Paypal Payment Methods

Posted on 2016-09-06
Last Modified: 2016-09-07
What is a paypal payment method that allows payment with a credit card.

Apparently buttons do NOT allow that.

Please provide a link to docs that explain how to set up such a method from a developer viewpoint.

That is, I want to control the programming PRIOR to going to PayPal to pay & get control BACK afterwards with a code or passed parameter or ??? to tell me what has happened.

It seems like (maybe) IPN is what I want to do.

I see a whole bunch of samples, etc., about all the backend code, but NOTHING about the form page where the user specified the credit card info, where the $ amount is expected to be., etc.

Need that too. Hello!!
Question by:Richard Korts
  • 6
  • 3
LVL 11

Accepted Solution

Andrew Angell earned 500 total points
ID: 41787136
Payments Standard (buttons) allow for what they call "guest checkout" which is where people can enter a credit card without creating or logging into an account, however, it's not always very obvious to users that this is an option.

Express Checkout allows you to force the guest checkout so that it's more obvious to users, but the payment process still takes place at PayPal's checkout pages.

If you want to process credit cards directly on your site without any redirect to PayPal then you'll need to use Payments Pro or the REST APIs with direct credit card enabled.

Express Checkout, Payments Pro, and REST all use APIs, so they would require back-end coding as opposed to simple HTML forms.

I typically recommend using IPN regardless of how you're integrating payments, or in the case of the REST API they call it Webhooks.  It's just a good way to automate different tasks based on different types of transactions that hit your account (ie. payments, refunds, disputes, etc.)

Author Comment

by:Richard Korts
ID: 41788564

Where can I find DETAILED documentation on how to set up IPN & how to correctly interface with it from a custom php site?

It's amazing how difficult it is to find this information.

Author Comment

by:Richard Korts
ID: 41788595
I must be completely looking at this in the wrong way.

I fond this:

NOWHERE in there is there a variable that specifies the credit card number.

That's NUTS!!!
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

LVL 11

Expert Comment

by:Andrew Angell
ID: 41788693
IPN is a post transaction processing solution.  It's not going to include any sensitive credit card details for security purposes.  There's no reason for you to ever be handling or saving credit card details at that point.

Author Comment

by:Richard Korts
ID: 41788820
So let's assume I have a form with a button (I have NO CLUE) if this is a PayPal button or my own. Or if it matters.

The rest of the fields are hidden, containing the item, the amount, & other things. I think I have figured out enough to get started.

Based on your last response, I'm guessing if I interface with PayPal correctly, they will get the credit card # from the customer.

What I am not clear on is if the action page on the form is the so called "listener" page (sample in code) or some other page that I cannot find a sample of ANYWHERE.

Still amazed that PayPal can be Sooooooooooooo hard to interact with.


// CONFIG: Enable debug mode. This means we'll log requests into 'ipn.log' in the same directory.
// Especially useful if you encounter network errors or other intermittent problems with IPN (validation).
// Set this to 0 once you go live or don't require logging.
define("DEBUG", 1);

// Set to 0 once you're ready to go live
define("USE_SANDBOX", 1);

define("LOG_FILE", "./ipn.log");

// Read POST data
// reading posted data directly from $_POST causes serialization
// issues with array data in POST. Reading raw POST data from input stream instead.
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
	$keyval = explode ('=', $keyval);
	if (count($keyval) == 2)
		$myPost[$keyval[0]] = urldecode($keyval[1]);
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
	$get_magic_quotes_exists = true;
foreach ($myPost as $key => $value) {
	if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
		$value = urlencode(stripslashes($value));
	} else {
		$value = urlencode($value);
	$req .= "&$key=$value";

// Post IPN data back to PayPal to validate the IPN data is genuine
// Without this step anyone can fake IPN data

if(USE_SANDBOX == true) {
	$paypal_url = "";
} else {
	$paypal_url = "";

$ch = curl_init($paypal_url);
if ($ch == FALSE) {
	return FALSE;

curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);

if(DEBUG == true) {
	curl_setopt($ch, CURLOPT_HEADER, 1);
	curl_setopt($ch, CURLINFO_HEADER_OUT, 1);

// CONFIG: Optional proxy configuration
//curl_setopt($ch, CURLOPT_PROXY, $proxy);
//curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);

// Set TCP timeout to 30 seconds
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));

// CONFIG: Please download 'cacert.pem' from "" and set the directory path
// of the certificate as shown below. Ensure the file is readable by the webserver.
// This is mandatory for some environments.

//$cert = __DIR__ . "./cacert.pem";
//curl_setopt($ch, CURLOPT_CAINFO, $cert);

$res = curl_exec($ch);
if (curl_errno($ch) != 0) // cURL error
	if(DEBUG == true) {	
		error_log(date('[Y-m-d H:i e] '). "Can't connect to PayPal to validate IPN message: " . curl_error($ch) . PHP_EOL, 3, LOG_FILE);

} else {
		// Log the entire HTTP response if debug is switched on.
		if(DEBUG == true) {
			error_log(date('[Y-m-d H:i e] '). "HTTP request of validation request:". curl_getinfo($ch, CURLINFO_HEADER_OUT) ." for IPN payload: $req" . PHP_EOL, 3, LOG_FILE);
			error_log(date('[Y-m-d H:i e] '). "HTTP response of validation request: $res" . PHP_EOL, 3, LOG_FILE);

// Inspect IPN validation result and act accordingly

// Split response headers and payload, a better way for strcmp
$tokens = explode("\r\n\r\n", trim($res));
$res = trim(end($tokens));

if (strcmp ($res, "VERIFIED") == 0) {
	// check whether the payment_status is Completed
	// check that txn_id has not been previously processed
	// check that receiver_email is your PayPal email
	// check that payment_amount/payment_currency are correct
	// process payment and mark item as paid.

	// assign posted variables to local variables
	//$item_name = $_POST['item_name'];
	//$item_number = $_POST['item_number'];
	//$payment_status = $_POST['payment_status'];
	//$payment_amount = $_POST['mc_gross'];
	//$payment_currency = $_POST['mc_currency'];
	//$txn_id = $_POST['txn_id'];
	//$receiver_email = $_POST['receiver_email'];
	//$payer_email = $_POST['payer_email'];
	if(DEBUG == true) {
		error_log(date('[Y-m-d H:i e] '). "Verified IPN: $req ". PHP_EOL, 3, LOG_FILE);
} else if (strcmp ($res, "INVALID") == 0) {
	// log for manual investigation
	// Add business logic here which deals with invalid IPN messages
	if(DEBUG == true) {
		error_log(date('[Y-m-d H:i e] '). "Invalid IPN: $req" . PHP_EOL, 3, LOG_FILE);


Open in new window

LVL 11

Expert Comment

by:Andrew Angell
ID: 41788835
The HTML form based payment you are talking about is called Payments Standard.  As I mentioned in my original answer, this does support credit card payments through a PayPal account or with guest checkout, but guest checkout is not obvious to buyers so it's not ideal.

PayPal offers other products to process credit cards directly and make it obvious to buyers that they can pay that way, but these all involve some sort of API integration as opposed to simple HTML forms.

For example, Payments Pro, Payments Advanced, Payments Plus, and REST would all allow you to process credit cards directly, but each would do it in a slightly different way.  You would need to figure out which way best suits your needs, which is a little hard for me to do for you in this broad thread.

I always prefer going with Express Checkout and Payments Pro, so that is what I would recommend.  Again, though, that's going to require API integration.  Not just HTML forms.

IPN is an entirely separate thing.  It does not have anything to do with the payment itself at all.  You would NOT set the action of your HTML form button to the IPN listener.  No matter what payment product you choose you could use IPN to handle the post-transaction data processing automatically.  It's a very powerful tool, but it comes after you have the payments themselves working the way you want.

Author Comment

by:Richard Korts
ID: 41788838
All right, forget IPN.

If I am using a STANDARD button (I just found out from a test), it does allow me to use a credit card; as you say, doesn't make it easy.

I gave it a "return" form value; it returns to the page I specified, but only after a rigamarole.

(1) Can I force it to return automatically?

(2) How can I tell if payment succeeded or not?

Author Comment

by:Richard Korts
ID: 41788862
I figured out the force auto return

Author Closing Comment

by:Richard Korts
ID: 41788875
I am awarding points because of your effort. The question as I posed it was NOT answered.


Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Payment Gateway 1 345
Paypal encryption buttons: Java error: 7 1,369
Return inserted ID from MSSQL insert and TableAdapters 3 267
paypal API not works proper for adaptive payment 6 169
The business world is becoming increasingly integrated with tech. It’s not just for a select few anymore — but what about if you have a small business? It may be easier than you think to integrate technology into your small business, and it’s likely…
With User Account Control (UAC) enabled in Windows 7, one needs to open an elevated Command Prompt in order to run scripts under administrative privileges. Although the elevated Command Prompt accomplishes the task, the question How to run as script…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question