Community Support Forums

We're a S2Member Pro customer.

We're trying to use IPN to update both a WP site and a Salesforce relay script. We've tried a modification of the method in paypal-central-ipn.php, but the Salesforce relay rejects the forwarded post because it's not originating at paypal.

The message from SalesForce is "Configure your PayPal account to post payment notifications to this page."

I realize, of course, you can't support SaleForce issues.

We thought perhaps we could try this the other way - configure IPN to send its messages to SF, then have SF forward the post data to S2Member. Would S2 reject the message for the same reason - the message didn't originate at PP? If so, how would we go about duplicating what S2 does in WordPress? Is there an entry point into S2 that would handle the data correctly?

We have some scripting talent here, but we are not all that familiar with either the WordPress or S2 codebases.

Thanks

Steve Petrie
enlightennext.org

Thanks for the question, Steve. I'm forwarding it to Jason.

Thanks for bringing this thread to my attention.

I see. I would suggest that you modify the script we provide just a bit ( included as attachment ).
Your central IPN handler can forge the PayPal IPN server's IP address, to make SalesForce think it came directly from PayPal's IPN server. The attached file is modified for you to make this work.

Code: Select all

$paypal_ipn_server_ip_address = $ip = /* Forge IP address to match the PayPal® IPN server here. */ "216.113.188.202";
/* See list of IPs here: <https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/howto_api_golivechecklist>. */
header ("HTTP/1.0 200 OK") . exit (trim (curlpsr ($CONFIG[$domain], http_build_query ($_POST), 20, 20, array ("REMOTE_ADDR: " . $ip, "HTTP_X_FORWARDED_FOR: " . $ip)))); 

To answer your question ... no, this is not an issue for s2Member. s2Member does NOT check the originating IP address of the remote host; because, as you see here it can be forged anyway.

Instead, s2Member talks directly to PayPal, and s2Member verifies the contents of each IPN submitted to it; looking for verification directly from PayPal in the context of it's own routines. So, as long as your IPN did originate at PayPal (at some point), it's fine with s2Member. In short, you should be OK to do it the other way around, if you prefer. It is also possible to self-authenticate IPNs sent to s2Member, using a Proxy-IPN Key. Please check your Dashboard here ( screenshot attached ).