I have a 3-page checkout process. The first page is Customer information. The second page is card information. The third page is review & confirm order.
I'm using the paypal api to handle payments processing. Right now I have the payments page setup with the request parameters for the paypal api stored in an array, and after the customer clicks confirm & pay, I send the request over the paypal api. Is this a proper way to handle credit card payments? Would I just have to store the $nvp_string using mcrypt or some other encryption method? or temporarily store in a database and delete the info after the order is paid?
Payment Information Page
// Store request params in an array THESE ARE STATIC VARIABLES FOR TESTING
$request_params = array
(
'METHOD' => 'DoDirectPayment',
'USER' => $api_username,
'PWD' => $api_password,
'SIGNATURE' => $api_signature,
'VERSION' => $api_version,
'PAYMENTACTION' => 'Sale',
'IPADDRESS' => $_SERVER['REMOTE_ADDR'],
'CREDITCARDTYPE' => 'MasterCard',
'ACCT' => '5522340006063638',
'EXPDATE' => '022018',
'CVV2' => '456',
'FIRSTNAME' => 'Tester',
'LASTNAME' => 'Testerson',
'STREET' => '707 W. Bay Drive',
'CITY' => 'Largo',
'STATE' => 'FL',
'COUNTRYCODE' => 'US',
'ZIP' => '33770',
'AMT' => '100.00',
'CURRENCYCODE' => 'USD',
'DESC' => 'Testing Payments Pro'
);
// Loop through $request_params array to generate the NVP string.
$nvp_string = '';
foreach($request_params as $var=>$val)
{
$nvp_string .= '&'.$var.'='.urlencode($val);
}
Confirm & Pay Page
// Send NVP string to PayPal and store response
$curl = curl_init();
curl_setopt($curl, CURLOPT_VERBOSE, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($curl, CURLOPT_TIMEOUT, 30);
curl_setopt($curl, CURLOPT_URL, $api_endpoint);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, $nvp_string);
$result = curl_exec($curl);
curl_close($curl);
// Parse the API response
$nvp_response_array = parse_str($result);
Storage of variables in a database for a 3 step process is an idea that's really fraught with issues. For one, you never want to get into the credit card info storage business, and it may actually be against TOS based on your payment provider and other factors. You'd have to consider things like abandoned processes too.
When I build a site like this, I'll have a 3 (or more) step process, but it's all in one page. Build 3 different "screens" in divs/templates on one file and then toggle between those divs/templates without changing files. This way, the data is still in one common form (which spans the 3 divs/templates) and I don't have to deal with storage of variables on a session or database at all. It's also lightning quick to toggle between. Really, your only consideration of any significance is handling back button behavior, which can be accomplished with URL hashing. When you've reached the last screen in your process, simply submit the form.
Related
I am new to doing anything with paypal, and it's frustrating to me. I am just trying to create the chained payment with this here using sandbox business account:
$api = "https://svcs.sandbox.paypal.com/AdaptivePayments/Pay";
$input = array(
"actionType" => "CREATE",
"currencyCode" => "USD",
"feesPayer" => "EACHRECEIVER",
"memo" => "TestNote",
"receiverList" => array(
"receiver" => array( //first goes to merchant(95% of payment)
"amount" => "95.00",
"email" => "rbxseller#gmail.com",
"primary" => true
),
"receiver" => array( //then sends 5% commission to owner of site
"amount" => "5.00",
"email" => "rbxowner#gmail.com",
"primary" => false
)
),
"requestEnvelope" => array(
"errorLanguage" => "en_US"
)
);
$headers = array(
"X-PAYPAL-SECURITY-USERID: ".USER_ID,
"X-PAYPAL-SECURITY-PASSWORD: ".USER_PASS,
"X-PAYPAL-SECURITY-SIGNATURE: ".USER_SIG,
"X-PAYPAL-REQUEST-DATA-FORMAT: NV",
"X-PAYPAL-RESPONSE-DATA-FORMAT: JSON",
"X-PAYPAL-APPLICATION-ID: APP-80W284485P519543T"
);
$ch = curl_init($api);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($input));
$response = curl_exec($ch);
var_dump($response);
I got the error response:
[{"errorId":"580001","domain":"PLATFORM","subdomain":"Application","severity":"Error","category":"Application","message":"Invalid request: {0}"}]
Thank you for taking time to reply!
You're not going to be able to simply submit an array of data to the PayPal end point. You'll need to build out an XML request for Adaptive Payments.
I would recommend you take a look at my PayPal PHP Class Library, which works in very much the same way you're trying to work here, except that it would take your array data, generate the XML request, send it to PayPal, parse the XML result and return an array back to you.
It supports all PayPal APIs including Adaptive Payments, and it comes with fully functional samples as well as ready-made template files to start fresh calls with.
I have created an app in http://apps.dev.microsoft.com/ and tried to connect from my web application
Here is my code:
$data = array (
'code' => $code,
'client_secret' => 'C2A32632155A3270220244A5774431C58126F9B5',
'client_id' => '49c1c823-b423-4673-af57-7be1ab39e386',
'grant_type' => 'authorization_code',
'redirect_uri' => 'http://localhost/crm/contacts/connectOffice',
'scope' => 'offline_access Contacts.ReadWrite'
);
$url = 'https://login.microsoftonline.com/common/oauth2/v2.0/token';
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
$result = curl_exec($curl);
I get the response :
[error] => invalid_client
[error_description] => AADSTS70002: Error validating credentials. AADSTS50012: Invalid client secret is provided. Trace ID:
47f5eaa3-2ea0-45bc-9bfa-8457395ae354 Correlation ID:
3007e67d-120d-4cf1-a0e6-1863d202b233 Timestamp: 2017-01-12 13:12:28Z
[error_codes] => Array
(
[0] => 70002
[1] => 50012
)
[timestamp] => 2017-01-12 13:12:28Z
[trace_id] => 47f5eaa3-2ea0-45bc-9bfa-8457395ae354
[correlation_id] => 3007e67d-120d-4cf1-a0e6-1863d202b233
I am quite sure that I have provided the correct client secret and client Id in the request but still I get this error all the time . Can anyone suggest where I may be going wrong or what more do I need to do to correct this ?
The value you're using in your client secret field right now is actually a Public Key that is generated if you hit the Generate New Key Pair button.
For what you're trying to do, you'll want to hit the Generate New Password button in the portal to get a 23 character client secret. That should allow you to get an auth code.
One other thing, make sure if you're trying to get an auth code you use the correct authorization endpoint https://login.microsoftonline.com/common/oauth2/v2.0/authorize. The url you have above is used when you have an auth code and want to exchange it for tokens.
I am using unification engine #unificationengine API to post message on facebook.
I followed all the steps and created connections to use connectors. All the curl requests are working fine till send message.
In every curl from create user, create connection, connection refresh I am getting
{'status':200,'info':'ok'}
And now I want to use the connector to post message on facebook.
Below is my Curl code:
$post_msg = json_encode(
array(
'message' =>
array(
'receivers' =>
array(
array(
'name' => 'Me',
'address' =>'https://graph.facebook.com/'.$request->profile_id.'/feed?access_token='.$request->access_token.'&message=Hello&method=post',
'Connector' => 'facebook'
),
),
'sender' =>
array('address' => 'sender address'),
'subject' => 'Hello',
'parts' =>
array(
array(
'id' => '1',
'contentType' => 'binary',
'data' => 'Hi welcome to UE',
'size' => 100,
'type' => 'body',
'sort' => 0
),
),
),
)
);
$ch = curl_init('https://apiv2.unificationengine.com/v2/message/send');
curl_setopt($ch, CURLOPT_USERPWD, "0a7f4444-ae4445-45444-449-d9b7daa63984:8755b446-6726-444-b34545d-713643437560");
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_msg);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// execute!
$response = curl_exec($ch);
// close the connection, release resources used
curl_close($ch);
// do anything you want with your response
var_dump($response);
return ['label' => $response];
and I am getting:
status: 403 and info: forbidden in response.
I have tried everything available in documentation and on stack overflow or any other website. But hard luck.
Please suggest why I am getting this error?
Refrence SO Questions:
SO question 1
SO question 2
Thanks.
Update
I added these three options in curl request:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_VERBOSE, true);
and now I am getting 498, invalid access token error:
"{\"Status\":{\"facebook\":{\"status\":498,\"info\":\"Invalid Token:
\"}},\"URIs\":[] }
please use this as per php
public function facebookSharing($access_token) {
$app = new UEApp(env('UNIFICATION_APP_KEY'), env('UNIFICATION_APP_SECRATE'));
$user = new UEUser('unification_userkey', 'unification_usersecret');
$connection = $user->add_connection('FACEBOOK', "facebook", $access_token);
$options = array(
"receivers" => array(
array(
"name"=> "Me"
)
),
"message"=>array(
"subject"=>'testing',
"body"=> 'description',
"image"=> 'use any image url',
"link"=>array(
"uri"=> 'any web site url',
"description"=> "",
"title"=>"Title"
)
)
);
$uris = $connection->send_message($options);
}
The access token might have expired. Please reconnect the facebook connection again or refresh the connection.
The facebook access tokens have a lifetime of about two hours. For longer lived web apps, especially server side, need to generate long lived tokens. Long lived tokens generally lasts about 60 days.
UE has a capability to refresh facebook tokens. After adding connection using "apiv2.unificationengine.com/v2/connection/add"; api call, then you should call "apiv2.unificationengine.com/v2/connection/refresh"; api to make the short lived token to long lived.
I have built a IPN Listener and tested it with the IPN Simulator in sandbox and it works fine, however when I add the "NOTIFYURL" parameter and set it to my IPN Listener I do not get any notifications from my listener, but payment still goes through.
Is there something else I have to do to get this to work?
Here's my codes
My IPN Listener (for the purposes of testing it simply Imports the entire result into a SQL Table)
include "dbconnect.php";
$request = "cmd=_notify-validate";
foreach ($_POST as $varname => $varvalue){
$email .= "$varname: $varvalue\n";
if(function_exists('get_magic_quotes_gpc') and get_magic_quotes_gpc()){
$varvalue = urlencode(stripslashes($varvalue));
}
else {
$value = urlencode($value);
}
$request .= "&$varname=$varvalue";
}
mysql_query("INSERT INTO `test` (`nvps`) VALUES ('".$email."')");
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,"https://www.sandbox.paypal.com/cgi-bin/webscr");
//curl_setopt($ch,CURLOPT_URL,"https://www.paypal.com");
curl_setopt($ch,CURLOPT_POST,true);
curl_setopt($ch,CURLOPT_POSTFIELDS,$request);
curl_setopt($ch,CURLOPT_FOLLOWLOCATION,false);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
$result = curl_exec($ch);
curl_close($ch);
The portion of my payment processing script that interacts with paypal:
// Store request params in an array
$request_params = array
(
'METHOD' => 'DoDirectPayment',
'USER' => $api_username,
'PWD' => $api_password,
'SIGNATURE' => $api_signature,
'VERSION' => $api_version,
'PAYMENTACTION' => 'Sale',
'IPADDRESS' => $_SERVER['REMOTE_ADDR'],
'CREDITCARDTYPE' => 'Visa',
'ACCT' => '4887864152287206',
'EXPDATE' => '072018',
'CVV2' => '123',
'FIRSTNAME' => 'Tester',
'LASTNAME' => 'Testerson',
'STREET' => '707 W. Bay Drive',
'CITY' => 'Largo',
'STATE' => 'FL',
'COUNTRYCODE' => 'US',
'ZIP' => '33770',
'AMT' => '100.00',
'CURRENCYCODE' => 'USD',
'NOTIFYURL' => 'http://www.mysite.com/ipnlistener.php',
'DESC' => 'Testing Payments Pro'
);
// Loop through $request_params array to generate the NVP string.
$nvp_string = '';
foreach($request_params as $var=>$val)
{
$nvp_string .= '&'.$var.'='.urlencode($val);
}
// Send NVP string to PayPal and store response
$curl = curl_init();
curl_setopt($curl, CURLOPT_VERBOSE, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($curl, CURLOPT_TIMEOUT, 30);
curl_setopt($curl, CURLOPT_URL, $api_endpoint);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, $nvp_string);
$result = curl_exec($curl);
echo $result.'<br /><br />';
mysql_query("INSERT INTO `test` (`nvps`) VALUES ('".$result."')");
Why aren't I getting my notifications?
Can you take a look at the PHP IPN script over at https://github.com/paypal/ipn-code-samples/blob/master/IPN_PHP.txt?
Leave USE_SANDBOX and USE_DEBUG enabled and create an empty file called 'ipn.txt' in the same directory (writable by the webserver).
This will log all steps of the IPN process (receiving it, posting it back, verifying the results, etc). Should anything, that should make it clear.
the purpose of the ipn listener is for paypal to pass back payment info so you can process it, it will not send you any notifications as such unless you add things like a log file, where each payment status is logged or send email to yourself about processed payments (whether they failed or not)
I'm trying to do an NVP pay request via cURL to the Paypal servers, but i always end up getting ERRORCODE0=81002, which basically means there's something wrong with my method.
But I just cant seem to find the problem:
//The request parameters
$request_params = array(
'METHOD' => 'PAY',
'VERSION' => '85.0',
'USER' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
'PWD' => 'xxxxxxxxxxxxxxxx',
'SIGNATURE' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
'CURRENCYCODE' => 'USD',
'RETURNURL' => 'https://localhost',
'CANCELURL' => 'https://localhost'
);
$endpoint = 'https://api-3t.sandbox.paypal.com/nvp?';
//Building the NVP string
$request = http_build_query($request_params);
//cURL settings
$curl_options = array(
CURLOPT_URL => $endpoint,
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_POST => 1,
CURLOPT_POSTFIELDS => $request,
CURLOPT_VERBOSE => 1,
CURLOPT_SSL_VERIFYPEER => FALSE,
CURLOPT_TIMEOUT => 30,
);
$ch = curl_init();
curl_setopt_array($ch, $curl_options);
$response = curl_exec($ch);
curl_close($ch);
where did you get this sample from?
I never saw the value "PAY" for "METHOD"
These need to be valid paypal actions. For example most recently I used DoDirectPayment (and I think that is the most used method for payments with paypal pro)
all the operations are available in this table on their site: http://rvyu.com/rcuu
Update: so the main question is: what do you want to do? because I don't think you are making a payment since you are not sending some basic fields (like the amount or card number); after that look for the value that matches the action you need to take