Solved

Paypal Testing a page

Posted on 2007-12-01
6
573 Views
Last Modified: 2013-11-29
I wish to test a PayPal form I am creating
I cannot send the payment to myself as this is not allowed.
I have tried changing the paypal send address from
  <form target="paypal" action="https://www.paypal.com/cgi-bin/webscr" method="post">
  To:
<form target="paypal" action="https://www.test-payflow.verisign.com" method="post">
But this brings the error Page cannot be displayed
I am taking instruction from https://www.paypal.com/en_US/pdf/PayflowPro_Simulator_Guide.pdf
Any further ideas welcome
Thanks John
The code I have so far is
 <p class="list" >Please enter the following details:</p>
  <input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="upload" value="1">
<input type="hidden" name="business" value="info@xxxx.co.uk">
<input type="hidden" name="amount" value="0.10">
<input type="hidden" name="currency_code" value="GBP">
<input type="hidden" name="item_name" value="Details ">
<input type="hidden" name="item_number" id="item_number" value=""></p></td>
  </tr>
  <tr>
    <td valign="top">&nbsp;</td>
    <td width="26%" valign="top" class="list">First Name</td>
    <td width="61%" valign="top" class="list"><label>
      <input type="text" name="FIRSTNAME" id="FIRSTNAME">
    </label></td>
  </tr>
  <tr>
    <td valign="top">&nbsp;</td>
    <td valign="top" class="list">Last Name</td>
    <td valign="top" class="list"><input type="text" name="LASTNAME" id="LASTNAME"></td>
  </tr>
  <tr>
    <td valign="top">&nbsp;</td>
    <td valign="top" class="list">Email</td>
    <td valign="top" class="list"><label>
    <input type="text" name="EMAIL" id="EMAIL">
    </label></td>
  </tr>
  <tr>
    <td valign="top">&nbsp;</td>
    <td valign="top" class="list">Number from email</td>
    <td valign="top" class="list"><input type="text" name="Comment1" id="Comment1"></td>
  </tr>
  <tr>
0
Comment
Question by:johnhardy
  • 4
  • 2
6 Comments
 

Author Comment

by:johnhardy
ID: 20387931
I managed to get a little further by using
<form target="paypal" action="https://www.sandbox.paypal.com/uk/cgi-bin/webscr" method="post"> but cannot get
FirstName
LastName
email
or Comment1 appearing on the incoming email?
0
 
LVL 1

Expert Comment

by:manchester_info_services
ID: 20419052
Hi,

In real time implementation you need to set the following in your paypal business account profile area.
You need to set the notify url on and a custom url to send notifications for processing your data (for database and site log.)
You need to set a a return url on to take your customer after payment( thanks for paying etc)

You can set both urls in the program itself for changing the default urls.

Paypal is providing standard ipn (instant payment notification) kit for you to develop the so discussed part.

Again if you have a paypal sandbox account in developer area, you can create demo sender and receiver accounts.

If you want to get custom data you need to pass vaiables to the paypal server via curl post etc.
Its 3 level process.

One you are reditecting your user to paypal site with filled form data as simple http post method. Paypal process that data and sends your server with status mesassage , your server again need to curl post with same data, for security purpose.
Paypal finally sending you a data verified. If you are getting such a data in your notify url , , same time you will get all posted values as well.

You can easily trach the data as paypal verified that transaction as genuine.

I'm happy to give more clarification.

Regards,
Najeem M Illyas
0
 
LVL 1

Accepted Solution

by:
manchester_info_services earned 500 total points
ID: 20419127
Hi further to my last post:

1) paypal payment form
[code]

<form  action="https://www.paypal.com/cgi-bin/webscr" method="post" name="paypalform">
<div class="panel">
      <div class="inner"><span class="corners-top"><span></span></span>
      <fieldset class="fields2">
      <!-- IF ERROR --><dl><dd class="error">{ERROR}</dd></dl><!-- ENDIF -->
      <dl>
            <dt><label for="username">Processing...</label></dt>
            <dd>
      
            <input type="hidden" name="business" value="seena83uk@yahoo.co.uk">
            <input type="hidden" name="cmd" value="_xclick">
            <input type="hidden" name="return" value="http://192.168.0.1/newweb/cpanel.php?i=accounts&mode=deposit&status=wsuccess">
            <input type="hidden" name="cancel_return" value="http://192.168.0.1/newweb/cpanel.php?i=accounts&mode=deposit&status=wcancelled">
            <input type="hidden" name="notify_url" value="http://192.168.0.1/newweb/fwrite.php?userid={USER_ID}&trans={CUSTOM}">
            <input type="hidden" name="rm" value="2">
            <input type="hidden" name="userid" value="{USER_ID}">
            <input type="hidden" name="no_shipping" value="0">
            <input type="hidden" name="no_note" value="1">
            <input type="hidden" name="currency_code" value="USD">
            <input type="hidden" name="lc" value="IN">
            <input type="hidden" name="item_name" value="{ITEMNAME}">
            <input type="hidden" name="item_number" value="{ITEMNUMBER}">      
            <input type="hidden" name="amount" size="15" value="{AMOUNT}" />
            <input type="hidden" name="custom" value="{CUSTOM}">
            <input type="hidden" name="bn" value="PP-BuyNowBF">
</dd>
      </dl>
      
      
      </fieldset>

            <fieldset class="submit-buttons">
            
      </fieldset>

      <span class="corners-bottom"><span></span></span></div>
      </div>
      
</form>


[/code]

2 cancelled url:

[code]

<div class="panel">
      <div class="inner"><span class="corners-top"><span></span></span>
      <fieldset class="fields2">
      <dl>
            <dt>&nbsp;</dt>
            <dd>INVALID TRANSACTION
      <br /><br /><br /><br /><br /><br /><br />
            
</dd>
      </dl>
      
      
      </fieldset>

            
      <span class="corners-bottom"><span></span></span></div>
      </div>

[/code]

3) return url (Success url:)

same as above with success message (your custom message)

4) notify url (exactly as in my application)

[code]

$postdata="";



//your database parameters goes here

//posts transaction data using libCurl

function libCurlPost($url,$data)  
{

//build post string

foreach($data as $i=>$v)
      {
      
      $postdata.= $i . "=" . urlencode($v) . "&";
      
      }

$postdata.="cmd=_notify-validate";

$ch=curl_init();

curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,FALSE);
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_POST,1);
curl_setopt($ch,CURLOPT_POSTFIELDS,$postdata);

//Start ob to prevent curl_exec from displaying stuff.
ob_start();
curl_exec($ch);

//Get contents of output buffer
$info=ob_get_contents();
curl_close($ch);

//End ob and erase contents.
ob_end_clean();

return $info;

}
$paypal['post_method']="libCurl";
$paypal['url']="https://www.paypal.com/cgi-bin/webscr";
//
function postedvalues($data)
{
foreach($data as $i=>$v)
      {
      
      $postdata.= $i . "=" . urlencode($v) . "&";
      
      }
      return $postdata;
}

switch($paypal['post_method'])
{
case "libCurl": //php compiled with libCurl support
$result=libCurlPost($paypal['url'],$_POST);
break;
}
if(eregi("VERIFIED",$result))
{
$mylog = " success  :: \r\n";
$mylog.= " userid: ".$_GET['userid']."\r\n";
$mylog.= " Amount: ";
$mylog.= $_POST['mc_currency']." ".$_POST['mc_gross']."\r\n";
$mylog.= " paypal fee: ".$_POST['mc_fee']."\r";
$mylog.= " payment status: ".$_POST['payment_status']."\r\n";
$mylog.= " business Email: ".$_POST['business']."\r\n";
$mylog.= " payer email: ".$_POST['payer_email']."\r\n";
$mylog.= " transaction id: ".$_GET['trans']."\r\n";
$mylog.= " payment status: ".$_POST['payment_status']."\r\n";
$mylog.= " address country: ".$_POST['address_country']."\r\n";
$mylog.= " address city: ".$_POST['address_city']."\r\n";
$mylog.= " payment date: ".$_POST['payment_date']."\r\n";
$mylog.= " Custom ID: ".$_GET['trans']."\r\n";
$mylog.= "----------------------------------------------\r\n";

$fp = fopen('paypallog.log','a+');
fwrite($fp,$mylog,4096);
fclose($fp);

            global $config, $smart_public_html, $phpEx;
            global $db, $user, $auth, $cache, $template;
            $trans = $_GET['trans'];
            //code for cross checking paypal posted data with original database data
            $sql = "SELECT COUNT(*) AS transcount FROM ".PAYPAL_DETAILS_TABLE." WHERE userid = ".$_GET['userid']." AND custom = '".$trans."'";
            $result = $db->sql_query($sql);
            $row = $db->sql_fetchrow($result);
            $db->sql_freeresult($result);
            
            if($row['transcount'] == 1)
            {
            
            $sql = "SELECT * FROM ".PAYPAL_DETAILS_TABLE." WHERE userid = ".$_GET['userid']." AND custom = '".$trans."'";
            $result = $db->sql_query($sql);
            $row2 = $db->sql_fetchrow($result);
            $db->sql_freeresult($result);
            
                  
                  if((trim($_GET['userid']) == trim($row2['userid'])) && trim(($_GET['trans']) == trim($row2['custom'])))
                  {
                  
                  if($_POST['payment_status'] == 'Completed')
                        {
                                                
                        $status = 'deposit';
                        }
                        elseif($_POST['payment_status'] == 'Refunded')
                        {
                        $status = 'Refunded';
                        }
                        else
                        {
                        $status = 'paypal_pending';
                        }
                        $sql = "INSERT INTO ".CASH_ACC_TABLE." ( user_id , amount_in , amount_out , date , mode , send_receive ) VALUES (".$_GET['userid'].", ".$_POST['mc_gross'].", '0', ".time().", '".$status."', '0' )";
                        $db->sql_query($sql);
                        
                  }
            }
            
}
elseif(eregi("INVALID",$result))
{
$mylog = "2 invalid :: \r";
$fp = fopen('paypallog.log','a+');
fwrite($fp,$mylog,4096);
fclose($fp);
      

}
else
{
$mylog = "failed :: \r";
$fp = fopen('paypallog.log','a+');
fwrite($fp,$mylog,4096);
fclose($fp);
}

[/code]

Again I will explain each in detail to get your code working.

Regards,
Najeem M Illyas
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:johnhardy
ID: 20419234
Many thanks Najeem
I will have a go!
0
 

Author Comment

by:johnhardy
ID: 20476666
Sorry to be so long on this but I have corrupted a hard disc so problems!
0
 

Author Comment

by:johnhardy
ID: 20577966
Thanks manchester_info_services for the help.

I did get my page working satisfactorily eventually with your extensive help.
I used some parts and ideas in the build up which were very helpful to me.
Sorry to be so long in coming back but the hard disc failure rather set me back more than I wanted.
Regards
John
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
I've been asked to discuss some of the UX activities that I'm using with my team. Here I will share some details about how we approach UX projects.
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now