I have this button:
<button name="pay">BUY FOR 0.50$</button>
when clicked it inserts a payment with $0 paid, the buyer IP and an account detail into DB:
$connect->query("INSERT INTO payments(ip,payed,acc,showed) VALUES('$ip','$payed', '$s', '$h')");
echo '
<form action="https://www.paypal.com/cgi-bin/webscr" id="formsend" method="post" target="_top">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value='.$paypal.'>
<input type="hidden" name="lc" value="US">
<input type="hidden" name="item_name" value="LOL ACC">
<input type="hidden" name="amount" value="0.50">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="custom" value="<?=$ip;?>">
<input type="hidden" name="button_subtype" value="services">
<input type="hidden" name="no_note" value="0">
<input type="hidden" name="bn" value="PP-BuyNowBF:btn_buynowCC_LG.gif:NonHostedGuest">
<input type="submit" name="sub" class="sub" />
</form>
';
?>
<script type="text/javascript">
document.getElementById('formsend').submit(); // SUBMIT FORM
</script>
After that it automatically clicks a new form to go to payment, if Paypal works fine. But then on the IPN the variable custom is not passing the IP address.
This is inside the IPN verified part:
require_once("config/config.php");
$connect = new mysqli($server['database']['host'],$server['database']['username'],$server['database']['password'],$server['database']['db']);
// PAYMENT VALIDATED & VERIFIED!
$ip = $_POST['custom'];
$check = $connect->query("SELECT * FROM payments WHERE ip='$ip' AND payed = 0");
if($check->num_rows){
$connect->query("UPDATE payments SET payed = 1 WHERE ip = '$ip'");
}
I also tried for it to insert a random string, but that doesn't seem to work either. What am I doing wrong?
Since you have the <?php and ?> inside single quotes, it will not be parsed. In order to do this, you should use the string concatenation operators, like so:
echo '<form...>
<input type="hidden" name="custom" value="' . $ip . '">
</form>';
Related
I'm actually stuck, sending a form post request to multiple action receiver.
What am I trying to do?
I'm trying to send an post request to my database and to paypal at the same time using one button.
After the user submitted the form, I want my PHP script to post those informations to the database before redirecting to paypal. To work with those sent informations.
My actual code:
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="item_name" id="item_name" value="Helpful.ninja coins"/>
<input type="hidden" name="business" value="pr0bpayment#gmail.com">
<input type="hidden" name="return" value="http://helpful.ninja/?username=payment_complete=1">
<input type="hidden" name="image_url" value="http://helpful.ninja/assets/images/logo_dark.png">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="amount" class="amountToPay" value="">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="bn" value="PP-BuyNowBF">
<button type="submit" name="submit" alt="PayPal - The safer, easier way to pay online!" class="btn bg-danger-400">Purchase now <i class="icon-paypal position-right"></i></button>
</form>
<?php
require_once('../handling/database.php');
require_once('../handling/user.class.php');
require_once('../handling/purchase.class.php');
require_once('../handling/config.php');
$user = new user($_SESSION['Username']);
$config = new config();
if(!empty($_POST)){
$purchase = new purchase($user->username, $user->coins, $_POST['coinValue'], $config->coin_price);
$purchase->insert_purchase($user->username, $user->email, $_SERVER['REMOTE_ADDR'], $purchase->ordernumber, $purchase->purchase_amount, $purchase->price);
}
?>
<script type="text/javascript">
$(".coinValue").bind("change paste keyup", function() {
$(".amountToPay").val($(this).val() * <?php echo $config->coin_price; ?>);
});
</script>
So I'm trying to post the following code:
if(!empty($_POST)){
$purchase = new purchase($user->username, $user->coins, $_POST['coinValue'], $config->coin_price);
$purchase->insert_purchase($user->username, $user->email, $_SERVER['REMOTE_ADDR'], $purchase->ordernumber, $purchase->purchase_amount, $purchase->price);
}
to the databse before the user gets redirected to paypal.
Does anyone have an idea how to manage this?
The best option is probably to use one of the other PayPal apis that is designed for this type of thing, but sticking with the simple paypal button api, you can use the fact that the paypal api endpoint will accept the parameters in a get request as well as a post.
So you can post the form to your php handler then perform a header redirect to paypal with the data:
<?php
//php must be at top of file, before ANY output, in order to use header redirect
require_once('../handling/database.php');
require_once('../handling/user.class.php');
require_once('../handling/purchase.class.php');
require_once('../handling/config.php');
$user = new user($_SESSION['Username']);
$config = new config();
if(!empty($_POST)){
$purchase = new purchase($user->username, $user->coins, $_POST['coinValue'], $config->coin_price);
$purchase->insert_purchase($user->username, $user->email, $_SERVER['REMOTE_ADDR'], $purchase->ordernumber, $purchase->purchase_amount, $purchase->price);
//redirect to paypal
header('Location: https://www.paypal.com/cgi-bin/webscr?' . http_build_query($_POST));
die();
}
?>
<!-- post form to itsself, not paypal-->
<form action="" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="item_name" id="item_name" value="Helpful.ninja coins"/>
<input type="hidden" name="business" value="pr0bpayment#gmail.com">
<input type="hidden" name="return" value="http://helpful.ninja/?username=payment_complete=1">
<input type="hidden" name="image_url" value="http://helpful.ninja/assets/images/logo_dark.png">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="amount" class="amountToPay" value="">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="bn" value="PP-BuyNowBF">
<button type="submit" name="submit" alt="PayPal - The safer, easier way to pay online!" class="btn bg-danger-400">Purchase now <i class="icon-paypal position-right"></i></button>
</form>
Here is my paypal buy now html code:
<form name="_xclick" action="https://www.paypal.com/ca/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="alex#xumanii.com">
<input type="hidden" name="item_name" value="Bewolf Shooping Cart">
<input type="hidden" name="amount" value="<? echo $grandtotal2;?>">
<input type="hidden" name="add" value="1">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="currency_code" value="CAD">
<input type="hidden" name="member_id" value="<? echo $info['member_id'];?>">
<input type="hidden" name="return" value="http://www.bewolfclothing.com/thankyou.php">
<input type="hidden" name="notify_url" value="http://www.bewolfclothing.com/notify_paypal2.php">
<input type="hidden" name="cancel_return" value="http://www.bewolfclothing.com/mycart.php">
<input type="hidden" name="undefined_quantity" value="0">
<div class="submit-container"><input class="submit-button" type="submit" name="submit" value="CHECK OUT" /></div>
</form>
In my paypal account, under profile, my selling tools, I have set the AUTO RETURN to ON and I put the thankyou page in there.
After the purchase, it goes to the thankyou page, but the $_REQUEST['tx'] for the paypal transaction ID is not working and the notify_url NEVER gets called.
I searched online and saw that lots of people seem to have trouble with that, but I couldn't find a solution.
notify_url is used to Instant Payment Notification and the url should always be a live URL.
To get the tx ID, you need to
-Auto Return is set to ON
-Valid Return URL
-Payment Data Transfer is set to ON
and in your "http://www.bewolfclothing.com/thankyou.php"
$tx_id = $_GET['tx']; //gives you tx id
I am using paypal sandbox account, I have buy now button.
My form is here : index.php
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="xxxxxx#gmail.com">
<input type="hidden" name="return" value="http://xxxx.net/success.php">
<input type="hidden" name="cancel_return" value="http://xxxxx.net/cancel.php">
<input type="hidden" name="notify_url" value="http://xxx.net/ipn.php">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="item_name" value="Bike">
<input type="hidden" name="amount" value="12.99">
<input type="hidden" name="a3" value="5.00">
<input type="hidden" name="p3" value="1">
<input type="hidden" name="t3" value="M">
<input type="hidden" name="rm" value="2">
<input type="hidden" name="invoice" value="ADDEdEd3dd3">
<input type="image" src="https://www.sandbox.paypal.com/en_US/i/btn/btn_buynow_SM.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
</form>
Here is my success.php
<?php
$con = mysql_connect("host","user","pass");
mysql_select_db("db");
if($con == null) {
echo "Not any connection..";
} else {
$re = mysql_query("insert into test(value) values('inserted')");
if($re != 0) {
echo "Data inserted..";
} else {
echo "Error while adding data..";
}
}
?>
I have enable IPN notificatin setting and url, also i have enabled auto redirect url, all the things working fine. but IPN notification is not working.
Any idea, i am just trying to ping this page.
Try the IPN Simulator here https://developer.paypal.com/webapps/developer/applications/ipn_simulator and see if it can send the IPN message or not. IF it fails - it would show you the reason.
I have a website with account system. I am selling some services. I am using a paypal dynamic subscription button for selling. My question is how do I know, when the IPN is sent back from paypal, what user made the payment? I have a working script that sends the payment info to paypal and another script that receives the info back from paypal and inserts it into the database, but I don't know how to know what user sent the payment. I am looking for an idea on how to accomplish this.
Send button:
<form name="_xclick" action="https://www.sandbox.paypal.com/cgi-bin/webscr method="post">
<input type="hidden" name="cmd" value="_xclick-subscriptions">
<input type="hidden" name="business" value="user#example.com">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="no_shipping" value="1">
<input type="image" src="http://www.paypal.com/en_US/i/btn/btn_subscribe_LG.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
<input type="hidden" name="a3" value="<?php echo $pay_value; ?>">
<input type="hidden" name="p3" value="1">
<input type="hidden" name="t3" value="M">
<input type="hidden" name="src" value="1">
<input type="hidden" name="sra" value="1">
</form>
ipn script:
<?php
// tell PHP to log errors to ipn_errors.log in this directory
ini_set('log_errors', true);
ini_set('error_log', dirname(__FILE__).'/ipn_errors.log');
// intantiate the IPN listener
include('include/ipnlistener.php');
include('include/conn.php');
$listener = new IpnListener();
// tell the IPN listener to use the PayPal test sandbox
$listener->use_sandbox = true;
// try to process the IPN POST
try {
$listener->requirePostMethod();
$verified = $listener->processIpn();
} catch (Exception $e) {
error_log($e->getMessage());
exit(0);
}
if ($verified) {
$errmsg = ''; // stores errors from fraud checks
// Make sure the payment status is "Completed"
if ($_POST['payment_status'] != 'Completed') {
}
exit(0);
}
if ($_POST['txn_type'] == 'subscr_eot') {
$link = mysql_connect($conn_host,$conn_user,$conn_pass) or die('Connection to mysql failed!');
mysql_select_db($conn_db,$link) or die('Connection to database failed!');
$sql = mysql_query("UPDATE user_data SET paid='0.00' WHERE uid='$userID'");
mysql_close($link);
if (!empty($errmsg)) {
// manually investigate errors from the fraud checking
$body = "IPN failed fraud checks: \n$errmsg\n\n";
$body .= $listener->getTextReport();
mail('user#example.com', 'IPN Fraud Warning', $body);
} else {
$link = mysql_connect($conn_host,$conn_user,$conn_pass) or die('Connection to mysql failed!');
mysql_select_db($conn_db,$link) or die('Connection to database failed!');
$sql = mysql_query("UPDATE user_data SET paid='$paid' WHERE uid='$userID'");
mysql_close($link);
}
} else {
// manually investigate the invalid IPN
mail('user#example.com', $listener->getTextReport());
}
?>
You can send the encrypted user id in the form as custom variable
<input type="hidden" name="custom" value="put user id here " />
The IPN will send you this custom code back, so that you can update your database.
you will get the value using $_POST['custom'] in your IPN validation page.
Please find the complete set of variables below.
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick-subscriptions">
<input type="hidden" name="business" value="nora#paypal.com">
<input type="hidden" name="item_name" value="Baseball Hat Monthly">
<input type="hidden" name="item_number" value="123">
<input type="hidden" name="image_url" value="https://www.yoursite.com/logo.gif">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="return" value="http://www.yoursite.com/thankyou.htm">
<input type="hidden" name="cancel_return" value="http://www.yoursite.com/cancel.htm">
<input type="hidden" name="a1" value="0">
<input type="hidden" name="p1" value="1">
<input type="hidden" name="t1" value="W">
<input type="hidden" name="a2" value="5.00">
<input type="hidden" name="p2" value="2">
<input type="hidden" name="t2" value="M">
<input type="hidden" name="a3" value="50.00">
<input type="hidden" name=”p3" value="1">
<input type="hidden" name="t3" value="Y">
<input type="hidden" name="src" value="1">
<input type="hidden" name="sra" value="1">
<input type="hidden" name="srt" value="5">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="custom" value="customcode">
<input type="hidden" name="invoice" value="invoicenumber">
<input type="hidden" name="usr_manage" value="1">
<input type="image" src="http://images.paypal.com/images/x-click-but01.gif" border="0" name="submit" alt="Make payments with PayPal - it’s fast, free and secure!">
I hope this helps.
Thanks.
I wanted to get the userid from paypal after the user have made his payment.
Pay.php
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="<?php echo $merchant_email ?>">
<input type="hidden" name="item_name" value="IPN test">
<input type="hidden" name="item_number" value="1">
<input type="hidden" name="amount" value="0.01">
<input type="hidden" name="notify_url" value="<?php echo $ipn_url ?>">
<input type="hidden" name="return" value="<?php echo $return_url ?>">
<input type="hidden" name="cancel_return" value="<?php echo $cancel_url ?>">
<input type="hidden" name="userid" value="888">
<input type="hidden" name="currency_code" value="USD">
<input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but23.gif"
border="0" name="submit" alt="Buy Now">
So I would enable ipn in my paypal account and point to http://www.domain.com/ipn.php?
In ipn.php code
<?php
$userid = $_POST['userid'];
$qry = "INSERT into mypayments(userid) VALUES ('$userid') “;
$result = mysql_query($qry,$db);
?>
Is it correct? How do I get VERIFIED from paypal?
I believe that userid is an incorrect name and will not be returned in your IPN message. I use the optional fields for passing IDs and stuff needed for processing the transaction on my end.
These optional tags are on0, on1, or on3 for the custom field names and os0, ls1, and os2 for the custom field values. These values can go up to on6 and os6.
I would send on0 with a value of "UserID" and os0 the actual ID.
These values will be represented in the IPN as follows:
os0 is represented as option_selection1
os1 is represented as option_selection2
os2 is represented as option_selection3
on0 is represented as option_name1
on1 is represented as option_name2
on2 is represented as option_name3
Here's the info on PayPal's HTML parameters
Use the "custom" variable.
<input type="hidden" name="custom" value="user_id" />
Its a two step process.
PayPal will post an IPN to the url you specified in $ipn_url.
You will then get a VERIFIED response when you post all of the IPN data with an additional cmd=_notify-validate param (details) back to PayPal.
PHP sample here.