[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 409
  • Last Modified:

Pay Pal IPN integration

Hi,

I'm looking at integrating my custom shopping cart to the paypay payment gateway using Instant Payment Notification.

Has anyone got any sample code, I'm using php.

I need a few things clarified that I can't find on the paypal support docs.

Basically, my shopping cart produces an array for each Item (ID, Price, Name etc...)

what is the best way to integrate this with IPN, and what are the minimum variables paypal requires?

Any help is much appreciated.

Thanks

Dbb
0
DBB
Asked:
DBB
  • 2
  • 2
1 Solution
 
punkstarCommented:
Okay...i am currently building a paypal IPN script for my organisation.  The basic idea behind it is that you need to get the $_POST variables sent by paypal, you send them back to them, and then they tell you the status of the request (wether it was VERIFIED or INVALID.  If the result is VERIFIED, then as far as I can tell, you can count the data as being valid.

So first we need to gather all of the data that was sent, and then send it back to them.

<?php
$vars = "cmd=_notify-validate";
$paypal = $_POST;

foreach($_POST as $key => $value)
{
  $vars .= "&".$key."=".$value;
}
$port = fsockopen ("www.paypal.com", 80, $errno, $errstr, 30);
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n"."Host: www.paypal.com\r\n"."Content-Type: application/x-www-form-urlencoded\r\n"."Content-Length: " . strlen($vars) . "\r\n\r\n";

//check that the connection could be made
if(!$port && !$error)
{
  echo "Problem: Error Number: " . $errno . " Error String: " . $errstr;
}
else
{
  fputs ($port, $header . $vars);
    while (!feof($port))
        {
      $reply = fgets ($port, 1024);
      $reply = trim ($reply);
    }
}
?>

I got this code, and adapted it from http://www.belahost.com/pp/

Then the $reply variable will either be == "VERIFIED" or "INVALID".

you can use this variable to check wether the information that was sent to you is exactly the same as the data the paypal sent you.  You must do this to stop hackers and exploiters sending stray POST's to your script, and then your script would update your database or whatever with the thought that they have paid, but really they have not.

to try and explain that a bit more clearly, anyone can do what paypal does to your script, basically it send a set of variables to you script. if someone else did this, then they could be sending you information that isnt true.  Maybe they sent you the information that one of your clients has paid, when he hasnt.  this can lead to people dodging payments.  so you send the variables to paypal to check them out, if the variables are correct, paypal will verify you, or otherwise invalid it. this response is stored in $result with this script...

It is then important that you check these things (as stated on belahost)

/* Now that IPN was VERIFIED below are a few things which you may want to do at this point.
 1. Check that the "payment_status" variable is: "Completed"
 2. If it is Pending you may want to wait or inform your customer?
 3. You should Check your datebase to ensure this "txn_id" or "subscr_id" is not a duplicate. txn_id is not sent with subscriptions!
 4. Check "payment_gross" or "mc_gross" matches match your prices!
 5. You definately want to check the "receiver_email" or "business" is yours.
*/

I strongly suggest that you download paypal.php on the link i gave you!

Hope this helps man.

punkstar
0
 
DBBAuthor Commented:
Thanks Punkstar,

I'm looking into this and will get back to you (probably for more help!)

Thanks

Dbb
0
 
punkstarCommented:
No problem...this has been hurting my head too!

I am not a pro at IPN, but once you get the gist (jist?) and have some idea of what you are doing explained on your level, then its all good.

-Punkstar
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now