Fix your PayPal PHP IPN script
Thursday, January 23rd, 2014In October 2013 PayPal changed a bit of their server infrastructure. They announced it well, with multiple warnings about requiring the Host: header to be sent with verification requests.
Now suddenly my PHP IPN scripts did not work anymore, data was coming in but nothing got verified.
Checking the response quickly points out that PayPal is now redirecting requests to use HTTPS, but our old scripts are still based on years old example code using fsockopen on port 80. fsockopen doesn’t know about HTTP redirects.
So, to get your PHP PayPal IPN notifications working again, you should replace the fsockopen line with:
$fp = fsockopen('ssl://www.paypal.com', 443, $errno, $errstr, 30);
Update: A few days later things stopped working again… it seems PayPal now adds a newline character behind the VERIFIED response, messing up the sample script. This can be resolved by replacing:
$res = fgets ($fp, 1024);
with
$res = trim(fgets ($fp, 1024));