Paypal integration

[liamloveslearning]

Hey everyone,

 

Not sure if this is in the correct board but it is php related..

Ive recently built a website for a client where users can register and upload photos (Similar to Flickr). On my index page I have 1 image, the most downloaded picture over the last month. I need to integrate paypal somehow and take customers to the paypal page where they pay, upon payment they are then emailed a direct link to the image they want.

 

Ive seen the generate buy now button code but as each image has a unique id, the html being static wouldnt work.

 

How would I develop this? Would I pass the image ID to paypal, then the paypal return url would get the data from a url variable and trigger the email? If everything is passed through the url wouldnt this pose serious securiity threats also?

 

If anybody has had experience with this in the past It would be a huge help!, Thanks in advance guys...

[mrMarcus]

look into IPN (Instant Payment Notification)

[liamloveslearning]

Thanks mrMarcus, Ive built a handler page using the sample code but how does it receive the picture id etc from paypal? ate they carried through the url?

[mrMarcus]

Paypal has a few variables you can use in a postback fashion; 'custom' being one of them.  here's what i'd do.

 

you're going to need to pass it via the form using the 'custom' input variable, and then using an IPN file, you can do whatever you like with it.  see below.

 

1. where $picture_id is the respective picture id (use whatever vairable you're already using)

2. 'notify_url' is your IPN file.  in this file (which is stored on your server), is any custom code

you want to have executed upon a successful transaction, ie. email a user/payee a specific link regarding

an image they just purchaed or something.  so, in that file would be a mail() function.

of course, you would have to capture the users email address in order for that to work, so just check other input

fields paypal allows you to use, or just append it to the custom field using a common delimiter and then explode in the ipn.php

 

<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="custom" value="<?php echo $picture_id; ?>" />
<input type="hidden" name="notify_url" value="http://www.your-site.com/path/to/ipn.php" />

<!-- rest of form inputs... -->
</form>

 

now you're set.

[liamloveslearning]

That's brilliant mrMarcus,

 

I have created what you show above only I'm concerned with data being held in hidden fields, such as the price of the picture that they may be exploited, Ill have to study it a bit more i think, Thanks again 

[mrMarcus]

ya, you should verify any sensitive data such as a price before allowing it to go to paypal.  or, set something up in your IPN which will verify, and if the price has been tampered with, don't send the link/supply service, etc.

 

paypal offers encrypted "buttons" which hide the price so it cannot be altered. have a look into that.  for that, you need to login to your account and make the changes there.