On my website, I want to set up a "pay to remove ads" feature, and I want to collect payments for it through PayPal. The setup that I want for this is quite simple:
User pays
Payment is verified
The entry in the MySQL database containing the user's information is updated to disable ads on the site for that user
To do this, I want to use PayPal's IPN service. I understand the basics of it, but I am not quite sure how to implement it, nor do I understand how I can trigger the script to update the database for the correct user. I would imagine that to do this, I need to include some means of user identification whenever they begin the payment process, but I am not sure how to do that either. I am trying to implement this in PHP.
The process would be:
The user has an ID
When he pays, you attach this ID as the custom parameter in the PayPal request
You also define what url you want to call for the IPN
Once the payment is complete, PayPal sends the IPN
You verify that the actual status of the payment is "Completed"
You retrieve the user'ID from the custom parameter
You update your table
I hope it's clear :)
Related
I have already done a small e-commerce with Paypal and it works, but I feel like it is done wrongly.
Because the page that handles the IPN response from Paypal can't read $_SESSION variables, before the user submits the form and is redirected to Paypal, I get all the cart items and store them in a table in the database and also I register a new order with the user information but with the status 0 ( not completed ).
Then, after the user pays and I get the IPN response, I check if the status is completed, check if the amount paid is correct, currency and the usual checks to make sure the payment is successful.
The problem with this approach is that if the user once redirected to Paypal, decide to leave/close the browser/Paypal tab, I will have a failed order registered in the database and I can't delete it but manually.
How can I handle this kind of situation, and is it correct to register the order/cart before the user pays ?
Thank you and sorry for the long post.
If you want to check if the transaction occurs rely on the IPN messages. Depending on which api you are using you have several way to customize the IPN message with useful information for you, ie:
using paypal custom field
define dynamically the IPN url with extra parameter ie www.yoursite.com/ipn?myvar=myval
That way you can have a hook between the payment and the actual user in your application.
Obiusly the php session attributes of the user is not available when the http post comes from paypal.
My sent data to paypal is
"https://www.paypal.com/cgi-bin/webscr/cmd=_cart&upload=1&business=seller.email#something.com¤cy_code=USD&bn=BusinessName&return=http://www.sellersite.com&item_number_1=55&item_name_1=battery&amount_1=55&quantity_1=2&item_number_2=52&item_name_2=bat&amount_2=5&quantity_2=3"
And I want to show those sent data(item number, item name,amount,quantity) and the paypal transaction id to the buyer on "http://www.sellersite.com" after successful payment. (Suppose, the seller has the merchant account with paypal and he would enter that paypal id into database from admin section of the website. So,I would not think about his paypal account settings, my job is just to create the environment for paypal payment for the seller.)
If I write a script like
$T_ID=$_REQUEST['tx']; // or $T_ID=$_GET['tx']; **ref(tx):- "https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/howto_html_paymentdatatransfer"
$item=$_REQUEST['item_number_1']; // or $item=$_GET['item_number_1'];
Then would I get those data from paypal ?
Please tell me.
-Thanks.
It's not going to be quite that simple. You'll need to setup Payment Data Transfer (PDT) in order to get details sent back to your return URL after the buyer completes the payment.
This is useful if you're simply going to display details back to the user, but it's not recommended for updating your own database, sending out email notifications, etc. because there is no guarantee this page will ever be reached so the code won't always run.
For that sort of thing you'll want to use Instant Payment Notification (IPN). This works very similar to PDT except that it will always POST data to your IPN listener on your server regardless of whether or not the user makes it back to your return URL, and it happens outside of your checkout system all together.
I have an option on my phpBB forum to add a Paypal Buy Now button to enable users to sell and purchase items. I would like to have the ability to automatically close a topic once a user makes a purchase through paypal to avoid multiple users from purchasing the same item.
Is it possible to get the user's session data from paypal once they make a transaction? Then incorperate session data into a variable like:
$paypal = (isset($_POST['purchased'])) ? true : false;
Not sure if I need to download the Paypal SDK for this or not.
Any suggestions would be great, thanks.
Is it possible to get the user's session data from paypal once they
make a transaction?
You really want to trust the user's session data? I am sure you can read the session data, you don't want to do that, would be trivial task to alter it. Even if you can you really shouldn't read the session data for another website.
Not sure if I need to download the Paypal SDK for this or not.
This would be the correct way to do it.
When I last used it, Paypal Standard allowed you to specify a return URL (where to send the user) for failures and for successes. Dynamically generate some secret hashes to facilitate when the user is finally redirected.
Or you can use IPN.
Don't rely on the return URL. Buyers can (and will) close their browser / tab after completing a payment.
Instead, use PayPal Instant Payment Notifications to receive a server-to-server notification from PayPal which you can subsequently verify and use to update your database with the appropriate flag for a phpBB closed thread.
IPN works as follows:
You create the PayPal and incude a "notify_url". The value for this parameter will be the full URL to a script on your server, called the 'IPN script' or 'IPN handler'.
You can specify an IPN handler as follows for Website Payments Standard
<input type="hidden" name="notify_url" value="http://blah.com/ipn.php
For Express Checkout or Website Payments Pro, simply include the following in your SetExpressCheckout/DoExpressCheckoutPayment or DoDirectPayment API call respectively.
NOTIFYURL=http://blah.com/ipn.php
A buyer completes a transaction via PayPal
Once the buyer completes the transaction, he/she may close the browser, or return to your website
Once the transaction is accepted and processed by PayPal, PayPal will send out a notification to http://blah.com/ipn.php
You need to take all POST data that was sent to this script, and POST it back to https://www.paypal.com/cgi-bin/webscr?cmd=_notify-validate
If the data you send back matches the data PayPal sent you, a 'VERIFIED' response is returned.
If the response is VERIFIED, it's at this point that you would look up the matching transaction/buyer on your end, and update the phpBB thread status appropriately.
Some sample code and documentation for PayPal IPN is available at https://www.paypal.com/ipn/
In addition, some tips on making a secure IPN script are available at https://www.x.com/developers/community/blogs/ppmtsrobertg/securing-your-instant-payment-notification-ipn-script
Note: If you want to include any custom data along with the transaction which you can read out later, use 'custom'.
<input type="hidden" name="custom" value="xxxxx">
This will also be returned in the IPN POST data sent from PayPal.
I have site with a members area that I've set up and want to make it so when people register, they need to subscribe to paypal, and only then the user is created in the database.
I don't know much how paypal works. Does anyone have any pointers? How or where do I start?
Basically I need to somehow redirect the visitor to paypal after he presses the "Register" button, make the payment, and then make Paypal return to my site and tell it that the payment was processed, so the user can be created...
Paypal IPN is the Paypal deployment for this kind of requirement.
IPN (Instant Payment Notification) allows you to delegate an endpoint URL that the payment gateway will send postdata to when a payment is completed successfully.
Most of the time this requires utilizing some kind of database to save the registration state while the user is forwarded over to Paypal for the payment process, making use of their SSL encryption and payment logic. When the process is completed, your application is notified with post data containing a unique identitfier generated by your app and passed with the original redirect in order to identify the user's session that has completed payment.
You will want to generate a unique id either using PHP uniqueid() function or by hashing a timestamp. This will be passed along to paypal in your redirect, and paypal will send it along with success/fail flags when the payment is processed. When the user fills out their form and is redirected to Paypal, save a boolean value for IsPaid in your database associated with their ID (i'd recommend using both a primary key as well as this unique transaction id mentioned earlier.) Your IPN script can then listen for the post data, parse it out and change the false IsPaid boolean for that id to true.
There are numerous good tutorials available. I've only used this in MVC deployments, so if you're doing procedural, googling around will help a great deal. Paypal's documentation has the most up to date parameter guides but there are other great, if a bit old, tutorials available independent of them.
http://www.web-development-blog.com/archives/easy-payments-using-paypal-ipn/
http://net.tutsplus.com/tutorials/php/using-paypals-instant-payment-notification-with-php/
Look at the Paypal IPN API, this is used in most paid membership scripts:
https://cms.paypal.com/uk/cgi-bin/?cmd=_render-content&content_ID=developer/library_code
I've implemented a paypal transaction before but this one has a twist that I'm not quite sure what's the best way to handle it.
The basic idea is I want to create an account for the user when he provides some details and makes a payment via PayPal. Until BOTH the user details are filled out correctly AND the payment is made correctly, I shouldn't create an account for the user.
The setup I've done before was simply a paypal button that the user clicks, makes a payment, and gets forwarded back to just a generic page "your order will be processed and shipped" so there was no pre-order form involved.
This one is different though because
before PayPal, I need to collect initial user data
after PayPal, I need to create the new user account and use in it the user data collected from the pre-paypal form
I'm sure there's a logical way to implement this, but I'm not quite sure what's the flow I should follow to do it.
I use the Zend framework by the way, which shouldn't matter but just in case Zend has an easier way to help me with what I'm trying to do.
I do the following (though I do this in ASP.NET):
User fills out form
Info is saved in Order table in db with a unique invoice number
Invoice number is passed to PayPal, along with the IPN Notify URL, when you do the redirect
User is sent to Paypal to pay and then comes back to a generic Success page
Behind the scenes, Paypal makes a call to the IPN Notify url once processing is complete. This page receives your invoice number which PP returns with its call, and then does the account creation processing for that order after retrieving the details from the db. [This is a page with no UI, since only PP is hitting it.]
An email is sent from that process which notifies the customer that their account has been created and gives them the details.
This is a simplified version of the process, but hits the highlights. You can check out PayPal's page about IPN, and do a search on google for IPN integration with PHP.