Page 1 of 1
Communicating with PayPal?
Posted: Sun Jul 15, 2012 8:47 am
by Helx
ok so, basically I want to get a user to enter their username into a form, then send them to a PayPal donation page.
After they donate, I want to execute a file_get_contents(); script.
How would I do this in a secure way, that will actually wait for them to pay? (check that they have paid)
I had the theory of using that username form and posting that to PayPal, then checking the username from the payment data.
Any ideas as to how this would be done?
Re: Communicating with PayPal?
Posted: Sun Jul 15, 2012 9:08 am
by Helx
Okay, I found this:
<input type="hidden" name="notify_url" value="http://full-URL-to-the-script-you-set-up-for-IPN">
But how do I get the data from PayPal? Or should I set a session?
Re: Communicating with PayPal?
Posted: Sun Jul 15, 2012 9:18 am
by Helx
Okay, I've decided to go with a session being set upon submitting the data.
I'm guessing the verified page would look like this?
<?php
$req = 'cmd=' . urlencode('_notify-validate');
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://www.paypal.com/cgi-bin/webscr');
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Host: http://www.paypal.com'));
$res = curl_exec($ch);
curl_close($ch);
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
if (strcmp ($res, "VERIFIED") == 0) {
// Yes, its verified. Now lets do some more.
}
else if (strcmp ($res, "INVALID") == 0) {
// Nope, somebody is hacking. Log it and give an error message.
}
?>
(
https://www.x.com/developers/PayPal/doc ... ple/216623)
Re: Communicating with PayPal?
Posted: Tue Jul 17, 2012 3:14 pm
by jacek
Yeah that is how to do it
You can send custom data through the IP too, I think it's something like
<imput type="hidden" name="custom" value="something custom" />
Then in your IPN script you can use $_POST['custom'] to get this value. A good way to identify the user is to store the user ID in this field.