Paypal IPN listener is crashing our site
我正在尝试设置Paypal,以便当客户购买对我们网站的订阅时,其帐户会获得批准。不幸的是,在测试我的IPN侦听器时,我相信我不小心使Paypal在我们的网站上发起了拒绝服务攻击。有谁知道是什么原因造成的?这是IPN侦听器:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 | // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .="&$key=$value"; } // post back to PayPal system to validate $header .="POST /cgi-bin/webscr HTTP/1.0\ \ "; $header .="Content-Type: application/x-www-form-urlencoded\ \ "; $header .="Content-Length:" . strlen($req) ."\ \ \ \ "; $fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30); // assign posted variables to local variables $item_name = $_POST['item_name']; $item_number = $_POST['item_number']; $payment_status = $_POST['payment_status']; $payment_amount = $_POST['mc_gross']; $payment_currency = $_POST['mc_currency']; $txn_id = $_POST['txn_id']; $receiver_email = $_POST['receiver_email']; $payer_email = $_POST['payer_email']; if (!$fp) { // HTTP ERROR } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res,"VERIFIED") == 0) { // check the payment_status is Completed // check that receiver_email is your Primary PayPal email if (($payment_status == 'Completed') && ($receiver_email == $paypalemail)) { // check that txn_id has not been previously processed // check that payment_amount/payment_currency are correct // process payment if ($clientstatus == PENDING){ $query ="UPDATE clients SET clientStatus = 'APPROVED', substatus = '1' WHERE clientID=$item_number"; $db2->query( $query ); } } else if (strcmp ($res,"INVALID") == 0) { // log for manual investigation } } fclose ($fp); } } ?> |
此外,我从主机收到一封电子邮件,其中包含错误日志的最后100行-基本上是这10次,都在1秒之内。
1 2 3 4 5 6 7 8 9 10 11 12 | [Fri May 17 13:07:16 2013] [error] [client 173.0.82.126] PHP Warning: fgets(): 2 is not a valid stream resource in /var/www/vhosts/ site.com/subdomains/development.site.com/httpdocs/hiddenadmin/ipn/index.phpon line 33 [Fri May 17 13:07:16 2013] [error] [client 173.0.82.126] PHP Warning: fclose(): 2 is not a valid stream resource in /var/www/vhosts/ site.com/subdomains/development.site.com/httpdocs/hiddenadmin/ipn/index.phpon line 53 [Fri May 17 13:07:16 2013] [error] [client 173.0.82.126] PHP Warning: feof(): 2 is not a valid stream resource in /var/www/vhosts/ site.com/subdomains/development.site.com/httpdocs/hiddenadmin/ipn/index.phpon line 32 |
PayPal现在将HTTP 1.1用于IPN。 X.com上的示例脚本已更新,以反映所做的更改。我建议尝试使用更新的脚本之一。
您提供的代码还可以响应沙盒环境。如果您未使用沙盒,则会导致帖子验证失败。