What files do I need to modify for PayPal's HTTP header request changes?

Discussion in 'Payments processing' started by oreamnos, Sep 13, 2012.

  1. oreamnos

    oreamnos New Member

    Joined:
    Jul 1, 2007
    Messages:
    13
    Hi

    I got this email (below) from PayPal. I'm running aMember 3.1.4PRO. The IPN URL for my site is: MYDOMAIN.com/amember/plugins/payment/paypal_r/ipn.php

    What PHP files do I need to update in order to prevent problems from occurring on February 1, 2013?

    Thanks,
    Eric

    PayPal Email Below:

    ######################################

    In a bulletin dated October 18, 2011, we announced that we were going to expand the number of IP addresses for www.paypal.com to improve our site’s performance, scalability and availability. As part of this transition, we planned to discontinue support for HTTP 1.0 protocol starting February 1, 2013.

    We have recently identified that this change may impact the ability of some of our merchants to perform IPN (Instant Payment Notification) post-back validation or PDT (Payment Data Transfer) posts to www.paypal.com. This happens when the IPN or PDT scripts use HTTP 1.0 protocol and do not include the "Host: www.paypal.com" header in the HTTP request.

    Additional Details
    Starting February 1, 2013, we will require all incoming requests to have a "Host" header which complies with HTTP 1.1 Specifications. This header was not required under HTTP 1.0. IPN and PDT scripts using HTTP 1.0 may start failing with "HTTP/1.0 400 Bad Request" errors after February 1, 2013, which will result in IPN messages not being validated successfully, or PDT scripts not being able to retrieve transaction information.

    Action Required before February 1, 2013
    Merchants need to update their IPN and/or PDT scripts to use HTTP 1.1, and include the "Host" header in the IPN postback script.

    Example:

    PHP
    // post back to PayPal system to validate
    $header .="POST /cgi-bin/webscr HTTP/1.1\r\n";
    $header .="Content-Type: application/x-www-form-urlencoded\r\n";
    $header .="Host: 'www.paypal.com\r\n';;
  2. thehpmc

    thehpmc Member

    Joined:
    Aug 24, 2006
    Messages:
    901
    paypal_r.inc.php contains the following lines:
    Code:
             
                $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
                $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
                $header .= "Content-Length: " . strlen ($req) . "\r\n\r\n";
    so would think you need to change the first line and add the new 'host' line.

    Note the above was taken from V3.2.3
  3. davidm1

    davidm1 aMember User & Partner

    Joined:
    May 16, 2006
    Messages:
    4,435
    I sent an email to amember about this last week- they said amember was already compatible.

    David
  4. oreamnos

    oreamnos New Member

    Joined:
    Jul 1, 2007
    Messages:
    13
    I'm using aMember 3.1.4PRO which isn't compatible.

    However, we changed this:
    PHP:
    $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
    $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
    $header .= "Content-Length: " strlen ($req) . "\r\n\r\n";
    To this:
    PHP:
    $header .= "POST /cgi-bin/webscr HTTP/1.1\r\n";
    $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
    $header .= "Host: www.paypal.com\r\n";
    $header .= "Content-Length: " strlen ($req) . "\r\n\r\n";
    And this seems to be working.

    Eric
  5. ryanbsmith

    ryanbsmith Member

    Joined:
    Apr 29, 2008
    Messages:
    31
    I am running aMember 3.2.3 and I just want to confirm that it is compatible with PayPal's IPN changes. Thanks!

    -Ryan
  6. alexander

    alexander Administrator Staff Member

    Joined:
    Jan 8, 2003
    Messages:
    6,274
    Latest version 3.2.4 is compatible with latest paypal's IPN changes.
  7. zzargo

    zzargo aMember Pro Customer

    Joined:
    May 7, 2008
    Messages:
    14
    How do we know if our version is compatible?

    I'm using 3.2.4, but I noticed my paypal_r.inc.php file shows:

    $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
    $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
    $header .= "Content-Length: " . strlen ($req) . "\r\n\r\n";
    $fp = fsockopen ($this->paypal_domain, 80, $errno, $errstr, 30);
    Is it compatible? Do I need to make any changes to the header information in this file?
  8. thehpmc

    thehpmc Member

    Joined:
    Aug 24, 2006
    Messages:
    901
    If you read through the above posts then the answer would appear to be yes.
  9. zzargo

    zzargo aMember Pro Customer

    Joined:
    May 7, 2008
    Messages:
    14
    I did read through the above, but Paypal specifically says they are moving to HTTP 1.1 -- 3.2.4 says it's HTTP 1.0 and doesn't have the "HOST" specified.

    Alex: Can you confirm re: 3.2.4 and whether my paypal_r.inc.php file is correct?

    Even though I'm at 3.2.4, it has the following:

    $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
    $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
    $header .= "Content-Length: " . strlen ($req) . "\r\n\r\n";
    $fp = fsockopen ($this->paypal_domain, 80, $errno, $errstr, 30);
  10. alexander

    alexander Administrator Staff Member

    Joined:
    Jan 8, 2003
    Messages:
    6,274
    Code which you include is here to handle situations when there is no curl support in php.
    3.2.4 Use libcurl to send HTTP requests incl. paypal verification request. libcurl is supported by all hosting providers, at least I haven't seen provider who doesn't support it. Also curl requests have Host header by default.

Share This Page