2011
06-16

howto make order form and check payment status in paypal

It's not so hard to do it if you have good example. Unfortunately it was hard for me to find good example. So I describe it here. Here is how I did that:
  1.  
  2. <form action="https://www.paypal.com/cgi-bin/webscr" method="post">
  3. <input type="hidden" name="cmd" value="_xclick" />
  4. <input type="hidden" name="amount" value="9.99" /><!-- price -->
  5. <input type="hidden" name="item_name" value="Some text, name of your product and maybe some ID" />
  6. <input type="hidden" name="currency_code" value="USD" />
  7. <input type="hidden" name="business" value="peter.s.1208@gmail.com" />
  8. <input type="hidden" name="return" value="www.peter-sobieraj.com" /><!-- url where to go after paying -->
  9. <input type="hidden" name="custom" value="some IDs or any text data that you want to remember in order" />
  10. <input type="submit" value="Pay with PayPal" name="submit" />
  11. </form>
  12.  
Change amount to your price, and busisness to your email that you use in paypal (or maybe leave my ;), I will love some extra money ).

At that moment it should work, but it's not secure !!!

Form above is in HTML, so with Firebug everybody can edit data before sending it. Now we need to make sure that money come in, and price amount is correct. For that we will need to create file for example listener.php in your sever, and configure our paypal profile so after every translation paypal.com will run our listener. Everybody can run our listener (if they know how we name it). So we need to call paypal.com from our listener to check is it correct for sure sure. Here is a example code from paypal site for listener.php. It tuck me a while before I find it on their page. But it work perfectly.
  1.  
  2. <?php
  3. // read the post from PayPal system and add 'cmd'
  4. $req = 'cmd=_notify-validate';
  5.  
  6. foreach ($_POST as $key => $value) {
  7. $value = urlencode(stripslashes($value));
  8. $req .= "&$key=$value";
  9. }
  10.  
  11. // post back to PayPal system to validate
  12. $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
  13. $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
  14. $header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
  15. $fp = fsockopen('ssl://www.paypal.com', 443, $errno, $errstr, 30);
  16.  
  17. // assign posted variables to local variables
  18. $item_name = $_POST['item_name'];
  19. $item_number = $_POST['item_number'];
  20. $payment_status = $_POST['payment_status'];
  21. $payment_amount = $_POST['mc_gross'];
  22. $payment_currency = $_POST['mc_currency'];
  23. $txn_id = $_POST['txn_id'];
  24. $receiver_email = $_POST['receiver_email'];
  25. $payer_email = $_POST['payer_email'];
  26.  
  27. if (!$fp) {
  28. // HTTP ERROR
  29. } else {
  30. fputs ($fp, $header . $req);
  31. while (!feof($fp)) {
  32. $res = fgets ($fp, 1024);
  33. if (strcmp ($res, "VERIFIED") == 0) {
  34. ///@todo check the payment_status is Completed
  35. ///@todo check that txn_id has not been previously processed
  36. ///@todo check that receiver_email is your Primary PayPal email
  37. ///@todo check that payment_amount/payment_currency are correct
  38. ///@todo save in MySQL or somewhere, or send mail, that payment was Complite.
  39. }
  40. else if (strcmp ($res, "INVALID") == 0) {
  41. // log for manual investigation
  42. }
  43. }
  44. fclose ($fp);
  45. }
  46. ?>
  47.  
If you do only last @todo, then It will work, but it won't be full secure. Save that file on your server. For example let your sever be www.yourDomain.com. Now go to your paypal profile. Go to "My Account" -> "Profile" -> "Instant Payment Notification Preferences" If they move it somewhere search for IPN or "Instant Payment Notification". Now as "Notification URL" enter "http://www.yourDomain.com/listener.php" and enable "Message delivery". That will make paypal call (download) http://www.yourDomain.com/listener.php every time when somebody will pay you. And send detail data in post.

OK. Now it will work and it will be secure.

For test you can use www.sandbox.paypal.com, not www.paypal.com. It's copy of paypal service where every data are fake. It's for testing. Good Luck.

7 Coments.

  1. Pharmk549 says:

    Hello! eedcbdc interesting eedcbdc site! I’m really like it! Very, very eedcbdc good!

  2. Johnd993 says:

    Hmm it looks like your site ate my first comment it was extremely feaekkkkaked

  3. domain says:

    I think that everything composed was actually very reasonable.
    However, what about this? what if you were to create a awesome headline?
    I ain’t saying your content isn’t solid, however
    suppose you added something that grabbed folk’s attention? I mean Peter Sobieraj – Jak stworzyć formularz zamówienia i sprawić status zapłaty w paypal is a little vanilla.
    You ought to glance at Yahoo’s home page and
    see how they create post titles to get viewers to click.
    You might add a related video or a related picture or two to
    grab people interested about everything’ve got to say.
    In my opinion, it could make your posts a little bit more interesting.

    • Eve says:

      Dan,given God does not determine the content of His middle knowledge, perhaps in every world He knew via MK had a fall; so there wasn't a &qnht;sometoiug else".If in every possible world there was a fall, it means that the fall was determined, does it not? Even if we allow that God's MK is not determined by him, if there is no other possibility then it means the fall was part of the nature of the created agent. If so, God made man, not knowing that he would fall, but to fall, in which case God is the author of sin.

Leave a Reply

  ( Ctrl+Enter )