Announcement

Collapse
No announcement yet.

If you use PayPal in your VB5 forum you must make manual file edits by October 7th- Read This.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • If you use PayPal in your VB5 forum you must make manual file edits by October 7th- Read This.

    Hello All,

    If you use vBulletin 5.0,5 or lower AND you use PayPal you will likely need to make a manual file edit to your /core/includes/paymentapi/class_paypal.php file.

    These changes will be included in 5.1.0 but it is not yet available.

    The fix was posted by Paul M in this JIRA- http://tracker.vbulletin.com/browse/VBIV-15747 and discussed in http://tracker.vbulletin.com/browse/VBV-11159

    I am reposting here for those uncomfortable with JIRA-

    Please do not use Windows Notepad to edit PHP files, it can cause issues by inserting invisible characters. A good free alternative is Notepad2 or Notepad++, both can easily be found and downloaded via a Google search. Or any other code editing text editor you have will work.

    Open and edit the file: /core/includes/paymentapi/class_paypal.php

    There are two instances of:

    Code:
    $header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
    $header .= "Host: www.paypal.com\r\n";
    $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
    $header .= "Content-Length: " . strlen($query) . "\r\n\r\n";
    Change them both to:

    Code:
    $header = "POST /cgi-bin/webscr HTTP/1.1\r\n";
    $header .= "Host: www.paypal.com\r\n";
    $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
    $header .= "Content-Length: " . strlen($query) . "\r\n";
    $header .= "User-Agent: vBulletin via PHP\r\n";
    $header .= "Connection: Close\r\n\r\n";
    NEXT... there are two instances of:

    Code:
                curl_setopt($ch, CURLOPT_URL, 'http://www.paypal.com/cgi-bin/webscr');
                curl_setopt($ch, CURLOPT_TIMEOUT, 15);
                curl_setopt($ch, CURLOPT_POST, true);
                curl_setopt($ch, CURLOPT_POSTFIELDS, $query);
                curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
                curl_setopt($ch, CURLOPT_USERAGENT, 'vBulletin via cURL/PHP');
    below each one add the line:

    Code:
    curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));

    Then save and re-upload your files. Save an old copy of the old file just in case, but upload the new versions.

    This will make your forums work after the October 7th changes announced by PayPal.

    Dear Customer,

    In a bulletin dated October 18, 2011, we announced that we were going to expand the number of IP addresses for www.paypal.com to improve our site’s performance, scalability and availability. As part of this transition, we planned to discontinue support for HTTP 1.0 protocol starting October 7, 2013.

    We have recently identified that this change may impact the ability of some of our merchants to perform IPN (Instant Payment Notification) post-back validation or PDT (Payment Data Transfer) posts to www.paypal.com and ipnpb.paypal.com. This happens when the IPN or PDT scripts use HTTP 1.0 protocol and do not include the “Host: www.paypal.com” or “Host: ipnpb.paypal.com” header in the HTTP request.

    Additional Details

    Starting October 7, 2013, we will require all incoming requests to have a “Host” header which complies with HTTP 1.1 Specifications. This header was not required under HTTP 1.0. IPN and PDT scripts using HTTP 1.0 may start failing with “HTTP/1.0 400 Bad Request” errors after October 7, 2013, which will result in IPN messages not being validated successfully, or PDT scripts not being able to retrieve transaction information.

    Action Required before October 7, 2013

    Merchants need to update their IPN and/or PDT scripts to use HTTP 1.1, and include the “Host” and “Connection: close” HTTP header in the IPN postback script.

    Example with Host as www.paypal.com (please make necessary changes if you are using ipnpb.paypal.com):

    ASP
    //Set values for the request back
    req.Method="POST";
    req.Host="'www.paypal.com'";
    req.ContentType="application/x-www-form-urlencoded";

    Perl
    $req=HTTP::Request->new('POST', 'https://www.paypal.com/cgi-bin/webscr');
    $req->content_type('application/x-www-form-urlencoded');
    $req->header(Host=> 'www.paypal.com');
    $req->header(Connection=> 'close');

    PHP
    // post back to PayPal system to validate
    $header="POST /cgi-bin/webscr HTTP/1.1\r\n";
    $header .="Content-Type: application/x-www-form-urlencoded\r\n";
    $header .="Host: www.paypal.com\r\n";
    $header .="Connection: close\r\n\r\n";

    Java
    HttpsURLConnection uc=(HttpsURLConnection) u.openConnection();
    uc.setDoOutput(true);
    uc.setRequestProperty("Content-Type","application/x-www-form-urlencoded");
    uc.setRequestProperty("Host", "www.paypal.com");
    uc.setRequestProperty("Connection", "Close");

    The PayPal Sandbox has been configured to reject any HTTP requests without the “Host” header with HTTP 400 error. Merchants can use the Sandbox environment to certify the changes to their IPN and PDT scripts.

    For more information on PDT and IPN, please refer to http://www.paypal.com/pdt and http://www.paypal.com/ipn. For additional information or questions about this change, please contact PayPal's Merchant Technical Support team via https://www.paypal.com/mts.

    Sincerely,

    PayPal
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X