XF 1.1 PayPal IPNs returning 500

Mopquill

Active member
I've gone through the whole setup, and I've read tons of threads on here, including this one. I'm trying to set things up to work with the PayPal sandbox so I can test an addon I'm developing for a client, and I've made and remade the paypal sandbox accounts, to no avail. I've also seen Jake's post regarding having debug mode on (I do), and I've tried allowing IPNs to be used based on the URI submitted, as well as filling it out manually (http://example.com/forum/payment_callback.php). I've disabled all httpd.conf / .htaccess rules (except the standard rules I use for security). I'm completely at a loss here. It might be some weird extenuating circumstance, or it might be something incredibly stupid that I'm overlooking, but, I'll take whatever I can get at this point.

At present, I have IPNs enabled in the seller's account, and pointed to http://example.com/forum/payment_callback.php . I again, have debug mode enabled, and the paypal email is properly set to the seller's paypal email in both the User Upgrades section, and the Debug Options section (though I believe those are the same setting). All addons are off- I'm trying to get this to work with vanilla XenForo before I even try enabling and debugging my add-on. Oh, and I'm on XenForo 1.1.2 on Apache 2

relevant portion of httpd.conf, personal info expunged:
Code:
<VirtualHost IP:80>
    ServerName example.com
    ServerAdmin example@example.com
    DocumentRoot /path/to/public_html
    UseCanonicalName OFF
    CustomLog /path/to/logs/example.com.log combined
    ErrorLog /path/to/logs/example.com.error.log
    <Directory /path/to/public_html>
        AllowOverride All
        Order Deny,Allow
        Allow from all
        Options IncludesNOEXEC -Indexes +SymLinksIfOwnerMatch
        php_admin_flag engine ON
        php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f example@example.com'
        php_admin_value open_basedir /path/to/one/dir/above/public_html/:/tmp:/usr/local/lib/php/
    </Directory>
</VirtualHost>

/path/to/public_html/.htaccess:
Code:
php_flag display_startup_errors on
php_flag display_errors 8191
php_flag html_errors on

/path/to/public_html/forums/.htaccess:
Code:
<IfModule mod_rewrite.c>
    RewriteEngine On
# Default XenForo Stuff
    #    If you are having problems with the rewrite rules, remove the "#" from the
    #    line that begins "RewriteBase" below. You will also have to change the path
    #    of the rewrite to reflect the path to your XenForo installation.
    RewriteBase /forums

    #    This line may be needed to enable WebDAV editing with PHP as a CGI.
    #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -l [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^.*$ - [NC,L]
    RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
    RewriteRule ^.*$ index.php [NC,L]
</IfModule>

/path/to/public_html/forums/library/config.php
Code:
<?php

$config['db']['host'] = 'localhost';
$config['db']['port'] = '3306';
$config['db']['username'] = 'dbuser';
$config['db']['password'] = 'dbpass';
$config['db']['dbname'] = 'dbname';

$config['superAdmins'] = '1';

//Other Settings
$config['debug'] = true;
$config['enableListeners'] = false;

?>

Linux System Info:
Code:
user@hostname:~$ uname -a
Linux hostname 2.6.32-5-amd64 #1 SMP Sun May 6 04:00:17 UTC 2012 x86_64 GNU/Linux

user@hostname:~$ cat /etc/issue
Debian GNU/Linux 6.0 \n \l

user@hostname:~$ cat /etc/debian_version
6.0.5
 
root@hostname:~# apache2 -v
Server version: Apache/2.2.16 (Debian)
Server built:   Apr  1 2012 07:14:38
 
user@hostname:~$ php -v
PHP 5.3.3-7+squeeze9 with Suhosin-Patch (cli) (built: May  8 2012 10:41:34)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
    with Suhosin v0.9.32.1, Copyright (c) 2007-2010, by SektionEins GmbH
 
user@hostname:~$ cat /etc/apt/sources.list
###### Debian CD Repos
# deb cdrom:[Debian GNU/Linux 6.0.2.1 _Squeeze_ - Official amd64 DVD Binary-1 20110626-16:33]/ squeeze contrib main
# deb cdrom:[Debian GNU/Linux 6.0.2.1 _Squeeze_ - Official amd64 DVD Binary-1 20110626-16:33]/ squeeze contrib main

###### Debian Main Repos
deb http://ftp.us.debian.org/debian/ squeeze main contrib non-free
deb-src http://ftp.us.debian.org/debian/ squeeze main contrib non-free

###### Debian Update Repos
deb http://security.debian.org/ squeeze/updates main contrib non-free
deb-src http://security.debian.org/ squeeze/updates main contrib non-free
 
 
root@host:~# apt-get update && apt-get upgrade
Hit http://security.debian.org squeeze/updates Release.gpg
Ign http://security.debian.org/ squeeze/updates/contrib Translation-en
Ign http://security.debian.org/ squeeze/updates/main Translation-en
Hit http://ftp.us.debian.org squeeze Release.gpg
Ign http://ftp.us.debian.org/debian/ squeeze/contrib Translation-en
Ign http://ftp.us.debian.org/debian/ squeeze/main Translation-en
Ign http://security.debian.org/ squeeze/updates/non-free Translation-en
Hit http://security.debian.org squeeze/updates Release
Ign http://ftp.us.debian.org/debian/ squeeze/non-free Translation-en
Hit http://ftp.us.debian.org squeeze Release
Hit http://security.debian.org squeeze/updates/main Sources
Hit http://ftp.us.debian.org squeeze/main Sources
Hit http://security.debian.org squeeze/updates/contrib Sources
Hit http://security.debian.org squeeze/updates/non-free Sources
Hit http://security.debian.org squeeze/updates/main amd64 Packages
Hit http://security.debian.org squeeze/updates/contrib amd64 Packages
Hit http://security.debian.org squeeze/updates/non-free amd64 Packages
Hit http://ftp.us.debian.org squeeze/contrib Sources
Hit http://ftp.us.debian.org squeeze/non-free Sources
Hit http://ftp.us.debian.org squeeze/main amd64 Packages
Hit http://ftp.us.debian.org squeeze/contrib amd64 Packages
Hit http://ftp.us.debian.org squeeze/non-free amd64 Packages
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

Relevant Screenshots:
Checkout Phases:
http://mpql.net/i/p/ss/2012-05-17_QhB1e.png
http://mpql.net/i/p/ss/2012-05-17_Hdj6O.png
http://mpql.net/i/p/ss/2012-05-17_0TXgO.png
http://mpql.net/i/p/ss/2012-05-17_PuVhh.png

Upgrade Not Purchased:
http://mpql.net/i/p/ss/2012-05-17_V7IDL.png

Seller's Account After Purchase:
http://mpql.net/i/p/ss/2012-05-17_ZYIZV.png

IPN History:
http://mpql.net/i/p/ss/2012-05-17_0Ue6n.png

IPN Transactions:
http://mpql.net/i/p/ss/2012-05-17_VsBX0.png
http://mpql.net/i/p/ss/2012-05-17_O7XZ4.png

Actual IPN Transaction Content, personal info expunged:
Code:
00L196348C014412U:

txn_type=subscr_signup&subscr_id=I-05P0C5APD5PA&last_name=<snip>&residence_country=US&mc_currency=USD&item_name=Account Upgrade: <snip> (test)&business=<snip>&amount3=5.00&recurring=1&verify_sign=AXYbT.lWLgPZR0lEvhnvoFTmTiUZAbB0oia6A1ZAkLAQs6iO08ngCpO-&payer_status=verified&test_ipn=1&payer_email=<snip>&first_name=<snip>&receiver_email=<snip>&payer_id=GARQ69JL8RHH2&reattempt=1&subscr_date=19:43:58 May 17, 2012 PDT&custom=566,1,token,566,1337308843,36217818bb30fddefe206d2b950d982764245512&charset=windows-1252&notify_version=3.4&period3=1 M&mc_amount3=5.00&ipn_track_id=283ecca77aeb4



2EL40658RU816481Y:

transaction_subject=Account Upgrade: <snip> (test)&payment_date=19:44:02 May 17, 2012 PDT&txn_type=subscr_payment&subscr_id=I-05P0C5APD5PA&last_name=<snip>&residence_country=US&item_name=Account Upgrade: <snip> (test)&payment_gross=5.00&mc_currency=USD&business=<snip>&payment_type=instant&protection_eligibility=Ineligible&verify_sign=A.tcY6aABwfLy8tpJodDr2s6vp3VAc6-XiAQEEpUuLewx016wj2OOgg3&payer_status=verified&test_ipn=1&payer_email=<snip>&txn_id=75G19719N0893740C&receiver_email=<snip>&first_name=<snip>&payer_id=GARQ69JL8RHH2&receiver_id=SHDKJGX9T3ME4&payment_status=Completed&payment_fee=0.45&mc_fee=0.45&mc_gross=5.00&custom=566,1,token,566,1337308843,36217818bb30fddefe206d2b950d982764245512&charset=windows-1252&notify_version=3.4&ipn_track_id=30e99f9453d7

I apologize in advance if I've left out any important or useful information; I've tried to be as thorough as possible. If any information I've left out is needed to diagnose this, please let me know, and I'll get it to you when I next respond. I appreciate any help or insight any of you guys out there can offer. Thanks.
 
Okay, I imagine Jake went to bed or something, but, I've got it working- though I don't think it was directly my changing of it to HTTPS that fixed it. The zip file I used for installation was called xenforo_1.1.2_<License #>_full.zip , just to clarify, this is indeed XenForo 1.1.2.

library/XenForo/UserUpgradeProcessor/Paypal.php:
Code:
            if ($this->_filtered['test_ipn'] && XenForo_Application::debugMode())
            {
                $validator = XenForo_Helper_Http::getClient('http://www.sandbox.paypal.com/cgi-bin/webscr');
            }
            else
            {
                $validator = XenForo_Helper_Http::getClient('http://www.paypal.com/cgi-bin/webscr');
            }

library/XenForo/ControllerPublic/Account.php:
Code:
        $viewParams = array(
            'available' => $upgradeModel->prepareUserUpgrades($purchaseList['available']),
            'purchased' => $upgradeModel->prepareUserUpgrades($purchaseList['purchased']),
            //'payPalUrl' => 'https://www.sandbox.paypal.com/cgi-bin/websrc',
            'payPalUrl' => 'https://www.paypal.com/cgi-bin/websrc',
        );

Take note of the HTTPS/HTTP and webscr/websrc in the PayPal URIs in the different files. I suspect it's this discrepancy between the two files leading to the issue- not to mention, near as my google searches can tell, /cgi-bin/websrc isn't a real paypal directory. Googling "PayPal /cgi-bin/websrc" without the quotes nets a bunch of pages, the first of which is PayPal's own /cgi-bin/webscr , the second XenForo (which I figured is no coincidence), and then some amateurish looking sites giving apparently incorrect instructions. I just re-downloaded 1.1.2 from XenForo's customer area, and verified that the same http/s webscr/websrc discrepancies are in those files. I'm not sure if 1.1.2 is the *newest* as I've let my license expire and haven't renewed it, but it's at the very least present in that version. I imagine Sumo copied the https link upon changing it, or that perhaps the websrc in Account.php doesn't matter. It's also possible that it does in fact need to be https- but either way, the problem is fixed on my end.

Thanks for all your help Jake, and thanks for what you've pointed out Sumo, which led to the solution. I didn't think you knew what you were talking about at first, so, I apologize if I came off a bit disbelieving.

EDIT: Just noticed the WYSIWYG Editor lied to me when it applied my bold/color tags inside the code tags. Post updated to remove plaintext BBCODE.
 
I've been tinkering with this more, and I figured I'd follow up on this. Near as I can tell, the URI in library/XenForo/ControllerPublic/Account.php *has* to be HTTPS, or the screen the user sees when directed to PayPal is just their account overview. The URIs in both Account.php *and* library/XenForo/UserUpgradeProcessor/Paypal.php seem to have to end with webscr , as websrc isn't an actual URI, as mentioned previously. The URI in PayPal.php has to be HTTPS as well, or validation of the IPN fails. My website does not need to be HTTPS, which is what I initially (mis?)understood Sumo to be saying. This has all only been tested with the PayPal sandbox, but considering that the sandbox is supposed to function just like real PayPal, I have no idea how anybody has upgrades working without edits.

For those that just want the fix, in library/XenForo/UserUpgradeProcessor/PayPal.php, find:
Code:
            if ($this->_filtered['test_ipn'] && XenForo_Application::debugMode())
            {
                $validator = XenForo_Helper_Http::getClient('http://www.sandbox.paypal.com/cgi-bin/webscr');
            }
            else
            {
                $validator = XenForo_Helper_Http::getClient('http://www.paypal.com/cgi-bin/webscr');
            }

and replace with:

Code:
            if ($this->_filtered['test_ipn'] && XenForo_Application::debugMode())
            {
                $validator = XenForo_Helper_Http::getClient('https://www.sandbox.paypal.com/cgi-bin/webscr');
            }
            else
            {
                $validator = XenForo_Helper_Http::getClient('https://www.paypal.com/cgi-bin/webscr');
            }


Next, in library/XenForo/Controller_Public/Account.php, find:
Code:
        $viewParams = array(
            'available' => $upgradeModel->prepareUserUpgrades($purchaseList['available']),
            'purchased' => $upgradeModel->prepareUserUpgrades($purchaseList['purchased']),
            //'payPalUrl' => 'https://www.sandbox.paypal.com/cgi-bin/websrc',
            'payPalUrl' => 'https://www.paypal.com/cgi-bin/websrc',
        );

and replace with:

Code:
        $viewParams = array(
            'available' => $upgradeModel->prepareUserUpgrades($purchaseList['available']),
            'purchased' => $upgradeModel->prepareUserUpgrades($purchaseList['purchased']),
            //'payPalUrl' => 'https://www.sandbox.paypal.com/cgi-bin/webscr',
            'payPalUrl' => 'https://www.paypal.com/cgi-bin/webscr',
        );

And that should fix upgrades, if they're not working.
 
I've been tinkering with this more, and I figured I'd follow up on this. Near as I can tell, the URI in library/XenForo/ControllerPublic/Account.php *has* to be HTTPS, or the screen the user sees when directed to PayPal is just their account overview. ...

...

Next, in library/XenForo/Controller_Public/Account.php, find:
Rich (BB code):
        $viewParams = array(
            'available' => $upgradeModel->prepareUserUpgrades($purchaseList['available']),
            'purchased' => $upgradeModel->prepareUserUpgrades($purchaseList['purchased']),
            //'payPalUrl' => 'https://www.sandbox.paypal.com/cgi-bin/websrc',
            'payPalUrl' => 'https://www.paypal.com/cgi-bin/websrc',
        );

and replace with:

Rich (BB code):
        $viewParams = array(
            'available' => $upgradeModel->prepareUserUpgrades($purchaseList['available']),
            'purchased' => $upgradeModel->prepareUserUpgrades($purchaseList['purchased']),
            //'payPalUrl' => 'https://www.sandbox.paypal.com/cgi-bin/webscr',
            'payPalUrl' => 'https://www.paypal.com/cgi-bin/webscr',
        );

And that should fix upgrades, if they're not working.
This replacement is absurd. Are they the same or I do not see the difference? I see the same text.
EDIT: I see it.

Thanks and salud2
 
Top Bottom