paypal help :(

[jamesxg1]

<?php

require_once('paypal.class.php');  
$p = new paypal_class;             
  
$p->paypal_url = 'https://www.paypal.com/cgi-bin/webscr';  
    
            
$this_script = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];

if (empty($_GET['action'])) $_GET['action'] = 'process';  

switch ($_GET['action']) {
    
   case 'process':      // Process and order...

            
      $p->add_field('business', 'softwarespin@hotmail.co.uk');
      $p->add_field('return', $this_script.'?action=success');
      $p->add_field('cancel_return', $this_script.'?action=cancel');
      $p->add_field('notify_url', $this_script.'?action=ipn');
      $p->add_field('item_name', 'Paypal Test Transaction');
      $p->add_field('amount', '1.99');

      $p->submit_paypal_post(); 
      $p->dump_fields();      
      break;
      
   case 'success':      
  

      echo "<html><head><title>Success</title></head><body><h3>Thank you for your order.</h3>";
      foreach ($_POST as $key => $value) { echo "$key: $value<br>"; }
      echo "</body></html>";
      
      
      break;
      
   case 'cancel':       
      

      echo "<html><head><title>Canceled</title></head><body><h3>The order was canceled.</h3>";
      echo "</body></html>";
      
      break;
      
   case 'ipn':          
      
      if ($p->validate_ipn()) {
          
          
         // For this example, we'll just email ourselves ALL the data.
         $subject = 'Instant Payment Notification - Recieved Payment';
         $to = 'YOUR EMAIL ADDRESS HERE';    //  your email
         $body =  "An instant payment notification was successfully recieved\n";
         $body .= "from ".$p->ipn_data['payer_email']." on ".date('m/d/Y');
         $body .= " at ".date('g:i A')."\n\nDetails:\n";
         
         foreach ($p->ipn_data as $key => $value) { $body .= "\n$key: $value"; }
         mail($to, $subject, $body);
      }
      break;
}     

?>

 

ok this completely works, but the only problem i have is im a freak on security and in firefox there is a addon called TamperData and when the script automatically reffers me to login to paypal and take the payment TamperData pops up and lets you change the ammount that you have to pay and when you change the ammount it still counts as you have paid how do i stop this :S ?

[jonsjava]

create different items in PayPal, and have it so they are "buying" that "item".  Just go to your pappal account, then go to "Merchant Services", then go to "buy now button".  It will allow you to generate a static item (that the user cannot change).

[jamesxg1]

create different items in PayPal, and have it so they are "buying" that "item".  Just go to your pappal account, then go to "Merchant Services", then go to "buy now button".  It will allow you to generate a static item (that the user cannot change).

 

agreed but i cant have a but it now button :S, im making a paid membership system and i need to make it auto refferal after signing up.

[jamesxg1]

anyone have any ideas ?, please this is a big issue now :S

[jamesxg1]

Does anyone know any way i intergrade paypal another way then ?

[C.Pearse]

What class are you using?

 

It looks like you need to check the amount once you've received a success response and act accordingly.

 

Something like this:

 

<?php
    switch($_GET['action']) {
        case 'success':
            if($_POST['mc_gross'] == 1.99) {
                // Correct payment received...
            }
            else {
                // Incorrect payment received...
            }
        break;
    }
?>

 

Cheers

Chris

[mrMarcus]

are you using IPN (Instant Payment Notification)?

 

if you are, have the amount that is ultimately entered in PayPal, posted back to your server and tracked in a table (in a db) .. then, you can set a CRON job to purge any payments that look fishy.

[jamesxg1]

are you using IPN (Instant Payment Notification)?

 

if you are, have the amount that is ultimately entered in PayPal, posted back to your server and tracked in a table (in a db) .. then, you can set a CRON job to purge any payments that look fishy.

 

hiya, nah this is a simple paypal payment script as i have litrully no idea how to intergrade the paypal pro

[jamesxg1]

Does anyone know how to use the DoDirectPayment.php in SOAP ?, or anyone know a tutorial ?

 

because i dont and it would be perfect if i could lol

[soak]

IPN is easy, just requires a freely available script and passing the location of that script in your form vars or in the button setup.

 

You will then have a record of who's paid and how much they paid.

 

I'm pretty sure it's possible to generate a button for a fixed value that doesn't allow tampering. You would have to set the amount when generating the button though.

 

I haven't the SOAP setup but I suspect it will probably be more difficult than the IPN setup.

[jamesxg1]

IPN is easy, just requires a freely available script and passing the location of that script in your form vars or in the button setup.

 

You will then have a record of who's paid and how much they paid.

 

I'm pretty sure it's possible to generate a button for a fixed value that doesn't allow tampering. You would have to set the amount when generating the button though.

 

I haven't the SOAP setup but I suspect it will probably be more difficult than the IPN setup.

 

agreed, but when it come to paypal i litrully dont know where to start i have never used it in a script before and never tryed so im new to it all, do you know of a place where there is a tutorial ?, or do you know how to ?, cheers mate.

 

James

[soak]

-Find the script (I googled "paypal ipn script php" and got tons of results. Plenty of tutorials in there too but googling "paypal ipn tutorial php" will probably get you even better results)

-Read the instructions that come with the script.

-Try to setup the script

 

If you get stuck post back here with details of where you're stuck and we'll try to help.

[mrMarcus]

PHP PayPal Toolkit

 

that'll work, and is extremely easy to use .. if you are interested in IPN.

[jamesxg1]

hiya people iv come across a hurdle,

 

Paypal.php

<?php

require_once('paypal.class.php');  
$p = new paypal_class;             
  
$p->paypal_url = 'https://www.sandbox.paypal.com/cgi-bin/webscr';  
    
            
$this_script = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];

if (empty($_GET['action'])) $_GET['action'] = 'process';  

switch ($_GET['action']) {
    
   case 'process':      // Process and order...

            
      $p->add_field('business', 'softwarespin@hotmail.co.uk');
      $p->add_field('return', $this_script.'?action=success');
      $p->add_field('cancel_return', $this_script.'?action=cancel');
      $p->add_field('notify_url', $this_script.'?action=ipn');
      $p->add_field('item_name', 'Paypal Test Transaction');
      $p->add_field('amount', '1.99');
      $p->add_field('currency_code', 'GBP'); 
      $p->add_field('usernamee', $_POST['usernamee']);

      $p->submit_paypal_post(); 
     //$p->dump_fields();      
      break;
      
   case 'success':      

  switch($_GET['action']) {

        case 'success':

            if($_POST['mc_gross'] == 1.99) {
                  echo "<html><head><title>Success</title></head><body><h3>Thank you for your order.</h3>";
                  echo "</body></html>";
            }
            else {
                print "Sorry!, The Incorrect Ammount Was Paid!.";
            }
        break;
    }

    
      
      break;
      
   case 'cancel':       
      

      echo "<html><head><title>Canceled</title></head><body><h3>The order was canceled.</h3>";
      echo "</body></html>";
      
      break;
      
   case 'ipn':          
      
      if ($p->validate_ipn()) {
          
          
         // For this example, we'll just email ourselves ALL the data.
         $subject = 'Instant Payment Notification - Recieved Payment';
         $to = 'YOUR EMAIL ADDRESS HERE';    //  your email
         $body =  "An instant payment notification was successfully recieved\n";
         $body .= "from ".$p->ipn_data['payer_email']." on ".date('m/d/Y');
         $body .= " at ".date('g:i A')."\n\nDetails:\n";
         
         foreach ($p->ipn_data as $key => $value) { $body .= "\n$key: $value"; }
         mail($to, $subject, $body);
      }
      break;
}     

?>

 

paypal.class.php

 

<?php
/*******************************************************************************
*                      PHP Paypal IPN Integration Class
*******************************************************************************
*      Author:     Micah Carrick
*      Email:      email@micahcarrick.com
*      Website:    http://www.micahcarrick.com
*
*      File:       paypal.class.php
*      Version:    1.3.0
*      Copyright:  (c) 2005 - Micah Carrick 
*                  You are free to use, distribute, and modify this software 
*                  under the terms of the GNU General Public License.  See the
*                  included license.txt file.
*      
*******************************************************************************
*  VERION HISTORY:
*      v1.3.0 [10.10.2005] - Fixed it so that single quotes are handled the 
*                            right way rather than simple stripping them.  This
*                            was needed because the user could still put in
*                            quotes.
*  
*      v1.2.1 [06.05.2005] - Fixed typo from previous fix 
*
*      v1.2.0 [05.31.2005] - Added the optional ability to remove all quotes
*                            from the paypal posts.  The IPN will come back
*                            invalid sometimes when quotes are used in certian
*                            fields.
*
*      v1.1.0 [05.15.2005] - Revised the form output in the submit_paypal_post
*                            method to allow non-javascript capable browsers
*                            to provide a means of manual form submission.
*
*      v1.0.0 [04.16.2005] - Initial Version
*
*******************************************************************************
*  DESCRIPTION:
*
*      NOTE: See www.micahcarrick.com for the most recent version of this class
*            along with any applicable sample files and other documentaion.
*
*      This file provides a neat and simple method to interface with paypal and
*      The paypal Instant Payment Notification (IPN) interface.  This file is
*      NOT intended to make the paypal integration "plug 'n' play". It still
*      requires the developer (that should be you) to understand the paypal
*      process and know the variables you want/need to pass to paypal to
*      achieve what you want.  
*
*      This class handles the submission of an order to paypal aswell as the
*      processing an Instant Payment Notification.
*  
*      This code is based on that of the php-toolkit from paypal.  I've taken
*      the basic principals and put it in to a class so that it is a little
*      easier--at least for me--to use.  The php-toolkit can be downloaded from
*      http://sourceforge.net/projects/paypal.
*      
*      To submit an order to paypal, have your order form POST to a file with:
*
*          $p = new paypal_class;
*          $p->add_field('business', 'somebody@domain.com');
*          $p->add_field('first_name', $_POST['first_name']);
*          ... (add all your fields in the same manor)
*          $p->submit_paypal_post();
*
*      To process an IPN, have your IPN processing file contain:
*
*          $p = new paypal_class;
*          if ($p->validate_ipn()) {
*          ... (IPN is verified.  Details are in the ipn_data() array)
*          }
*
*
*      In case you are new to paypal, here is some information to help you:
*
*      1. Download and read the Merchant User Manual and Integration Guide from
*         http://www.paypal.com/en_US/pdf/integration_guide.pdf.  This gives 
*         you all the information you need including the fields you can pass to
*         paypal (using add_field() with this class) aswell as all the fields
*         that are returned in an IPN post (stored in the ipn_data() array in
*         this class).  It also diagrams the entire transaction process.
*
*      2. Create a "sandbox" account for a buyer and a seller.  This is just
*         a test account(s) that allow you to test your site from both the 
*         seller and buyer perspective.  The instructions for this is available
*         at https://developer.paypal.com/ as well as a great forum where you
*         can ask all your paypal integration questions.  Make sure you follow
*         all the directions in setting up a sandbox test environment, including
*         the addition of fake bank accounts and credit cards.
* 
*******************************************************************************
*/

class paypal_class {
    
   var $last_error;                 // holds the last error encountered
   
   var $ipn_log;                    // bool: log IPN results to text file?
   
   var $ipn_log_file;               // filename of the IPN log
   var $ipn_response;               // holds the IPN response from paypal   
   var $ipn_data = array();         // array contains the POST values for IPN
   
   var $fields = array();           // array holds the fields to submit to paypal

   
   function paypal_class() {
       
      // initialization constructor.  Called when class is created.
      
      $this->paypal_url = 'https://www.sandbox.paypal.com/cgi-bin/webscr';
      
      $this->last_error = '';
      
      $this->ipn_log_file = '.ipn_results.log';
      $this->ipn_log = true; 
      $this->ipn_response = '';
      
      // populate $fields array with a few default values.  See the paypal
      // documentation for a list of fields and their data types. These defaul
      // values can be overwritten by the calling script.

      $this->add_field('rm','2');           // Return method = POST
      $this->add_field('cmd','_xclick'); 
      
   }
   
   function add_field($field, $value) {
      
      // adds a key=>value pair to the fields array, which is what will be 
      // sent to paypal as POST variables.  If the value is already in the 
      // array, it will be overwritten.
            
      $this->fields["$field"] = $value;
   }

   function submit_paypal_post() {

      echo "<html>\n";
      echo "<head><title>Processing Payment...</title></head>\n";
      echo "<body onLoad=\"document.forms['paypal_form'].submit();\">\n";
      echo "<center><h2>Please wait, your order is being processed and you";
      echo " will be redirected to the paypal website.</h2></center>\n";
      echo "<form method=\"post\" name=\"paypal_form\" ";
      echo "action=\"".$this->paypal_url."\">\n";

      foreach ($this->fields as $name => $value) {
         echo "<input type=\"hidden\" name=\"$name\" value=\"$value\"/>\n";
      }
      echo "<center><br/><br/>If you are not automatically redirected to ";
      echo "paypal within 5 seconds...<br/><br/>\n";
      echo "<input type=\"submit\" value=\"Click Here\"></center>\n";
      
      echo "</form>\n";
      echo "</body></html>\n";
    
   }
   
   function validate_ipn() {

      // parse the paypal URL
      $url_parsed=parse_url($this->paypal_url);        

      // generate the post string from the _POST vars aswell as load the
      // _POST vars into an arry so we can play with them from the calling
      // script.
      $post_string = '';    
      foreach ($_POST as $field=>$value) { 
         $this->ipn_data["$field"] = $value;
         $post_string .= $field.'='.urlencode(stripslashes($value)).'&'; 
      }
      $post_string.="cmd=_notify-validate"; // append ipn command

      // open the connection to paypal
      $fp = fsockopen($url_parsed[host],"80",$err_num,$err_str,30); 
      if(!$fp) {
          
         // could not open the connection.  If loggin is on, the error message
         // will be in the log.
         $this->last_error = "fsockopen error no. $errnum: $errstr";
         $this->log_ipn_results(false);       
         return false;
         
      } else { 

         // Post the data back to paypal
         fputs($fp, "POST $url_parsed[path] HTTP/1.1\r\n"); 
         fputs($fp, "Host: $url_parsed[host]\r\n"); 
         fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n"); 
         fputs($fp, "Content-length: ".strlen($post_string)."\r\n"); 
         fputs($fp, "Connection: close\r\n\r\n"); 
         fputs($fp, $post_string . "\r\n\r\n"); 

         // loop through the response from the server and append to variable
         while(!feof($fp)) { 
            $this->ipn_response .= fgets($fp, 1024); 
         } 

         fclose($fp); // close connection

      }
      
      if (eregi("VERIFIED",$this->ipn_response)) {
  
         // Valid IPN transaction.
         $this->log_ipn_results(true);
         return true;       
         
      } else {
  
         // Invalid IPN transaction.  Check the log for details.
         $this->last_error = 'IPN Validation Failed.';
         $this->log_ipn_results(false);   
         return false;
         
      }
      
   }
   
   function log_ipn_results($success) {
       
      if (!$this->ipn_log) return;  // is logging turned off?
      
      // Timestamp
      $text = '['.date('m/d/Y g:i A').'] - '; 
      
      // Success or failure being logged?
      if ($success) $text .= "SUCCESS!\n";
      else $text .= 'FAIL: '.$this->last_error."\n";
      
      // Log the POST variables
      $text .= "IPN POST Vars from Paypal:\n";
      foreach ($this->ipn_data as $key=>$value) {
         $text .= "$key=$value, ";
      }

      // Log the response from the paypal server
      $text .= "\nIPN Response from Paypal Server:\n ".$this->ipn_response;
      
      // Write to log
      $fp=fopen($this->ipn_log_file,'a');
      fwrite($fp, $text . "\n\n"); 

      fclose($fp);  // close file
   }

   function dump_fields() {

      // Used for debugging, this function will output all the field/value pairs
      // that are currently defined in the instance of the class using the
      // add_field() function.
      
      echo "<h3>paypal_class->dump_fields() Output:</h3>";
      echo "<table width=\"95%\" border=\"1\" cellpadding=\"2\" cellspacing=\"0\">
            <tr>
               <td bgcolor=\"black\"><b><font color=\"white\">Field Name</font></b></td>
               <td bgcolor=\"black\"><b><font color=\"white\">Value</font></b></td>
            </tr>"; 
      
      ksort($this->fields);
      foreach ($this->fields as $key => $value) {
         echo "<tr><td>$key</td><td>".urldecode($value)." </td></tr>";
      }

      echo "</table><br>"; 
   }
}        


?>

 

im trying to post the $usernamee and actually use it but it reffers me to paypal (still with $usernamee in the post data) and when paypal post's sucess back the var is gone :S how do i fix this ?, (im trying to build it into a registeration form)

 

[soak]

Pretty sure it needs to go across as a custom field (a field named custom, it will come back this way too) but it's been a while since I did any paypal stuff.

[jamesxg1]

Pretty sure it needs to go across as a custom field (a field named custom, it will come back this way too) but it's been a while since I did any paypal stuff.

 

Ok, Ermmmm slightly confused there :S, what do you mean ?

[jamesxg1]

could you post some sort of example please ?,

 

do you mean like so. . . .

 

  function add_custom($field, $value) {
      
            
      $this->fields["$field"] = $value;

 

and

 

      $p->add_custom('usernamee', $_POST['usernamee']);

[soak]

Paypal.php

<?php

require_once('paypal.class.php');  
$p = new paypal_class;             
  
$p->paypal_url = 'https://www.sandbox.paypal.com/cgi-bin/webscr';  
    
            
$this_script = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];

if (empty($_GET['action'])) $_GET['action'] = 'process';  

switch ($_GET['action']) {
    
   case 'process':      // Process and order...

            
      $p->add_field('business', 'softwarespin@hotmail.co.uk');
      $p->add_field('return', $this_script.'?action=success');
      $p->add_field('cancel_return', $this_script.'?action=cancel');
      $p->add_field('notify_url', $this_script.'?action=ipn');
      $p->add_field('item_name', 'Paypal Test Transaction');
      $p->add_field('amount', '1.99');
      $p->add_field('currency_code', 'GBP'); 
      $p->add_field('custom', $_POST['usernamee']); // <--- like this

 

im trying to post the $usernamee and actually use it but it reffers me to paypal (still with $usernamee in the post data) and when paypal post's sucess back the var is gone :S how do i fix this ?, (im trying to build it into a registeration form)

 

Like that.

[mrMarcus]

not every posted value can come back using IPN .. but, as mentioned, 'custom' will allow custom values to be posted back .. if you require several custom values to be posted back via IPN, create an array of values within the custom field, ie.

<input type="hidden" name="custom" value="value1-value2-value3" />

where - is separating the values, which then can be exploded and used appropriately by you and your server.

 

that's just an example to pass multiple, custom values with PayPal.

[jamesxg1]

Paypal.php

<?php

require_once('paypal.class.php');  
$p = new paypal_class;             
  
$p->paypal_url = 'https://www.sandbox.paypal.com/cgi-bin/webscr';  
    
            
$this_script = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];

if (empty($_GET['action'])) $_GET['action'] = 'process';  

switch ($_GET['action']) {
    
   case 'process':      // Process and order...

            
      $p->add_field('business', 'softwarespin@hotmail.co.uk');
      $p->add_field('return', $this_script.'?action=success');
      $p->add_field('cancel_return', $this_script.'?action=cancel');
      $p->add_field('notify_url', $this_script.'?action=ipn');
      $p->add_field('item_name', 'Paypal Test Transaction');
      $p->add_field('amount', '1.99');
      $p->add_field('currency_code', 'GBP'); 
      $p->add_field('custom', $_POST['usernamee']); // <--- like this

 

im trying to post the $usernamee and actually use it but it reffers me to paypal (still with $usernamee in the post data) and when paypal post's sucess back the var is gone :S how do i fix this ?, (im trying to build it into a registeration form)

 

Like that.

 

hiya,

 

that worked but i need to post around 13 vars how do i use them seperatly :S ?

[mrMarcus]

^check my post.

 

separate them using a delimiter like - or something .. so, as i mentioned, do something like :

 

<input type="hidden" name="custom" value="variable1-variable2-variable3" />

 

then...

 

$paypal[custom] = explode("-", $_POST['custom']);

 

then use freely as such...

 

$paypal[custom][0]; //is the first value in the $_POST['custom'] array, as set by you in the <input value="variable1" /> field.

 

obviously modify to your script, but that'll work.

[jamesxg1]

^check my post.

 

separate them using a delimiter like - or something .. so, as i mentioned, do something like :

 

<input type="hidden" name="custom" value="variable1-variable2-variable3" />

 

then...

 

$paypal[custom] = explode("-", $_POST['custom']);

 

then use freely as such...

 

$paypal[custom][0]; //is the first value in the $_POST['custom'] array, as set by you in the <input value="variable1" /> field.

 

obviously modify to your script, but that'll work.

 

ok , i understand that but i dont know how to set that up in this script , iv never used paypal in development :S