Use a multiplexer script inspired by PayPal's code samples to duplicate the IPN posting to multiple scripts.
PayPal's IPN facility enables you to process your orders in real time. By specifying a script on your site, you can automatically update your database, add a name to your subscriber list, or email a custom order confirmation. PayPal's system is capable of making a call to only one IPN page per transaction, but with some code and tweaking, we can call more than one script.
Any IPN script [Hack #65] accepts data from PayPal, verifies it, then goes about its business. The following multiplexer script is no different, but its mission is simply to pass the information on to your secondary scripts.
' read post from PayPal system and add 'cmd' str = Request.Form & "&cmd=_notify-validate" ' post back to PayPal system to validate set objHttp = Server.CreateObject("Msxml2.ServerXMLHTTP") objHttp.open "POST", "https://www.paypal.com/cgi-bin/webscr", false objHttp.setRequestHeader "Content-type", "application/x-www-form-urlencoded" objHttp.Send str ' assign posted variables to local variables ' Check notification validation if (objHttp.status <> 200 ) then ' HTTP error handling elseif (objHttp.responseText = "VERIFIED") then ' PayPal says the posting is good; post the data to the secondary scripts. objHttp.open "POST", "http://othersite1.com/ipnpage.asp", false objHttp.setRequestHeader "Content-type", "application/x-www-form-urlencoded" objHttp.Send str objHttp.open "POST", "http://othersite2.com/ipnpage.asp", false objHttp.setRequestHeader "Content-type", "application/x-www-form-urlencoded" objHttp.Send str objHttp.open "POST", "http://othersite3.com/ipnpage.asp", false objHttp.setRequestHeader "Content-type", "application/x-www-form-urlencoded" objHttp.Send str
When this IPN script is called, it performs the PayPal verification process to ensure the transaction is a real one. It then posts the information to your secondary IPN scripts. Each script you use should follow the form of a typical IPN processor script [Hack #65] .
The multiplexer in the previous section does the job of assuring the posting data is genuinely from PayPal [Hack #65] Once its authenticity is verified, the data is passed along to the secondary scripts.
If your secondary IPN scripts do what they're supposed to do, they will each reverify this information for themselves. There is nothing wrong with this, but if you would like to cut down on the bandwidth your site uses, you might want to remove any redundant verification by eliminating the lines in the subordinate scripts that post data back to PayPal.
Here are a couple tips for working with this hack:
Embrace code multiculturalism. Because the scripts communicate with each other?and with the PayPal system?using the standard, documented HTTP protocol, you need not stay with one programming language for the multiplexer and the secondary scripts it serves. You can use the multiplexer in ASP/VBScript, while deploying a secondary one in Perl, and another in Python.
Test off-site. Who says your IPN script's data needs to originate with PayPal? Build a system tester that simply posts data to your IPN script. You can see exactly what will happen when your customer tries to buy an odd item from your site or how your system will handle a payment from a hacked button. Be sure to comment out the verification step before testing and reenable it before putting your system back into production. See [Hack #99] for other testing methods.