I am attempting to set up a PayPal 'subscription' payment button on a site I'm working on. It's a form that gets sent to PayPal and then sends the user back to a return URL when the transaction is successfully completed. I'm currently using the PayPal Sandbox to test this. The problem is that the POST variables are not being sent to the thank you page (which is a PHP page FYI).
The reason I need this is that I'm updating a database and if a user successfully completes a transaction, it needs to take a look at the variables being returned, determine that the user paid and then update the user's information in the MySQL database automatically.
I've been in touch with a PayPal rep for the past two weeks and they can't seem to help. I've also researched all over the web and Stack Overflow and none of the current answers seem to address my issue. Here's what I've tried:
I started by trying to use GET variables (like but GET variables are not supported in this way. It caused the return URL to have a crazy string of variables returned on the end of it and not my ID variable (it was like a charset and something else). The PayPal rep explained that the variables I needed to use are POST variables.
I've set up the pages on three different servers/hosting packages to see if the host was the issue. The three I've used are GoDaddy, JustHost and 123-reg (UK). None work. I assumed the hosts would be fine since PayPal is so ubiquitous but I double checked to be sure. I know that the .htaccess file isn't preventing POST variables from working because I've used the PHP mail function from a form on this site already so that all works.
I tried $_REQUEST variables instead of $_POST variables as suggested here: Paypal Hidden variables doesn't work
Here is the code being used on the two pages. Feel free to go to these pages as well to test out the issue yourself and see that is doesn't work:
Page
http://www.miller-media.com/sites/paypal_test/test_form.php
Code
<html>
<head>
</head>
<body>
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" id="paypal_form" method="post" target="_top">
<input type="hidden" name="cmd" value="_xclick-subscriptions">
<input type="hidden" name="item_name" value="Test Monthly Subscription">
<input type="hidden" name="business" value="mbizz#paypal.com">
<input type="hidden" name="a3" value="7.00">
<input type="hidden" name="p3" value="1">
<input type="hidden" name="t3" value="M">
<input type="hidden" name="src" value="1">
<input type="hidden" name="sra" value="1">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="custom" value="20130731 it worked">
<input type="hidden" name="cancel_return" value="http://www.miller-media.com">
<input type="hidden" name="return" value="http://www.miller-media.com/sites/paypal_test/mmiller.php">
<input type="hidden" name="rm" value="2">
<input type="submit">
</form>
</body>
</html>
And the return URL
Page
http://www.miller-media.com/sites/paypal_test/mmiller.php
Code
<html>
<head>
</head>
<body>
TEST FOR MILLER MEDIA
THIS IS FOR POST
<?php
echo ("Custom = " . $_POST['custom']);
echo ("Transaction = " . $_POST['txn_id']);
echo ("First name = " . $_POST['first_name']);
echo ("Last name = ". $_POST['last_name']);
?>
</body>
</html>
This code above is what was provided by the PayPal rep to me (mine was slightly different when I first set it up). If you go through the process (with a PayPal sandbox account), no variables will show up on the thank you page (mmiller.php).
Here is a message that the PayPal rep provided to me and it showed that he get variables working correctly. It looks like he was testing locally, so I'm not sure if that had something to do with it:
Here is the screenshot http://i.imgur.com/zno0UkK.jpg . But I just noticed I was using a Buy Now button but your button is a subscription.
The txn_id is not returned for subscription (that is by design) . Please see below for variables that are returned. https://cms.paypal.com/uk/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_html_IPNandPDTVariables#id091EB0901HT
This is what I get with subscription signup http://i.imgur.com/BOrw1Hn.jpg . A txn_id is not returned.
Here is also the complete POST data :
POSTDATA=txn_type=subscr_signup&subscr_id=I-0RSGVWA904CF&last_name=Connor&residence_country=GB&mc_currency=USD&item_name=StormAware+Monthly+Subscription&business=mbizz%40paypal.com&amount3=7.00&recurring=1&address_street=1+Main+Terrace&payer_status=verified&payer_email=UKrealPro%40paypal.com&address_status=confirmed&first_name=John&receiver_email=mbizz%40paypal.com&address_country_code=GB&payer_id=UXPBYWUW8ZDHA&address_city=Wolverhampton&reattempt=1&payer_business_name=John+Connor%27s+Test+Store&address_state=West+Midlands&subscr_date=16%3A37%3A38+Aug+05%2C+2013+PDT&address_zip=W12+4LQ&custom=20130731+it+worked&charset=windows-1252&period3=1+M&address_country=United+Kingdom&mc_amount3=7.00&address_name=John+Connor%27s+Test+Store&auth=AOgsYFMneBuxymkc0UoZ6OI6D-BXCQmWRz5xyilJR1-7uCvNI1kB Om1eHPbogzB7YnoOUIAZZiFOrx0ZcUgN-gQ&form_charset=UTF-8
Any help would be greatly appreciated as this has frustrated me for the past several weeks. Thank you in advance!
If you want POST data included with your return page you'll need to setup PDT (payment data transfer.)
This is not recommended for updating databases or anything that you need to make sure happens, though, because even with Auto-Return enabled there is no guarantee the user will actually make it back to your site and you will undoubtedly end up with transactions that don't get updated correct.
That is why IPN is recommended instead. IPN will be triggered regardless of whether or not the user makes it back to your site.
Keep your thank you page simple and do all of your post-payment processing within IPN.
Related
I implemented a paypal checkout about 3 years ago and it is currently working well. I now want to create a new checkout page for a new set of items. I copied the code from the page that I previously used and updated it for the new items. I set up the new page to use my sandbox for initial testing. The code below is cut from the actual page for display here.
<!DOCTYPE HTML >
<html>
<head>
</head>
<body>
<div>
<form id='paypal_form' action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick" />
<input type="hidden" name="add" value="1" />
<input type="hidden" name="business" value="buyer#test.com" />
<input type="hidden" name="item_name" value="non-member RTV Renewal" />
<input type="hidden" name="amount" value="75.00" />
<input type="hidden" name="custom" value="Id=Joe;fixedName=Joe Smith;pw=1234;email=buyer#google.com;expdate=2024-02-14" />
<input type="hidden" name="currency_code" value="USD" />
<input type="hidden" name="lc" value="US" />
<input type="hidden" name="cancel_return" value="https://www.roundalab.org/Figures_Subscriptions_All/test_renew.htm">
<input type="hidden" name="return" value="https://www.roundalab.org/Figures_Subscriptions_All/success_test.php">
<input type="hidden" name="rm" value="2">
<center>
<div id="add-cart" style="padding:30px;">
<button onClick="document.getElementById('paypal_form').submit();">Click Here To Submit Order To Paypal</button>
</div>
</center>
</form>
</div>
</div>
</body>
</html>
The code works and creates an order in the paypal sandbox. It is then supposed to go the the url in the "return' item, which it does. The problem is that paypal is supposed to return a bunch of data in $_POST. When the return page is displayed, $_POST is empty. I also display $_GET and it contains 1 field which is the payer_id. A couple of questions...
Anyone know why no data in $_POST?
Is there a way that I can get any kind of error message that shows info on why no POST data was sent when going to the url in the return item?
I assume that this method of using paypal is deprecated. Is there a place that I can still get to the docs for using this interface?
The receiving sandbox Business account needs to enable Payment Data Transfer for any data to be returned.
With this sort of HTML-only (no API) PayPal integration that redirects away from your site, a return after a completed transaction is never guaranteed to occur. PayPal may be obligated to show the payer a receipt, or they may never click to return, or their browser may be closed or crash. Therefore, you should not depend on this returned data for absolutely anything of any importance. It is for extra informational purposes only.
If you are trying to do anything important with data returned via _GET/_POST , your integration is flawed.
With such an HTML-only <form> post integration, the only reliable way to receive data is by implementing the IPN service, which is also very old. All of these are poor choices if you need to do anything important with the data being returned.
Instead, use a current PayPal Checkout integration. Follow the Set up standard payments guide and make 2 routes on your server, one for 'Create Order' and one for 'Capture Order', documented here. Both routes should return only JSON data (no HTML or text). Inside the 2nd route, when the capture API is successful you should store its resulting payment details in your database (particularly purchase_units[0].payments.captures[0].id, which is the PayPal transaction ID) and perform any necessary business logic (such as sending confirmation emails or reserving product) immediately before forwarding your return JSON to the frontend caller.
Pair those 2 routes with the frontend approval flow: https://developer.paypal.com/demo/checkout/#/pattern/server
I am trying to send passthrough data in a paypal paynow button and have paypal return that data to my php page when user clicks “return to merchant” button after paying.
For this I am using the “return” facility in the paypal button, together with rm=2 to send all the data back as post. However, I cannot get it to work. Here is my paypal button html:
<form name="paypal2" action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="xxx">
<input type="hidden" name="invoice" value="testinvoice_fromcode2">
<input type="hidden" name="custom" value="testcustom_fromcode1">
<input type="hidden" name="on0" value="yes"><!--agreetc-->
<input type="hidden" name="os0" value="<?php echo $aid; ?>">
<input type="hidden" name="on1" value="<?php echo $id; ?>">
<input type="hidden" name="os1" value="<?php echo $agent; ?>">
<input type="hidden" name="return" value=http://www.example.com/Admin/conpanel/privat/phpvendorpaidad.php>
<input type="hidden" name="rm" value="2">
<input id="submit" type="image" src="https://www.paypalobjects.com/en_GB/i/btn/btn_paynowCC_LG.gif" border="0" name="submit" alt="PayPal – The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="1" height="1">
</form>
In the IPN notification, paypal renders:
os0 as option_selection1,
os1 as option_selection2,
on0 as option_name1,
on1 as option_name2,
I know that on0 and os0 are supposed to be used as name value pairs but way back in 2009 when I first wrote this script there were only 2 sets allowed and therefore I used all 4 to carry values and it worked then.
But essentially, I cannot understand why
<input type="hidden" name="return" value=http://www.example.com/Admin/conpanel/privat/phpvendorpaidad.php>
<input type="hidden" name="rm" value="2">
is not working.
I cannot pick up these values in the receiving script, phpvendorpaidad.php, either as
$aid=$_REQUEST['option_selection1'];
or as
$aid=$_REQUEST['os0'];
for example.
Can anyone see what I am doing wrong? Much appreciated.
I also have an IPN listener page that is working normally. Could another way be to build this in to the IPN listener page using javascript to send the form data automatically on page onload?
Is paypal actually POSTing to your return script or using GET? In the latter case, you can see the txn_id and some other info in the query string, but you will NOT get the whole payment detail data.
If you have Auto Return set to On (meaning the user get automatically redirected back to your site, without having to click a button), then paypal with send a GET request and will include only a few items.
var_dump($_REQUEST) and var_dump($_POST) in your script to see what you are getting.
Actually the problem lay in defective if/else logic in my return code, which was set up in 2009 to handle the GET variables that Paypal was sending to the return script in those days. This logic had to differentiate between the POSTed data received from a preceeding form on my server and the GET data received from Paypal. Paypal appears to have chenged since 2009 and no longer sends GET data to the return script but POST data via
<input type="hidden" name="return" value=http://www.example.com/Admin/conpanel/privat/phpvendorpaidad.php>
<input type="hidden" name="rm" value="2">
Once this was corrected the program worked.
However, I was only able to discover the problem thanks to the brilliant suggestion from JBart to var_dump($_REQUEST) (or the more easily read print_r($_REQUEST)). Without this I would still have been floundering. So cheers JBart, would love to buy you a drink if you are in the neighbourhood (NW London)!
And no, I didn't need to extract any variables from the received POSTed array (see my last comment above), just normal '$payment_status = $_POST['payment_status'];'. In this I had misinterpreted another thread on the subject in "How can I get posted data passed along when the user is first redirected through Paypal?"
On my order page, I'm using this form:
<input type="hidden" name="item_number" value="<?php echo $refNumber; ?>">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="<?php echo $paypal_email; ?>" />
<input type="hidden" name="currency_code" value="USD" />
<input type="hidden" name="return" value="<?=$_SESSION["web_site_url"]?>/payment_success.php?OrderID=<?=$refNumber;?>" />
input type="hidden" name="amount" id="amount" value="<?=$product_vals["discount_prize"]?>" />
<input type="hidden" name="item_name" id="item_name" value="<?=$product_vals["name"]?>" />
now I want a sample code for my payment_success page from that i came to know whether paypal authenticate the client payment or the client's payment is success of not.. so that i can proceed to next step of gathering information from client.
I have read the Paypal docs but unable to learn useful from them. help me out to solve this problem.Moreover i also want to get the paypal email of client and transaction id / payment_success variable (that is true/false) so that i will help me to identify the payment is succesful or not..
Thanks in advance.
You can use paypal class by Micah Carrick. This is pretty clear class which support notify URL, return URL and success URL. You dont need to use any form or something but just use this class and let this class to do your job.
sample code is:
$p = new paypal_class;
$p->add_field('business', $paypal_email);
$p->add_field('return', $add_fund_url.'/success.php');
$p->add_field('cancel_return', $add_fund_url.'/cancel.php');
$p->add_field('notify_url', $notify_url );
$p->add_field('item_name', $item_name);
$p->add_field('item_number', $item_number);
$p->add_field('custom',$custom_field);
$p->add_field('amount', $amount);
$p->add_field('no_shipping', '1');
$p->submit_paypal_post(); // submit the fields to paypal
If you're gather more data after they pay then you should really using Express Checkout APIs instead of PayPal Standard like you're using now. Even with Auto-Return enabled in your PayPal profile the user still may not make it back to your site (for example, they could simply close their browser before the redirect happens.)
With Express Checkout the user will always end up back on your site even before the final call to finalize the payment, so you could actually gather the additional details from the user even before finalizing the payment if you wanted to.
Check out this guide on Implementing the Simplest Express Checkout Integration. That will get you familiar with how Express Checkout should be setup (ie. the API calls you'll be making).
Then, grab this PayPal PHP SDK and use it to make the API calls. It has everything setup for you so that it would be very quick and easy for you to integrate into your checkout.
I have a paypal business account and I'm using standard Payment in my webpage.
I want to integrate the hosted page product named "Plataforma Integral" in my Spanish website, using an iframe. I show properly the iframe and redirect to the specified sandbox url, but when I arrive at the sandbox platform (and event in the production platform), it shows the following generic error:
Error Processing Payment
This transaction can't be processed. Please pay with another card.
I have a sandbox paypal account and this is the data I'm sending:
<form method="get" id="formNewPaypal" name="formNewPaypal" action="https://securepayments.sandbox.paypal.com/webapps/HostedSoleSolutionApp/webflow/sparta/hostedSoleSolutionProcess">
<input type="hidden" name="cmd" value="_hosted-payment">
<input type="hidden" name="business" value="[SANDBOX_USER_ID]">
<input type="hidden" name="subtotal" value="50">
<input type="hidden" name="paymentaction" value="sale">
<input type="hidden" name="return" value="[RETURN_URL]">
<input type="hidden" name="cancel_return" value="[CANCEL_URL]">
<input type="hidden" name="template" value="templateD">
<input style="display:none;" type="submit" value="Pay Now" id="submit" name="submit">
</form>
I've tried sending by POST and GET methods, and without params, and the error is always the same.
Could you tell me what's wrong or what I'm missing to send or implement? Any help will be appreciated.
For further information, please don't hesitate to ask me.
Thank you in advance.
Solved! The problem was that my sandbox account was Business and must be upgraded to Business Pro.
Now I can reach the form, but when I click the Paypal Button, It access to paypal in the main window and not in the iframe. I'll keep searching.
Thanks a lot.
I'm using Micha's PayPal IPN script and for the most part it worked great: https://github.com/Quixotix/PHP-PayPal-IPN
When i click Pay now on the website it redirects to paypal with correct information, allows payment to be made, but on return nothing happens, ie it does not upgrade the user as it should. Now i've tested the script my code outside of the IPN and it works perfect so it looks to me like the IPN script is losing the session?
Here is my button code:
<form name="_xclick" action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="EMAIL_TO">
<input type="hidden" name="currency_code" value="GBP">
<input type="hidden" name="item_name" value="Text Light">
<input type="hidden" name="amount" value="0.01">
<input type="hidden" name="return" value="http://domain.co.uk/editors">
<input type="hidden" name="notify_url" value="http://domain.co.uk/account/upgrade">
<input type="submit" value="Pay now" class="btn btn-preview" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
</form>
So the notify url (IPN code) is /account/upgrade -- as far as i know this is where it should perform the upgrade task? so here is my (stripped down) code
if ($verified) {
$errmsg = '';
// some error checking
if (!empty($errmsg)) {
// manually investigate errors from the fraud checking
} else {
// upgrade user
$package = serialize($_SESSION['package']);
$this->db->update('users',array('id' => $_SESSION['user']['id']),array('payment_plan' => $package));
}
} else {
// not verified, investigate problems
}
As above, the code under '// upgrade user' works fine outside, but on return from paypal it's obviously not keeping hold of the session. It's not throwing any errors, it's just not doing anything.
Where have i gone wrong? how can i ensure that session information will be passed back from PayPal.
Thanks
Your question has a short answer: IPN isn't done as the user.
To expand on the answer, here's how IPN works. You make a payment, your visitor returns to your site, and PayPal pings your IPN URL. The important bit is in bold - the request will come from PayPal and not from the user, and will therefore not inherit the user's session!
The reason for this is pretty simple - the IPN URL is supposed to be private, as you could do all sort of silly shenanigans if it wasn't (including creating virtual transactions). For this very reason, the user never sees this address. (Another reason is that not all browsers will follow redirects - and IPN is designed to provide information 100% of the time).
If you would like to do this, you'll need to pass a parameter to the IPN request indicating who the user is. Passing the user ID is a very bad idea - as parameters as modifiable. Instead, generate a transaction ID of some sort containing the info on the user, and pass this. On the IPN call, you'll get this variable back as a custom parameter, which will allow you to fetch stuff from your DB and do whatever you want, knowing who the user was.
Hope this helped.
I saw an answer posted elsewhere that worked for me. For the return_url, I simply removed the "www" part of my web address. So, instead of the retun_url being "https://www.mywebsite.com/ReturnPage.aspx" I changed it to "https://mywebsite.com/ReturnPage.aspx". This seems to keep the session intact.