I'm using PayPal IPN Library to process a subscription payment. The Library logs to a database the IPN answer. The return URL is a "processing" page that checks at timed intervals for the "SUCCESS" status at ipn_log table. But I cant identify the current transaction row on this table. How can I confirm the payment has succeded? I can get the POST variables on the return URL, but none of them is registered on the database. Is there a variable that is returned by the IPN and also sent by POST to the return URL? Something like the transaction id? Maybe Im going the wrong way on this and there is another aproach to confirm the payment status.
Got it. The "custom" field added to the button form makes the trick. Saving it to the database is enough to keep track of the process
Related
I am looking to use PayPal to accept a payment through my website. I am looking at the Smart Payment button option. If the payment is successful I need to update something in my website DB. How can I determine whether the payment was successful or not? I cant see anything the API docs.
I also need to retain user context with a PHP session ID. How can I pass that to the paypal site and ensure it is returned with the success / fail indicator?
Use Paypal IPN to receive payment notifications. Setup a server endpoint to respond to IPN requests and update your DB etc...
To maintain state, you will need to include a hidden input filed in your Smart Payment Button with a name of custom and a value of your choice (session id).
Setup a IPN endpoint ie: /checkout/ipn, to receive Paypal notifications. Capture the session ID with $_POST['custom'];
I ended up using the Braintree API for this use case. Ther Brantree API returns a unique payment identifier (payment Nonce) which you can then validate by submitting a call back to the Braintree API to ensure the payment was actually received properly.
As a team we're currently investigating a strange occurrence. It doesn't seem to apply to all orders by any means, but it is affecting a large number of customers based on the logging we've added to the noItems.phtml page.
Please note: I'm not really expecting an answer as I assume this is a problem we have to solve ourselves based on addons, and our server configuration (three servers for loading balancing). However, I am looking for possible ideas and/or whether this is something somebody has come across previously.
What we've done so far, and what we know:
User enters their card details in the SagePay iFrame;
User purchases an item via SagePay -- order is successful;
Some users are sent back to the success page;
Some users don't see the success page (phoned to confirm a handful) but instead return back to the empty basket;
We're still investigating, but we find it ever so strange how a user would return to the empty basket page. We've added logging to the noItems.phtml and we can see that some users are getting assigned another session ID after a successful transaction. This seems to be the problem, but why the user is being assigned another session ID after a SagePay payment isn't easy to comprehend.
Has anybody else experienced a similar issue with SagePay/Magento? And if so, what steps did you take to solve?
Our Sage Pay Support team would be happy to look at the transaction logs (within 72 hours of the transation being submitted) and help you determine the reason for the failed transactions on 0845 111 4455 24/7.
You reply to the Notification URL when you acknowledge receipt of our response. You have 20 seconds to response. You need to send the Status (OK, Error or Invalid), Status Detail and Redirect URL. We then send the shopper back to your Redirect URL.
A few suggestions would be:
If we can't reach your Notification URL, check you have ports 443 and 80 open. Check you don't have a DNS issue.
If you are receiving the notification from Sage Pay to confirm the status of the transaction via the Notification URL. Check the information you are sending is in the correct casing, that it is not empty data and that your website is not spooling and check whether the success/failure URL is a valid landing page.
All our system needs is the Status Deatil, 'Status = ' and 'RedirectURL =' fields with the appropriate values assigned, separated with Carriage-Return and Line-Feeds (as specified in the protocol) . Nothing else is required. The response you send should also be text/plain message, not text/html or any other MIME type.
If the customer is being sent back to an empty basket, check whether your website is doing a job in the background such as writing to a databse, preparing confirmation emails to the back office before sending the customer to the payment page. Test whether your server can handle the amount of transactions coming through from Sage Pay. Or are you truncating the NEXT URL?
Regarding a session ID, each transaction is assigned a unique Sage Pay ID called a VPSTxID which is used to identify the transaction. We can take a look at the transactions you are referring to if you are getting several session IDs to discuss further if you would like.
Sage Pay Support.
Check the action that pushes the user to the success page on successful purchase. Maybe its something like target _parent. Maybe its something where its trying to load the success page in the iframe. Or maybe its timing out on sagepay when trying to redirect.
When people make a successful payment with PAyPal in my Magento webshop it automatically creates an invoice with unique invoice number. For bookkeeping reasons, I have to disable it.
I've been searching for a few weeks now but I still haven't found the solution for this problem. What I know so far is that this is caused by IPN. The problem is I don't know how to turn this off without damaging my shop or paypal payments.
Some more specs:
- Version: Magento 1.6.2.0
- Standard paypal
Files containing IPN:
www/app/code/core/Mage/Paypal/controllers
"Turning it Off" is sort of vague, but there's no configuration setting on the Magento side that will allow you to accept PayPal standard payments using the IPN system but not create invoices. You're looking at writing custom code to do this. Here are some starting points.
PayPal IPN works with a callback URL. That is, once PayPal has processed a payment, it fetches a specific URL from Magento with a specific set of data in the post field. Then, based on this information, appropriate action is taken (an invoice is created, a credit is issued, etc.). So the quickest way to achieve your goal would be to change the IPN URL in your PayPal configuration. This means PayPal is still notifying a URL, but not the Magento URL, and an invoice never gets created.
If that doesn't work or has unacceptable side effects, here's the code points you're interested in. Assuming you're using a standard Magento PayPal setup with an IPN URL configured at
http://yourstore.example.com/paypal/ipn/
Magento will handles this request with the indexAction method in
#File: app/code/core/Mage/Paypal/controllers/IpnController.php
public function indexAction()
{
if (!$this->getRequest()->isPost()) {
return;
}
try {
$data = $this->getRequest()->getPost();
Mage::getModel('paypal/ipn')->processIpnRequest($data, new Varien_Http_Adapter_Curl());
} catch (Exception $e) {
Mage::logException($e);
}
}
The business logic for this method (including your invoice creation) starts in the paypal/ipn model. In a standard system this resolves to the class at
#File: app/code/core/Mage/Paypal/Model/Ipn.php
class Mage_Paypal_Model_Ipn
{
....
}
Trace the code from here to find the method you'll want to rewrite and implement your desired functionality changes (not creating an invoice). Your best bet will be setting up a PayPal developer sandbox account so you can repeatedly hit the URL until you've traced your code to the right spot.
Good luck!
instead of hacking your core Magento files, just turn off IPN within PayPal.
By default, there are three states for PayPal IPN:
On
Off
Disabled
The first option will let you specify an IPN URL within your PayPal Profile, and you'll have access to 'IPN History' under the 'History' tab. All IPN data for your account will be sent to the URL you specified, unless you override it with notify_url / NOTFIFYURL on a per-transaction basis.
The second option will turn IPN off on your account, but you can still use it by setting notify_url / NOTIFYURL on a per-transaction basis. This is what Magento uses.
The third option will stop generating IPN messages for your account, even if your shopping cart (Magento, in this case) specifically asks for IPN messages by sending notify_url / NOTIFYURL. No IPN messages will be delivered whatsoever.
To set IPN to 'Disabled', first set it to 'On' in your PayPal account and provde a URL to an IPN address (though this can be any address, just enter http://www.google.com/ for example).
Once enabled, look for the option stating 'Stop receiving IPN messages (Disable)'. Use this to disable IPN altogether.
Source:-https://lastdropofink.co.uk/tools/magento/magento-paypal-ipn/
If I got you right, you should change Payment Action to Authorization for your paypal payment method. See more info there:
http://www.magentocommerce.com/knowledge-base/entry/setting-up-paypal-for-your-magento-store#1.1
Or, instead of hacking your core Magento files, just turn off IPN within PayPal.
By default, there are three states for PayPal IPN:
On
Off
Disabled
The first option will let you specify an IPN URL within your PayPal Profile, and you'll have access to 'IPN History' under the 'History' tab. All IPN data for your account will be sent to the URL you specified, unless you override it with notify_url / NOTFIFYURL on a per-transaction basis.
The second option will turn IPN off on your account, but you can still use it by setting notify_url / NOTIFYURL on a per-transaction basis. This is what Magento uses.
The third option will stop generating IPN messages for your account, even if your shopping cart (Magento, in this case) specifically asks for IPN messages by sending notify_url / NOTIFYURL. No IPN messages will be delivered whatsoever.
To set IPN to 'Disabled', first set it to 'On' in your PayPal account and provde a URL to an IPN address (though this can be any address, just enter http://www.google.com/ for example).
Once enabled, look for the option stating 'Stop receiving IPN messages (Disable)'. Use this to disable IPN altogether.
What I’ve been really surprised by over the past few weeks is the number of sites that don’t actually have this turned on and it’s just not limited to self-builds even the really expensive Magento builds are missing this out this as a step.
Turning on the PayPal Instant Payment Notification (IPN for short) is an excellent idea as means that when a customer pays for an item using PayPal then the payment information will be updated on the Magento order details in the administration panel.
It only takes a few moments to enable and I’ll show you how to enable IPN for your Magento site below. This will mean that when you receive an order via PayPal Express for example, you can actually see the transaction details in Magento and if you’re using eSellerPro and have the eSellerPro Connector enabled for sales order processing, your order & payment details will match up automatically.
Setting this up won’t take more than a few moments and here are 6 simple steps to do this:
1 Login to PayPal
2 Hover on “Profile” and select “My Selling Preferences”
3 Halfway down the page, click on “Update” next to “Instant payment notifications”
Now enter the following details:
Notification URL – This is simply http://your-magento-store.com/paypal/ipn/ replacing “your-magento-store.com” with your website address. <= This is the part that normally trips everyone up as they’re not sure what to enter here.
IPN messages – Set this to “Receive IPN messages (Enabled)”
Press Save
That’s it job done.
To test whether IPN is working or not is dead simple, just make a test transaction through your website (you will need a secondary PayPal account for this) and a few minutes later, check on the order in your Magento admin panel has been updated with the PayPal transaction details.
To help you, I have put to images below, the image on the left has no IPN details, the image on the right does.
I'm setting up a website that uses paypal to process payments.
The easiest way to implement the checkout form would be to create an HTML form that submits directly to paypal, sending the order details and redirecting the user to paypal in order to finalize the transaction.
However, there is a security vulnerability with this process. The client could edit the information submitted to paypal, such as changing the price of the checkout to $0.00.
What is an accepted way to handle this type of situation? Is it to submit the form back to my server, then do some processing in PHP, then submit verified data to paypal and redirect the user to paypal? Is this possible?
Thanks!
There are two main ways to handle this issue.
The first is somewhat like what you outline: You send the filled in form to PayPal, and provide a callback-url. When PayPal has processed the payment, they will call your provided url, and you can check whether or not the information given in that call is the same as what you provided. For this to work, you need to store the information in the meantime, like in a database. You will then only give access to the product after the validation has happened.
You can also encrypt the information you send to PayPal, making it practically impossible to alter information in your form.
See https://www.x.com/developers/paypal for details.
i have integrated a 3rd party payment gateway into magento. It handels a successful transaction or a failed transaction perfectly.
But what if when the user is at the payment gateway page and it times out or when at the payment gateway page the user closes the page and returns back to the site later or user simply hits the back button,
how do i cancel the order then?
Should i use some observer to do this?
If so could you suggest to which events do i need to fire the observer?
the issue i am facing is that when a user is redirected to a payment gateway and he/she hits the back button and comes back to the site, the order is still created, which ideally should have been canceled.
Thanks.
Your validation methods should not be session aware and should process any feedback (and validate before you process) in any case. You also need a monitoring service that times out orders without a response after some time if you need them to be disabled in timely fashion.
However if user hits back button there is really nothing you can do as the feedback from payment gateway never gets sent on user action. I know some payment gateways issue automatic post from the server no matter what you have to investigate if this can be also possible with your payment gateway.