I use following html to create paypal subscription:
<form action="http://paypal/url/..." ...>
<input type="hidden" name="cmd" value="_xclick-subscriptions">
<input type="hidden" name="business" value="selleremail#somedomain.com">
<input type="hidden" name="item_name" value="My Subscription">
<input type="hidden" name="currency_code" value="GBP">
<input type="hidden" name="p3" value="1">
<input type="hidden" name="t3" value="M">
<input type="hidden" name="tax" value="0.00">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="shipping" value="0.00">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="src" value="1">
<input type="hidden" name="cancel_return" value="http://mysite/paypal/cancel.page">
<input type="hidden" name="return" value="http://mysite/paypal/success.page">
<input type="hidden" name="notify_url" value="http://mysite/paypal/ipn.page">
</form>
Everything works well, new subscriptions are created, IPN notifications are got by my scenario. One thing is bother me. If some payment is failed, appropriate subscription becomes suspended. It happens due to default settings of a subscription. There is set 1 failed payments allowed before suspending subscription profile.
I can turn it off manually as described in documentation, but how to setup it on subscription creation stage? And is it worth to turn off it or better to set some number of fails?
The answer from a person at paypal developer network:
Currently there is not a variable you can pass in the subscription
button code to change the number of failed payments allowed before the
profile is suspended. The default value at this time is one and you
can change it manually in the account as you mentioned above. A
feature request has been submitted for about adding this functionality
but there is no timeframe on when this may be done. However, if using
Express Checkout API to create the recurring profiles, you can specify
a value for MAXFAILEDPAYMENTS.
Add this to your form:
<input type="hidden" name="reattempt" value="1">
This causes failed payments to be reattempted (up to 3 times, I think, with 1 day between attempts). As for whether it's better to turn it on or off, I can't really think of a scenario where reattempts are bad for you: it gives customers extra chances to give you money. If you think that people using the service for free for a couple of days after payment failes is really a problem, suspend the account when you get a subscr_failed IPN until there has been a successful payment.
There is no cancellation on payment failure. After the initial failure PayPal will try to take payment again after 5 days. If that also fails that PayPal will try a third and final time after a further 5 days.
When you can set up the original PayPal Profile you have two options for dealing with failed charges. This is found in the Recurring Charges section for the subscription on profile.
The terms you will get here like:
recurring_payment_suspended_due_to_max_failed_payment
and this will also give you term for the retry date when next attempt is going to be execute.
'retry_at' => '02:00:00 Feb 08, 2017 PST',
Related
I want to create a "Pay what you want" paypal button with minimum amount set.
I am adding the following code on my website
<form name="_xclick" action="https://www.paypal.com/us/cgi-bin/webscr"
method="post">
<input type="hidden" name="cmd" value="_xclick" />
<input type="hidden" name="business" value="YOUR EMAIL ADDRESS" />
<input type="hidden" name="currency_code" value="EUR" />
<input type="hidden" name="item_name" value="YOUR_PRODUCT_NAME" />
<input type="hidden" name="no_shipping" value="1" />
<input type="hidden" name="address_override" value="1">
<input type="number" name="amount" value="5" placeholder="5" min="5"/>
<input type="image" src="http://www.paypalobjects.com/en_US/i/btn/btn_buynow_LG.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!" />
</form>
Since this code is easily visible on the source code of my web page
1) Anyone can see my email
2) Anyone can change the code to start paying say EUR 0.01. Since I will be charged for each transaction 1.9% + EUR 0.35, someone can easily piss me off!
Please let me know is it safe!
Note :
1)I have no issue regarding payment with a changed price since I will first see the transaction and then deliver the product.
2)I don't want a hosted button because I need variable pricing and don't want to use donate button (as it is not for personal blog fundraising, I guess).
Thanks!
There isn't any way to do it with the standard buttons. A user could easily tamper the payment between your site and PayPal. The only way to do it would be with the encrypted website payments.
Read more here: https://developer.paypal.com/docs/classic/paypal-payments-standard/integration-guide/encryptedwebpayments/#id08A3I0P017Q
You must be comfortable programming in scripts like PHP and ASP to use Encrypted Website Payments.
This will make your payment buttons tamper proof.
I've set up a payment button on my website and users can choose what they want and make payments fine. What I am struggling with is working out how to give them what they paid for. So for example they paid $10 for a book, I want the book to be awarded to their account once the payment has gone through.
What I've found is that you need to use an IPN but for that you need an API, whatever these are. Is this the only way to do it in php? Looks very complicated for such a simple task and I'd rather get them to send payments to me and I will manually add what they paid for.
EDIT
Here's what I'm following: https://developer.paypal.com/webapps/developer/docs/classic/products/instant-payment-notification/
This is how I set up my paypal checkouts in my websites:
<form name="_xclick" action="https://www.sandbox.paypal.com/cgi-bin/webscr"
method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="YOUR SANDBOX SELLER EMAIL">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="item_name" value="Digital Download">
<input type="hidden" name="amount" value="9.99">
<input type="hidden" name="return" value="THIS URL">
<input type="hidden" name="notify_url" value="THE URL TO YOUR ipn.php SCRIPT">
<input type="image" src="http://www.paypal.com/en_US/i/btn/btn_buynow_LG.gif"
border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
</form>
Inside your ipn.php you can add a sql statement to change the user access to the book.
I have found this tutorial very useful when it comes to paypal forms:
http://www.micahcarrick.com/paypal-ipn-with-php.html
Paypal form API:
https://developer.paypal.com/docs/classic/paypal-payments-standard/integration-guide/formbasics/
I'm working on a standard paypal button "Buy Now". Currently I'm still working with Sandbox accounts but there's something weird...
Here is my HTML :
<input type="hidden" value="address#gmail.com" name="business">
<input type="hidden" value="EUR" name="currency_code">
<input type="hidden" value="FR" name="lc">
<input type="hidden" value="" name="encrypt">
<input type="hidden" value="http://mywebsite.com/paypal_ipn/process" name="notify_url">
<input type="hidden" value="http://mywebsite.com/thanks" name="return">
<input type="hidden" value="http://mywebsite.com/cancel" name="cancel_return">
<input type="hidden" value="Item 1" name="item_name">
<input type="hidden" value="0.89" name="amount">
<input type="hidden" value="1" name="test">
<input type="hidden" value="2" name="rm">
<input type="hidden" value="paynow" name="type">
<input type="hidden" value="_xclick" name="cmd">
I wanted to see if I could just change the amount value using web inspector (like Firebug) to change my product price before accessing Paypal transaction... and yes I just could buy my product with 0.01 instead of 0.89...
HOW CAN I SECURE THIS !!! THANKS
The easiest way is to generate encrypted PayPal buttons from within the PayPal site itself. Folks cannot change the price or other items before sending them to the gateway.
Also, PayPal has an API that you can use to securely send information to their gateway.
https://www.paypal.com/cgi-bin/webscr?cmd=_dcc_hub-outside
Direct Payment API offers you direct credit card payment processing capability through PayPal. For credit card transactions, customers stay on your website as PayPal processes the payment in the background.
By integrating Direct Payment API with Express Checkout, as part of the Website Payments Pro solution, you can accept all major payment types, including PayPal, while working with a single provider that processes and manages all your online payments for you.
It's quite a bit more complex to get implemented than the "Generate Button" method, but it also has other benefits, namely better security and that the user does not have to leave your site to check out.
I'm configuring a PayPal IPN listener from this tutorial and ipnlistener.php.
When I need a user to pay, I show him this form
<form name="_xclick" action="https://www.sandbox.paypal.com/cgi-bin/webscr"
method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="<? echo $myPaypalEmail; ?>">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="item_name" value="Digital Download">
<input type="hidden" name="amount" value="<? echo $price; ?>">
<input type="hidden" name="return" value="THIS URL">
<input type="hidden" name="notify_url" value="myhost.com/ipn.php">
<input type="image" src="http://www.paypal.com/en_US/i/btn/btn_buynow_LG.gif"
border="0" name="submit">
</form>
Following the guide, I correctly receive a POST request to the file ipn.php. I receive a lot of useful data about the payment but my problem is: how can I know which user made the payment?
A "user" is a person registering on my website, giving me personal informations and his/her email address. How can I connect these informations to the POST request I receive back from PayPal? The email used to register on my website may be different from the one used in PayPal.
I can think of 2 solutions:
a) Place a unique user id in the return URL, parse it with $_GET and then... This could hardly solve the problem.
b) Get the payment ID as soon as the transaction starts. But I have no idea on how to do that.
As you can see, my problem is to associate a user with the transaction id. The workflow is:
HTML Form -> Paypal website -> ipn.php
HTML Form has user info while ipn.php receive transaction info: I need the user info to go into ipn.php in order to check if the total has been correctly paid and to perform stuff on the user account. How can I do this?
Many thanks.
You could also pass the user ID in the "custom" field. This can be literally anything you want, up to 255 characters. This gets passed to Paypal and is sent in the IPN response as well. I use this field to distinguish between my various databases when I am storing IPN data.
Hope this helps.
<input type="hidden" name="item_number" value="UNIQUE_USER_ID">
item_number allows to pass any arbitrary numeric values back and forth. I can use this to identify the user from the payment. $_POST['item_number'] will allow to see this value in the ipn.php file.
I have built a product generation and display plugin for the Wordpress CMS and I am now trying to integrate some form of PayPal integration for the checkout process.
I have the cart, the products, the shipping, totals, all that figured out on my end and I was hoping someone could point me in the simplest direction of sending this information to PayPal. I understand some methods of doing this are not that secure and others make you jump through hoops like some sort of show dog. I've been trying to learn how to use cURL and then how to get it to work with PHP - it really seems like a bit of a mess. I do now have cURL working on my WAMP server ... but..
Is there a better way or should I continue to learn cURL?
I can format the data however it needs to be to send off to PayPal and would not mind doing this with JavaScript - this is not a pay-wall and every order is checked for accuracy by a human - so someone messing with the client-side script will not bother me. I also definitely want to send them to PayPal, I want no part of storing/processing their credit card information. It would, however, be nice to have IPN. Can someone point me in the right direction or assure me that I already am headed that way?
Thanks alot.
This is how i automatically redirect to PayPal with all the form details;
<form action="https://www.paypal.com/cgi-bin/webscr" method="post" id="paypal">
<input type="hidden" name="cmd" value="_xclick" />
<input type="hidden" name="cbt" value="Return to example" />
<input type="hidden" name="business" value="email" />
<input type="hidden" name="item_name" value="example Purchase" />
<input type="hidden" name="amount" value="9.99">
<input type="hidden" name="button_subtype" value="services" />
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="return" value="URL" />
<input type="hidden" name="notify_url" value="URL"/>
<input type="hidden" name="cancel_return" value="URL" />
<input type="hidden" name="currency_code" value="USD"/>
<input type="hidden" name="image_url" value="" />
<input type="hidden" id="custom" name="custom" value="invoice_id to track"/>
<input type="hidden" class="btn btn-primary" style="width:100%" alt="PayPal - The safer, easier way to pay online!"/>
</form>
For multiple products, you can simply add more products to the form, example;
<input type="hidden" name="item_name_1" value="Item #1">
<input type="hidden" name="amount_1" value="1.00">
<input type="hidden" name="item_name_2" value="Item #2">
<input type="hidden" name="amount_2" value="2.00">
However, using this method is not all great
All the data would need to be generated with PHP and input into the page, you would also need to check the transaction when the IPN calls back to ensure its been paid.
<script type="text/javascript">
function myfunc () {
var frm = document.getElementById("paypal");
frm.submit();
}
window.onload = myfunc;
</script>
You may want to use the new PayPal
SDK. They have a good set of sample code,
including code for express checkout and IPN.
Try here
https://www.x.com/developers/paypal/documentation-tools/paypal-sdk-index
Get the SDK for Express checkout. At this
time, they should be at SDK 98 for PHP.
You won't have to worry about the Curl,
the SDK takes care of all that for you.
A typical call might be something like this.
$setECResponse = $paypalService->SetExpressCheckout($setECReq);
This line of code is modeled after the samples. It's
all object oriented. They provide you with classes.
In this case there is a request object you fill out,
the examples show exactly how to do it; just use the
samples as your template.
It sounds like you want to do PayPal Express checkout,
this way you won't have to handle credit cards or anything
like that. The user is redirected to the PayPal website
and all the financial transactions happen there. The
user is redirected back to your site. Then you have a
page where the user can review the order and click
submit if they approve. When the user clicks submit,
you call a PayPal API telling PayPal that the transaction
is approved. PayPal then executes the transaction and
sends you back a confirmation with a transaction id.
You can then call getTransactionDetails and display the
confirmation to the customer. You can additionally put
those transaction details into a database.
Here are the APIs you can call for this. These
are modeled closely to the sample code they provide
$paypalService->SetExpressCheckout($setECReq);
control goes to PayPal URL, and the user goes
through a few pages there. control returns to you.
your order review page
$paypalService->GetExpressCheckoutDetails($getExpressCheckoutReq);
your order confirmation page
$paypalService->GetExpressCheckoutDetails($getECReq);
$paypalService->DoExpressCheckoutPayment($DoECReq);
Tells PayPal to do the transaction.
$paypalService->GetTransactionDetails($request);
Here you can put transaction details into a database.
You can also send yourself a mail with all the details,
that way you will know whenever a transaction occurs.
IPN can be a bit tricky. There is a sample IPN listener
that they provide, that will help. You will need to
set up your listener URL on the PayPal website. You will
also need to set up an SSL certificate.
The SDKs are fairly new, but PayPal is working on an even
newer way to do things, developer.paypal.com. It just came out
within the last month or so. You may want to look into that too.