i'm a newbie to web dev and what I need to do is create a form where a user inputs something into a field lets just call it name for now.....then when they go to paypal they donate $1 (predetermined) then from when paid to paypal, they are redirected to a success page and what I want that success page to do is say "confirmed" and the action for it to do is grab the "name" that was given and input it into a txt file on the server
Is there a way I can do this securely...i've never had to do anything with paypal before that wasn't a premade script.
(would be using php)
(if there is a script in wordpress/joomla (haven't decided which i'll use yet i'd probably use it)
As long as I can somehow get that variable "name" and do what I want with it at the end.
It's called the paypal IPN and there are a number of implementations and tutorials on it, try googling for it...
Related
Okay, so on a website I'm developing, I need to add a PayPal checkout. I've not done a website with online payments before, so I'm new to it, but I think I understand how it works. However, I'm not too sure how to set up the form submission part.
PayPal offer premade button forms, which I'm going to use for this. The button is set up so on submit, it will go to a script on the PayPal servers. However, I want to pass the variables onto a PHP script of my own first, to save them into a database before the user is directed to PayPal's own checkout/pay system.
I know you can send a custom variable through the system, which PayPal send to your IPN listener, however I have a lot of variables that for different reasons, I want stored into a database before the user pays, not after.
So basically:
User fills out form and sumbits > PHP saves form data > Variables are past onto the PayPal server using POST method without the user having to go to a second page before they see the PayPal page
Not sure if I've worded that very well, but hopefully you get my point. I simply want to send variables form one PHP script to another using POST variables.
Note: As I can't edit the PayPal script, session variables are not an option, neither are GET variables. Has to be POST
Also, my server has PHP version 5.3 and supports cURL and all that stuff
Why can't you edit the PayPal script? It would be very simple to build a form, set the action of it to your own PHP, and within that PHP set all the data to session vars, save it to your database, etc.
Then you can put together a payment request string using the cart upload command method that PayPal provides and redirect the user to PayPal accordingly, so all they'd see is PayPal. They wouldn't see anything with your "processor" script.
Even better would be to use the Express Checkout APIs as they provide more freedom and functionality to customize things how you want than Payments Standard does.
Since you're working with PHP you may be interested in my class library for PayPal. It would make Express Checkout calls very simple for you, and you can do whatever you need to do with your database within those scripts.
I want to get the details form the paypal form. I redirect my clients to this form after they select a certain amount. Can i get the details of the form below?
I am not sure. Since paypal is asking for the creditcard number and all that, for security purposes it should not allow to get this form data. But again, just wondering, is it possible?
Short answer: no.
Certainly not using PHP (going by your tags here), which is server side, and this would be a javascript hack. The way that immediately leapt to mind would be to invoke Javascript in a child iframe that contained the Paypal form, but there are two immediately apparent problems with that:
I doubt Paypal would allow that page to be opened in an iframe
You can't invoke javascript in an iframe if the page in that frame is not on the same domain as the calling page.
The best way I can think of to achieve this would be to make a Greasemonkey/Chrome/whatever extension using javascript to fish the data and send it off, but then there's this: No-one will willingly install something that they know to steal credit card information on their computer. Why on earth do you want to do this?
On a related, though unhelpful note, if you are interested in trying this for a purpose that is less illegal and immoral, one thing you might want to look at is this. It shows how to do cross-domain communication using frames if you have permission to write javascript on both pages (or have found an unsanitised field to inject it with)...
I am trying to solve a workflow that looks something like this: (in PHP)
User enters order information in my shopping cart.
The order is captured and stored to my database (w/o credit card info)
The user is redirected to authorize.net's SIM page for payment
Current setup:
shoppingcart.php - collects user shipping information/etc
storeorder.php - stores the order in my database, and then assembles a form with the appropriate required authorize.net POST fields
In short, the user ends up having to view an unnecessary intermediate page where they have to click a "Make Payment" form submit button which then sends them to authorize.net.
What is the best practice for combining these steps? (receiving a POST, storing info in my DB, and then auto-redirecting to authorize.net with new POST fields without any user interaction)
DO NOT INTERFERE WITH USER's MONEY!
Even if you don't want store the credit card details, your site can be hacked and an attacker would get it.
User enters order information in my shopping cart.
The order is processed via authorize.net's SIM page for payment
authorize.net contact your site with payment details.
is the onlly proper way.
EVERY site in the world works this way. So you have to. Don't take yourself a smart ace.
On shoppingcart.php you can place a button for Checkout. On pressing that the User action is submitted. Do not save item prices/quantity in hidden fields. on the POSTing of the user checkout button you can save all the info in your DB and make an HTML form in the PHP Post condition to set values for authorize.net and redirect your header to the PAYMENT page.
Does the user have to do any type of input on the authorize.net page or does your form supply all the needed information? If you generate all the information then the easiest way to do it is via a cUrl call to authorize.net pushing the data directly to them and checking the return status code / output to see if it was a success / not etc.
If the user needs to still enter billing details use the following method.
Form posts to /somepage.php
somepage.php runs it's processing and all the way at the bottom once processing is completed add header("Location: https://www.authorize.net/dopaymenthere");
make sure you still echo the make payment button on this page, just in case the user does something wacky out of the ordinary where they force redirects to stop etc. That way it doesn't look like broken code, but for the few exceptions that do out of the ordinary things to their browsers etc you can still handle them gracefully
PS: this would only work by concatenating the post variables as get requests, assuming that authorize.net would handle the get requests as variables.
The really easy way to do this without using a get request is with javascript by submitting the form on dom ready... that way you can show a processing order message to the user. and post them with an embedded hidden form directly to authorize.net in case your processing takes longer than expected etc.
In jquery terms on the processing.php page you would have something like:
echo $form; // HTML form with all it's values required by authorize.net
echo "<h1>Processing your request</h1>";
<script type='text/javascript'>$(document).ready(function(){$('#hiddenformid').submit();});</script>
I have a form were a user enters information, and then I have a PayPal button that the user will click once the fields have been filled in. The problem I'm having is how to you capture the user information when the paypal button is clicked, if the form has action="http://paypl.com/something/something".
Do I have to make this a 2 page process - one for me to capture the user information and then one to have the user click the paypal button?
By the way - the PayPal button directs the user to paypal.com to actually make the payment.
Guys, there's an easier solution here. Paypal allows you to pass those values through to it, then it will spit them back to you. There's actually two methods of getting the data back--a return URL that posts upon completion with return values (I've not been terribly lucky making that work) then a separate function that sends you a post upon completion of a transaction to a separate page on your site, where you can collect back all the variables you posted to the site. I suggest the latter because on a buy it now page there's a possibility of the user not being returned to the site because the return button UI is pretty weak on PayPal's end.
To set it up you'd log in to your PayPal account, click on myaccount > profile > website payment preferences. Enabling the "payment data transfer" will do the trick. Once you've got it setup correctly, upon completion of a transaction it'll send to the page of your choice a post of everything you sent it....remember, you can send in variables such as Name, Address, etc just by defining them properly in the form. All the variables available are found here
Sure, you could go through grabbing the elements from the form via Jquery or the like, then do an onclick save to DB, but why fight it? It's a heck of a lot more work and may have issues if Javascript is off.
Don't forget to build a sandbox site to test! Good Luck.
You have a few options here. You could make two forms, one which submits to your server where you capture the user information, and then display a second form with a "Pay Now" button. As a second option, you could extract the information from the form using JavaScript and submit it to your server using AJAX, then submit the form to PayPal when the AJAX request completes. This may or may not be more complicated, but it will not alter the existing user interface, which may be desirable.
I would make the action the current page, catch the button click and store the user information, then use header: Location("http://paypl.com/something/something");. Its something like that anyway. Hope this helps.
Edit: Also see the other answer by Josh. They are equally good possibilities. Note that the Ajax option would require JavaScript to be switched on - so safeguards would have to be put in place in case it is switched off.
My recommendation would be to add all of your user/order data into your own local database so that you can generate an order ID of some kind. You can then pass this order ID into your PayPal button code in a field named invoice.
This value will then come back in PDT/IPN as $_POST['invoice'] so you can easily pull all of that data back out and handle it within your application accordingly.
Another alternative would be to use Express Checkout instead of Payments Standard. It's a little bit more involved, but it has fewer limitations.
Even with EC, though, I still recommend sending an order ID of some sort along with the payment request so you can relate everything back and forth easily.
I used to have a "Buy Now" button that would go through PayPal, and then, through the button's advanced option, I redirected the users to a "Success" page that would give the serial for the product they purchased.
Obviously, this page had to get confirmation from PayPal, through the variables PayPal gave it, in order to know that a payment had actually been processed, and not only some person typing the page's URL in his browser to get a serial.
I did this only in PHP, without downloading any API, using, as far as I can remember, $_POST or $_SERVER variables from PayPal. There were a couple of nested "if"s, but in the end, it worked fine.
Now I've been Googling for an hour trying to find the code I used. All I find is framework downloads and bloated APIs, while I really only need to know these things:
Did the order process?
What is the email of the buyer?
I have a blank PHP file waiting for suggestions. In dummy-pseudo-code, it would go around the lines of:
<?php
$serial = ...;
if ($paypal_succeeded)
{
echo($serial);
}
?>
Please don't tell me this is impossible, I know I already did it, I just lost my old code.
Thanks!
I don't have any experience with this sort of thing, but google showed me a few possible relevant links here, here, and here.
The main page for this was https://www.paypal.com/ipn