How to Accept Paypal Payments

[dbest]

How to integrate Paypal with PHP

I had to go through these steps and learned a lot, so I thought I should summarize my learning, so that its useful to others.

I will show you how to get your users make a payment to you from your site using Paypal and then show them a page where you can thank them for it. Hopefully you have a website that is up and running and have decided to use Paypal for handling payments.

Step 1. Enable IPIN Notification
Login to your paypal account and upgrade it to a Premier account. By doing this, you enable IPIN (Instant Payment Notification) support for your account. This is useful to check if a successful payment has been made.
Once your account is upgraded to Premier, visit the Profile menu under My Account. Under Selling Preference you will find Instant Payment Notification Preferences.  Choose IPN Settings and then enter the Notification URL and Enable the IPIN service. The Notification URL will be the URL of the page that the user will process the results from Paypal IPIN.

Step 2. Set up Auto-Return Page (Optional but Good to have)
Also setup the Auto-Return page, this is the page that will thank the user for the payment made. You will find this option in the Website Payment Preferences link under the Selling Preferences tab of your Profile. Enable Auto-Return and enter the URL on your website.

Step 3. Create the Payment Button
Under the Merchant Services Menu, look for PayPal Website Payments Standard and under the Key features tab, click on the Buy Now Buttons link.
Enter the Item Name, the Price and the currency. The rest of the fields are optional. The item name will be the one visible to the user when he visits paypal after clicking the button on your site, so make it descriptive.  Click on Create Button.
Copy the code that is generated and paste in on a page in your site that will be used to obtain payments.

Step 4. Create the payment processing pages
Now create the page specified in your Notification URL (Step 1) and enter the following:

Code: [Select]

<?php

// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30); //for live
//$fp = fsockopen ('www.sandbox.paypal.com', 80, $errno, $errstr, 30); //sandbox

// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
// check the payment_status is Completed
if(strcmp($payment_status,"Completed") == 0) {
// check that txn_id has not been previously processed

// check that receiver_email is your Primary PayPal email
if(strcmp($payment_status,$my_email) == 0) {
// check that payment_amount/payment_currency are correct
if($payment_currency == 'USD' &&  $payment_amount == "10.00"){
// process payment
$to = $my_email; //enter your email here
           foreach ($_POST as $key => $value) { $body .= "\n$key: $value"; }
           mail($to, $subject, $body, $headers);
}
         }       
       }
else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
}
}
fclose ($fp);
}
?>You need to add a check for an existing transaction ID. This would require you to store the transaction ID in the db and then make a call to the db to ensure that the transaction ID is not already used.
The above code will send you the details of all the fields received from the IPIN.  You could replace this with code that you need to handle the payment like adding credits to a member, gold, etc.

Your auto-return page (refer to Step 2) should contain something similar:
“Thank you for your payment. Your transaction has been completed, and a receipt for your purchase has been emailed to you. You may log into your account at www.paypal.com to view details of this transaction.”

MY TIP: Register for a Developer account and test the IPIN feature using the sandbox feature, before you use it in production.
         : You can add a hidden field in the code for the button, to store a user id of the user. The name of the field that I used was 'custom'. This will be returned to your notification URL and you could use it for crediting users.


All feedback/comments are welcome.

I was not sure if this belonged in this section or the Revenue & Promotion section. The Mods may move it if they see fit.

[Chris]

I have two concerns with your article. 1) Why hadn't you wrote it when I was struggling to implement PayPal and 2) When your Facebook integration article will be finished (and I dearly hope you won't be late this time so I could benefit)?

Reputation +1.

User id detection:
$tmp=explode("#",$item_number); $userid=$tmp[1];
// $userid will hold id of user, it assumes that userid is the last thing on the item_number string and it starts with '#' and there are no other '#'. Example: "You bought something something #1632". You add this string to the PayPal button code in the 'Item Name' form field.

[codestryke]

Very nice article.

Another tip is to make sure to check that what ever they purchased for what ever price is EXACTLY the amount you get back in the return post from PayPal. We had a few instances where the person purchasing the goods manipulated the amount. So instead of paying $2.50 per turn they changed it to $.01. Our processing page didn't check for that so it processed the turns and we lost the money.

[dbest]

@Chris..Thanks for the rep. I integrated paypal with my game just today and immediately thought about creating an article. It was a struggle and I had to make a few payments from a second paypal account to get it working successfully. Most of this info is available online, but in various places.

With regards to adding the user id, I will show how I implemented a bit later. 

Hmm, integration with facebook? Well, I have heard it is pretty simple, but have never looked into it. I hope someone writes a detailed article on that..

@codestryke - Thanks. Coming from an admin of this fantastic forum means a lot to me.
Very true about the amount returned. I have added the check to my code (I accept USD 10.00). Another important check is the transaction ID, as a user might replay the transmission and get away, if you do not verify that.

[Chris]

I never check for amount donated, I just pass that value to the function and it generates adequate amount of "credits". Also this simplifies code since I can just create a button with any value without any changes to the processing script.

[toxin]

If you are not wanting to use a real account to test and see if the IPN is working you can use https://developer.paypal.com and create a sandbox for testing. You can than log in to www.sandbox.paypal.com with a test account to make test payments on your code.

https://www.x.com is also a developer network of PayPal.