Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


MurrayM

2455 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

#180567 13-Sep-2015 21:42
Send private message

Are there any web developers here that use PayPal's IPN service?

I've been getting emails from PayPal for the last few months saying that they're updating things at their end to support SHA-256 certificates and that I might have to make changes on my websites in order for my PayPal integration to continue to work.

 

I use PayPal's IPN service, which I originally set up on my website (all custom PHP code that I wrote, no pre-built shopping carts) and that has been running quite happily since 2008.

 

My hosting is shared hosting on iServe as it's not a very large or busy website. The hosting platform is running PHP 5.2.17, Apache 2.2.3 (CentOS), and OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 (I got all of this info from PHP's phpinfo() function).

 

Am I correct in thinking that any changes that need to be made will have to be made by my web host (i.e. iServe) since I can't update any software on the server?

 

When I originally set everything up back in 2008 I remember downloading a certificate from PayPal and using OpenSSL on my Windows PC to create something (another certificate? I don't know) which I then uploaded to my website and use for encrypting my payment requests to PayPal. Does the SHA-256 changes that PayPal are bring in affect this? Do I need to remake the certificate or something?

 

I did try using the IPN Simulator (after changing the end points that my IPN handler uses) but I can't get this to work as the IPN Simulator gives me a 502 Bad Gateway error and I've got no idea what that means or what the problem might be.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
freitasm
BDFL - Memuneh
79253 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #1386983 14-Sep-2015 07:43
Send private message

Interesting... We use PayPal IPN for Geekzone Subscriptions and did not receive any email from them...




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup




freitasm
BDFL - Memuneh
79253 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #1386992 14-Sep-2015 08:03
Send private message

Thanks. Will have to play on the sandbox to test this.




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup




ScuL
487 posts

Ultimate Geek

Trusted

  #1387116 14-Sep-2015 12:13
Send private message

I got this e-mail too and I'm in the same situation.

I have a very limited IPN integration that basically imports all PayPal transactions into a mySQL database via a PHP script.
95% of the code of this script has been copy/pasted from the PayPal IPN website.

I have no idea what to adapt and the PayPal SHA-256 transfer site is very very unclear about what has to be changed.
Certainly no information about the PHP scripts whatsoever.




Haere taka mua, taka muri; kaua e wha.


MurrayM

2455 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1387126 14-Sep-2015 12:31
Send private message

ScuL: I got this e-mail too and I'm in the same situation.

I have a very limited IPN integration that basically imports all PayPal transactions into a mySQL database via a PHP script.
95% of the code of this script has been copy/pasted from the PayPal IPN website.

I have no idea what to adapt and the PayPal SHA-256 transfer site is very very unclear about what has to be changed.
Certainly no information about the PHP scripts whatsoever.

I've put in a support request to my web host (iServe) to see what they have to say. I'm hoping they'll come back and say that they're aware of the changes PayPal have made and have made the necessary changes at their end to ensure everything carries on working.

ScuL
487 posts

Ultimate Geek

Trusted

  #1387226 14-Sep-2015 14:50
Send private message

I've just had a look at the instructions
https://www.paypal-knowledge.com/resources/sites/PAYPAL/content/live/FAQ/1000/FAQ1766/en_US/2015%20Merchant%20Security%20System%20Upgrade%20Guide%20%28U.S.%20English%29.pdf

They keep going on about certificates but currently I am not using any certificates at all.. my site doesn't even have SSL :D
And the PHP script is working without any issues..

This is the code I am using
https://github.com/paypal/ipn-code-samples/blob/master/paypal_ipn.php




Haere taka mua, taka muri; kaua e wha.


MurrayM

2455 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1387257 14-Sep-2015 15:07
Send private message

ScuL: I've just had a look at the instructions
https://www.paypal-knowledge.com/resources/sites/PAYPAL/content/live/FAQ/1000/FAQ1766/en_US/2015%20Merchant%20Security%20System%20Upgrade%20Guide%20%28U.S.%20English%29.pdf

They keep going on about certificates but currently I am not using any certificates at all.. my site doesn't even have SSL :D
And the PHP script is working without any issues..

This is the code I am using
https://github.com/paypal/ipn-code-samples/blob/master/paypal_ipn.php

My site doesn't use SSL either, it doesn't need to because all of the credit card entry is done on PayPal's site.

I do encrypt the data that I send to PayPal (i.e. how much to charge, my PayPal ID, etc) but I'm not sure if that's covered by this certificate change or not.

 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
mattwnz
20141 posts

Uber Geek


  #1387264 14-Sep-2015 15:10
Send private message

MurrayM:
ScuL: I got this e-mail too and I'm in the same situation.

I have a very limited IPN integration that basically imports all PayPal transactions into a mySQL database via a PHP script.
95% of the code of this script has been copy/pasted from the PayPal IPN website.

I have no idea what to adapt and the PayPal SHA-256 transfer site is very very unclear about what has to be changed.
Certainly no information about the PHP scripts whatsoever.

I've put in a support request to my web host (iServe) to see what they have to say. I'm hoping they'll come back and say that they're aware of the changes PayPal have made and have made the necessary changes at their end to ensure everything carries on working.


It looks like they have recently setup new servers running php 5.5 which is good. Maybe the new servers support it? I think you can switch it to the new servers by just changing the IP in the DNS zone.

MurrayM

2455 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1387277 14-Sep-2015 15:42
Send private message

mattwnz: It looks like they have recently setup new servers running php 5.5 which is good. Maybe the new servers support it? I think you can switch it to the new servers by just changing the IP in the DNS zone.


That's good news, thanks for the info. I haven't had a reply back from iServe yet.

ajobbins
5052 posts

Uber Geek

Trusted

  #1387349 14-Sep-2015 17:58
Send private message

I got an email with IMMEDIATE ATTENTION REQUIRED in the subject from them overnight on Saturday. Quick search of my emails (I delete nothing) shows this is the first notice I have received of the change, despite the email starting with "As we have previously communicated to you".

I'm running a pretty basic site on WordPress/WooCommerce and very confused about what I need to do here.




Twitter: ajobbins


freitasm
BDFL - Memuneh
79253 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #1387350 14-Sep-2015 18:01
Send private message

I am confused too. We have two sites: one uses SSL the other doesn't. Both work just fine.





Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


ajobbins
5052 posts

Uber Geek

Trusted

  #1387368 14-Sep-2015 18:23
Send private message

This is a monumental screw up on PayPals part. Clearly they haven't communicated with everyone even now, and all the info out there is completely unclear about what we need to do.




Twitter: ajobbins


Noodles
487 posts

Ultimate Geek


  #1387471 14-Sep-2015 20:28
Send private message

A little bit off topic, but I can't believe someone would still be offering PHP 5.2 hosting, it was EOL'ed more than 4 years ago.

ScuL
487 posts

Ultimate Geek

Trusted

  #1388410 16-Sep-2015 09:59
Send private message

I've been told this may only be a change on the PayPal server side and all you need to ensure is that the client supports the SHA-256 algorithm.
I am still unsure.




Haere taka mua, taka muri; kaua e wha.


ScuL
487 posts

Ultimate Geek

Trusted

  #1398345 1-Oct-2015 23:20
Send private message

Well, it's the 1st of October now and everything is still working..




Haere taka mua, taka muri; kaua e wha.


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.