Solved

Paypal Payment Methods

Posted on 2016-09-06
9
46 Views
Last Modified: 2016-09-07
What is a paypal payment method that allows payment with a credit card.

Apparently buttons do NOT allow that.

Please provide a link to docs that explain how to set up such a method from a developer viewpoint.

That is, I want to control the programming PRIOR to going to PayPal to pay & get control BACK afterwards with a code or passed parameter or ??? to tell me what has happened.

It seems like (maybe) IPN is what I want to do.

I see a whole bunch of samples, etc., about all the backend code, but NOTHING about the form page where the user specified the credit card info, where the $ amount is expected to be., etc.

Need that too. Hello!!
0
Comment
Question by:Richard Korts
  • 6
  • 3
9 Comments
 
LVL 11

Accepted Solution

by:
Andrew Angell earned 500 total points
ID: 41787136
Payments Standard (buttons) allow for what they call "guest checkout" which is where people can enter a credit card without creating or logging into an account, however, it's not always very obvious to users that this is an option.

Express Checkout allows you to force the guest checkout so that it's more obvious to users, but the payment process still takes place at PayPal's checkout pages.

If you want to process credit cards directly on your site without any redirect to PayPal then you'll need to use Payments Pro or the REST APIs with direct credit card enabled.

Express Checkout, Payments Pro, and REST all use APIs, so they would require back-end coding as opposed to simple HTML forms.

I typically recommend using IPN regardless of how you're integrating payments, or in the case of the REST API they call it Webhooks.  It's just a good way to automate different tasks based on different types of transactions that hit your account (ie. payments, refunds, disputes, etc.)
0
 

Author Comment

by:Richard Korts
ID: 41788564
Andrew,

Where can I find DETAILED documentation on how to set up IPN & how to correctly interface with it from a custom php site?

It's amazing how difficult it is to find this information.
0
 

Author Comment

by:Richard Korts
ID: 41788595
I must be completely looking at this in the wrong way.

I fond this: https://developer.paypal.com/docs/classic/ipn/integration-guide/IPNandPDTVariables/

NOWHERE in there is there a variable that specifies the credit card number.

That's NUTS!!!
0
 
LVL 11

Expert Comment

by:Andrew Angell
ID: 41788693
IPN is a post transaction processing solution.  It's not going to include any sensitive credit card details for security purposes.  There's no reason for you to ever be handling or saving credit card details at that point.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:Richard Korts
ID: 41788820
So let's assume I have a form with a button (I have NO CLUE) if this is a PayPal button or my own. Or if it matters.

The rest of the fields are hidden, containing the item, the amount, & other things. I think I have figured out enough to get started.

Based on your last response, I'm guessing if I interface with PayPal correctly, they will get the credit card # from the customer.

What I am not clear on is if the action page on the form is the so called "listener" page (sample in code) or some other page that I cannot find a sample of ANYWHERE.

Still amazed that PayPal can be Sooooooooooooo hard to interact with.

<?php

// CONFIG: Enable debug mode. This means we'll log requests into 'ipn.log' in the same directory.
// Especially useful if you encounter network errors or other intermittent problems with IPN (validation).
// Set this to 0 once you go live or don't require logging.
define("DEBUG", 1);

// Set to 0 once you're ready to go live
define("USE_SANDBOX", 1);


define("LOG_FILE", "./ipn.log");


// Read POST data
// reading posted data directly from $_POST causes serialization
// issues with array data in POST. Reading raw POST data from input stream instead.
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
	$keyval = explode ('=', $keyval);
	if (count($keyval) == 2)
		$myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
	$get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {
	if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
		$value = urlencode(stripslashes($value));
	} else {
		$value = urlencode($value);
	}
	$req .= "&$key=$value";
}

// Post IPN data back to PayPal to validate the IPN data is genuine
// Without this step anyone can fake IPN data

if(USE_SANDBOX == true) {
	$paypal_url = "https://www.sandbox.paypal.com/cgi-bin/webscr";
} else {
	$paypal_url = "https://www.paypal.com/cgi-bin/webscr";
}

$ch = curl_init($paypal_url);
if ($ch == FALSE) {
	return FALSE;
}

curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);

if(DEBUG == true) {
	curl_setopt($ch, CURLOPT_HEADER, 1);
	curl_setopt($ch, CURLINFO_HEADER_OUT, 1);
}

// CONFIG: Optional proxy configuration
//curl_setopt($ch, CURLOPT_PROXY, $proxy);
//curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);

// Set TCP timeout to 30 seconds
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));

// CONFIG: Please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
// of the certificate as shown below. Ensure the file is readable by the webserver.
// This is mandatory for some environments.

//$cert = __DIR__ . "./cacert.pem";
//curl_setopt($ch, CURLOPT_CAINFO, $cert);

$res = curl_exec($ch);
if (curl_errno($ch) != 0) // cURL error
	{
	if(DEBUG == true) {	
		error_log(date('[Y-m-d H:i e] '). "Can't connect to PayPal to validate IPN message: " . curl_error($ch) . PHP_EOL, 3, LOG_FILE);
	}
	curl_close($ch);
	exit;

} else {
		// Log the entire HTTP response if debug is switched on.
		if(DEBUG == true) {
			error_log(date('[Y-m-d H:i e] '). "HTTP request of validation request:". curl_getinfo($ch, CURLINFO_HEADER_OUT) ." for IPN payload: $req" . PHP_EOL, 3, LOG_FILE);
			error_log(date('[Y-m-d H:i e] '). "HTTP response of validation request: $res" . PHP_EOL, 3, LOG_FILE);
		}
		curl_close($ch);
}

// Inspect IPN validation result and act accordingly

// Split response headers and payload, a better way for strcmp
$tokens = explode("\r\n\r\n", trim($res));
$res = trim(end($tokens));

if (strcmp ($res, "VERIFIED") == 0) {
	// check whether the payment_status is Completed
	// check that txn_id has not been previously processed
	// check that receiver_email is your PayPal email
	// check that payment_amount/payment_currency are correct
	// process payment and mark item as paid.

	// assign posted variables to local variables
	//$item_name = $_POST['item_name'];
	//$item_number = $_POST['item_number'];
	//$payment_status = $_POST['payment_status'];
	//$payment_amount = $_POST['mc_gross'];
	//$payment_currency = $_POST['mc_currency'];
	//$txn_id = $_POST['txn_id'];
	//$receiver_email = $_POST['receiver_email'];
	//$payer_email = $_POST['payer_email'];
	
	if(DEBUG == true) {
		error_log(date('[Y-m-d H:i e] '). "Verified IPN: $req ". PHP_EOL, 3, LOG_FILE);
	}
} else if (strcmp ($res, "INVALID") == 0) {
	// log for manual investigation
	// Add business logic here which deals with invalid IPN messages
	if(DEBUG == true) {
		error_log(date('[Y-m-d H:i e] '). "Invalid IPN: $req" . PHP_EOL, 3, LOG_FILE);
	}
}

?>

Open in new window

0
 
LVL 11

Expert Comment

by:Andrew Angell
ID: 41788835
The HTML form based payment you are talking about is called Payments Standard.  As I mentioned in my original answer, this does support credit card payments through a PayPal account or with guest checkout, but guest checkout is not obvious to buyers so it's not ideal.

PayPal offers other products to process credit cards directly and make it obvious to buyers that they can pay that way, but these all involve some sort of API integration as opposed to simple HTML forms.

For example, Payments Pro, Payments Advanced, Payments Plus, and REST would all allow you to process credit cards directly, but each would do it in a slightly different way.  You would need to figure out which way best suits your needs, which is a little hard for me to do for you in this broad thread.

I always prefer going with Express Checkout and Payments Pro, so that is what I would recommend.  Again, though, that's going to require API integration.  Not just HTML forms.

IPN is an entirely separate thing.  It does not have anything to do with the payment itself at all.  You would NOT set the action of your HTML form button to the IPN listener.  No matter what payment product you choose you could use IPN to handle the post-transaction data processing automatically.  It's a very powerful tool, but it comes after you have the payments themselves working the way you want.
0
 

Author Comment

by:Richard Korts
ID: 41788838
All right, forget IPN.

If I am using a STANDARD button (I just found out from a test), it does allow me to use a credit card; as you say, doesn't make it easy.

I gave it a "return" form value; it returns to the page I specified, but only after a rigamarole.

(1) Can I force it to return automatically?

(2) How can I tell if payment succeeded or not?
0
 

Author Comment

by:Richard Korts
ID: 41788862
I figured out the force auto return
0
 

Author Closing Comment

by:Richard Korts
ID: 41788875
I am awarding points because of your effort. The question as I posed it was NOT answered.

Richard
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Large Outlook files lead to various unwanted errors and corruption issues. Furthermore, large outlook files can also make Outlook take longer to start-up, search, navigate, and shut-down. So, In this article, i will discuss a method to make your Out…
A customer recently asked me about anti-malware and the different deployment options available for his business. Daily news about cyberattacks, zero-day vulnerabilities, and companies that suffered a security breach made him wonder if the endpoint a…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now