; } } /** * creates order and adds items * @param array $params * @return bool */ function create_order($params) { db_connect(); $query = sprintf("INSERT INTO orders set orders.firstname = '%s', orders.lastname = '%s', orders.email = '%s', orders.country = '%s', orders.address = '%s', orders.city = '%s', orders.zip_code = '%s', orders.state = '%s', orders.status = '%s', orders.amount = '%s', orders.paypal_trans_id = '%s', created_at = NOW() ", mysql_real_escape_string($params['first_name']), mysql_real_escape_string($params['last_name']), mysql_real_escape_string($params['payer_email']), mysql_real_escape_string($params['address_country']), mysql_real_escape_string($params['address_street']), mysql_real_escape_string($params['address_city']), mysql_real_escape_string($params['address_zip']), mysql_real_escape_string($params['address_state']), mysql_real_escape_string($params['payment_status']), mysql_real_escape_string($params['mc_gross']), mysql_real_escape_string($params['txn_id']) ); $result = mysql_query($query); if(!$result) { return false; } $order_id = mysql_insert_id(); for ($i=1; $i <= $params['num_cart_items'] ; $i++) { $product = find_product($params["item_number{$i}"]); $query = sprintf("INSERT INTO items set order_id = '%s', product_id = '%s', title = '%s', price = '%s', qty = '%s' ", mysql_real_escape_string($order_id), mysql_real_escape_string($product['id']), mysql_real_escape_string($product['title']), mysql_real_escape_string($product['price']), mysql_real_escape_string($params["quantity{$i}"]) ); $result = mysql_query($query); if(!$result) { return false; } } return true; } // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30); // assign posted variables to local variables $item_name = $_POST['item_name']; $item_number = $_POST['item_number']; $payment_status = $_POST['payment_status']; $payment_amount = $_POST['mc_gross']; $payment_currency = $_POST['mc_currency']; $txn_id = $_POST['txn_id']; $receiver_email = $_POST['receiver_email']; $payer_email = $_POST['payer_email']; if (!$fp) { // HTTP ERROR } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res, "VERIFIED") == 0) { if ($_POST['payment_status'] == 'Completed' && no_paypal_trans_id($_POST['txn_id']) && $paypal_email == $_POST['receiver_email'] && $paypal_currency == $_POST['mc_currency'] && payment_amount_correct($shipping, $_POST) ) { // process payment create_order($_POST); } } else if (strcmp ($res, "INVALID") == 0) { // log for manual investigation } } fclose ($fp); } ?> Hi Does any one know of any good tutorials for paypal web payments pro, or recommend books Thanks in advance Hey All, I have setup a Paypal API to handle the recurring payments on my website, once the payment is completed I get a token id and ba_token id return. I am storing this in a database, but wondered how people link this with a user table? I could use a cookie to store the user's id before payment and then get it once the payment is complete, but this would not work with the subsequent recurring payments. How do you go about sending the user id when a recurring payment happens? Any advise would be appreciated. Edd Hi, I am about to incorporate some PayPal functions to my site and am just asking for some advice before I start. Basically a user is going to enter some data into a form and then be passed to PayPal to pay an X amount, once the payment has been verified I want the information entered in the form (before going to PayPal), to be added to a database. But it seems that PayPal does not allow you to pass multiple (about 13) variables through their system. Is this correct? So what I was going to do is just before the customer goes to the PayPal site, I was going to insert all the data into the database and set a payment status, then once the payment is confirmed re-setting the payment status to paid or non-paid. Is that a good way to do what I want? If not is there a better way? Any help would be great. Lee Hi, I have setup my paypal payment method for a shopping cart on my site, all is well but in order for my server to flag an invoice as paid, the user must return to my website after paying and the query string in the url give the script the go ahead to mark it as paid which in turn alerts the appropriate department that its ok to source the order. ~The problem is, if the user for whatever reason skip the redirect back to my site, the invoice is remain 'unpaid' and has to be changed manually when the payment has been checked in the account. As you might imagine this is a bit of a problem because not only can it cause quite a delay, it also requires manually changing values which can lead to other problems. So if there is a better way i would appreciate the info, thanks a lot. |