I'm using a plugin called USP Pro which allows users to publish posts on my Wordpress Site. Upon pressing the submit button to publish their post, the user is redirected to PayPal(whilst their submitted post is sent to my wordpress posts section to be reviewed and 'published'). However, if the user doesn't pay the fee their post will still be submitted, which needs to be prevented. I initially overcame this problem by redirecting the user to the PayPal page for payment before the submit button stage, and then redirecting them back to the form afterwards to press the submit button (which involved echoing the form inputs). However, the form includes file uploads which cannot be sent across multiple pages due to security restrictions, so the PayPal page has to be after the submit button is pressed.
Here is my form:
<form id="usp-form-990" class="usp-form" method="post" enctype="multipart/form-data" action="" data-validate="parsley" data-persist="garlic" novalidate>
<input name="usp-title" type="text" value="" data-required="true" required="required" maxlength="99" placeholder="Post Title" class="usp-input usp-input-title" />
<input name="usp-title-required" value="1" type="hidden" />
<textarea name="usp-content" rows="5" cols="30" maxlength="999" data-required="true" required="required" placeholder="Post Content" class="usp-input usp-input-content"></textarea>
<input name="usp-content-required" value="1" type="hidden" />
<input name="usp-files[]" type="file" maxlength="255" data-required="true" placeholder="File(s)" class="usp-input usp-input-files select-file multiple" multiple="multiple" id="usp-multiple-files" />
<input name="usp-file-limit" class="usp-file-limit" value="20" type="hidden" />
<input name="usp-file-count" class="usp-file-count" value="1" type="hidden" />
<input name="usp-files-required" value="0" type="hidden" />
<input type="submit" class="usp-submit" value="Publish" />
</form>
Here is the PayPal button that is used:
<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="5F498FHQQGRR2">
<input type="image" src="http://www.aeroex.co.uk/wp-content/themes/vantage/paybutton.gif" border="0" name="submit" alt="PayPal – The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="1" height="1">
</form>
I don't know if this will help, but I found this code to prevent this exact issue but for another forms plugin called Formidable Pro. Due to my inexperience with PHP and coding in general, I have found myself unable to customize this code to suit my requirements.
add_action('frm_payment_paypal_ipn', 'publish_paid_post');
function publish_paid_post($args){
if(!$args['pay_vars']['completed'])
return; //don't publish if the payment was not completed
if(!$args['entry']->post_id)
return; //don't publish if not linked to a post
wp_update_post(array('ID' => $args['entry']->post_id, 'post_status' => 'publish'));
}
My other attempts to solve this:
-saving user file uploads to wordpress directory and then retrieving them at the submit stage (unsuccessful)
I would suggest the flow to be: Put every thing user submitted with a "Draft" status, and implement an IPN(Instant payment notification) script to read PayPal payment call-backs, then update the WP database to change the post status from "Draft" to "Published"
The payment return/redirection should not be relied on in this case as when client browser is closed before auto-return, the process breaks. While IPN is the async message POST for a payment status, that's something you should use for processing the USP posts.
Not sure if there's any setup available in the USP Pro plugin but here's an sample IPN script which you may customize with your WP database update codes.
Formidable Pro has a PayPal extension that will do this. You build your user-submission form, then in form settings you add a PayPal action and fill in the necessary details. You also add a 'Create Post' action and use the conditional logic options to only publish if the payment is successful.
Related
I'm using hosted payment page, here system redirects to nab transact page for payment and displays receipt page after transaction approved.
I set the return_link_url and reply_link_url in input hidden variables as below.
<form action="https://demo.transact.nab.com.au/live/hpp/payment" method="post" id="payment">
<input type="hidden" name="vendor_name" value="XXXXXXX" />
<input type="hidden" name="payment_alert" value="xx#xx.com.au" />
<input type="hidden" name="print_zero_qty" value="false">
<input type="hidden" name="return_link_text" value="Click Here to Return to the Home Page">
<input type="hidden" name="return_link_url" value="http://www.mysite.com.au/index.php?route=payment/nabtrans/callback&order_id=51216" />
<input type="hidden" name="reply_link_url" value="http://www.mysite.com.au/index.php?route=payment/nabtrans/callback&order_id=51216" />
<input type="hidden" name="Pay for Order number 51216" value="22" />
<input type="hidden" name="payment_reference" value="51216" />
<input type="hidden" name="Name" value="XXX XX" />
<input type="hidden" name="information_fields" value="Name">
The problem is the reply_link_url is not getting triggered automatically at the time payment receipt page is displayed to customer as mentioned in guide.
I tried with appropriate cgi handler which does executes if called. So, I used them in the reply link url, but still the link doesn't triggered automatically.
<input type="hidden" name="return_link_url" value="http://www.mysite.com.au/cgi-bin/handler.cgi?orderid=51217" />
<input type="hidden" name="reply_link_url" value="http://www.mysite.com.au/cgi-bin/handler.cgi?orderid=51217" />
I have to click on return link on payment receipt page to come back to website. The reply_link_url never triggered automatically after the receipt page displayed in 15 sec timeout. I made sure to use http in reply link url to make it listening on port 80. The CGI script executes if I run it in browser.
Solved
I used two different url's for reply_link_url and return_link_url.
They are
<input type="hidden" name="return_link_url" value="http://www.mysite.com.au/index.php?route=payment/nabtrans/replyback&order_id=51216" />
<input type="hidden" name="reply_link_url" value="http://www.mysite.com.au/index.php?route=payment/nabtrans/callback&order_id=51216" />
I made sure to add the code inside callback function to execute the background process after payment approves and used code for redirecting to payment success page inside replyback function. Both these functions reside in nabtrans controller. As I noticed the the reply link triggers automatically which executes the background processes to update order, but the last step of displaying the checkout/success page never bring the link from payment success page of nabtrans to the original website. Still I was happy all background tasks done. So, I used the return link for coming back to original website. This solves the purpose completing transaction and coming back to website.
I am trying to send passthrough data in a paypal paynow button and have paypal return that data to my php page when user clicks “return to merchant” button after paying.
For this I am using the “return” facility in the paypal button, together with rm=2 to send all the data back as post. However, I cannot get it to work. Here is my paypal button html:
<form name="paypal2" action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="xxx">
<input type="hidden" name="invoice" value="testinvoice_fromcode2">
<input type="hidden" name="custom" value="testcustom_fromcode1">
<input type="hidden" name="on0" value="yes"><!--agreetc-->
<input type="hidden" name="os0" value="<?php echo $aid; ?>">
<input type="hidden" name="on1" value="<?php echo $id; ?>">
<input type="hidden" name="os1" value="<?php echo $agent; ?>">
<input type="hidden" name="return" value=http://www.example.com/Admin/conpanel/privat/phpvendorpaidad.php>
<input type="hidden" name="rm" value="2">
<input id="submit" type="image" src="https://www.paypalobjects.com/en_GB/i/btn/btn_paynowCC_LG.gif" border="0" name="submit" alt="PayPal – The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="1" height="1">
</form>
In the IPN notification, paypal renders:
os0 as option_selection1,
os1 as option_selection2,
on0 as option_name1,
on1 as option_name2,
I know that on0 and os0 are supposed to be used as name value pairs but way back in 2009 when I first wrote this script there were only 2 sets allowed and therefore I used all 4 to carry values and it worked then.
But essentially, I cannot understand why
<input type="hidden" name="return" value=http://www.example.com/Admin/conpanel/privat/phpvendorpaidad.php>
<input type="hidden" name="rm" value="2">
is not working.
I cannot pick up these values in the receiving script, phpvendorpaidad.php, either as
$aid=$_REQUEST['option_selection1'];
or as
$aid=$_REQUEST['os0'];
for example.
Can anyone see what I am doing wrong? Much appreciated.
I also have an IPN listener page that is working normally. Could another way be to build this in to the IPN listener page using javascript to send the form data automatically on page onload?
Is paypal actually POSTing to your return script or using GET? In the latter case, you can see the txn_id and some other info in the query string, but you will NOT get the whole payment detail data.
If you have Auto Return set to On (meaning the user get automatically redirected back to your site, without having to click a button), then paypal with send a GET request and will include only a few items.
var_dump($_REQUEST) and var_dump($_POST) in your script to see what you are getting.
Actually the problem lay in defective if/else logic in my return code, which was set up in 2009 to handle the GET variables that Paypal was sending to the return script in those days. This logic had to differentiate between the POSTed data received from a preceeding form on my server and the GET data received from Paypal. Paypal appears to have chenged since 2009 and no longer sends GET data to the return script but POST data via
<input type="hidden" name="return" value=http://www.example.com/Admin/conpanel/privat/phpvendorpaidad.php>
<input type="hidden" name="rm" value="2">
Once this was corrected the program worked.
However, I was only able to discover the problem thanks to the brilliant suggestion from JBart to var_dump($_REQUEST) (or the more easily read print_r($_REQUEST)). Without this I would still have been floundering. So cheers JBart, would love to buy you a drink if you are in the neighbourhood (NW London)!
And no, I didn't need to extract any variables from the received POSTed array (see my last comment above), just normal '$payment_status = $_POST['payment_status'];'. In this I had misinterpreted another thread on the subject in "How can I get posted data passed along when the user is first redirected through Paypal?"
I am rather new to PHP and adding payment gateways
However, I want to learn and am having a go at a small shop with a Paypal buy now button which is linked to a PHP cookies cart
It is working fine and shows a list of the items in the cart, however I am worried it is not secure enough and someone could change the amounts or add their email address so that they receive funds
I would like to integrate the instant payment notification (IPN) : https://www.paypal.com/uk/cgi-bin/webscr?cmd=p/acc/ipn-info-outside
Do I need to do much more than follow the above instructions and make an IPN in the merchant account?
I am a bit confused about what the POST code means and how to integrate it into my button code
Please could someone explain what I need to change in my Paypal button code below so that I can make the payment system secure? I keep breaking it
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="upload" value="1">
<!--input type="hidden" name="item_name_1" value="Something Cool">
<input type="hidden" name="quantity_1" value="5">
<input type="hidden" name="amount_1" value="1"-->
<?php
$i = 0;
foreach (json_decode($_COOKIE['cart_items_cookie']) as $key => $value) {
$i++;
echo '<input type="hidden" name="item_name_'.$i.'" value="'.$value->name.'">';
echo '<input type="hidden" name="amount_'.$i.'" value="'.$value->price.'">';
}
?>
<input type="hidden" name="upload" value="1">
<input type="hidden" name="business" value="me#mysite.com">
<input type="hidden" name="item_name" value="Order#21874">
<input type="hidden" name="currency_code" value="GBP">
<!--<input type="hidden" name="amount" value="<?php //echo $_GET['total'];? > "> -->
<input type="hidden" name="bn" value="PP-BuyNowBF:btn_buynowCC_LG.gif:NonHosted">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal – The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="1" height="1">
</form>
Any help or point in the right direction much appreciated!
The best thing to do would be to use the Express Checkout API instead of Payments Standard (HTML forms). This requires more programming and working with API calls, however, I have a PayPal PHP class library you can use to make all of the calls very quick and easy for you.
Express Checkout completely hides everything about the payment and it has a lot more features available to it than Standard does.
If you want to stick with Standard, you can build a hosted button by creating the button from within your PayPal account, and make sure to select the option to "Save the button at PayPal." That is what makes it hosted.
Then you'll still get HTML to paste into your site where you want the payment button to show up, but it will only have a few lines, and one of those lines will show a "hosted_button_id".
This secures the button from tampering like you mentioned, but it limits customization you can do with your checkout in general.
I have a paypal business account and I'm using standard Payment in my webpage.
I want to integrate the hosted page product named "Plataforma Integral" in my Spanish website, using an iframe. I show properly the iframe and redirect to the specified sandbox url, but when I arrive at the sandbox platform (and event in the production platform), it shows the following generic error:
Error Processing Payment
This transaction can't be processed. Please pay with another card.
I have a sandbox paypal account and this is the data I'm sending:
<form method="get" id="formNewPaypal" name="formNewPaypal" action="https://securepayments.sandbox.paypal.com/webapps/HostedSoleSolutionApp/webflow/sparta/hostedSoleSolutionProcess">
<input type="hidden" name="cmd" value="_hosted-payment">
<input type="hidden" name="business" value="[SANDBOX_USER_ID]">
<input type="hidden" name="subtotal" value="50">
<input type="hidden" name="paymentaction" value="sale">
<input type="hidden" name="return" value="[RETURN_URL]">
<input type="hidden" name="cancel_return" value="[CANCEL_URL]">
<input type="hidden" name="template" value="templateD">
<input style="display:none;" type="submit" value="Pay Now" id="submit" name="submit">
</form>
I've tried sending by POST and GET methods, and without params, and the error is always the same.
Could you tell me what's wrong or what I'm missing to send or implement? Any help will be appreciated.
For further information, please don't hesitate to ask me.
Thank you in advance.
Solved! The problem was that my sandbox account was Business and must be upgraded to Business Pro.
Now I can reach the form, but when I click the Paypal Button, It access to paypal in the main window and not in the iframe. I'll keep searching.
Thanks a lot.
I am writing a php script in Paypal form. I am sending return url using $testUrl variable which will work after successful payment but it is not redirecting to that url.
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
<select name="amount">
<option value="10">10 SEK</option>
<option value="20">20 SEK</option>
<option value="30">30 SEK</option>
</select>
<?php $testUrl= "http://www.google.com"; ?>
<input type="hidden" name="cmd" value="_s-xclick" />
<input type="hidden" name="hosted_button_id" value="3FWC3TJEYANK4" />
<input type="image" src="https://www.sandbox.paypal.com/en_US/i/btn/btn_donate_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!" />
<img alt="" border="0" src="https://www.sandbox.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1" />
<input type="hidden" name="notify_url" value="http://beeurban.ayond.com/wp-content/payment/ipn.php" />
<input type="hidden" name="currency_code" value="SEK" />
<input type="hidden" name="return" value="<?php echo $testUrl ; ?>" />
</form>
The auto return option need to be activate in your paypal account.
See here : Setting PayPal return URL and making it auto return?
Please look at #andrew's answer below : https://stackoverflow.com/a/13468873/1722914
Your problem is that you're using a hosted button. You can't add additional fields to the button code like this when you're using hosted buttons. Everything has to be configured within the button manager in your PayPal account. Your notify_url probably isn't working either, from what I'm seeing, because that would have to be setup in the button manager, too...unless you have the same notify URL setup in your profile under Instant Payment Notification Preferences. Then that would take effect, but what you're passing here would be ignored.
In the button manager, Step 3 - Customized Advanced Features, has an option for "Take customers to this URL when they finish checkout" that you need to enable and fill in your return URL there. You'll also see under "advanced variables" that you can add notify_url there.
Unfortunately, you can't use dynamic values like you're attempting to do with that PHP variable for the return URL. If the return URL is something that can change depending on the order you'll need to use a non-hosted button.
To do that, in Step 2 - Track Inventory, Profit & Loss, you'll need to uncheck the Save button at PayPal box. This will give you different HTML code that will have more fields included, and then you can add your own values for return, notify_url, etc.
http://jream.com/public/lab/paypal_ipn.class.php
this may be helpful in guiding you