OCS Paypal Payment - payment shows landingUnpaid on https

MikeL · July 16, 2016, 2:24pm

Hi

I have a test site and a production site. On the test site all works fine when paying with a sandbox Paypal account. On my production site I get a #schedConf.registration.landingUnpaid## displayed with either the sandbox or a real Paypal account.

Using IPN URL: https://www.paypal.com/cgi-bin/webscr
Paid by real VISA card details.
or
Using IPN URL: https://www.sandbox.paypal.com/cgi-bin/webscr
Paid using a sandbox VISA card or sandbox Paypal.

Page: https://conference.xxx.com/index.php/uis/speleo2017/payment/landing
Open Conference Systems
##schedConf.registration.landingUnpaid##
» Continue
and the registration is NOT marked as paid.

For my test site:
Using IPN URL: https://www.sandbox.paypal.com/cgi-bin/webscr
Paid using a sandbox VISA card.
Page: http://testconference.xxx.com/index.php/uis/speleo2017/payment/landing
I get:
Open Conference Systems
Thank you for registering! You will be contacted for further information on payment.
» Continue
and the registration is marked as paid.

I found a reference to this in the old forum “PayPal test and OCS registration report” at
https://pkp.sfu.ca/support/forum/viewtopic.php?f=3&t=7653&p=31460&hilit=landingUnpaid#p31460
The solution to the above was not to use the Merchant ID but I’m not using that - Im using the Paypal user email for the seller account.

So in the test IPN the payment info is getting back to the OCS but in the real IPN its not.

Mike

MikeL · July 17, 2016, 3:25am

Update:

The test site is on a different server to the production site. Just tested prod site using sandbox and it too gets unpaidLanding. So its prob something I have not set on the production site.

The apache log does not show any errors during a sandbox transaction. Any suggestions on where I should look, maybe some configuration thing I have missed? Help appreciated.

Mike

asmecher · July 18, 2016, 4:33pm

Hi @MikeL,

Have you checked the Apache access log to see if the IPN request is coming in from PayPal?

Regards,
Alec Smecher
Public Knowledge Project Team

MikeL · July 18, 2016, 11:39pm

Hi Alex

Thanks for that suggestion to look at access logs. Looks like Paypal is sending back data:

Using Production Site

[ Pay now ] ← at sandbox.paypal.com and click this

My Apache logs show:
173.0.82.126 “POST /index.php/uis/speleo2017/payment/plugin/Paypal/ipn HTTP/1.1” 401 3669 “-” “PayPal IPN ( https://www.paypal.com/ipn )”
173.0.82.126 “POST /index.php/uis/speleo2017/payment/plugin/Paypal/ipn HTTP/1.1” 401 3669 “-” “PayPal IPN ( https://www.paypal.com/ipn )”
(173.0 is Paypal address)

I get the page:

Thanks for your order
test, you've just completed your payment.
Your transaction ID for this payment is: 70123621CG036392L.
We'll send a confirmation email to xxxxx 
Click return to text facilitators store

At my production site I then saw:

My_work_ip_addr “POST /index.php/uis/speleo2017/payment/landing HTTP/1.1” 200 2405 “https://www.sandbox.paypal.com/au/cgi-bin/webscr?cmd=_flow&SESSION=AqgyQoJcA6GD4NM7s4mS4H2dg99MbZG4GDNoZ_YZh49EBnT2330R4aetx3qgA9bOTS&dispatch=540a222a577719240b6a3d7b6039e4d5294b4525e04b7e69bf40224adecfb0124e9b61f737ba21b08198163eee001d8a5bd337af8e5197b2a388”

Using my Test site

[ Pay now ] ← at sandbox.paypal.com and click this

Thanks for your order
test, you've just completed your payment.
Your transaction ID for this payment is: 84G95448BT603122D.

173.0.82.126 - - [19/Jul/2016:09:48:39 +1000] “POST /index.php/uis/speleo2017/payment/plugin/Paypal/ipn HTTP/1.1” 200 247 “-” “PayPal IPN ( https://www.paypal.com/ipn )”

Then Clicked return to text facilitators store

173.0.82.126 “POST /index.php/uis/speleo2017/payment/plugin/Paypal/ipn HTTP/1.1” 200 247 “-” “PayPal IPN ( https://www.paypal.com/ipn )”
My_work_ip_addr “POST /index.php/uis/speleo2017/payment/landing HTTP/1.1” 200 2171 “-” “Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0”

Comments

On production I get two Paypal IPN hits but only one using the test site.
The production (https) shows session info, the test site (not https) does not. The apache logs are quite different.
Something to do with https versus http ?

MikeL · July 19, 2016, 8:03am

I have just checked the CURL settings via phpinfo(). It has SSL as “yes”. From other posts in the old forum thats needed. So it looks like thats ok.

asmecher · July 19, 2016, 5:43pm

Hi @MikeL,

Did you check your PHP error log?

If you see two hits to your production site for a single transaction, it suggests to me that the first time wasn’t successful so PayPal is trying again. Depending on your server configuration, you may need to explicitly set the SSL version. Try adding to every set of curl_setopt calls in plugins/paymethod/paypal/PayPalPlugin.inc.php…

curl_setopt($ch, CURLOPT_SSLVERSION , 6);

See this thread: API auth failure · Issue #479 · paypal/PayPal-PHP-SDK · GitHub

Some (most?) servers will successfully negotiate an SSL handshake per PayPal’s expectations without this line.

Regards,
Alec Smecher
Public Knowledge Project Team

MikeL · July 20, 2016, 12:11am

Hi

Thanks for this lead. I looked in the php error log (php5-fpm.log) but its pretty empty of errors.
Added the line to set the ssl version to PayPalPlugin.inc.php and restarted apache and tried again but same error: unpaidLanding.
Downloaded the TlsCheck.php and ran that and got OK

$ php -f TlsCheck.php
PayPal_Connection_OKbool(true)

Is this the right way to get the version of ssl used by php?
php -r ‘var_dump(curl_version());’
string(6) “7.38.0”
string(14) “OpenSSL/1.0.1t”

I need to go live in a weeks time.

Mike

MikeL · July 20, 2016, 4:53am

Hi Alec and others

Have solved the problem. My silly mistake.
The error was:
173.0.82.126 “POST /index.php/uis/speleo2017/payment/plugin/Paypal/ipn HTTP/1.1” 401 3669 “-” "PayPal IPN
Note the 401. This is an Authorization Required error:
“This means that the page requires that the visitors authenticate with their username and password. If they fail to do that, the server returns this error message.”

I have protected the site with a simple basic auth username and password so it cant be accessed before it goes live !
Once I removed that (temporarily just to test) it all works.

Thanks and sorry for the question that was my error. At least I now know from reading many posts a bit more about how OCS and Paypal interact.

Mike

asmecher · July 20, 2016, 2:41pm

Hi @MikeL,

Thanks for following up, and glad it’s working!

Regards,
Alec Smecher
Public Knowledge Project Team