Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 01-08-2018, 01:27 PM
abozich abozich is offline
 
Join Date: Jan 2018
Posts: 25
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Confused by this email received from PayPal

Running 4.2.5 and got an email last month from PayPal that says the following:

--



It was my understanding that 4.2.5 fixed the IPN postbacks to HTTPS issue within vBulletin. Are they saying I need to move my forum completely over to HTTPS? Was planning to do this anyway in Q1, but just curious if anyone had insight here. Thanks.
Reply With Quote
  #2  
Old 01-09-2018, 05:29 PM
Stingray27 Stingray27 is offline
 
Join Date: Jan 2006
Posts: 72
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

From the paypal site ;

Quote:
Merchants and partners use Instant Payment Notification (IPN) to receive notifications of events related to PayPal transactions. The IPN message service requires that you acknowledge receipt of these messages and validate them. This process includes posting the messages back to PayPal for verification. In the past, PayPal has allowed the use of HTTP for these postbacks. For increased security going forward, only HTTPS will be allowed for postbacks to PayPal. At this time, there is no requirement for HTTPS on the outbound IPN call from PayPal to the merchant’s IPN listener.
The part in bold is the https postback to paypal, that was fixed to be correct in 4.2.4 onwards.

The second part (in red) confirms that you do not need to use https on your website for the calls from paypal.


(https://www.paypal.com/en/webapps/mp...fication-https)
Reply With Quote
  #3  
Old 01-10-2018, 12:52 PM
abozich abozich is offline
 
Join Date: Jan 2018
Posts: 25
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Stingray27 View Post
From the paypal site ;



The part in bold is the https postback to paypal, that was fixed to be correct in 4.2.4 onwards.

The second part (in red) confirms that you do not need to use https on your website for the calls from paypal.


(https://www.paypal.com/en/webapps/mp...fication-https)
Thank you, Stingray.
Reply With Quote
  #4  
Old 01-29-2018, 03:15 PM
abozich abozich is offline
 
Join Date: Jan 2018
Posts: 25
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

As a follow up here, I emailed PayPal and was told that the IPN listener I use must be SSL. Does anyone know which file serves as the IPN listener for vBulletin?
Reply With Quote
  #5  
Old 01-29-2018, 04:14 PM
Stingray27 Stingray27 is offline
 
Join Date: Jan 2006
Posts: 72
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by abozich View Post
As a follow up here, I emailed PayPal and was told that the IPN listener I use must be SSL.
Again, this is not the information on their site ;

https://www.paypal.com/in/webapps/mp...fication-https

Quote:
Merchants and partners use Instant Payment Notification (IPN) to receive notifications of events related to PayPal transactions. The IPN message service requires that you acknowledge receipt of these messages and validate them. This process includes posting the messages back to PayPal for verification. In the past, PayPal has allowed the use of HTTP for these postbacks. For increased security going forward, only HTTPS will be allowed for postbacks to PayPal. At this time, there is no requirement for HTTPS on the outbound IPN call from PayPal to the merchant’s IPN listener.
Reply With Quote
  #6  
Old 01-29-2018, 04:39 PM
abozich abozich is offline
 
Join Date: Jan 2018
Posts: 25
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Stingray27 View Post
Again, this is not the information on their site ;

https://www.paypal.com/in/webapps/mp...fication-https
Here's my full exchange with them:

Reply With Quote
  #7  
Old 01-29-2018, 05:22 PM
Dave Dave is offline
 
Join Date: May 2010
Posts: 2,583
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

That means that your site should run on HTTPS, or only your payment gateway script.
Reply With Quote
  #8  
Old 01-29-2018, 05:24 PM
abozich abozich is offline
 
Join Date: Jan 2018
Posts: 25
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Dave View Post
That means that your site should run on HTTPS, or only your payment gateway script.
They just came back with this:

Reply With Quote
  #9  
Old 01-29-2018, 05:43 PM
Dave Dave is offline
 
Join Date: May 2010
Posts: 2,583
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

In that case your forum does not need HTTPS, looks like they got confused about the question.
Reply With Quote
  #10  
Old 01-29-2018, 07:04 PM
Stingray27 Stingray27 is offline
 
Join Date: Jan 2006
Posts: 72
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Yep, their support gave you wrong information.

Only the postback from you to paypal must be https, there isnt any requirement for your end to be https.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:54 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.18581 seconds
  • Memory Usage 2,248KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (6)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete