Update 8/27/09: I am available for consulting to help with this issue, I’ve helped quite a few people out already. My rate is $75/hr, and you can contact me at ryan@stillnet.org. -thanks
If you use the CFX_PayFlowPro tag to connect to PayPal’s PayFlowPro service (formerly owned by Verisign) you should be aware that it will stop working in September of 2009. You must transition to one of their newer connection methods before then.
Here is a drop in replacement custom tag you can use. You should be able to pretty much just change your code from “CFX_PayFlowPro” to “CF_PayFlowPro”. If you run into any issues and end up modifying the tag, please let me know and I’ll get the changes worked back into the original.
A “thanks” to Mark Breneman’s blog post that provided some of the code.
You can get the tag from http://cf_payflowpro.riaforge.org
Usage examples:
Simple CC charge:
<cf_PAYFLOWPRO QUERY = "RESULT"
HOSTADDRESS = "#cfg_pfp_host#"
HOSTPORT = "443"
TIMEOUT = "30"
TRXTYPE = "S"
TENDER = "C"
PARTNER = "PayPal"
VENDOR = ""
USER = "your_username"
PWD = "your_password"
ACCT = "#cardnum#"
EXPDATE = "#Form.ccexpmo##Form.ccexpyr#"
AMT = "#amt#"
COMMENT1 = "#Form.email#"
COMMENT2 = "Purchased qty #Form.qty# of #Form.product#"
EMAIL = "#Form.email#"
NAME = "#Form.ccname#"
STREET = "#Form.ccaddress#"
CITY = "#Form.cccity#"
STATE = "#Form.ccstate#"
ZIP = "#Form.cczip#"
>Setup recurring billing profile:
<cf_PAYFLOWPRO QUERY = "RESULT"
HOSTADDRESS = "#cfg_pfp_host#"
HOSTPORT = "443"
TIMEOUT = "30"
TRXTYPE = "R"
TENDER = "C"
PARTNER = "PayPal"
VENDOR = ""
USER = "your_username"
PWD = "your_password"
ACCT = "#Arguments.ccnum#"
EXPDATE = "#Arguments.ccexpmo##Arguments.ccexpyr#"
AMT = "#lcfg_services[Arguments.subtype].cost#"
COMMENT1 = ""
ACTION = "A"
EMAIL = "#qryuser.email#"
NAME = "#Arguments.name#"
STREET = "#Arguments.address#"
CITY = "#Arguments.city#"
STATE = "#Arguments.state#"
ZIP = "#Arguments.zip#"
START = "#startChargeDate#"
PROFILENAME = "#qryuser.email#"
PAYPERIOD = "MONT"
OPTIONALTRX = "#optionaltrx#"
OPTIONALTRXAMT = "#optionaltrxamt#"
TERM = "0"
>Update for CF5 users: For those of you on CF5, I’ve come up with a version that should work for you. This will work on Windows only, unfortunately. It uses a COM object to do the http call. You shouldn’t need to install anything, I think the COM object its using is part of Windows. You can download this version of the tag from here: PayPal payflowpro for CF5.
Update: Several people have asked me to put up a paypal donation button so they could give something to thank me for the time I’ve saved them. So here it is:
Glen says:
Good news!
For those of you wondering if Ryan's CF5 solution resolves to the new Client Version number in PayPal Manager… it does!
Our transactions are now showing
Client Type: Z
Client Version: 4.0.0.1
Per the PayPal Migration Tech I just spoke too, this is golden. The SDK and .NET solutions should show Client Version 4.3 or greater, but the above client type and version are expected for the HTTP solution.
Ryan's the man…
24 August 2009, 3:43 pmRyan says:
Chuck, thanks for pointing out that issue. I've moved the line that defaults attributes.parmlist, it should work now.
For those that are experiencing the connection failure – Have you restarted ColdFusion lately? CF caches (actually its the JVM) hostname lookups, so if PayPal has changed IPs at all recently, you may be connecting to the wrong IP. Restart CF and see if that helps. Also – have you imported any certificates for the paypal.com domain into your keystore? If so that may be part of the problem. You shouldn't need to import any certificates for this to work.
24 August 2009, 4:35 pmstevadro says:
Need another help:
I can connect to paypal but when paypal return my contact data I get this error. I'm usign CF8 on Win2003.
————————–
ACTION = G
TRXTYPE=S&TENDER=P&PARTNER=VeriSign&VENDOR=MY_VENDOR&USER=MY_USER&PWD=MY_PWDqynQ&ACTION=G&TERM=0&CERTPATH=C:\ColdFusion8\certs
————————–
THE RETURNED ERROR:
Field format error: Invalid Token 7 RESULT=7&RESPMSG=Field format error: Invalid Token
help me help me 😉
24 August 2009, 4:53 pmChuck says:
Ryan,
I used the new code for CF5 and it ran fine, but when I went into the paypal manager the Client Version still shows :4.0.0.1 , do I need to restart the CF server or remove the old sdk?? not sure what to do?
25 August 2009, 7:36 amRyan says:
Chuck the 4.0.0.1 version number would be the correct one. Dig around on the PayPal developer forums for more details. They say the https interface will show up as 4.0 or 4.0.0.1.
25 August 2009, 7:40 amChuck says:
Ryan,
Just to let everyone else know, Paypals forums state this:
Anything with Client Type = Z (which would have client version 4.0.0.0 or 4.0.0.1) means you are using the HTTPS Interface and you are good to go.
I thank everyone here for their help and Ryan, I would suggest placing a PayPal donate button here so we can give back to the person who made this work.
25 August 2009, 7:49 amstevadro says:
Morning,
Aside the cf_payflowpro code update, I need to update anything in the paypal management console?
25 August 2009, 8:30 amKassim says:
Ryan,
I am getting connection failure error when I use https://pilot-payflowpro.paypal.com/transaction
<cfhttpparam type="body" value="USER[4]=test&PWD[4]=test">
</cfhttp>
<cfdump var="#cfhttp#">
OUTPUT
struct
Charset [empty string]
ErrorDetail I/O Exception: peer not authenticated
Filecontent Connection Failure
Header [undefined struct element]
Mimetype Unable to determine MIME type of file.
Responseheader
struct [empty]
Statuscode Connection Failure. Status code unavailable.
Text YES
When I use https://pilot-payflowpro.verisign.com/transaction it is working fine. From one of the comments it looks like this url will be deprecated as of 09/01/09.
<cfhttpparam type="body" value="USER[4]=test&PWD[4]=test">
</cfhttp>
<cfdump var="#cfhttp#">
Charset [empty string]
ErrorDetail [empty string]
Filecontent RESULT=1&RESPMSG=User authentication failed
Header HTTP/1.1 200 OK Content-type: text/namevalue Connection: close Date: Tue, 25 Aug 2009 15:16:39 GMT Content-length: 43 Server: VPS-3.033.00
Mimetype text/namevalue
Responseheader
verisign – struct
Connection close
Content-length 43
Content-type text/namevalue
Date Tue, 25 Aug 2009 15:16:39 GMT
Explanation OK
Http_Version HTTP/1.1
Server VPS-3.033.00
Status_Code 200
Statuscode 200 OK
Text YES
Please provide me details how to fix it.
25 August 2009, 9:20 amEstebanD says:
Hi Ryan, thank you for taking the time to share this code.
Reading the latest documentation on PayFlow Pro I noticed that double quotes are forbidden from parameter values. So I did little changes in the block of code that creates the parameters list, so now it complies with the previous constraint and other minor improvements to improve the overall stability and readability of the code.
<cfset ParmList = "">
26 August 2009, 9:23 am<cfloop list="TRXTYPE,TENDER,PARTNER,VENDOR,USER,PWD,ACCT,EXPDATE,AMT,COMMENT1,COMMENT2,ACTION,EMAIL,NAME,STREET,CITY,STATE,ZIP,START,PROFILENAME,PAYPERIOD,OPTIONALTRX,OPTIONALTRXAMT,IP,PHONENUM,TERM,ORIGPROFILEID,ORIGID,ABA,ACCTTYPE" index="field">
<cfif StructKeyExists(Attributes,field) AND Len(Trim(Attributes[field]))>
<cfset attributeField = Replace(Trim(Attributes[field]),Chr(34),"","all")>
<cfif Len(attributeField) GT 0>
<cfset ParmList = ListAppend(ParmList,"#field#[#Len(attributeField)#]=#attributeField#","&")>
</cfif>
</cfif>
</cfloop>
Dale Sutcliffe says:
Found a problem with the program — fails on pilot-payflowpro.paypal.com works on payflowpro.paypal.com
26 August 2009, 11:53 amDale Sutcliffe says:
Returns CONNECTION_FAILURE
26 August 2009, 12:02 pmMike Murdy says:
Dale –
We have come to the same conclusion. Follow this thread on the PayPal Dev forum:
http://developer.paypal-portal.com/pdn/board/message?board.id=payflow&message.id=9031#M9031
Cheers!
Mike
26 August 2009, 12:55 pmSteve says:
CF8: I can connect to paypal but when paypal return my billing data I receibe this error:
Using Action : G
TRXTYPE=S&TENDER=P&PARTNER=VeriSign&VENDOR=MY_VENDOR&USER=MY_USER&PWD=MY_PWDqynQ&ACTION=G&TERM=0&CERTPATH=C:\ColdFusion8\certs&Token=XXX
Paypal return:
Field format error: Invalid Token 7 RESULT=7&RESPMSG=Field format error: Invalid Token
26 August 2009, 1:59 pmAndy says:
Hi All, I'm using this tag to replace CFX_PAYFLOW on our CFMX (6.1) system. The CF_PAYFLOW tag works great with our paypal account when calling it directly, but we're having a problem with the main client system, which is a remote PHP4 server.
The PAYFLOW functionality is exposed via a CF-based API that accepts WDDX packets (which contain all of the relevant paypal params), takes them apart, and passes the params down to the PAYFLOW tag, and then returns the results as another WDDX packet. The return packet contains the RESULTSTR from PAYFLOW, as well as a few other values.
The problem is that the PHP code on the client system is blowing up when trying to deserialize the WDDX packet constructed from the CF_PAYFLOW results, but it works fine with the packet constructed from the CF*X*_PAYFLOW results. All I've done is replace the one CFX_PAYFLOW call we have in the code with CF_PAYFLOW, so I think CF_PAYFLOW may be doing something (when creating the tmpResponse query, or when adding the cfhttp.FileContent from the paypal call to the query) that formats RESULTSTR in a way that's slightly different from what CF*X*_PAYFLOW is doing.
The CF_PAYFLOW code is very straightforward, and I've done numerous debugging tests trying to figure out exactly what the issue is (cfdumps of the return data/packet look the same to me for CFX_ and CF_PAYFLOW when I eyeball them), so I'm not sure where to look next. Any suggestions/help would be greatly appreciated —
Andy
27 August 2009, 12:36 amVern says:
This may be really lame, if so, I apologize, but, I've been struggling to get to the bottom of all this… I'm using the java based CFX_PayFlowPro that I got from Verisign not all that long ago. I just want to make sure that I correctly understand that the java version of this going away all together, and that the CF_PayFlowPro provided by by RIAforge is designed to replace that, and not some earlier version of their own CFX tag. Whew… Is that correct?
Thanks!
27 August 2009, 9:06 amRyan says:
Vern you are correct. The connection method used by CFX_PayFlowPro will no longer be supported. There is no update to CFX_PayFlowPro to support the new method. Instead, use my CF_PayFlowPro tag. You can delete the CFX_PayFlowPro tag from your system after migrating off of it. If you need help, I'm available for consulting.
27 August 2009, 9:14 amJammie says:
I am getting a connection failure message using the CF5 tag. Any thoughts??
27 August 2009, 1:59 pmJammie says:
On line 65 of PayProFlow.cfm I am getting this error now:
27 August 2009, 2:47 pmThe server name or address could not be resolved
Ryan says:
I've received several requests to add a PayPal donate button, so people could send me a contribution for helping them out. I've added a button on the bottom right sidebar of this site. Thanks!
27 August 2009, 4:03 pmJeff says:
I've got a couple of sites where the live hostaddress, payflowpro.verisign.com works fine but pilot-payflowpro.verisign.com generates the connection failure error:
The column name "Connection Failure" is invalid.
Column names must be valid variable names. They must start with a letter and can only include letters, numbers, and underscores.
Anybody else running into this? Any ideas why?
Thanks!
9 September 2009, 1:55 pmMelinda says:
We have 3 servers that run our website – I think MS Server Manager with IIS. 2 servers work correctly and the 3rd constantly returns connection failure. I've trapped the connection failure error and it is always the 3rd server.
I added the suggested header changes to cfhttp <cfhttpparam type="Header" name="Accept-Encoding" value="*"> and <cfhttpparam type="Header" name="TE" value="deflate;q=0">. I also requested our server admin turn off compression until we can get the problem figured out. Nothing seems to work in getting the request out from our 3rd server.
We also have a proxy server that all 3 servers use, but I don't understand why 2 would work flawlessly and the 3rd is always a bomb??? I've been told the servers are exact duplicates in hardware and image.
Any thoughts for what we should be looking into?
Thanks!
17 December 2009, 8:15 amMelinda says:
My server issue turned out to be a Windows update that wiped out the proxy settings on the 3rd server…. working for now. Our server admins are looking into the proxy server.
17 December 2009, 9:02 amRyan says:
Melinda, I'm glad you got it worked out.
17 December 2009, 9:08 amMelinda says:
Thanks Ryan! I have a better idea what to troubleshoot now with our server admins.
I apprecate all the work you've done with this cfc!
17 December 2009, 9:10 amRick Anthony says:
Thanks for the tag!
This worked beautifully as a drop-in replacement, as advertised.
One slight tweak I made that might be useful to others: The way you have the tag set up, PayPal will pass the entire name into the "Billing First Name" field (in PayPal Manager, for reporting).
If you simply add FIRSTNAME and LASTNAME after NAME to the list of fields in PayFlowPro.cfm (line 35), then add those parameters to your call to the tag, everything will be passed in to PayPal as expected.
I.e.:
Line 35:<cfloop list="TRXTYPE,TENDER,PARTNER,VENDOR,USER,PWD,ACCT,EXPDATE,AMT,CVV2,COMMENT1,COMMENT2,ACTION,EMAIL,NAME,FIRSTNAME,LASTNAME,STREET,CITY,STATE,ZIP,START,PROFILENAME,PAYPERIOD,OPTIONALTRX,OPTIONALTRXAMT,IP,PHONENUM,TERM,ORIGPROFILEID,ORIGID,ABA,ACCTTYPE" index="field">
Tag call:
17 December 2009, 2:39 pm<cf_payflowpro QUERY = ""
HOSTADDRESS = ""
HOSTPORT = "443"
TIMEOUT = "30"
PROXYADDRESS = ""
PROXYPORT = ""
PROXYLOGON = ""
PROXYPASSWORD = ""
TRXTYPE = "S"
TENDER = "C"
PARTNER = ""
USER = ""
PWD = ""
ACCT = ""
EXPDATE = ""
AMT = ""
COMMENT1 = ""
COMMENT2 = ""
NAME = ""
FIRSTNAME = ""
LASTNAME = ""
EMAIL = ""
STREET = ""
CITY = ""
STATE = ""
ZIP = ""
BILLTOCOUNTRY = ""
PARMLIST = ""
>
ben says:
Hi,
this tag is working well for me using CF7. However, I cannot get it to process test transactions.
I've used every URL suggested by paypal, and have tried to follow links to posted solutions (all are deal links so far)
Has anyone gotten this tag to work with any test URL?
I'm simply getting:
Result is undefined in result.
Using a live URL works fine of course (payflowpro.paypal.com)
the test URL fails: pilot-payflowpro.paypal.com
paypal is no help. (surprise, surprise)
they keep suggesting the same test URL, which I've told them is not working for this tag. OUSTSOURCE EVERYTHING TO INDIA! they sound so nice telling you that they haven't got a clue. ballywood for everyone! more dancing and colors! just nothing useful as far as technical info!
surely someone who speaks english, has run into this issue with this tag and paypal.
17 February 2010, 2:40 pmEstebanD says:
@ben
I just retested the tag using pilot-payflowpro.paypal.com and it worked fine. Try the following.
17 February 2010, 6:05 pm1) Make sure you are using https for the test site.
2) Make sure your paypal manager is in test mode.
ben says:
@esteban,
thanks for that.
1. the https:// seems to be hardcoded in the payflowpro drop in tag.
17 February 2010, 6:41 pm2. if I put the paypal manager in test mode, won't it interfere with live transactions for the same account?
(I know thats not a tag specific question, but …)
EstebanD says:
@Ben
Sorry I don't know the answer to (2). We have a independent test account for this purpose.
I think you can quickly create a new account for testing.
Maybe before that put a cfdump fter the block that handles the post <cfhtt /> to see what is returning.
<cfhttp method="POST" url="https://#Attributes.hostaddress#/transaction" resolveurl="no" timeout="#Attributes.TIMEOUT#" port="#Attributes.HOSTPORT#">
17 February 2010, 6:47 pm<cfhttpparam type="header" name="Content-Type" VALUE="text/namevalue">
<cfhttpparam type="header" name="Content-Length" VALUE="#Len(ParmList)#">
<cfhttpparam type="header" name="Host" value="#Attributes.hostaddress#">
<cfhttpparam type="header" name="X-VPS-REQUEST-ID" VALUE="#Attributes.requestID#">
<cfhttpparam type="header" name="X-VPS-CLIENT-TIMEOUT" VALUE="#Attributes.TIMEOUT#">
<cfhttpparam type="header" name="X-VPS-VITCLIENTCERTIFICATION-ID" VALUE="#Attributes.PARTNER##Attributes.USER#">
<cfhttpparam type="body" value="#ParmList#">
</cfhttp>
<cfdump var="#cfhttp#">
BradB says:
Hi – thanks for the great tag. Up until a couple days ago (Friday the 11th) it was a flawless dropin for the CFX_Payflowpro. It appears to have stopped working, though the code had not been touched at all since mid-February and the code in question has been the same for years. Using CFMX 7:
<CF_PAYFLOWPRO QUERY = "myRESULT" HOSTADDRESS = "payflowpro.paypal.com"
HOSTPORT = "443"
TIMEOUT = "30"
PROXYADDRESS = ""
PROXYPORT = ""
PROXYLOGON = ""
PROXYPASSWORD = ""
TRXTYPE = "S"
TENDER = "C"
PARTNER = "VeriSign"
USER = ********
PWD = ********
ACCT = "#cardnumb#"
EXPDATE = "#expdate#"
AMT = "#fee#"
CERTPATH = ********
QTY = "1"
NAME = "#cardname#"
STREET = "#st1#"
BILLTOSTREET2 = "#st2#"
CITY = "#city#"
STATE = "#state#"
ZIP = "#zip#"
COUNTRY = "#country#"
PHONENUM = "#tempphone#"
EMAIL = "#email#"
SHIPTOFIRSTNAME = ""
SHIPTOMIDDLENAME = ""
SHIPTOLASTNAME = ""
SHIPTOSTREET = "#sst1#"
SHIPTOSTREET2 = "#sst2#"
SHIPTOCITY = "#scity#"
SHIPTOSTATE = "#sstate#"
SHIPTOZIP = "#szip#"
SHIPTOCOUNTRY = "#scountry#"
COMMENT1 = "#seasonWord# #year# Registration"
>
The above no longer appears to be passing to Verisign, though the CF error is on the next line (usually if the CF hangs on something else the card will be charged but there's no evidence of a transaction):
<CFIF myRESULT.result IS 0>
Results in an thrown "Element RESULT is undefined in MYRESULT."
As I say we've been doing things this way for 4-5 years without a change in this code or any errors.
I rolled back any recent updates to Server 2003 and Java but no luck. I was hoping there was some sort of "big" change and this would be happening to loads of folks but so far i have found no mention on any boards.
Suggestions?
Thanks!
16 June 2010, 9:15 pmRyan says:
Hi BradB, I'm sorry but this is the first I've heard of that problem.
You'll need to do some more debugging to see what exactly is being returned from PayPal. Start by just dumping out myRESULT, and if thats blank you'll need to put some dumps in the tag itself.
16 June 2010, 10:01 pmBradB says:
Are these in a CFOUTPUT QUERY enough?
<p><b>PARMLIST:</b> #PARMLIST#<BR>
<p><b>RESULTSTR:</b> #RESULTSTR#<BR>
<p><b>VERSION:</b> #VERSION#<BR><BR>
Thanks!
16 June 2010, 10:28 pmben says:
in response to BradB.
Paypal just updated their root SSL certificates a few days ago, and it screwed a lot of folks up. Ryan's tag still works fine, its just that your host may need to update their root certs and add them to the java keystore in cfmx7.
I had the same issue. it worked fine for years then it failed.
basically, until you update the certs on your machine with at least G2 certs from verisign, paypal won't answer a http request from coldfusion.
hope that helps
17 June 2010, 3:11 amBradB says:
Thanks Ryan and ben. It clearly seems to be related to the cert update, though so far the G2 update (I am also the host) does not seem to resolve the problem. The folks at Paypal seem to be willing to reluctanty admit an issue, but appear to have no method of resolution. It may be complicated by the fact that I buy my certs from Comodo and there are G2 root certs from different authorities (Verisign, Thawte, etc.) but Comodo does not seem to even understand what they are and I'm haing trouble getting a Comodo root kit that is compatible with the new Paypal system.
18 June 2010, 9:00 amEleni Hailu says:
BradB: I had the same issue like you but after multiple call to paypal I managed to fix the problem. You need to update the certificate not only in the root but also inside the Coldfusion folder – YOU HAVE TO DO IT IN BOTH PLACES. Below is the information they provide in connection with this:
1. Download the certs from VeriSign at
https://www.verisign.com/support/roots.html
2. Open zip and location the Cert file that needs to be updated.
In this case the "VeriSign Class 3 – G2". Take note of it's location
on the server. Recommend renaming it to have no spaces and then
putting it in the "C:\CFusiomMX7\runtime\jre\lib\security" folder.
3. Open command prompt and type "cd c:\CFusionmx7\runtime\jre\bin"
or the location of the "keytool.exe" file and hit enter.
Don't try to run the keytool.exe without the next step. It won't
hurt anything, but it won't do anything either.
4. Now type the following replacing what it necessary
(such as the cert file name from step 2 above and alias name)
keytool -import -trustcacerts – keystore c:/cfusionmx7/runtime/jre/lib/security/cacerts -file c:/cfusionmx7/runtime/jre/lib/security/Class_3_Public_Primary_Certification_Authority_G2.cer -alias VeriSignG2
5. You'll be prompted for a password and as long as you haven't
ever changed it, it should be "changeit", which is the default.
6. You'll be prompted to approve the request. Type "yes"
without the quotes and hit enter
7. A bunch of text should appear validating the installation. If you
get an error, make sure your path and file names are correct in
the step above.
8. To verify, go to the jre\lib\security directory in Windows Explorer
and make sure the files modified date is today's date.
Hope this will help.
Thanks,
Eleni
18 June 2010, 9:48 amChuck says:
A couple of days ago our CF5 server stopped processing credit cards, is the paypal root cert update why? nothing has changed.. and if so what procedure do I use.. running IIS6.. Thanks
30 July 2010, 7:02 amben says:
Hi Chuck:
Have you updated the root certs? That fixed my problem the last time this tag, "stopped" working. The only time I've seen this tag stop working, is when paypal changes something without telling anyone (like the URL, or requiring the cert update)
Lemme see if I can't find my post with what I did to update certs.
30 July 2010, 8:41 amalso running IIS6
ben says:
here is one link of paypal helping my confused head:
https://www.x.com/message/164414#164414
here is the other link after I figured it out and posted the steps that worked for me:
https://www.x.com/message/175135#175135
I can't say if this will help with CF5, or if this is really your issue, but last time it "stopped" working .. this was the fix.
good luck.
30 July 2010, 8:49 amChuck says:
thanks, yes nothing changed on our box except it just stopping processing.. could paypal changed their url?
30 July 2010, 8:56 amMelinda says:
Chuck-
30 July 2010, 9:01 amNot sure this will help, but when this happened to me it was related to changes made to our proxy server… the dns name did not work, but fixed by changing to proxy server ip.
Palawan Hotels says:
I think you can change the url for the paypal
16 August 2010, 8:57 amChuck says:
to what?
16 August 2010, 9:12 am