Hey guys for my website I am trying to figure out how to make an automated paypal shop, what I mean by that is when they purchase membership via paypal by clicking a paypal button on my website it will also change a value inside of my database for that specific user.
So in a timeline fashion:
User clicks buy button and purchases item.
After payment is complete, redirect to my php script which updates the users membership status.
Currently All I need help on is how to make it automatically redirect after the payment is complete. I followed some code but it still didn't work, here is what I'm using.
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<!-- Identify your business so that you can collect the payments. -->
<input type="hidden" name="business" value="MY EMAIL">
<!-- Specify a Buy Now button. -->
<input type="hidden" name="cmd" value="_xclick">
<!-- Specify details about the item that buyers will purchase. -->
<input type="hidden" name="return" value="MY URL TO REDIRECT TO">
<input type="hidden" name="item_name" value="Sponsored (1 Month)">
<input type="hidden" name="amount" value="0.01">
<input type="hidden" name="currency_code" value="NZD">
<!-- Display the payment button. -->
<input type="image" name="submit" border="0"
src="https://www.paypal.com/en_US/i/btn/btn_buynow_LG.gif"
alt="PayPal - The safer, easier way to pay online">
<img alt="" border="0" width="1" height="1"
src="https://www.paypal.com/en_US/i/scr/pixel.gif" >
</form>
That code leaves you at the Paypal "payment complete" page, but I want it to automatically go to the return url on payment complete.
that's not how paypal works, you can't rely on the visitors return, you use the IPN (Instant Payment Notification) feature of paypal, read its docs on how this works.
Instant Payment Notification - PayPal
Is your return url really "MY URL TO REDIRECT TO" or is it something like "http://myURL.com/myPage.asp"? The first one wouldn't work, obviously.
Related
I have payments set up (using php) so that when a customer returns to the success.php file (after payment process on Paypal using an IPN listener) they are added to the db with a new membership number, which is also generated in the success.php file. The process works fine if the customer pays as a guest, they are returned to the success.php page as they should be. However, if the customer logs in to paypal rather than paying as a guest they are redirected to the Paypal user account page instead of back to the success.php page on my site. This means the payment has been taken but their membership number is not created or added to the db.
Is there a way to force ALL customers back to my success page or should the code to create the new member be added to the ipn listener (ipn.php) file so it wouldn't matter if they didn't come back to the success page?
This is the code I use in the checkout page to set the return url.
<form action="<?php echo $paypalURL; ?>" method="post">
<!-- Identify your business so that you can collect the payments. -->
<input type="hidden" name="business" value="<?php echo $paypalID; ?>">
<!-- Specify a Buy Now button. -->
<input type="hidden" name="cmd" value="_xclick">
<!-- Specify details about the item that buyers will purchase. -->
<input type="hidden" name="item_name" value="<?php echo $item_name; ?>">
<input type="hidden" name="item_number" value="<?php echo $item_number; ?>">
<input type="hidden" name="amount" value="<?php echo $price; ?>">
<input type="hidden" name="currency_code" value="GBP">
<!-- Specify URLs -->
<input type='hidden' name='cancel_return' value='http://example.com/payment-cancelled'>
<input type='hidden' name='return' value='http://example.com/thanks-for-joining/'>
<!-- Display the payment button. -->
<input type="submit" name="submit" class="button" value="Pay Now">
</form>
I should add that I have only tested this in sandbox mode so far, so if anyone knows if this is a sandbox only issue, please let me know.
UPDATE: Further testing shows that the return url no longer works with a guest check out either. This has only started happening since sandbox payments are going through the new payment pages (screenshot attached).
Has paypal changed the method of requesting a return url?
I fought with a few ways of integrating paypal's payments into my site. From what I've read here on stackoverflow, on paypal's site, and all over the web, it is probably best to put all of that backend work into your listener. You could set up something on the front-end to prep your DB for the customer, but the major problem with using the success page for this information is that:
1) your customers could just enter the URL of your success page if known
2) A customer can choose not to be redirected after paypal and may not return to your site at all (this is the best reason as I can see it).
3) Sometimes paypal redirects, but the listener may not have received paypals response of completed, pending, .etc (this is why they wait 10sec before redirection), so you do not want the user to go elsewhere or have been verified prematurely.
Honestly, placing all the code in your listener is quite simple as well and reduces miscommunication between your success page and paypal. As for testing, I just used the IPN simulator to test my code and it was fine.
As for the redirect URL, there are a few redudancies in paypal, if you use buttons, the option 3 (I believe) will provide a return URL that overrides the others. I'm not sure about using sandbox, but make sure you have .sandbox.paypal in your code to ensure it works (https://gist.github.com/xcommerce-gists/3440401#file-completelistener-php).
I hope this helps.
I've got a custom form which makes a request to paypal. The problem with this is that people can edit this in inspector.
I've got the cart info into a cookie and database too. is there a way to first go to the back end, check all info there and then send it to paypal?
I've looked into IPN but don't understand it really. also my website is currently running on localhost so I need to set some ports open to get messages from paypal. which can't because I'm working on a network where I can't access the router.
I've tried send the form to the backend, compared it with the cart cookie & database. But I don't know if I can send the form in backend.
<div class="paypal pull-right">
<form name="_xclick" action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="upload" value="1">
<input type="hidden" name="business" value="[Business name here]">
<input type="hidden" name="currency_code" value="EUR">
<input type="hidden" name="return" value="http://domain/shop/paid">
<input type="hidden" name="cancel_return" value="http://domain/shop/payment_failed">
<?php
$i = 1;
?>
#foreach($cart as $item)
<input type="hidden" name="item_name_{{ $i }}" value="{{$item['name']}}" />
<input type="hidden" name="amount_{{ $i }}" value="{{$item['price']}}" />
<input type="hidden" name="quantity_{{ $i }}" value="{{$item['quantity']}}" />
<?php $i++; ?>
#endforeach
<input type="image" src="http://www.paypalobjects.com/en_US/i/btn/btn_buynow_LG.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
</form>
You could just create a hosted button and then people can't edit the info for the transaction. When creating the button in your PayPal account just make sure to use the "Save at PayPal" option.
EDIT You won't be able to use a hosted button because of your itemized, dynamic pricing, so Express Checkout is going to be your best bet.
I would recommend you switch to using the Express Checkout APIs instead of Payments Standard. It has quite a few advantages over Payments Standard, primarily the ability the force the guest checkout experience so non-PayPal account holders can easily pay with a credit card.
This PayPal PHP SDK will make the API calls very quick and easy for you.
Basically, you'll use SetExpressCheckout to start the process, then GetExpressCheckoutDetails to pull the buyer's details from PayPal after they've logged in, and then DoExpressCheckoutPayment to finalize the transaction and process the payment.
This method will also keep people from doing anything with the button code because it's all in PHP and API calls.
IPN is still a great tool, but you wouldn't need it to validate your pricing or anything like that (unless you just still wanted to for any reason).
It's a tool you can use to automate pretty much any post-transaction task. This includes payments, refunds, disputes, cleared e-checks, etc. So you can update your database, send custom email notifications, hit 3rd party web services, etc. automatically when transactions hit your PayPal account.
I am building an page with some items that I gonna sell through paypal. first I did generic buttons with fixed prices,after clicking you redirected to paypal page with your values like that:
<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top" class="payPalBtn">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="test#gmail.com">
<input type="hidden" name="item_name" value="test">
<input type="hidden" name="button_subtype" value="services">
<input type="hidden" name="no_note" value="0">
<input type="hidden" name="amount" value="10.00">
<input type="hidden" name="bn" value="PP-BuyNowBF:btn_buynowCC_LG.gif:NonHostedGuest">
<input type="image" src="https://www.paypalobjects.com/he_IL/IL/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="">
<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>
But this is to dangerous because the client can change the amount value...and it can make some problems. So I chose using their API - this means, on server side sending some values like price,amount... ang getting back token id. After that sending this again with some data, and in the end the payment is transferred and every thing is closed. One of the parameters is: $PayPalReturnURL , this the page after success result, the user redirected to.
Now after I did that and verified that the payment pass I want to start an private program that do some private function (each time I run it it cost me money) that should be done only once, after the payment passed. The page I redirect is for example : payment.php, and there I simply start my function.
The question is: how can I be sure that the user wont go straight to that PHP address and automatically start this function. what are my options guarantee that this function would run only once after paypal redirect to me.
You are making it complex. Here is how I did paypal integration.
Alone with the input price send the transaction no in a hidden field as below.
<input type="hidden" name="amount" value="10.00">
<input type="hidden" name="tx_id" value="1234">
Before generation this form insert a database record with the status of the transaction as pending as below.
tx_id = 1234
amount = 10.00
tx_status = 0 // pending
When the transaction is complete paypal will return amount, your tx_id and status of the transaction. Using a SELECT query you can check whether returned amount is the same amount whether in the database table.
SELECT amount FROM table_name WHERE tx_id = 1234
Then If it's correct change the tx_status to paid. Else mark it as fraud.
To protect your button you could either setup a hosted button through Payments Standard or you could integrate the Express Checkout API if you're familiar with using web services.
As for the automated post-order processing you won't want to do that on your return URL. There is no guarantee that page will get hit even with Auto-Return enabled in your PayPal account. If the buyer closes their browser before that redirect happens your code will never run and your automation will not work correctly.
To avoid this, and to protect from people going directly to your return URL, you can utilize Instant Payment Notification. This will be triggered with every payment regardless of whether the user makes it back to your site or not, and you can verify the data with PayPal to ensure it actually came from them so people can't try to be sneaky with your IPN script.
What's the best way to dynamically generate an "Add to Cart" PayPal button in PHP? My idea is to take the basic HTML code and simply echo the required variable but I'm not sure if it's the most secure way...
<form name="_xclick" action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="me#mybusiness.com">
<input type="hidden" name="currency_code" value="NZD">
<input type="hidden" name="item_name" value="<?=$name?>">
<input type="hidden" name="amount" value="<?=$price?>">
<input type="image" src="http://www.paypalobjects.com/en_US/i/btn/btn_buynow_LG.gif"
border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
</form>
(Code above from PayPal's Advanced Techniques page)
Doing it that way isn't very secure because people can still view source and see the end-result on your page. Then they could take that, make changes to it, load it in their own browser and pay you for an item at a much lower price.
You can utilize IPN to help flag orders that don't look accurate by cross-references your pricing, but this can be a hassle.
You could use the Button Manager API to generate your buttons as hosted buttons on PayPal. This way people can't see the details in the source code and wouldn't be able to make changes.
Alternatively, you could use the Express Checkout API which is what I prefer and recommend if you know how to work with web service API's.
I am using a Wordpress template to serve as a system to collect verbal bids, really post comments, that will cost visiters to the site $1 to make. I've changed the standard "Post Comment" text at the end of posts to "Submit Bid".
I've also installed a PayPal donation plugin that displays a "Donate" button on the page.
I want to combine the functionality of both of these buttons into one button, the "Submit Bid" button. To be clear, the Submit Bid button posts the user's comment to the post page; I need a button that does this while simultaneously directing the user to PayPal to donate the $1.
Ideally, I'd have a check in place to verify that the user actually paid the $1 in order for the bid to be submitted, but since this is more complicated, and because this is for charitable purposes, I am putting faith in my users to actually pay. After the donation, PayPal will redirect them to the page to which they submit their verbal bid ("comment").
The php for the "Submit Bid" button looks like (it's from the standard "comments.php of the typical wordpress blog):
<input type="submit" value="Submit Bid" /><input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" />
The PayPal "Donate" button is a plugin actually placed on the page as a function:
<?php echo Paypal_payment_accept(); ?>
The function code is quite long, but the code placing the actual "Donate" button on the page is:
$output .= "<input type=\"image\" src=\"$payment_button\" name=\"submit\" alt=\"Make payments with payPal - it's fast, free and secure!\" />";
Would greatly appreciate thoughts on how to solve this seemingly trivial problem!
Actually, there might be a simpler way, rather than using the Paypal submission using a form.
Keep the redirect code, but edit the $location variable to be the URL that takes the user to paypal, with all the variables you want to send to them,
eg:
https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=email%40paypalhacks%2Ecom&amount=1%2E00¤cy_code=USD&item_name=donation&item_number=1001&quantity=1&shipping=3%2E00&no_shipping=0
So it will process the comment normally, and then send the user to the paypal page to make the payment. You can go to that URL in your browser to check it works. Probably add a 'return' variable as well to send the user back to the original $location value, so the user will get to the comment page upon successful payment to paypal.
You basically want one button, to perform 2 actions. So rather than having two forms (paypal plugin will add its own form tag), why don't you add the paypal redirecting functionality either before or after the comment processing code?
So when the user presses the submit button on a comment, let the page process the submission normally, but in that file, after it processes the comment, redirect the user to paypal.
You can change the code in wp-comments-post.php file, which is in your root Wordpress folder.
You need not use a plugin for this, its a pretty simple paypal code:
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="<!-- paypal user email which receives payments -->">
<input type="hidden" name="lc" value="CA">
<input type="hidden" name="item_name" value="<!-- donation -->">
<input type="hidden" name="item_number" value="1">
<input type="hidden" name="amount" value="<!-- donation amount -->">
<input type="hidden" name="currency_code" value="CAD">
<input type="hidden" name="return" value="<!-- the URL to redirect the user after payment -->">
<input type="hidden" name="button_subtype" value="services">
<input type="hidden" name="bn" value="PP-BuyNowBF:btn_buynowCC_LG.gif:NonHosted">
<input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"><br />
</form>
Also, you could moderate all comments, so they are not published on the website until approved by a moderator. You can manage these settings in Dashboard > Settings > Discussion. This way, you can choose to approve comments only for users who have successfully made a payment through paypal (by comparing their email IDs).