I'm using an HTML PayPal button together with IPN to achieve a direct payment on my PHP website. The IPN URL is correctly pinged but I need a way to identify the transaction, because I need to update it on my local database during the IPN call.
So my question is : is there a simple way to send a token / identifier from the HTML button and get it back on the IPN call, so that I retrieve the transaction?
If no, I guess I'll have to use the API but the code samples I found on the PayPal website confused me. I need the payment to offer both Paypal / Credit Card options to the user once he lands on the PayPal payment page. This is what they call a "Direct Payment" but is there any clear Direct Payment code samples I can use somewhere?
Thanks!
I used the simple form to redirect customers to paypal. In this form i have a hidden input <input type="hidden" name="invoice" value="myCustomInvoiceId" />.
After the customer finished his payment, paypal will do the IPN call including invoice=myCustomInvoiceId. So yes. There are plenty of variables more that paypal can include in their IPN call. See this link for further reading.
if i remember correctly, you can chose which variables to include in the IPN call in your merchant paypal account.
Related
I have a payment button that uses the custom variable to identify in my database who bought what when the ipn message comes. my custom field looks like this :
<input type="hidden" name="custom" value="userName">
My problem is that anybody can change this value to what ever they want, allowing people to buy stuff for other users. Is there any possible way to send this custom value from php to paypal, so that the user cannot change the value to something else?
You can use the Express Checkout APIs instead of standard payment buttons.
You'd make a call to SetExpressCheckout to start the process and obtain a token, then redirect the user to PayPal.
When they're returned from PayPal you can call GetExpressCheckoutDetails to obtain the buyer information as returned by PayPal, and then you call DoExpressCheckoutPayment to finalize the order and actually move the money.
You would include the CUSTOM parameter in that final DECP request the same way you are now, but it would all be hidden in the PHP code, of course. Nothing people would see in HTML.
This PayPal PHP SDK will make those API calls very quick and easy for you.
I have seen and know how to use IPN for paypal payments but I am having a small issue. With IPN you need to enter an IPN address to your PayPal File so it knows you got sent the payment (Instant Activation of Product). If I have multiple sites, I can't do this as It only allows one.
I have seen the WHMCS system manage to do this using Website Payments Standard (Does not require any IPN Settings) where the user's invoice is marked as paid after the payment is sent. The user does not need to be redirected to another page and as a seller, the only info you need to put in is your paypal email for things to start working.
Does anyone know how this works and where to learn this?
Thank you for your help
You can specify a per-transaction IPN URL by passing in notify_url along with the other data in the form.
E.g. <input type="hidden" name="notify_url" value="http://....">
This will override whatever you have set up within your PayPal Profile.
I have an option on my phpBB forum to add a Paypal Buy Now button to enable users to sell and purchase items. I would like to have the ability to automatically close a topic once a user makes a purchase through paypal to avoid multiple users from purchasing the same item.
Is it possible to get the user's session data from paypal once they make a transaction? Then incorperate session data into a variable like:
$paypal = (isset($_POST['purchased'])) ? true : false;
Not sure if I need to download the Paypal SDK for this or not.
Any suggestions would be great, thanks.
Is it possible to get the user's session data from paypal once they
make a transaction?
You really want to trust the user's session data? I am sure you can read the session data, you don't want to do that, would be trivial task to alter it. Even if you can you really shouldn't read the session data for another website.
Not sure if I need to download the Paypal SDK for this or not.
This would be the correct way to do it.
When I last used it, Paypal Standard allowed you to specify a return URL (where to send the user) for failures and for successes. Dynamically generate some secret hashes to facilitate when the user is finally redirected.
Or you can use IPN.
Don't rely on the return URL. Buyers can (and will) close their browser / tab after completing a payment.
Instead, use PayPal Instant Payment Notifications to receive a server-to-server notification from PayPal which you can subsequently verify and use to update your database with the appropriate flag for a phpBB closed thread.
IPN works as follows:
You create the PayPal and incude a "notify_url". The value for this parameter will be the full URL to a script on your server, called the 'IPN script' or 'IPN handler'.
You can specify an IPN handler as follows for Website Payments Standard
<input type="hidden" name="notify_url" value="http://blah.com/ipn.php
For Express Checkout or Website Payments Pro, simply include the following in your SetExpressCheckout/DoExpressCheckoutPayment or DoDirectPayment API call respectively.
NOTIFYURL=http://blah.com/ipn.php
A buyer completes a transaction via PayPal
Once the buyer completes the transaction, he/she may close the browser, or return to your website
Once the transaction is accepted and processed by PayPal, PayPal will send out a notification to http://blah.com/ipn.php
You need to take all POST data that was sent to this script, and POST it back to https://www.paypal.com/cgi-bin/webscr?cmd=_notify-validate
If the data you send back matches the data PayPal sent you, a 'VERIFIED' response is returned.
If the response is VERIFIED, it's at this point that you would look up the matching transaction/buyer on your end, and update the phpBB thread status appropriately.
Some sample code and documentation for PayPal IPN is available at https://www.paypal.com/ipn/
In addition, some tips on making a secure IPN script are available at https://www.x.com/developers/community/blogs/ppmtsrobertg/securing-your-instant-payment-notification-ipn-script
Note: If you want to include any custom data along with the transaction which you can read out later, use 'custom'.
<input type="hidden" name="custom" value="xxxxx">
This will also be returned in the IPN POST data sent from PayPal.
I have been using paypal in the past for selling stuff through my website ( e.g. memberships ) but I always had to verify through paypal whether the user really bought the membership (for example) before I could assign it to his/her account. Now I was wondering if there's a way that I can put a paypal purchase button onto my webpage to ( for example ) purchase a membership and then once the user paid, he'll automaticly be assigned the membership on my website ( e.g. there's a page purchase_result.php which assigns the membership, but ONLY if the user really bought it through paypal ). How can I make sure the user actually bought the item through paypal on the return page on my website?
Thanks in advance,
Skyfe.
btw, I hope my question can be understood
You would PayPal Instant Payment Notifications to receive a server-to-server notification from PayPal which you can subsequently verify and use to update your database.
IPN works as follows:
You create the PayPal and incude a "notify_url". The value for this parameter will be the full URL to a script on your server, called the 'IPN script' or 'IPN handler'.
You can specify an IPN handler as follows for Website Payments Standard
<input type="hidden" name="notify_url" value="http://blah.com/ipn.php
For Express Checkout or Website Payments Pro, simply include the following in your SetExpressCheckout/DoExpressCheckoutPayment or DoDirectPayment API call respectively.
NOTIFYURL=http://blah.com/ipn.php
A buyer completes a transaction via PayPal
Once the buyer completes the transaction, he/she may close the browser, or return to your website
Once the transaction is accepted and processed by PayPal, PayPal will send out a notification to http://blah.com/ipn.php
You need to take all POST data that was sent to this script, and POST it back to https://www.paypal.com/cgi-bin/webscr?cmd=_notify-validate
If the data you send back matches the data PayPal sent you, a 'VERIFIED' response is returned.
If the response is VERIFIED, it's at this point that you would look up the matching transaction/buyer on your end, and update your database appropriately.
Some sample code and documentation for PayPal IPN is available at https://www.paypal.com/ipn/
In addition, some tips on making a secure IPN script are available at https://www.x.com/developers/community/blogs/ppmtsrobertg/securing-your-instant-payment-notification-ipn-script
Note: If you want to include any custom data along with the transaction which you can read out later, use 'custom'.
<input type="hidden" name="custom" value="xxxxx">
This will also be returned in the IPN POST data sent from PayPal.
I am using sandbox mode.
I click buy item on my shop, and after i pay with sanndbox account it takes me to "Thank you for your payment - Paypal" but doesn't redirect back to my site! I already have IPN setup!
I dont understand, do I need to contact paypal first ? or is there some section on paypal where you can enter your shopping site URL to get it authorized ?
IPN sends the notification to your server behind the scenes, whether the end user is redirected or not.
PDT, is a different (though somewhat similar) technology offered by PayPal, which sends the data when it redirects. Are you sure you are not receiving IPN notifications?
good comparison of the various methods here: https://www.x.com/message/108223#108223
when using IPN, the transaction information will be posted to your ipn handler url directly from paypal in the background. the ipn url can be specified with the "notify_url" parameter or in your profile.
the customer will be redirected back to your site. the target url can be set in your profile or specified in the transaction using the "return" parameter.