Lch Posted August 4, 2014 Share Posted August 4, 2014 Hi guys I am now current trying to implement Paypal sandbox in my website for testing. I used the form generated by Paypal and it worked. However, I wish to make it more secure by verifying the POST details against my database first before posting to Paypal. I have read on the internet for a few days and download a few sample codes to try out, however I still dun understand how it works. The thing I read on is IPN (Instant Payment Notification) for Paypal. Am I reading the right thing? If I am can anyone help me out cause I do not really understand part of it. Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted August 4, 2014 Share Posted August 4, 2014 i'm guess that you mean you tried using generated buy now/add to cart/check out buttons and you would like to change this so that the cart is built on your site, with the contents being stored in a database, then when the cart is finalized, you display the complete cart contents in a form that paypal expects, with a check out button that takes the visitor to the paypal site to finalize the order? if so, you would write (or find a script) to implement the cart on your site, then see the paypal cart upload command to submit the cart information and take the visitor to the paypal site - https://developer.paypal.com/webapps/developer/docs/classic/paypal-payments-standard/integration-guide/cart_upload/ Quote Link to comment Share on other sites More sharing options...
Lch Posted August 5, 2014 Author Share Posted August 5, 2014 i'm guess that you mean you tried using generated buy now/add to cart/check out buttons and you would like to change this so that the cart is built on your site, with the contents being stored in a database, then when the cart is finalized, you display the complete cart contents in a form that paypal expects, with a check out button that takes the visitor to the paypal site to finalize the order? if so, you would write (or find a script) to implement the cart on your site, then see the paypal cart upload command to submit the cart information and take the visitor to the paypal site - https://developer.paypal.com/webapps/developer/docs/classic/paypal-payments-standard/integration-guide/cart_upload/ Erm nope. I am not trying to make a cart. I currently have the Paypal payment form and it's working. However I wished to make it more secure by checking the details of the form against my database details before it is posted to Paypal. Quote Link to comment Share on other sites More sharing options...
fastsol Posted August 5, 2014 Share Posted August 5, 2014 I understand completely what you are trying to do. I honestly don't know how to take the $_POST info, verify it and then send to a specific url like paypal. I would imagine you could use something like curl to send it after verification but my knowledge in that is limited. What I actually do in my cms I built is just let the transaction take place and then in the admin panel I have the trans flagged if the numbers don't match up when the IPN posts the data back to me. So basically when the IPN sends you the info, you do all your checks there instead and simply flag the trans if it doesn't add up to your calculations. I would generally say that anyone that is willing to give you money via paypal isn't generally going to know how to mess with the code. Plus paypal always sends you an invoice email for each trans anyway, you could easily verify that an amount paid doesn't look correct to what you actually charge. Quote Link to comment Share on other sites More sharing options...
davidannis Posted August 6, 2014 Share Posted August 6, 2014 You get a bunch of data from PayPal via IPN. It comes as $_POST. First step is to sanitize that data and send it back to them via curl and they will verify that they sent it. (They provide sample code that does that). In their sample code the curl response is stored in $res. First you look for VERIFIED at the start of $res. If $res is not VERIFIED -- log the transaction and investigate. If the data you got is what they sent you can compare the various values to what you were expecting to get. I would look at payment_status to make sure it shows completed and mc_gross (how much the total transaction was for) mc_currency. I use a pass through variable invoice that I pass a unique value to them and they pass it back to match the transaction in my database. They warn you to do your DB updates after the curl verification because it times out pretty quickly if they send data and are not asked for a confirm. A complete list of all the data that they may send you is at https://developer.paypal.com/docs/classic/ipn/integration-guide/IPNandPDTVariables/ Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.