Forums

First let me say "Great Product!!" 😀

I'm working on a subscription based site that accepts payment via PayPal and then creates an account for the user. I was planning to create the basic account info (username, password, first/last name, etc) using the data returned by PayPal during the IPN. IPN would be sent to a chronoform script which would confirm with PayPal if the purchase was real or not then proceed to create the account using the cf_cb_registration plugin. The submit was done at the end by some javascript (document.ChronoContact_formName.submit();)

It seems that when PayPal POST's the IPN data to my ChronoForms script there is no browser and the Javascript doesn't run and the form is not submitted.

So, I guess my questions are:
1. Have any nifty ideas for automatically "submitting" a form?
2. What would be the cleanest/easiest way to do CB registration from within ChronoForms?

**2: I looked at the plugin and considered trying to instantiate the class or handle creation myself but it started sounding a little bit hack-ish

Thanks for humoring these questions!🙂
-Dauk!

Hi dauk,

The quick answer is to have PayPal submit the form - so set the PayPal Return URL to include &task=send. You can use your exisiting form with a bit of PHP to detect that the submission is coming from PayPal and contiue processing the submission from there.

Bob

Hi dauk,

I suggest you do it as Bob said with the submit URL by adding the &task=send to the form URL because you never can rely 100% on javascript with critical things but if you have V3.0 stable then this will throw some error because of the session test, give it a try and let us know the results!

Regards
Max

Thanks for the quick reply guys.

I started out with &task=send in the url but since I was getting the "You are not allowed to access this URL" error I changed my approach. I didn't realize 'till now that it is due to the session/token. Anyhow, I'm working on a solution from that angle now. I'll post my results when I have some.

Thanks!
Dauk

Hi dauk,

Too late to test anything here tonight - if you don't get it working let us know and I can write a littel code hack to recognize posts with a 'password' and bypass the token check.

Bob

Thanks GreyHead! I like that "posts with a password idea". I'm working on a hack right now to just recognize this one form and bypass that token check but I'll see about integrating the password thing too or instead. After reading some threads here it looks like the easest way to get this working (unless I can somehow pass a token through paypal to the submission??) In general I wouldn't want to bypass any security measures but this script echo's the _POST array back to paypal and they reply with "VERIFIED" or "INVALID" to authenticate a transaction.

I should have something posted in a little bit.
-Dauk

Hi Dauk,

you will need to hack the top of the 2nd function in the chronocontact.php file to get it working based on your needs, may be you can do some hash check if paypal does this!

Regards
Max

I've made some simple changes in chronocontact.php that work fine (more elaborate to come).. as it turns out I keep encountering a problem I had in the beginning of all this. I think I mentioned earlier that at first (by accident) I was using the URL containing "&task=send". I stopped using that because the page wasn't loading; I'm running into that now.

When I try and run the IPN test from the PayPal sandbox (connecting to my php/chronoform script) I get the error:
"IPN delivery failed. HTTP error code 301: Moved Permanently"

The URL works fine from a browser or simple PHP POST script. If I remove '&task=send' the chronoform URL loads as I would expect. (ie: page loads and POST data arrives but the form does not submit itself)

Any ideas how this Error301 relates to adding &task=send to the URL?

-Dauk

Hi Dauk,

This is probably the token checking that Max mentioned. Look for these lines around line 115 of chronocontact.php and comment them out for a moment:

		if(!JRequest::checkToken()){
			echo "You are not allowed to access this URL";
			return;
		}

If the IPN now works then this is the problem!

I think that the work-around is to check the incoming Post data first to see if it is from PayPal - you could check the Referer, or look for an identifiable field line

if ( JRequest::getString('reciever_email', '', 'post') != 'my_email' ) { 
if(!JRequest::checkToken()){
			echo "You are not allowed to access this URL";
			return;
		}
}

to bypass the token check.

Bob

Unfortunately, that was not the fix.
I had already bypassed that block of code; but to no avail... With that block removed, I can connect via browser or simple php POST but I still get an error when the paypal IPN tries.

<scratching head>

-Dauk

Hi Dauk,

I ran a little test and managed to get the PayPal IPN Simulator to send me an email through a ChronoForms form.

I suppressed the token check in chronocontact.php and used . . . index2.php?. . .&task=send. . . in the Return URL.

Bob

Later - the whole POst array is there:

Array ( [test_ipn] => 1 [payment_type] => instant [payment_date] => 23:10:53 Nov. 19, 2008 PST [payment_status] => Completed [address_status] => confirmed [payer_status] => verified [first_name] => John [last_name] => Smith [payer_email] => [email]buyer@paypalsandbox.com[/email] [payer_id] => TESTBUYERID01 [address_name] => John Smith [address_country] => United States [address_country_code] => US [address_zip] => 95131 [address_state] => CA [address_city] => San Jose [address_street] => 123, any street [business] => [email]seller@paypalsandbox.com[/email] [receiver_email] => [email]seller@paypalsandbox.com[/email] [receiver_id] => TESTSELLERID1 [residence_country] => US [item_name] => something [item_number] => AK-1234 [quantity] => 1 [shipping] => 3.04 [tax] => 2.02 [mc_currency] => USD [mc_fee] => 0.44 [mc_gross] => 12.34 [mc_gross1] => 9.34 [txn_type] => web_accept [txn_id] => 531120710 [notify_version] => 2.1 [custom] => xyz123 [charset] => windows-1252 [verify_sign] => AlsN5j5IDP.vSs-5hQOqAzo0WvO2AYdSxREyaDPZlAKiJzS2EeWHAeyv [url] => )

Great! Well, that is massively encouraging. I’ll dial my script back to scratch; there must be something there that I’m goofing up. If that’s not the case then I’ll see if it has something to do with my host or a few other things. Thanks for taking the time to look at this, GreyHead it’s greatly appreciated. 🙂

EDIT: It seems that my original script is doing something that's making the 301 appear since I have now been able to make the simple test script work. I'm expect that it has something to do with sending the reply request back to paypal for verification.