Why do my paypal ipn validations always return INVALID?

In your CI controller if you have written your code like this:

function paypalipn(){        $this->load->model('subscription');        $this->load->library('paypal', array('sandbox' => true));;        $this->paypal->run();        $fields = $this->paypal->post_fields;        if($this->paypal->verified){            $data = array(                'user_id' => $fields['buyer_id'],                'txn_id' => $fields['txn_id'],                'payment_gross' => $fields['mc_gross'],                'currency_code' => $fields['mc_currency'],                'payer_email' => $fields['payer_email'],                'plan_id' => $fields['item_number'],                'payment_status' => $fields['payment_status']            );            $this->subscription->create_payment($data);        $this->load->library('email');        $this->email->to('*******@gmail.com');        $this->email->from('**************');        $this->email->subject('PayPal IPN');        $this->email->message($this->paypal->result."\nAmount: ".$fields['mc_gross']."\nCurrency: ".$fields['mc_currency']."\nUser ID: ".$fields['buyer_id']);        $this->email->send();        }    } 

OR if you have stopped the script in case the if statement failed

if($this->paypal->verified){            $data = array(                'user_id' => $fields['buyer_id'],                'txn_id' => $fields['txn_id'],                'payment_gross' => $fields['mc_gross'],                'currency_code' => $fields['mc_currency'],                'payer_email' => $fields['payer_email'],                'plan_id' => $fields['item_number'],                'payment_status' => $fields['payment_status']            );            $this->subscription->create_payment($data);} else {exit("We are sad to inform you that verification FAILED. Bye!");}

you would not receive any email. The issue is in public function run() in your paypal class and this is most probably the failing part.

       if ( !($res = curl_exec($ch)) ) {          curl_close($ch);          die('curl did not work<br>'.FCPATH.'cacert.pem');        }        curl_close($ch);       if (strcmp ($res, "VERIFIED") == 0) {               $this->verified = true;                        }

Try re-writing it like this

       $res=curl_exec($ch); // define $res       if($res==null){  // check if $res is null            exit('curl did not work<br>'.FCPATH.'cacert.pem');        }       curl_close($ch);       if (strcmp ($res, "VERIFIED") === 0) {               $this->verified = true;                       }

Regarding the last 3 lines where strcmp() is used, and based on a user comment in strcmp() documentation.

• strcmp() will return NULL on failure.
• This has the side effect of equating to a match when using an equals comparison (==).
• Instead, you may wish to test matches using the identical comparison (===), which should not catch a NULL return.

What does the above mean? In a small example.

if(null==0) {echo "1";}if(null===0) {echo "2";}

The above example will only output => 1 which in your case that means that if strcmp() fails you will have set verified to true which is not correct.