Welcome Guest, Not a member yet? Register   Sign In
[solved] $config['csrf_protection'] and Paypal
#1

[eluser]SPeed_FANat1c[/eluser]
Hi,

when $config['csrf_protection'] is TRUE Paypal IPN does not work.

So do you solve it? Check by IP addreses in the config file and the set to true or false accordingly?

I tried getting sandbox.paypal.com IP with $_SERVER['REMOTE_ADDR'] and get 216.113.191.33

I also googled for IPs and found such thing:

https://cms.paypal.com/us/cgi-bin/?cmd=_...echecklist

But there is no such IP address, so that means that the table is not updated or something. So I cannot trust it. And what if they decide to change the IP (for some reason) ? then I will also have to change IPs in config file.

How do you solve this problem?

Edit:

Found the solution in another thread:
Code:
if (isset($_SERVER["REQUEST_URI"]))
{
    if(stripos($_SERVER["REQUEST_URI"],'/mypage') === FALSE)
    {
        $config['csrf_protection'] = TRUE;
    }
    else
    {
        $config['csrf_protection'] = FALSE;
    }
}
else
{
    $config['csrf_protection'] = TRUE;
}
#2

[eluser]Jacob Graf[/eluser]
Worked for me! Here is a link to the original solution.

http://ellislab.com/forums/viewthread/182631/




Theme © iAndrew 2016 - Forum software by © MyBB