I'm trying to develop a checkout system for a customer site, and I want to know the best way to do this. Please let me know of any alternatives to what I've tried below.
Currently I have:
1) Items in cart saved to $_SESSION variable
2) When a user presses 'checkout', they are taken to a page with an invisible form that POSTs the information saved in $_SESSION to https://www.paypal.com/cgi-bin/webscr
3) When payment is confirmed, they are redirected to confirm.php on the site that triggers an email to the client and the store containing the information from the cart (stored in $_SESSION) and the address data passed back (as I cannot pass all of the attribute information in the cart to paypal in the first POST) from PayPal.
The issue with my solution is that it doesn't appear to work on mobile safari, iPads, iPhones or older systems. So I'm looking for an alternative, or for a way for the data to remain persistent, as the emails sent out at the end contain no data when performed from one of these devices.
Using a database you can store the entire cart as temporal or incomplete before calling the PayPal payment, and then get all the info via confirm.php, modify the state of the cart, etc.
Also in your PayPal account you can activate automatic IPN upon every payment.
An IPN is a listener that runs on your site and makes calls to paypal. You can find a lot of examples of these on the web.
The idea is that you pass all the fields you want on the PayPal form, and paypal will send it back using the IPN call.
In the PayPal form you can add a custom hidden input:
<input type="hidden" name="cart_id" value="<?php echo $id ?>">
And in the IPN listener you will get cart_id = 4, so you can automatically know which cart payment is done, and which user the cart belongs, change the cart status and email user.
Hope this helps you.
Related
I am trying to integrate a paypal pay button to my website and have a question:
before the users pays with paypal he inputs two variables in a form called name="amount" and name="address".
Then the users clicks on the paypal button and gets redirected to the payment system where it displays how much he wants to buy and the price (thats not the problem), after the payment the user gets redirected back and it simply prints "payment successful", question is, how do i get the access of "amount" and "address" back to store in a database?
is using $_SESSION here safe?
using session is very safe. For instance you can pass the variable as follow
<?php
session_start();
$_session['amount'] =30;
?>
As for getting adrdress and amount to store in database. once the paypal payment is succcessful, pay normal returns the amount paid, transaction Id, currency type etc. in the url. you can get those data using GET method and then store in the database with other variable sessions. Unless I see your code and what you have done so far i will be able to help you further.
I have already done a small e-commerce with Paypal and it works, but I feel like it is done wrongly.
Because the page that handles the IPN response from Paypal can't read $_SESSION variables, before the user submits the form and is redirected to Paypal, I get all the cart items and store them in a table in the database and also I register a new order with the user information but with the status 0 ( not completed ).
Then, after the user pays and I get the IPN response, I check if the status is completed, check if the amount paid is correct, currency and the usual checks to make sure the payment is successful.
The problem with this approach is that if the user once redirected to Paypal, decide to leave/close the browser/Paypal tab, I will have a failed order registered in the database and I can't delete it but manually.
How can I handle this kind of situation, and is it correct to register the order/cart before the user pays ?
Thank you and sorry for the long post.
If you want to check if the transaction occurs rely on the IPN messages. Depending on which api you are using you have several way to customize the IPN message with useful information for you, ie:
using paypal custom field
define dynamically the IPN url with extra parameter ie www.yoursite.com/ipn?myvar=myval
That way you can have a hook between the payment and the actual user in your application.
Obiusly the php session attributes of the user is not available when the http post comes from paypal.
I am creating a cms for shopping cart. I added buy now buttons with the products. But after a customer completes transaction, I need to get the item number and how many item of that kind he bought, and what was his payment amount. Paypal returns customer to a success transaction page, but I wonder how can I gather those data?
You could also use IPN as opposed to using the return URL. With the return URL, if the buyer does not return to your site for some reason such as they eitehr close their browser early or exit out of the flow, you will not get that data returned to your site. If you use IPN, the data will be posted to your site regardless if the buyer returns or now. Also with IPN, you can see what was sent in your IPN history and even resend the IPN if needed up to 28 days.
The following steps working fine for me
1-> Save the data like product code, price and detail in separate table before submitting to paypal. Save the id in session.
2-> Give the hidden input "return" like
<input type="hidden" name="return" value="your site url/paypal_success.php">
3->Collect the data from the table with session id in paypal_success.php.
I am currently developing an E-Comm site that uses Paypals express check out system. The express checkout system works fine, I send the payments amount, the user logs in to confirm the shipping details, and returns back to my page where I confirm it and the payment is completed. The main issue I am having is that I have the username (email) saved in the session. Once the user clicks checkout with paypal and confirms his/her paypal account, my session is cleared. So I cannot keep a record of who purchased what item (unless I use the users paypals email address which could be different from the one the user used on my site).
So my question is, is there any way that I can preserve the session state throughout this confirmation action? Or is there another way to keep the users information? is this a documented problem (I have not seen it anywhere)?
If any more detail is required let me know.
Thanks for your time.
No, once the user leaves your domain the session will terminate.
Instead you can store the email address in a table before user leaves your site and pass the ID of the inserted record to paypal. As this ID is a custom field it will be returned in the call back url once the user completes the payment. You can get the ID from URL and retrieve the corresponding email from database.
Even if your PHP session didn't terminate (there is likely a different reason for it closing), it still isn't a good idea to depend on the session being unmodified between the time the user leaves for PayPal and returns. Consider a user with multiple tabs that starts poking around your website in another tab before finishing Express Checkout.
Instead, store everything that is important to your checkout completion in a database, and pass a unique identifier through the Express Checkout process via the CUSTOM or INVNUM parameters. Those will be juggled through the checkout process. Once the callback returns to your site, you can very easily identify which "incomplete" order in your database it is referring to and mark it "paid."
I have successfully posted my custom shopping cart to PayPal -- it processes the order just beautifully, and when the payment is received, it posts data back to the URL I specified in the config. The code is based on the library found here: http://www.phpfour.com/blog/2009/02/php-payment-gateway-library-for-paypal-authorizenet-and-2checkout/
So I'm successfully verifying the IPN by posting data back to PayPal -- that is all great. Here's my dilemma -- how do I know what order the IPN is confirming?
I am not making use of PayPals shopping cart, I have my own. It has it's own cart ID in my database, and when I receive an IPN for that cart, I'd like to "close" the cart and save it as an order to be looked up at a later date.
I've tried passing an additional custom field along with the redirect to PayPal that populates the cart, but that value isn't returned back to me in the IPN. The documentation on x.com is just plain lacking so I've found no help there.
Does anyone have any experience with PayPal and IPN? Doesn't necessarily have to be with PHP -- I can interpret code -- but if you have a way to send a value to PayPal with an order and then have that value returned with the IPN, that is AWESOME!
If this isn't possible with PayPal's API (which I would find hard to believe) -- any other suggestions on how to handle this?
I do not know if this is a good idea or not, but here are a couple different options:
A: Use the first set of on1 / os1 for the item 1 and add the order id to that.
B: In the custom field, I am not sure what you have in there, but you can make it something like orderidhere41|otheritems here and then just parse this out by exploding at the | to get them separated.
Paypal does limit this, and I do not know why, but both of those should work. Doing it as an on / os will put it on the paypal receipt for the user, so that is my preferred method.
If someone else has a better solution, I would be interested in it as well!
EDIT:
Clarifying on1 os1. These are "options" generally used for Size / color etc. See IPN PDT Paypal variables under option_name1 option_selection(sp) for more information on them. The name of course is the title which would be "Order ID" the os would be the actual id.
EDIT:
Looking through that documentation $my2CO->addField('cart_order_id', rand(1, 100)); is where I would put my own cart order id. That should be the correct field. Sorry for the confusion :)
EDIT:
In the end there is a custom field for the paypal IPN, called "custom" adding data to this will pass through, this will transfer the orderid for you to and from. It must be called custom on both sides.
(this may be different for the other API's).
My experience has been with the Express checkout via C#, but the process should be the same even in PHP. If you're using the Name-Value Pair (NVP) interface right before you redirect the user to PayPal you hit the PayPal site to retrieve the redirection URL. As part of their response they pass back a token to you. You save this token along with your order. When the IPN postback occurs you get this same token back which lets you look up the original order.
The process flow looks like this ("You" being your site):
User fills cart, clicks button/link to check out
Request is sent to your site
Your site receives request, sends data to PayPal
You get an initial response from PayPal which contains a token
You save this token along with this user's shopping cart.
You redirect the user to the link returned by PayPal
User is redirected to PayPal and enters payment info
Payment info is validated by PayPal
User is redirected back to your site
PayPal sends IPN response back to your site
You grab the token included in the response
You look up the token you previously saved to find the shopping cart (they are the same value)
You close out the initial order/shopping cart.
You might want to try out the PHP SDK - scroll down to the Name-Value Pair Interface.
I very much doubt this will help the original poster, but PayPal have either added, or finally documented the option "invoice" which allows you to post the OrderID, and have it posted back via the IPN.
I am currently using this and it seems to work as expected.
For further info see the Website Payments Standard Integration Guide (PDF): Appendix A, Table A.4
You can create and post a custom pass-through variable that's 255 characters long that could hold any data. More info on page 44 in the official Paypal IPN Guide.