[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Paypal Payment Methods

Posted on 2016-09-06
Medium Priority
Last Modified: 2016-09-07
What is a paypal payment method that allows payment with a credit card.

Apparently buttons do NOT allow that.

Please provide a link to docs that explain how to set up such a method from a developer viewpoint.

That is, I want to control the programming PRIOR to going to PayPal to pay & get control BACK afterwards with a code or passed parameter or ??? to tell me what has happened.

It seems like (maybe) IPN is what I want to do.

I see a whole bunch of samples, etc., about all the backend code, but NOTHING about the form page where the user specified the credit card info, where the $ amount is expected to be., etc.

Need that too. Hello!!
Question by:Richard Korts
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
LVL 11

Accepted Solution

Andrew Angell earned 2000 total points
ID: 41787136
Payments Standard (buttons) allow for what they call "guest checkout" which is where people can enter a credit card without creating or logging into an account, however, it's not always very obvious to users that this is an option.

Express Checkout allows you to force the guest checkout so that it's more obvious to users, but the payment process still takes place at PayPal's checkout pages.

If you want to process credit cards directly on your site without any redirect to PayPal then you'll need to use Payments Pro or the REST APIs with direct credit card enabled.

Express Checkout, Payments Pro, and REST all use APIs, so they would require back-end coding as opposed to simple HTML forms.

I typically recommend using IPN regardless of how you're integrating payments, or in the case of the REST API they call it Webhooks.  It's just a good way to automate different tasks based on different types of transactions that hit your account (ie. payments, refunds, disputes, etc.)

Author Comment

by:Richard Korts
ID: 41788564

Where can I find DETAILED documentation on how to set up IPN & how to correctly interface with it from a custom php site?

It's amazing how difficult it is to find this information.

Author Comment

by:Richard Korts
ID: 41788595
I must be completely looking at this in the wrong way.

I fond this: https://developer.paypal.com/docs/classic/ipn/integration-guide/IPNandPDTVariables/

NOWHERE in there is there a variable that specifies the credit card number.

That's NUTS!!!
Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

LVL 11

Expert Comment

by:Andrew Angell
ID: 41788693
IPN is a post transaction processing solution.  It's not going to include any sensitive credit card details for security purposes.  There's no reason for you to ever be handling or saving credit card details at that point.

Author Comment

by:Richard Korts
ID: 41788820
So let's assume I have a form with a button (I have NO CLUE) if this is a PayPal button or my own. Or if it matters.

The rest of the fields are hidden, containing the item, the amount, & other things. I think I have figured out enough to get started.

Based on your last response, I'm guessing if I interface with PayPal correctly, they will get the credit card # from the customer.

What I am not clear on is if the action page on the form is the so called "listener" page (sample in code) or some other page that I cannot find a sample of ANYWHERE.

Still amazed that PayPal can be Sooooooooooooo hard to interact with.


// CONFIG: Enable debug mode. This means we'll log requests into 'ipn.log' in the same directory.
// Especially useful if you encounter network errors or other intermittent problems with IPN (validation).
// Set this to 0 once you go live or don't require logging.
define("DEBUG", 1);

// Set to 0 once you're ready to go live
define("USE_SANDBOX", 1);

define("LOG_FILE", "./ipn.log");

// Read POST data
// reading posted data directly from $_POST causes serialization
// issues with array data in POST. Reading raw POST data from input stream instead.
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
	$keyval = explode ('=', $keyval);
	if (count($keyval) == 2)
		$myPost[$keyval[0]] = urldecode($keyval[1]);
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
	$get_magic_quotes_exists = true;
foreach ($myPost as $key => $value) {
	if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
		$value = urlencode(stripslashes($value));
	} else {
		$value = urlencode($value);
	$req .= "&$key=$value";

// Post IPN data back to PayPal to validate the IPN data is genuine
// Without this step anyone can fake IPN data

if(USE_SANDBOX == true) {
	$paypal_url = "https://www.sandbox.paypal.com/cgi-bin/webscr";
} else {
	$paypal_url = "https://www.paypal.com/cgi-bin/webscr";

$ch = curl_init($paypal_url);
if ($ch == FALSE) {
	return FALSE;

curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);

if(DEBUG == true) {
	curl_setopt($ch, CURLOPT_HEADER, 1);
	curl_setopt($ch, CURLINFO_HEADER_OUT, 1);

// CONFIG: Optional proxy configuration
//curl_setopt($ch, CURLOPT_PROXY, $proxy);
//curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);

// Set TCP timeout to 30 seconds
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));

// CONFIG: Please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
// of the certificate as shown below. Ensure the file is readable by the webserver.
// This is mandatory for some environments.

//$cert = __DIR__ . "./cacert.pem";
//curl_setopt($ch, CURLOPT_CAINFO, $cert);

$res = curl_exec($ch);
if (curl_errno($ch) != 0) // cURL error
	if(DEBUG == true) {	
		error_log(date('[Y-m-d H:i e] '). "Can't connect to PayPal to validate IPN message: " . curl_error($ch) . PHP_EOL, 3, LOG_FILE);

} else {
		// Log the entire HTTP response if debug is switched on.
		if(DEBUG == true) {
			error_log(date('[Y-m-d H:i e] '). "HTTP request of validation request:". curl_getinfo($ch, CURLINFO_HEADER_OUT) ." for IPN payload: $req" . PHP_EOL, 3, LOG_FILE);
			error_log(date('[Y-m-d H:i e] '). "HTTP response of validation request: $res" . PHP_EOL, 3, LOG_FILE);

// Inspect IPN validation result and act accordingly

// Split response headers and payload, a better way for strcmp
$tokens = explode("\r\n\r\n", trim($res));
$res = trim(end($tokens));

if (strcmp ($res, "VERIFIED") == 0) {
	// check whether the payment_status is Completed
	// check that txn_id has not been previously processed
	// check that receiver_email is your PayPal email
	// check that payment_amount/payment_currency are correct
	// process payment and mark item as paid.

	// assign posted variables to local variables
	//$item_name = $_POST['item_name'];
	//$item_number = $_POST['item_number'];
	//$payment_status = $_POST['payment_status'];
	//$payment_amount = $_POST['mc_gross'];
	//$payment_currency = $_POST['mc_currency'];
	//$txn_id = $_POST['txn_id'];
	//$receiver_email = $_POST['receiver_email'];
	//$payer_email = $_POST['payer_email'];
	if(DEBUG == true) {
		error_log(date('[Y-m-d H:i e] '). "Verified IPN: $req ". PHP_EOL, 3, LOG_FILE);
} else if (strcmp ($res, "INVALID") == 0) {
	// log for manual investigation
	// Add business logic here which deals with invalid IPN messages
	if(DEBUG == true) {
		error_log(date('[Y-m-d H:i e] '). "Invalid IPN: $req" . PHP_EOL, 3, LOG_FILE);


Open in new window

LVL 11

Expert Comment

by:Andrew Angell
ID: 41788835
The HTML form based payment you are talking about is called Payments Standard.  As I mentioned in my original answer, this does support credit card payments through a PayPal account or with guest checkout, but guest checkout is not obvious to buyers so it's not ideal.

PayPal offers other products to process credit cards directly and make it obvious to buyers that they can pay that way, but these all involve some sort of API integration as opposed to simple HTML forms.

For example, Payments Pro, Payments Advanced, Payments Plus, and REST would all allow you to process credit cards directly, but each would do it in a slightly different way.  You would need to figure out which way best suits your needs, which is a little hard for me to do for you in this broad thread.

I always prefer going with Express Checkout and Payments Pro, so that is what I would recommend.  Again, though, that's going to require API integration.  Not just HTML forms.

IPN is an entirely separate thing.  It does not have anything to do with the payment itself at all.  You would NOT set the action of your HTML form button to the IPN listener.  No matter what payment product you choose you could use IPN to handle the post-transaction data processing automatically.  It's a very powerful tool, but it comes after you have the payments themselves working the way you want.

Author Comment

by:Richard Korts
ID: 41788838
All right, forget IPN.

If I am using a STANDARD button (I just found out from a test), it does allow me to use a credit card; as you say, doesn't make it easy.

I gave it a "return" form value; it returns to the page I specified, but only after a rigamarole.

(1) Can I force it to return automatically?

(2) How can I tell if payment succeeded or not?

Author Comment

by:Richard Korts
ID: 41788862
I figured out the force auto return

Author Closing Comment

by:Richard Korts
ID: 41788875
I am awarding points because of your effort. The question as I posed it was NOT answered.


Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WooCommerce is becoming the most powerful e-commerce plugin for Wordpress. And why not. The platform comprises of numerous core plugins that may come in handy, powerful options to make your website development task much easier.
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question