first release

app/controllers/paypal_controller.rb

@@ -0,0 +1,35 @@
+class PaypalController < ApplicationController
+  protect_from_forgery :except => [:create] #Otherwise the request from PayPal wouldn't make it to the controller
+  def create
+    puts request.raw_post
+    response = validate_IPN_notification(request.raw_post)
+    case response
+    when "VERIFIED"
+      # check that paymentStatus=Completed
+      # check that txnId has not been previously processed
+      # check that receiverEmail is your Primary PayPal email
+      # check that paymentAmount/paymentCurrency are correct
+      # process payment
+    when "INVALID"
+      # log for investigation
+    else
+      # error
+    end
+    render :nothing => true
+  end
+
+
+  protected 
+  def validate_IPN_notification(raw)
+    uri = URI.parse('https://www.paypal.com/cgi-bin/webscr?cmd=_notify-validate')
+    http = Net::HTTP.new(uri.host, uri.port)
+    http.open_timeout = 60
+    http.read_timeout = 60
+    http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+    http.use_ssl = true
+    response = http.post(uri.request_uri, raw,
+      'Content-Length' => "#{raw.size}",
+      'User-Agent' => "Redstoner.com"
+    ).body
+  end
+end