Update to PayPal IPN

In Sept 2016 PayPal are changing their requirement for posting IPN messages back to PayPal for verification.

They are making the post url as https. My current versions of scripts already post to https so there should not be any change required, however, they also suggest that https://ipnpb.paypal.com/cgi-bin/webscr should be used in the future rather than https://www.paypal.com/cgi-bin/websc





PayPal upgrade to Certificate which may affect IPN based programs and scripts

There appears to be quite a bit of chat about the changes that PayPal are making to their system to allow SHA-256 during September 2015. This is to do with improving the SSL (Secure Socket Layer) security and is used over https systems.

A part of their message is:

“PayPal is upgrading the certificate for www.paypal.com to SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product.”

PayPal IPN can be used over non SSL, that is using http – that is why many developers like it because it does not need SSL certificates on their web servers which can be expensive especially if you are a small trader. You don’t really want to have to purchase certificates if you are selling a small number of items.

So the kind of systems that are affected are those that use https and which use PayPal API to provide secure connections from your server to the PayPal server.

IPN over plain http will be supported as it currently is, so you will still be able to supply a plain http link to your IPN listener script. However if your IPN listener script is sSL/TLS enabled it will have to be SHA-256 complaint and your listening server will need to be able to accept SHA-256 certificates.

So do the changes affect the scripts on www.Withinweb.com that use IPN? Well the answer to that is NO, it does not affect the scripts at all.

PHP-eSeller, PHP-SecureArea and PHP-KeyCodes use a simple method of handshake between PayPal to verify that the transaction has taken place and hence no modifications are need to the applications.

New PHP script to register users on your site

PHP-Register is a new PHP / mySQL application that is used to easily create forms that collect data from your visitors before they are directed to a page of your choice.

The application is easy to instal on on Linux type web server or Windows web server providing it has PHP and mySQL.

In the administration pages you can create forms with each form having input boxes of text, textarea, drop down lists, checkboxes or radio buttons.  Each input may have validation allowing you to define the data that a visitor can enter.

For full details, refer to http://www.withinweb.com/phpregister/