Jump to content


Photo

PayPal IPN??


  • Please log in to reply
6 replies to this topic

#1 centenial

centenial
  • Members
  • PipPipPip
  • Advanced Member
  • 59 posts

Posted 09 October 2006 - 08:09 PM

Hi,

Is there a way to pass 'additional' information to PayPal? (for example, a 'username' or 'password' that the customer filled out before clicking the 'add to cart' button?)

I've heard of something called PayPal IPN.... would that do it?

Any help would be appreciated.

#2 obsidian

obsidian
  • Staff Alumni
  • Advanced Member
  • 3,202 posts
  • LocationSeattle, WA

Posted 09 October 2006 - 08:49 PM

yes, paypal's IPN (Instant Payment Notification) would allow you to send additional information (limited number of fields, i believe) through to the paypal server which would then be sent back to your script. now, keep in mind that if you're passing name and password, you're really opening yourself up to some security issues. you never want to pass username/password combinations across servers if at all possible. you can come up with some sort of hash that you can pass and then compare when a user purchase is sent back, though. that's typically a bit safer.

good luck!
You can't win, you can't lose, you can't break even... you can't even get out of the game.

<?php
while (count($life->getQuestions()) > 0)
{   $life->study(); } ?>
  LINKS: PHP: Manual MySQL: Manual PostgreSQL: Manual (X)HTML: Validate It! CSS: A List Apart | IE bug fixes | Zen Garden | Validate It! JavaScript: Reference Cards RegEx: Everything RegEx

#3 centenial

centenial
  • Members
  • PipPipPip
  • Advanced Member
  • 59 posts

Posted 10 October 2006 - 01:54 AM

Thanks,

I've been able to get the IPN working (sort of) - It passes everything through fine except for the custom fields.

<?php

// Read the post from PayPal system and add 'cmd'
	$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
	$value 			= urlencode(stripslashes($value));
	$req		   .= "&$key=$value";
}

	// Post back to PayPal system to validate
	$header 		   .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
	$header 		   .= "Content-Type: application/x-www-form-urlencoded\r\n";
	$header 		   .= "Content-Length: " . strlen($req) . "\r\n\r\n";
	$fp 				= fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);

	// Assign posted variables to local variables
	$item_name 			= $_POST['item_name'];
	$item_number 		= $_POST['item_number'];
	$payment_status 	= $_POST['payment_status'];
	$amount_paid	 	= $_POST['mc_gross'];
	$payment_currency 	= $_POST['mc_currency'];
	$txn_id 			= $_POST['txn_id'];
	$pp_account		 	= $_POST['receiver_email'];
	$email 				= $_POST['payer_email'];
	$username 			= $_POST['username'];
	$password 			= $_POST['password'];
	$num_days 			= $_POST['num_days'];
	$order_date 		= time();
	
	/*
	if ($item_name == "Internet Access - 1 Day") {
		$num_days = "1";
	} elseif ($item_name == "Internet Access - 7 Days") {
		$num_days = "7";
	} elseif ($item_name == "Internet Access - 30 Days") {
		$num_days = "30";
	}
	*/

	if (!$fp) {
		// HTTP ERROR
	} else {
		fputs ($fp, $header . $req);
		while (!feof($fp)) {
			$res = fgets ($fp, 1024);
			if (strcmp ($res, "VERIFIED") == 0) {
				// check the payment_status is Completed
				// check that txn_id has not been previously processed
				// check that receiver_email is your Primary PayPal email
				// check that payment_amount/payment_currency are correct
				// process payment
				
				// Insert into DB
				
				include 'includes/common.php';
				dbconn(); // Connect to the database
				
				$sql = "SELECT * FROM accounts WHERE pp_account = '$pp_account'";
				$res = mysql_query($sql);
				
				while ($row = mysql_fetch_array($res)) {
					$business = $row['id'];
				}
				
				$sql = "INSERT INTO user (
						business,
						username,
						password,
						email,
						order_date,
						txn_id,
						amount_paid,
						num_days,
						mac_addr
						) VALUES (
						'$business',
						'$username',
						'$password',
						'$email',
						'$order_date',
						'$txn_id',
						'$amount_paid',
						'$num_days',
						''
						)";
				$res = mysql_query($sql);
			} else if (strcmp ($res, "INVALID") == 0) {
				// log for manual investigation
			}
		}
		fclose ($fp);
	}
?>

Can anyone see anything wrong here? The custom fields are 'username', 'password', and 'num_days'.

Thanks.

#4 obsidian

obsidian
  • Staff Alumni
  • Advanced Member
  • 3,202 posts
  • LocationSeattle, WA

Posted 10 October 2006 - 12:32 PM

it's hard to know exactly what to tell you without knowing how your form is set up, but additional information you are passing should be done so through a "custom" field. here is a discussion on passing multiple values through a single custom field that should help.
You can't win, you can't lose, you can't break even... you can't even get out of the game.

<?php
while (count($life->getQuestions()) > 0)
{   $life->study(); } ?>
  LINKS: PHP: Manual MySQL: Manual PostgreSQL: Manual (X)HTML: Validate It! CSS: A List Apart | IE bug fixes | Zen Garden | Validate It! JavaScript: Reference Cards RegEx: Everything RegEx

#5 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 10 October 2006 - 12:53 PM

ah yes, paypal, the epitome of all evil.  This was my biggest challenge, there are a few way's to do this.

One way I started doing, was using sessions, I simply register a bunch of sessions on the last page before payment, then do all my data work on the thankyou page, and leave a note they have to come back to the site, or they don't get what they pay for.  WHen it comes to the actual ipn, I couldn't get it to work, It was easy setting up ipn, but fighting with there optional parameters, really isn't worth it.

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.


#6 HuggieBear

HuggieBear
  • Members
  • PipPipPip
  • Advanced Member
  • 1,899 posts
  • LocationEngland, UK

Posted 10 October 2006 - 01:01 PM

Can you not insert all the data into your database first, including a uniqueID of some kind, then pass the unique ID to PayPal in the optional field.  When PayPal returns that field, along with the notification of APPROVED or whatever it is they do, then you can use the uniqueID to get all the information that you need back from the database?

Why not just process it first, why post the information to PayPal at all?

Regards
Huggie
Advice to MySQL users: Get phpMyAdmin and test your queries work there first, take half the hassle out of diagnosis, also check the reserved words list.

Links: PHP Docs :: RegEx's :: MySQL :: DevGuru :: w3schools

#7 Daniel0

Daniel0
  • Staff Alumni
  • Advanced Member
  • 11,956 posts

Posted 10 October 2006 - 01:10 PM

If you need to test your application without dealing with real money, you can use the PayPal Developer Central.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users