Code: Select all
<form action="<?php echo $_config['ec_uri']; ?>" method="post">
<input type="hidden" name="cmd" value="_xclick"/>
<input type="hidden" name="business" value="<?php echo $_config['ec_vendor_id']; ?>"/>
<input type="hidden" name="item_name" value="<?php echo $_GET['combo_name']; ?>"/>
<input type="hidden" name="item_number" value="<?php echo $_GET['payment_id']; ?>"/>
<input type="hidden" name="amount" value="<?php echo $_GET['total_cost']; ?>"/>
<input type="hidden" name="page_style" value="Primary"/>
<input type="hidden" name="notify_url" value="md/cc/ipn_response.php"/>
<input type="hidden" name="no_shipping" value="0"/>
<input type="hidden" name="return" value="md/cc/thanks.php"/>
<input type="hidden" name="cancel_return" value="md/cc/nothanks.php"/>
<input type="hidden" name="no_note" value="1"/>
<input type="hidden" name="currency_code" value="<?php echo $_config['ec_currency']; ?>"/>
<input type="hidden" name="lc" value="CA"/>
<input type="submit" border="0" name="submit" value="Pay by PayPal"/>
<img src="visa_42x27.gif" title="<?php echo _AT('ec_acceptvisa'); ?>" alt="<?php echo _AT('ec_acceptvisa'); ?>" align="middle" /> <img src="<?php echo $_base_path; ?>mods/ecomm/images/mc_42x27.gif" title="<?php echo _AT('ec_acceptmastercard'); ?>" alt="<?php echo _AT('ec_acceptmastercard'); ?>" align="middle" />
</form>Code: Select all
<?php
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_GET as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
// post back to PayPal system to validate
$header = "";
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.sandbox.paypal.com', 80, $errno, $errstr, 30);
// assign posted variables to local variables
$item_name = $_GET['item_name'];
$item_number = $_GET['item_number'];
$payment_status = $_GET['payment_status'];
$payment_amount = $_GET['mc_gross'];
$payment_currency = $_GET['mc_currency'];
$txn_id = $_GET['txn_id'];
$receiver_email = $_GET['receiver_email'];
$payer_email = $_GET['payer_email'];
if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
// check the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment
}
else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
}
}
fclose ($fp);
}
?>Code: Select all
The form also includes two URLs, called return and cancel_return. These are used to send the user back to my web site after he completes or cancels the PayPal transaction. I've created two simple web pages called thanks.html and canceled.html for this example.
I could stop right here, slap that HTML on a web page, and start taking orders for doodads. Whenever someone clicks on the PayPal button and buys a doodad, PayPal will email the transaction details and the customer's contact information to me. But, say I want to automatically enter that customer and transaction data into my own database. I can easily extend the above block of HTML to notify my web server of all transactions as they happen. Simply add one more hidden input field to the HTML form:
<input type="hidden" name="notify_url" value="http://alanb.com/doodads/ipn_response.php">
Now PayPal's servers will call my ipn_response.php, with the details of each doodad order as it occurs. This is Instant Payment Notification. PayPal uses the HTTP POST method to send transaction details to notify.cgi. Then notify.cgi echoes that transaction data back to PayPal to confirm the validity of the payment.