Paypal IPN on multiple domains and only 1 paypal account

Hi,

Could you possibly tell me if I am going to have issues with Paypal IPN if I am using membership plugin on multiple similar domains but only 1 paypal account?

Thanks in advance.

Stef

  • Adam Czajczyk

    Hey Stefanie,

    I hope you're well today and thank you for your question!

    An IPN URL is site-specific so you cannot use the same URL for multiple domains. This would create a serious issue resulting in

    - Membership Pro not being notified by PayPal of transaction status
    - Errors on PayPal's side that might lead to suspending your PayPal account.

    That doesn't mean though that you need multiple PayPal accounts for multiple sites. Actually, it's even prohibited by PayPal itself. Furthermore, you can only define a single IPN URL for your account. This might seem a bit confusing.

    Usually the solution is to use a "notify_url" variable but this is the case of custom implementations. With plugins that require notifications from PayPal, such as Membership Pro, it might not be possible without a serious code customization.

    A workaround here would most likely be a "IPN handler/broadcaster" script. Please take a look here:
    http://codeseekah.com/2012/02/11/how-to-setup-multiple-ipn-receivers-in-paypal/

    This is a script that you use as a IPN receiver instead of all your sites. Basically, it acts as a replacement for notification handling functions. It receives a notification from PayPal and then broadcasts it to selected websites of your choice.

    I haven't had a chance to test it yet but it seems as a reasonable way around.

    I hope that helps. If you have any further questions, please ask. I'll be glad to assist!

    Cheers,
    Adam

  • Stefanie

    Hi @Adam Czajczyk

    Darn it. My simple project is rapidly becoming a nightmare.

    I currently use a time booking system on several sites and only 1 paypal account but this does not seem to be effected. Paypal returns the users to the site the payment originated from.

    Apologies for the questions. Am I right if I guess the issue with the IPN Is this due to the recurring payments/subscription element and the need for notifications?

    If so, will there be the same issue with protected content as I don't recollect the use of an IPN with this plugin?

    I was originally using protected content as it was perfect for my project but for the lack of affiliate integration. I would go back to this if affiliate integration was imminent and the IPN was not an issue. (don't suppose you know if this is on it's way?)

    Thank you for taking the time to reply.

    Kind regards

    Stef

  • Adam Czajczyk

    Hey Stef,

    I'm sorry for complications. The "multiple IPN" , as I can see on various forums, is a widely demanded feature and PayPal seems to constantly ignore all the requests. I don't have a clue why as I do agree that this would make life of hundreds of thousands merchants way easier.

    That said, for single payments IPN shouldn't be an issue as PayPal is redirecting to a proper site. As you said, the problem arises when there's a need to be notified about recurring payment. For single payments it should work fine without IPN I think.

    As for affiliate integration. I may surprise you but I do know if this is on it's way: it is :slight_smile: We're now getting very close to a big update for Protected Content (though I'm not able to give an ETA on this) and it will integrate with our "Affiliates" Plugin:

    https://premium.wpmudev.org/project/wordpress-mu-affiliate/

    I hope that helps.

    Regards,
    Adam

  • Stefanie

    Hi @Adam Czajczyk

    No apologies required. The complications are Paypal's fault. :slight_smile: Having followed your code link I see the IPN issue has caused quite a problem. It seems Paypal are unaware that a business may have more than one website. lol

    The code link you supplied looks like it would work fine and simply enough. ( I wonder if this could be packaged up in a plugin somehow. Food for thought - my project for the weekend).

    Great news with protected content and affiliates as this is perfect for what I am doing. I am able to defer the affiliate system for a few weeks or a couple of months. Any longer and I will have to go the membership route- could you guess on a rough ETA? (I won't hold you to it)

    Apologies but I have some confusion with how Paypal single Payments actually works within protected content... If using this gateway (rather than standard) no IPN is requested or (I guess) required.
    I am a bit confused by this?
    Would there still be automatic recurring billing when using this option?
    If so, could this be used on multiple sites without drawback? Ie return to originator site.
    Is the only issue when there is a cancellation at Paypal? i.e. no automatic notification.

    Thanks again for all the pointers and help.

    Kind regards

    Stef

  • Adam Czajczyk

    Hey Stef!

    Great news with protected content and affiliates as this is perfect for what I am doing. I am able to defer the affiliate system for a few weeks or a couple of months. Any longer and I will have to go the membership route- could you guess on a rough ETA? (I won't hold you to it)

    As much as I'd love to tell you exactly when this will be released, I'm really not able to. This is a complex project (and a really big update) and there's always something to test or upgrade so there's no way to make any conclusive predictions. I can tell you though that it's really very, very close :slight_smile:

    Apologies but I have some confusion with how Paypal single Payments actually works within protected content... If using this gateway (rather than standard) no IPN is requested or (I guess) required.
    I am a bit confused by this?

    Your confusion is totally understandable! Actually, I'm myself getting a bit confused if it comes to a payment gateways (especially PayPal's) logic and philosophy behind. I've got a feeling they sometimes making things too complicated without a reason :slight_smile:

    However, according to PayPal's docs, you should be able to safely quit using IPN if it comes to single payments.

    For Membership Pro (and the same rule should apply Protected Content) you need IPN in order to allow PayPal to notify your site about recurring payments and subscription cancellation. Those two features won't work without IPN. This is what's IPN definitely required and if you're using the plugin on multiple sites you'll most likely need some kind of "IPN receiver/broadcaster" script (as I mentioned before)

    As for single payments. Plugin should work fine, though if PayPal for some reason sends you a notification (such as when user decided to cancel payment) you won't get it. This shouldn't be a serious issue if you have a really simple payment/prices structure and cancellation/return policy.

    If you don't provide PayPal with IPN URL, it shouldn't send you notifications so you'll have to handle all the cancellations directly via PayPal's account. I hope I'm right :slight_smile:

    Is the only issue when there is a cancellation at Paypal? i.e. no automatic notification

    Well, yes and no. If the IPN URL is given to PayPal but PayPal isn't able to interact with it properly, this may lead to warnings from PayPal and possible account suspension. If it isn't, then I think yes - that (and all the consequences that I've mentioned above) should be the only serious issue.

    Have a nice day!
    Adam

  • Stefanie

    Hi @Adam Czajczyk

    Fantastic - I think :wink:

    In essence, what I hope I now understand from this is... I can use protected content and the single payments gateway. (no IPN). This gateway will still ?? automatically process a recurring payment at the renewal date which will either be paid or will fail if cancelled by the subscriber directly with paypal.

    Without an IPN, I would just have to handle any cancellations manually upon receipt of the cancellation notification email from Paypal.

    Hope I got it this time.

    Incidentally, do members/subscribers receive a billing notice in advance?

    Thank you again for taking the time to help. Excellent support as always.

    Stef. x

  • Adam Czajczyk

    Hey Stef,

    I'm afraid I have to complicate things a bit :slight_frown:

    In essence, what I hope I now understand from this is... I can use protected content and the single payments gateway. (no IPN). This gateway will still ?? automatically process a recurring payment at the renewal date which will either be paid or will fail if cancelled by the subscriber directly with paypal.

    The gateway itself should process recurring payments if PayPal will allow you to use them without providing IPN. I think it should as no-IPN simply means no integration. It won't however inform your site about taking payment.

    Without an IPN, I would just have to handle any cancellations manually upon receipt of the cancellation notification email from Paypal.

    Yes, you will. Although I'm pretty sure that because of not being informed of payment the Membership plugin will not know that the user was charged and might consider user's subscription expired. Remember, it wasn't notified of the payment!

    This also means there'll be no automatic invoices/billings from plugin. Ultimately, I think there's no safe and easy way to use recurring payments without IPN. The workaround here might be to setup a "Manual payment" gateway instead of PayPal and just provide users with a link to an external PayPal's payment form, then just handle all activations/cancellations/etc manually.

    Without IPN everything should work just fine but with single non-recurring payments only.

    I hope that's at least a bit helpful :slight_smile:

    Cheers,
    Adam

  • Stefanie

    Hi Adam

    OK. So I have to admit the IPN route really is the way to go however, I must also admit, I am struggling a little with the code (code seeker) you referred to hence the reluctance.

    Adding each of my sites individual ipn to the first few lines is simple enough however, the next part 'fingerprints' has me a bit stumped.

    I am really sorry to trouble you with this but do you know what need customising here and if anything else following requires customising too?

    I am not sure what parts I would change or where I would get the correct code in the first place.

    It all seems simple enough but I am lacking the skills to understand this confidently enough to add to a live site.

    Sorry to be a pin and thank you again. :slight_smile:

    Stef.x

  • Adam Czajczyk

    Hey Stef!

    As I've said before, I haven't had a chance to test this script yet although it seems like a reasonable solution. I've run through its doc and here's what I've come up with.

    1. The "fingerprints" are actually the conditions that let you differentiate your endpoints. Basically, PayPal's notification includes some data and this is related to the particular transaction, thus particular store. The "fingerprints" code part is there to analyze the notification content and decide where to broadcast.

    2. This is actually a tricky part. You need to find an individual part of such a notification that matches the particular store: common for all transactions but different for different stores.

    3. I think the first step to analyze it would be

    - take a look here: https://developer.paypal.com/docs/classic/ipn/ht_ipn/

    - switch to sandbox mode in order not to play with your "live" PayPal account

    - use this script instead of "broadcaster":

    <?php
    
    $raw_post_data = file_get_contents('php://input');
    $raw_post_array = explode('&', $raw_post_data);
    $myPost = array();
    foreach ($raw_post_array as $keyval) {
      $keyval = explode ('=', $keyval);
      if (count($keyval) == 2)
         $myPost[$keyval[0]] = urldecode($keyval[1]);
    }
    var_dump ($myPost);

    This script will output "readable" array of data received from PayPal when the notification is trigerred. Using it you should be able to (by performing a lot of various test transactions from all your stores) analyze PayPal's responses and identify aforementioned "fingerprints".

    4. Knowing those "fingerprints" you can get back to "broadcaster" and write your own conditions.

    I hope that helps!

    Cheers,
    Adam

  • Stefanie

    Hey Adam

    Sorry for the quiet - needed some sleep !

    I have managed to get above script to work...so far. lol yeah.

    I actually removed the fingerprint section for the time being so no filtering but the traffic is low at the moment so it's on a back burner.

    Thank you so much. I couldn't have done it without your help.

    btw. I did stumble across a similar thread regarding the same issue and pro sites.

    https://premium.wpmudev.org/forums/topic/multiples-ipn-dynamically-setting-the-notification-url

    I assume this is pro sites specific (I haven't had the chance to read it all yet). I notice the script is different to the one we have discussed but it did raise a point about passwords on the IPN forwarder which I probably need to look at.

    Thanks again.

    Stef. :slight_smile:

  • Adam Czajczyk

    Hey Stef,

    I'm glad I could help! Such moments always make me shine as a summer sun at noon :slight_smile:

    I actually removed the fingerprint section for the time being so no filtering but the traffic is low at the moment so it's on a back burner.

    Judging it by the logic, the endpoint (your store) should know that the particular notification is addressed to it so this should work all right. However, I think you'll need to get those fingerprints to work before going "full scale live" as without separation of these notifications there's a chance that you may receive some mismatched transaction confirmations in your stores. Or, do not receive them at all.

    btw. I did stumble across a similar thread regarding the same issue and pro sites.

    https://premium.wpmudev.org/forums/topic/multiples-ipn-dynamically-setting-the-notification-url

    I assume this is pro sites specific (I haven't had the chance to read it all yet). I notice the script is different to the one we have discussed but it did raise a point about passwords on the IPN forwarder which I probably need to look at.

    I'll need to take a closer look at this thread since I'm not familiar with it yet. As far as I understand though, having one working broadcaster script should let you use multiple endpoints (IPN receivers - stores or membership systems) of different kind. The "broadcaster" itself simply forwards the notification "as is" so for the receiver it's like it was sent directly from PayPal.

    I hope that helps!

    Cheers,
    Adam

  • Stefanie

    Hi @Adam Czajczyk

    Just to update, I raised the question over the other relevance of the IPN in another thread just out of interest as it is quite old now and tied to Pro sites.

    In the mean time, I am pushing on with the fingerprint bit and wonder if I might trouble you once more.

    Sadly, I am completely baffled at how to
    -

    use this script instead of "broadcaster":

    Does this mean replace the 'broadcast' block of code within the codeseekah forwarding script or relace the whole script itself?

    Once done, how do I then access and read the array of data? Where does it go?

    output "readable" array of data

    Sorry for being a bit slow on this one. :slight_frown: I feel like I am missing something obvious.

    Stef

  • Adam Czajczyk

    Hey Stef!

    Sadly, I am completely baffled at how to
    -
    use this script instead of "broadcaster":
    Does this mean replace the 'broadcast' block of code within the codeseekah forwarding script or relace the whole script itself?

    I guess I didn't make it clear enough :slight_smile: The goal here is to intercept PayPal's notifications in a "human readable" form of some kind, in order to further analyze them. The best way to do it is to use a script that will receive data sent by PayPal, convert it and save to take a look.

    Here's the script for analysis again. This time with comments and a small change:

    <?php
    
    // read data sent by PayPal
    $raw_post_data = file_get_contents('php://input');
    
    //convert "an URL string" to array
    $raw_post_array = explode('&', $raw_post_data);
    
    //process this array, it's a kind of ordering data
    $myPost = array();
    foreach ($raw_post_array as $keyval) {
      $keyval = explode ('=', $keyval);
      if (count($keyval) == 2)
         $myPost[$keyval[0]] = urldecode($keyval[1]);
    }
    
    // "print" array in a human readable form to a string
    $results = print_r($myPost, true);
    
    // create file name: "ipn_" + date in a format of YY-MM-dd-HH-mm-ss + ".txt";
    $log_name = "ipn_" . date('y-m-d-H-i-s') . ".txt";
    // save data to a file for further analysis
    file_put_contents($log_name, $results);
    ?>

    Save this code into a file (for example: "analyze.php"), upload to your server and set the location of this file (full URL) in PayPal as your IPN URL (of course in paypal's sandbox mode).

    What you should end up with after a bunch of transaction should be a list of files with names like this:

    "ipn_2015-06-04-17-05-21.txt"

    With names like this you should be able to easily identify files in relation to particular transaction. Inside the files you should find "printed array" that should look similar to this:

    Array
    (
        [a] => apple
        [b] => banana
        [c] => Array
            (
                [0] => x
                [1] => y
                [2] => z
            )
    )

    This should allow you also to easily identify data sent by PayPal's IPN, thus find the patterns matching particular stores. Knowing that you should be able to add "fingerprint" analysis to a "broadcaster" script.

    So, to summarize it all up:

    1. Use given script instead of "broadcaster" script for a while
    2. Better upload it to a separate folder as it may produce a lot of "log files"
    3. Carefully read log files and try to identify patterns that would let you identify stores
    4. Knowing those patterns (or individual, unique parts of data) you may get back to your original broadcaster script and add "fingerprints" part to it.

    If you have any further questions on this, I'll be glad to assist!

    Cheers,
    Adam

  • Adam Czajczyk

    Hey Stef,

    All was going well until paypal sandbox decided I was not worthy.

    Looks like a tech-issue to me. It happened to me also a few times in sandbox mode as well as in "live" mode (fortunately, the latter only while I was simply browsing my account) and it didn't cause any trouble. The error was just gone after a few minutes of waiting and re-login.

    Having said that, I wouldn't worry to much. This is a sandbox mode so by definition it shouldn't affect your "real account" in any way. It should "fix itself" quite fast and you should be able to work.

    If not, I'm afraid you'd have to contact PayPal and just tell them that you're working in sandbox mode and you're in the middle of development.

    Let me know what's the status please!

    Cheers,
    Adam