john mccoy Posted March 15, 2016 Share Posted March 15, 2016 My customers site uses a customised version of CC4 but with the standard Paypal Gateway Paypal now required the IPN verification to be updated to use HTTPS rather than HTTP as at present In CC4 I can see that you could use admin to set the whole site to use SSL/ HTTPS, but I'm sure that would really slow the whole site down. I can't see a way in CC4 to use the admin system to just set IPN verification to use HTTPS. Have I missed something? I've looked at the code and it looks like the verification is in file modules\gateway\PayPal\call.inc.php Has anyone managed to modify this gateway / file to work with the new 'HTTPS-only' PayPal sandbox IPN url ipnpb.sandbox.paypal.com ? more info here: https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1916&viewlocale=en_US TIA John Quote Link to comment Share on other sites More sharing options...
bsmither Posted March 15, 2016 Share Posted March 15, 2016 I don't do PayPal, so I am no help with having tested anything. Yes, you can set the CC4 site to SSL mode, but that isn't necessary. What is necessary is to get an SSL certificate installed for your site. I am confident that CC4 will accept a HTTPS IPN request that does not actually involve CC4's SSL switch-over feature. Quote Link to comment Share on other sites More sharing options...
john mccoy Posted March 15, 2016 Author Share Posted March 15, 2016 Thanks fro your reply. An SSL cert is in place, and it looks like the cert is OK, unfortunately I think IPN needs sorting out because the site admin got an email from PayPal saying that IPN via HTTPS was an issue that needs to be corrected by 30/9/16 Extract from email from PayPal >> Step 2: Understand how these changes affect your integration. Here are the key areas requiring your attention. If the chart shows “Yes”, you may require changes to be compatible with that security upgrade. If you see a “No,” our data shows that you are already compliant or do not use that functionality. There may be other changes you need to make, but please pay particular attention to the following areas: Change Do I need to make a change? SSL Certificate Upgrade to SHA-256 No TLS 1.2 and HTTP/1.1 Upgrade No IPN Verification Postback to HTTPS Yes IP Address Update for PayPal Secure FTP Servers No Merchant API Certificate Credential Upgrade No Discontinue Use of GET Method for Classic NVP/SOAP APIs No >> Quote Link to comment Share on other sites More sharing options...
bsmither Posted March 15, 2016 Share Posted March 15, 2016 Let's try this. In the file /modules/gateway/PayPal/transfer.inc.php: Find: $hiddenVars .= "<input type='hidden' name='upload' value='1' /> <input type='hidden' name='notify_url' value='".$GLOBALS['storeURL']."/index.php?_g=rm&type=gateway&cmd=call&module=PayPal' /> <input type='hidden' name='return' value='".$GLOBALS['storeURL']."/index.php?_g=rm&type=gateway&cmd=process&module=PayPal&cart_order_id=".$orderSum['cart_order_id']."' /> <input type='hidden' NAME='cancel_return' value='".$GLOBALS['storeURL']."/index.php?_g=rm&type=gateway&cmd=process&module=PayPal&cart_order_id=".$orderSum['cart_order_id']."&c=1' />"; Replace every instance of: $GLOBALS['storeURL'] with: $config['storeURL_SSL'] These are the URLs that the CubeCart gateway module is telling the payment processor how to contact CubeCart with the payment notification. If CC4 was running under SSL anyway, then $GLOBALS['storeURL'] would have the HTTPS Absolute URL as specified in admin, Store Settings, Directories and Folders section. But if not, then by using the HTTPS Absolute URL absolutely, it won't matter (hopefully) that Cubecart hadn't enabled its SSL feature. Quote Link to comment Share on other sites More sharing options...
mojee Posted April 5, 2016 Share Posted April 5, 2016 Hi I receiving email from paypal, PayPal Instant Payment Notification Warning Please check your server that handles PayPal Instant Payment Notifications (IPN). Instant Payment Notifications sent to the following URL(s) are failing:http://www.noshahitech.co.uk/index.php?_g=rm&type=gateway&cmd=call&module=PayPalIf you do not recognize this URL, you may be using a service provider that is using IPN on your behalf. Please contact your service provider with the above information. If this problem continues, IPNs may be disabled for your account. can you tel me where and how to sort out Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.