Error from cURL: #3: <url> malformed

When debug is on I get, I'm testing payments using sandbox.paypal.com to test when a payment is made it should upgrade the user but instead when I had the debug on I get this error. Error from cURL: #3: malformed

0 0 0 -1 0 0 0 0 0 0 0 0 0 0 -1 -1 0 0

Script for handling the IPN

<?php



define("IN_MYBB", 1);

require_once "./inc/init.php";

$email = 'email@example.com'; // the email debug emails are sent to
$sandbox = '.sandbox'; // set to .sandbox if you want to use sandbox
$debugging = 1; // set to 1 to receive emails

if($debugging)
    my_mail($email, "IPN NOTIFICATION #1", "Debugging only.");

// The following part of the code comes mainly from PayPal's sample
// Quoting the comments:
// "reading posted data from directly from $_POST causes serialization 
// issues with array data in POST
// reading raw POST data from input stream instead."
//
// Possible explanation(?): http://stackoverflow.com/a/14008214
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
    $keyval = explode('=', $keyval);
    if (count($keyval) == 2)
        $myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($myPost as $key => $value) {        
    $value = urlencode($value);
    $req .= "&$key=$value";
}

$ch = curl_init('https://www'.$sandbox.'.paypal.com/cgi-bin/webscr');
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/x-www-form-urlencoded", 'Connection: Close', 'User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0', "Content-Length: " . strlen($req)));
curl_setopt($ch, CURLOPT_HEADER , 0);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);


if(!($curl_result = curl_exec($ch)))
{
    if($debugging)
    {
        $cInfo = curl_getinfo($ch); 
        my_mail($email, "IPN ERROR #1", "Error from cURL: #".curl_errno($ch).': ' . curl_error($ch)."\n\n".implode("\n", $cInfo));
    }
    curl_close($ch);
    exit;
}
curl_close($ch);

if (strcmp($res, "VERIFIED") == 0)
{
    $address_city = $db->escape_string($_POST['address_city']);
    $address_country = $db->escape_string($_POST['address_country']);
    $address_country_code = $db->escape_string($_POST['address_country_code']);                   
    $address_name = $db->escape_string($_POST['address_name']);
    $address_state = $db->escape_string($_POST['address_state']);
    $address_status = $db->escape_string($_POST['address_status']);
    $address_street = $db->escape_string($_POST['address_street']);
    $address_zip = $db->escape_string($_POST['address_zip']);
    $first_name = $db->escape_string($_POST['first_name']);
    $last_name = $db->escape_string($_POST['last_name']);
    $payer_business_name = $db->escape_string($_POST['payer_business_name']);
    $payer_email = $db->escape_string($_POST['payer_email']);
    $payer_id = $db->escape_string($_POST['payer_id']);
    $payer_status = $db->escape_string($_POST['payer_status']);
    $residence_country = $db->escape_string($_POST['residence_country']);
    $business = $db->escape_string($_POST['business']);
    // subscription name
    $item_name = $db->escape_string($_POST['item_name']);
    // subscription id
    $item_number = intval($_POST['item_number']);
    $quantity = $db->escape_string($_POST['quantity']);
    $receiver_email = $db->escape_string($_POST['receiver_email']);
    $receiver_id = $db->escape_string($_POST['receiver_id']);
    // user id
    $custom = intval($_POST['custom']);
    $invoice = $db->escape_string($_POST['invoice']);
    $memo = $db->escape_string($_POST['memo']);
    $option_name1 = $db->escape_string($_POST['option_name1']);
    $option_name2 = $db->escape_string($_POST['option_name2']);
    $option_selection1 = $db->escape_string($_POST['option_selection1']);
    $option_selection2 = $db->escape_string($_POST['option_selection2']);
    $tax = $db->escape_string($_POST['tax']);
    $auth_id = $db->escape_string($_POST['auth_id']);
    $auth_exp = $db->escape_string($_POST['auth_exp']);
    $auth_amount = $db->escape_string($_POST['auth_amount']);
    $auth_status = $db->escape_string($_POST['auth_status']);
    $mc_gross = $db->escape_string($_POST['mc_gross']);
    $mc_handling = $db->escape_string($_POST['mc_handling']);
    $mc_shipping = $db->escape_string($_POST['mc_shipping']);
    $num_cart_items = $db->escape_string($_POST['num_cart_items']);
    $parent_txn_id = $db->escape_string($_POST['parent_txn_id']);
    $payment_date = $db->escape_string($_POST['payment_date']);
    $payment_status = $db->escape_string($_POST['payment_status']);
    $payment_type = $db->escape_string($_POST['payment_type']);
    $pending_reason = $db->escape_string($_POST['pending_reason']);
    $reason_code = $db->escape_string($_POST['reason_code']);
    $remaining_settle = $db->escape_string($_POST['remaining_settle']);
    $transaction_entity = $db->escape_string($_POST['transaction_entity']);
    $txn_id = $db->escape_string($_POST['txn_id']);
    $txn_type = $db->escape_string($_POST['txn_type']);
    $exchange_rate = $db->escape_string($_POST['exchange_rate']);
    $mc_currency = $db->escape_string($_POST['mc_currency']);
    $mc_fee = $db->escape_string($_POST['mc_fee']);
    $payment_fee = $db->escape_string($_POST['payment_fee']);
    $payment_gross = $db->escape_string($_POST['payment_gross']);
    $settle_amount = $db->escape_string($_POST['settle_amount']);
    $settle_currency = $db->escape_string($_POST['settle_currency']);
    $for_auction = $db->escape_string($_POST['for_auction']);
    $auction_buyer_id = $db->escape_string($_POST['auction_buyer_id']);
    $auction_closing_date = $db->escape_string($_POST['auction_closing_date']);
    $auction_multi_item = $db->escape_string($_POST['auction_multi_item']);
    $subscr_date = $db->escape_string($_POST['subscr_date']);
    $subscr_effective = $db->escape_string($_POST['subscr_effective']);
    $period1 = $db->escape_string($_POST['period1']);
    $period2 = $db->escape_string($_POST['period2']);
    $period3 = $db->escape_string($_POST['period3']);
    $amount1 = $db->escape_string($_POST['amount1']);
    $amount2 = $db->escape_string($_POST['amount2']);
    $amount3 = $db->escape_string($_POST['amount3']);
    $mc_amount1 = $db->escape_string($_POST['mc_amount1']);
    $mc_amount2 = $db->escape_string($_POST['mc_amount2']);
    $mc_amount3 = $db->escape_string($_POST['mc_amount3']);
    $recurring = $db->escape_string($_POST['recurring']);
    $reattempt = $db->escape_string($_POST['reattempt']);
    $retry_at = $db->escape_string($_POST['retry_at']);
    $recur_times = $db->escape_string($_POST['recur_times']);
    $username = $db->escape_string($_POST['username']);
    $password = $db->escape_string($_POST['password']);
    $subscr_id = $db->escape_string($_POST['subscr_id']);
    $case_id = $db->escape_string($_POST['case_id']);
    $case_type = $db->escape_string($_POST['case_type']);
    $case_creation_date = $db->escape_string($_POST['case_creation_date']);
    $notify_version = $db->escape_string($_POST['notify_version']);
    $verify_sign = $db->escape_string($_POST['verify_sign']);

    if ($debugging)
        my_mail($email, "IPN NOTIFICATION #2", "Debugging only.");

    $valid = true;

    $lang->load("mysubscriptions");

    // does the user exist?
    $user = get_user(intval($custom));
    if (empty($user))
    {
        if ($debugging)
            my_mail($email, "IPN - Subscription Invalid #1", "\nInvalid user.\n");
    }
    else {
        // verify if subscription exists
        $query = $db->simple_select('mysubscriptions_subscriptions', '*', 'sid=\''.$item_number.'\''); // check sid
        $sub = $db->fetch_array($query);
        if (!$sub)
        {
            if ($debugging)
                my_mail($email, "IPN - Subscription Invalid #2", "\nInvalid subscription\nItem Number:".$item_number."\nItem Name:".$item_name);
            $valid = false;
        }

        if ($debugging)
            my_mail($email, "IPN - Validation", "\nis valid: ".intval($valid));

        $additional = $sub['additional'];
        $endgroup = intval($user['usergroup']);
        $uname = $db->escape_string($user['username']);

        $query = $db->query("INSERT INTO `".TABLE_PREFIX."mysubscriptions_log` values (
            'NULL',
            '$uname',
            '$custom',
            '$additional',
            '$item_number',
            '$endgroup',
            '$receiver_email',
            '$receiver_id',
            '$business',
            '$item_name',
            '$item_number',
            '$quantity',
            '$invoice',
            '$option_name1',
            '$option_selection1',
            '$option_name2',
            '$option_selection2',
            '$payment_type',
            '$payment_status',
            '$pending_reason',
            '$reason_code',
            '$payment_date',
            '$settle_amount',
            '$settle_currency',
            '$exchange_rate',
            '$payment_gross',
            '$payment_fee',
            '$mc_gross',
            '$mc_fee',
            '$mc_currency',
            '$mc_handling',
            '$mc_shipping',
            '$tax',
            '$txn_id',
            '$txn_type',
            '$for_auction',
            '$auction_buyer_id',
            '$auction_closing_date',
            '$auction_multi_item',
            '$first_name',
            '$last_name',
            '$address_name',
            '$address_street',
            '$address_city',
            '$address_state',
            '$address_zip',
            '$address_country',
            '$address_country_code',
            '$address_status',
            '$payer_business_name',
            '$payer_email',
            '$payer_id',
            '$payer_status',
            '$residence_country',
            '$memo',
            '$subscr_date',
            '$subscr_effective',
            '$period1',
            '$period2',
            '$period3',
            '$amount1',
            '$amount2',
            '$amount3',
            '$mc_amount1',
            '$mc_amount2',
            '$mc_amount3',
            '$recurring',
            '$reattempt',
            '$retry_at',
            '$recur_times',
            '$username',
            '$password',
            '$subscr_id',
            '$auth_id',
            '$auth_exp',
            '$auth_amount',
            '$auth_status',
            '$transaction_entity',
            '$remaining_settle',
            '$parent_txn_id',
            '$case_id',
            '$case_type',
            '$case_creation_date',
            '$notify_version',
            '$verify_sign',
            '".TIME_NOW."',
            '0',
            '0')");

        if ($debugging)
            my_mail($email, "IPN VERIFICATION", "\npayment_status: {$payment_status}\nmc_gross: {$mc_gross}\nsub['price']: {$sub['price']}\nreceiver_email: {$receiver_email}\nmybb->settings['mysubscriptions_paypal_email']: {$mybb->settings['mysubscriptions_paypal_email']}\nmc_currency: {$mc_currency}\nmybb->settings['mysubscriptions_paypal_currency']: {$mybb->settings['mysubscriptions_paypal_currency']}\n\n");

        if ($sub['enabled'] == 1 && $valid === true && $payment_status == "Completed" && $mc_gross == $sub['price'] && $receiver_email == $mybb->settings['mysubscriptions_paypal_email'] && $mc_currency == $mybb->settings['mysubscriptions_paypal_currency']) // now is the time!
        {
            if ($sub['additional'])
                join_usergroup($custom, $sub['group']);
            else
                $db->update_query('users', array('usergroup' => $sub['group']), 'uid=\''.$custom.'\'');

            // send PM to subscriber
            if ($debugging)
                my_mail($email, "IPN Success", "\n Verified IPN $txn_type  Transaction, sending PM.\n \n $postipn\n");

            if($sub['message'] == '')
            {
                $sub['message'] = $lang->sprintf($lang->mysubscriptions_success_message, $sub['title']);
            }

            mysubscriptions_send_pm(array('receivepms' => 1, 'subject' => $lang->mysubscriptions_success_title, 'message' => $sub['message'], 'touid' => $custom), 1);
            mysubscriptions_send_pm(array('receivepms' => 1, 'subject' => $lang->mysubscriptions_success_title_admin, 'message' => $lang->sprintf($lang->mysubscriptions_success_message_admin, $sub['title']), 'touid' => 1), $custom);
        }

        // If Refuned or Reversed, lets make sure the user gets "unsubscribed"
        if($payment_status == "Refunded" || $payment_status == "Reversed")
        {
            $query = $db->simple_select('mysubscriptions_log', '*', 'payment_status=\'Completed\' AND sid=\''.$item_number.'\' AND uid='.$custom, array('order_by' => 'timestamp', 'order_dir' => 'desc'));
            $sub = $db->fetch_array($query);
            if(!$sub)
            {
                if ($debugging)
                    my_mail($email, "IPN - Subscription Invalid", "\nInvalid subscription (Refuned/Reversed)\n");
            }
            else{
                if ($sub['additional'])
                    leave_usergroup($custom, $sub['group']);
                else
                    $db->update_query('users', array('usergroup' => $sub['endgroup']), 'uid=\''.$custom.'\'');
            }
        }

        // End of time, get user out of the usergroup
        if($txn_type == "subscr_eot")
        {
            $query = $db->simple_select('mysubscriptions_log', '*', 'sid=\''.$item_number.'\'');
            $sublog = $db->fetch_array($query);
            if (!$sublog)
            {
                if ($debugging)
                    my_mail($email, "IPN - Subscription Log Invalid", "\nInvalid subscription log (End of Time)\n");
            }

            if ($sublog['additional'])
            {
                $query = $db->simple_select('mysubscriptions_subscriptions', '*', 'sid=\''.$item_number.'\'');
                $sub = $db->fetch_array($query);
                if (!$sub)
                {
                    if ($debugging)
                        my_mail($email, "IPN - Subscription Invalid", "\nInvalid subscription (End of Time)\n");
                }

                leave_usergroup($custom, $sub['group']);
            }
            else
            {
                $query = $db->query("UPDATE ".TABLE_PREFIX."users SET usergroup='".$sublog['endgroup']."' WHERE uid='".$custom."'");
            }
        }

        // We're not using any trials here so subscr_signup = subscr_payment, do nothing for this one since we've done it for the other
        if($txn_type == "subscr_payment")
        {
            // do nothing here
        }
    }
}
else
{
    // Invalid
    if ($debugging)
        my_mail($errormail, "IPN ERROR 2", "IPN transaction was invalid.");
}

exit;

?>

Answers


It looks like you're overwriting the url with curl_setopt with an undefined variable. $ch = curl_init('https://www'.$sandbox.'.paypal.com/cgi-bin/webscr'); curl_setopt($ch, CURLOPT_URL,$url);

Removing curl_setopt($ch, CURLOPT_URL,$url); should do the trick!


"Now I'm getting this. Error from cURL: #35: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure sandbox.paypal.com/cgi-bin/webscr 0 100 354 -1 0 0 0.311861 0.000235 0.000283 0 0 0 0 0 -1 -1 0 0 – Clueking yesterday"

To follow up on this, due to changes to data security standards by the Payment Card Industry (PCI) Security Standards Council, PayPal is implementing security upgrades and the sandbox endpoint has already been upgraded as of November 2015.

Here is a link to more information on the changes and how to fix the issue: https://www.paypal-knowledge.com/infocenter/index?page=content&id=FAQ1913&expand=true&locale=en_US


Need Your Help

soap webservices in iphone app , how?

iphone web-services soap

I am currently working on an iphone app which requires me to use soap webservices , so that i can load data like customer info in my iphone app . If anyone knows how to so so then please tell me or