PayPal IPN not working anymore

Question

Since yesterday the PayPal IPN was working fine, but today I can't receive any IPNs. I checked the MySQL, checkt the IPN Adresse and everything is fine. I was thinking PayPal did some changes on their IPN Server, that woman on the Phone told me no. Kind of weird.

So could someone check the ipn.php & the add.php?

add php

<?
define('BASEPATH', true);
require_once("../../config.php");
if(!$is_online){
    redirect('../../../index.php');
    exit;
}

$s_host = parse_url($site['site_url']);

if($_GET['cash'] != '' && is_numeric($_GET['cash'])){
    $cash = ($_GET['cash'] < 1 ? 1 : $_GET['cash']);
    $cash = number_format($cash, 2, '.', '');
}else{
    redirect('../../../index.php');
    exit;
}
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>Redirecting...</title>
<meta http-equiv="content-type" content="text/html;charset=UTF-8" />
<style>body{background: #fff;font: 13px Trebuchet MS, Arial, Helvetica, Sans-Serif;color: #333;line-height: 160%;margin: 0;padding: 0;text-align: center;}h1{font-size: 200%;font-weight: normal}.centerdiv{position: absolute;top: 50%; left: 50%; width: 340px; height: 200px;margin-top: -100px; margin-left: -160px;}</style>
<script type="text/javascript">
    setTimeout('document.paypalform.submit()',1000);
</script>
</head>
<body>
<div class="centerdiv"><h1>Connecting to Paypal <img src="<?=$site['site_url']?>/img/go_loader.gif" /></h1></div>
<form name="paypalform" action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="<?=$site['paypal']?>">
<input type="hidden" name="item_name" value="<?='Add Funds - '.$data['login'].' - '.$s_host['host']?>">
<input type="hidden" name="custom" value="<?=($data['id'].'|'.$cash.'|'.VisitorIP())?>">
<input type="hidden" name="amount" value="<?=$cash?>">
<input type="hidden" name="currency_code" value="<?=($site['currency_code'] == '' ? 'USD' : $site['currency_code'])?>">
<input type="hidden" name="button_subtype" value="services">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="no_shipping" value="2">
<input type="hidden" name="rm" value="1">
<input type="hidden" name="return" value="<?=$site['site_url']?>/bank.php?success">
<input type="hidden" name="cancel_return" value="<?=$site['site_url']?>/bank.php?cancel">
<input type="hidden" name="notify_url" value="<?=$site['site_url']?>/system/payments/paypal/ipn.php">
</form>
</body>
</html>

ipn

<?php
define('BASEPATH', true);
require("../../config.php");

$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Host: www.paypal.com\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);

// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$custom = $_POST['custom'];

if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
    $res = fgets ($fp, 1024);
    if (strcmp ($res, "VERIFIED") == 0) {
        $get_data = explode('|', $custom); 

        if($site['paypal_auto'] == 1){
            if($payment_status == 'Completed'){
                $user = $db->QueryFetchArray("SELECT id,login FROM `users` WHERE `id`='".$get_data[0]."'");
                $check = $db->QueryGetNumRows("SELECT id FROM `transactions` WHERE `gateway`='paypal' AND `trans_id`='".$txn_id."'");
                if($check == 0){
                    $db->Query("INSERT INTO `transactions` (user, user_id, money, gateway, date, user_ip, trans_id) VALUES('".$user['login']."','".$user['id']."', '".$payment_amount."', 'paypal', NOW(), '".$get_data[2]."', '".$txn_id."')");
                    if($user['id'] > 0){
                        $db->Query("UPDATE `users` SET `account_balance`=`account_balance`+'".$payment_amount."' WHERE `id`='".$user['id']."'");            
                    }
                }
            }
        }else{
            $user = $db->QueryFetchArray("SELECT id,login FROM `users` WHERE `id`='".$get_data[0]."'");
            $check = $db->QueryGetNumRows("SELECT id FROM `transactions` WHERE `gateway`='paypal' AND `trans_id`='".$txn_id."'");
            if($check == 0){
                $db->Query("INSERT INTO `transactions` (user, user_id, money, gateway, date, paid, user_ip, trans_id) VALUES('".$user['login']."','".$user['id']."', '".$payment_amount."', 'paypal', NOW(), '0', '".$get_data[2]."', '".$txn_id."')");
            }
        }
    }
}
fclose ($fp);
}
?>

Answer 1

I had the same problem. They started adding "\r\n" to the end of the response so I was comparing "VERIFIED" to "VERIFIED\r\n" and it was failing. You can do:

trim($res)

before testing for VERIFIED, or you can use strpos instead of strcmp:

if (strpos($res, "VERIFIED") === 0) (needs ===, not ==)

Finally, they also asked all customers a while back to start adding the Connection header:

$header .= "Connection: close\r\n";