Payment issues...

Aaron · 01-05-2008, 09:14 AM

So I have this script that I need to make. The problem I have now is...

How can I make sure they have paid (by paypal) before I create the account? A static address would be a security risk, and a dynamic address would be... hard to do... (I am referring to the page that paypal sends you to after a payment optionally)

codefreek · 01-05-2008, 10:50 AM

Hum. good question.
as i would think dont know how you would do it but it might be done like this
maybe like an feed like rss. but you get the other feed you whant :S

i am just talking i realy dont know..
+ i am tired so might be just some bla bla bla..
but hey atleast i posted a msg.

ohh well hope some one will post the right way so
i can learn also :)

You could do like this when you see the cash you send out
an 10 number code
that they can use.
or something like that :)

PS: you might be able to ask paypal for edvice. :S
i think.
Cya..

Aaron · 01-05-2008, 11:52 AM

I was thinking about sending a hidden form value, but I didn't know if it would pass through paypal.

I also considered sessions, but I don't know how to do them...

Something that tells you the referrer of the page would work.

so the page is order.php, and at the top it says if the referrer is paypal.com/cgi-bin?payment=successful (or something like that), execute this block of code.

this is completely unrelated, but what about SSL? How would I use that in PHP? There aren't any tutorials on it :(

Wildhoney · 01-05-2008, 12:29 PM

You can use PayPal's IPN (or Instant Payment Notificication). You may send custom POST items through PayPal. PayPal then sends it you all back in a series of transactions send back and forth to ensure the payment was successfully made.

There are quite a few good documentations on IPN on PayPal's website so I won't reiterate all of that.

Aaron · 01-05-2008, 12:57 PM

So.. they give me this jumble of code...

PHP Code:


			
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);

// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];

if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
// check the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment
}
else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
}
}
fclose ($fp);
}
?>

Karl · 01-05-2008, 01:34 PM

You need to compare your details against the details sent back from paypal. It's actually straight forward, although they make it seem difficult. You could add the following validation function and then call that in replace of the comments:

PHP Code:


			

function validatePaypal()
{
    // Ewwww global, I feel dirty :)
    global $payment_status, $payment_currency, $payment_amount, $receiver_email;
    
    // Check that the payment is actually complete
    if ($payment_status != 'Completed')
    {
        error_log('IPN failed, expected payment status Completed, received ' . $payment_status);
        return false;
    }
    
    // Check receiver email against your email.
    elseif ($receiver_email != PAYPAL_EMAIL)
    {
        error_log('IPN failed, expected reciever email ' . PAYPAL_EMAIL . ' received ' . $receiver_email);
        return false;
    }
    
    // Check the payment amount against your products amount
    elseif ($payment_amount != PRODUCT_AMOUNT)
    {
        error_log('IPN failed, expected payment amount of ' . PRODUCT_AMOUNT . ' received ' . $payment_amount);
        return false;
    }

    // Check the payent currency against your requested currency
    elseif ($payment_currency != PRODUCT_CURRENCY)
    {
        error_log('IPN failed, expected ' . PRODUCT_CURRENCY . ' currency, but received ' . $payment_currency);
        return false;
    }

    // Todo: Check for duplicate txn_id
    
    return true;
}

Then, replace all the comments:

PHP Code:


			
// check the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment

With a call to the function:

PHP Code:


			

if (validatePaypal())
{
     // Payment is complete and is OK!  Make sure you log this payment, 
     // especially the txn_id
}
else
{
     // Payment failed, we have the error logs but you should
     // also log this for manual inspection
}

I've missed out one validation check from the validatePaypal function and it's an important one. You need to check previous payments txn_id and ensure that you're not receiving a duplicate.

Hope that helps.

Aaron · 01-05-2008, 07:16 PM

Is this only for the accounts you pay for? My account is basic, and I don't want to update it because my last name is messed up.

Karl · 01-06-2008, 01:11 PM

Quote:

Originally Posted by Aaron

Is this only for the accounts you pay for? My account is basic, and I don't want to update it because my last name is messed up.

Sorry, I don't understand. Your payment details would be the details of the account that your clients are sending funds to. You'd want to define the 3 defines that I've used and replace them with your own details, such as:

PHP Code:


			

define('PAYPAL_EMAIL', 'john@smith.com'); // Your paypal email address
define('PRODUCT_AMOUNT', 9.99); // The price of your product
define('PRODUCT_CURRENCY', 'USD'); // The currency, make sure we get USD

Aaron · 01-26-2008, 03:07 AM

This software will be given out to many people, most of which might not have a business paypal account. I need a way to do this that doesn't require a business paypal account, and Paypal needs one for that IPN.

dashixiong · 10-18-2012, 02:22 PM

Some conservatives have Coach Factory Outlet pushed that critique further, saying that Mr. Obama’s policies are too costly, often assist the wrong people Louis Vuitton Belts and could have the paradoxical effect of driving up college costs. The dispute turns not just on different Coach Factory Outlet assessments of how policies play out, but on differing philosophical views about the role of government. During Gucci Belts his time in office, Mr. Obama has sharply increased aid to low- and middle-income students, notably through the Pell Grant Coach Factory Outlet program, which grew from $14.6 billion given to 6 million students in 2008, to nearly $40 billion for Coach Factory Outlet almost 10 million students this year. His administration also made it easier to request aid, shortening the Coach Factory Online complex federal application and allowing people to transfer their financial information electronically from the Internal Coach Outlet Online Revenue Service database. But while many education experts laud his efforts, analysts of varying political Coach Outlet Online stripes have also questioned how much impact some of the president’s policies will have, noting that the prices Coach Online Outlet charged by colleges, and student borrowing, continue to climb.But behind the headlines about soaring costs, the Coach Factory Outlet Online reality is more complex and wildly uneven, because a growing number of students receive Coach Outlet Online financial aid, and only relatively high-income families pay those fast-rising sticker prices. Adjusted for Coach Factory Online inflation, the College Board calculates, the average net price changed little over the last decade at private Coach Factory Outlet schools, and rose only modestly at public ones.Defending federal spending, Arne Duncan, the secretary of Hermes Belts education, said that for more than 30 years, college prices had risen even when federal aid had not, leading him to believe Coach Factory Online there was zero correlation.