[Webinar] Streamline your web hosting managementRegister Today

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 129
  • Last Modified:

Paypal Payment Methods

What is a paypal payment method that allows payment with a credit card.

Apparently buttons do NOT allow that.

Please provide a link to docs that explain how to set up such a method from a developer viewpoint.

That is, I want to control the programming PRIOR to going to PayPal to pay & get control BACK afterwards with a code or passed parameter or ??? to tell me what has happened.

It seems like (maybe) IPN is what I want to do.

I see a whole bunch of samples, etc., about all the backend code, but NOTHING about the form page where the user specified the credit card info, where the $ amount is expected to be., etc.

Need that too. Hello!!
Richard Korts
Richard Korts
  • 6
  • 3
1 Solution
Andrew AngellCo-Owner / DeveloperCommented:
Payments Standard (buttons) allow for what they call "guest checkout" which is where people can enter a credit card without creating or logging into an account, however, it's not always very obvious to users that this is an option.

Express Checkout allows you to force the guest checkout so that it's more obvious to users, but the payment process still takes place at PayPal's checkout pages.

If you want to process credit cards directly on your site without any redirect to PayPal then you'll need to use Payments Pro or the REST APIs with direct credit card enabled.

Express Checkout, Payments Pro, and REST all use APIs, so they would require back-end coding as opposed to simple HTML forms.

I typically recommend using IPN regardless of how you're integrating payments, or in the case of the REST API they call it Webhooks.  It's just a good way to automate different tasks based on different types of transactions that hit your account (ie. payments, refunds, disputes, etc.)
Richard KortsAuthor Commented:

Where can I find DETAILED documentation on how to set up IPN & how to correctly interface with it from a custom php site?

It's amazing how difficult it is to find this information.
Richard KortsAuthor Commented:
I must be completely looking at this in the wrong way.

I fond this: https://developer.paypal.com/docs/classic/ipn/integration-guide/IPNandPDTVariables/

NOWHERE in there is there a variable that specifies the credit card number.

That's NUTS!!!
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Andrew AngellCo-Owner / DeveloperCommented:
IPN is a post transaction processing solution.  It's not going to include any sensitive credit card details for security purposes.  There's no reason for you to ever be handling or saving credit card details at that point.
Richard KortsAuthor Commented:
So let's assume I have a form with a button (I have NO CLUE) if this is a PayPal button or my own. Or if it matters.

The rest of the fields are hidden, containing the item, the amount, & other things. I think I have figured out enough to get started.

Based on your last response, I'm guessing if I interface with PayPal correctly, they will get the credit card # from the customer.

What I am not clear on is if the action page on the form is the so called "listener" page (sample in code) or some other page that I cannot find a sample of ANYWHERE.

Still amazed that PayPal can be Sooooooooooooo hard to interact with.


// CONFIG: Enable debug mode. This means we'll log requests into 'ipn.log' in the same directory.
// Especially useful if you encounter network errors or other intermittent problems with IPN (validation).
// Set this to 0 once you go live or don't require logging.
define("DEBUG", 1);

// Set to 0 once you're ready to go live
define("USE_SANDBOX", 1);

define("LOG_FILE", "./ipn.log");

// Read POST data
// reading posted data directly from $_POST causes serialization
// issues with array data in POST. Reading raw POST data from input stream instead.
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
	$keyval = explode ('=', $keyval);
	if (count($keyval) == 2)
		$myPost[$keyval[0]] = urldecode($keyval[1]);
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
	$get_magic_quotes_exists = true;
foreach ($myPost as $key => $value) {
	if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
		$value = urlencode(stripslashes($value));
	} else {
		$value = urlencode($value);
	$req .= "&$key=$value";

// Post IPN data back to PayPal to validate the IPN data is genuine
// Without this step anyone can fake IPN data

if(USE_SANDBOX == true) {
	$paypal_url = "https://www.sandbox.paypal.com/cgi-bin/webscr";
} else {
	$paypal_url = "https://www.paypal.com/cgi-bin/webscr";

$ch = curl_init($paypal_url);
if ($ch == FALSE) {
	return FALSE;

curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);

if(DEBUG == true) {
	curl_setopt($ch, CURLOPT_HEADER, 1);
	curl_setopt($ch, CURLINFO_HEADER_OUT, 1);

// CONFIG: Optional proxy configuration
//curl_setopt($ch, CURLOPT_PROXY, $proxy);
//curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);

// Set TCP timeout to 30 seconds
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));

// CONFIG: Please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
// of the certificate as shown below. Ensure the file is readable by the webserver.
// This is mandatory for some environments.

//$cert = __DIR__ . "./cacert.pem";
//curl_setopt($ch, CURLOPT_CAINFO, $cert);

$res = curl_exec($ch);
if (curl_errno($ch) != 0) // cURL error
	if(DEBUG == true) {	
		error_log(date('[Y-m-d H:i e] '). "Can't connect to PayPal to validate IPN message: " . curl_error($ch) . PHP_EOL, 3, LOG_FILE);

} else {
		// Log the entire HTTP response if debug is switched on.
		if(DEBUG == true) {
			error_log(date('[Y-m-d H:i e] '). "HTTP request of validation request:". curl_getinfo($ch, CURLINFO_HEADER_OUT) ." for IPN payload: $req" . PHP_EOL, 3, LOG_FILE);
			error_log(date('[Y-m-d H:i e] '). "HTTP response of validation request: $res" . PHP_EOL, 3, LOG_FILE);

// Inspect IPN validation result and act accordingly

// Split response headers and payload, a better way for strcmp
$tokens = explode("\r\n\r\n", trim($res));
$res = trim(end($tokens));

if (strcmp ($res, "VERIFIED") == 0) {
	// check whether the payment_status is Completed
	// check that txn_id has not been previously processed
	// check that receiver_email is your PayPal email
	// check that payment_amount/payment_currency are correct
	// process payment and mark item as paid.

	// assign posted variables to local variables
	//$item_name = $_POST['item_name'];
	//$item_number = $_POST['item_number'];
	//$payment_status = $_POST['payment_status'];
	//$payment_amount = $_POST['mc_gross'];
	//$payment_currency = $_POST['mc_currency'];
	//$txn_id = $_POST['txn_id'];
	//$receiver_email = $_POST['receiver_email'];
	//$payer_email = $_POST['payer_email'];
	if(DEBUG == true) {
		error_log(date('[Y-m-d H:i e] '). "Verified IPN: $req ". PHP_EOL, 3, LOG_FILE);
} else if (strcmp ($res, "INVALID") == 0) {
	// log for manual investigation
	// Add business logic here which deals with invalid IPN messages
	if(DEBUG == true) {
		error_log(date('[Y-m-d H:i e] '). "Invalid IPN: $req" . PHP_EOL, 3, LOG_FILE);


Open in new window

Andrew AngellCo-Owner / DeveloperCommented:
The HTML form based payment you are talking about is called Payments Standard.  As I mentioned in my original answer, this does support credit card payments through a PayPal account or with guest checkout, but guest checkout is not obvious to buyers so it's not ideal.

PayPal offers other products to process credit cards directly and make it obvious to buyers that they can pay that way, but these all involve some sort of API integration as opposed to simple HTML forms.

For example, Payments Pro, Payments Advanced, Payments Plus, and REST would all allow you to process credit cards directly, but each would do it in a slightly different way.  You would need to figure out which way best suits your needs, which is a little hard for me to do for you in this broad thread.

I always prefer going with Express Checkout and Payments Pro, so that is what I would recommend.  Again, though, that's going to require API integration.  Not just HTML forms.

IPN is an entirely separate thing.  It does not have anything to do with the payment itself at all.  You would NOT set the action of your HTML form button to the IPN listener.  No matter what payment product you choose you could use IPN to handle the post-transaction data processing automatically.  It's a very powerful tool, but it comes after you have the payments themselves working the way you want.
Richard KortsAuthor Commented:
All right, forget IPN.

If I am using a STANDARD button (I just found out from a test), it does allow me to use a credit card; as you say, doesn't make it easy.

I gave it a "return" form value; it returns to the page I specified, but only after a rigamarole.

(1) Can I force it to return automatically?

(2) How can I tell if payment succeeded or not?
Richard KortsAuthor Commented:
I figured out the force auto return
Richard KortsAuthor Commented:
I am awarding points because of your effort. The question as I posed it was NOT answered.


Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now