Help with some PHP Code Understanding
Posted: Mon Jul 16, 2007 4:12 pm
The post is big... but please please... Its because of the code... thats all! I promise, my question will be a small one... I'm trying to integrate my site with Paypal's IPN. For that it requires me to send a few variables in the following manner:
I'm testing the script using PayPal sandbox.... Everything works fine.. I'm being directed to the PayPal site with the required item with the associated cost. I'm even able to pay. The problem is it returns me to the script I asked it to i.e. thanks.php in this case. The PayPal guys asked me to construct a file ipn_response.php that looks something like this:
I wanted to know the purpose of this file. I've got a little info from some other site but can't understand the purpose of this file:
I want to do one thing: When I get a confirmation from PayPal, I want to update my own database saying that the user has paid the money. I don't know where to accommodate this code to make it work... I see so many variables txn_id, item_id and so on... that I'm confused as to what all are to be stored in the database and what operations I need to perform to be able to say that the user is not being asked to pay for the second time. I'm new to payments, so please advice me...
Code: Select all
<form action="<?php echo $_config['ec_uri']; ?>" method="post">
<input type="hidden" name="cmd" value="_xclick"/>
<input type="hidden" name="business" value="<?php echo $_config['ec_vendor_id']; ?>"/>
<input type="hidden" name="item_name" value="<?php echo $_GET['combo_name']; ?>"/>
<input type="hidden" name="item_number" value="<?php echo $_GET['payment_id']; ?>"/>
<input type="hidden" name="amount" value="<?php echo $_GET['total_cost']; ?>"/>
<input type="hidden" name="page_style" value="Primary"/>
<input type="hidden" name="notify_url" value="md/cc/ipn_response.php"/>
<input type="hidden" name="no_shipping" value="0"/>
<input type="hidden" name="return" value="md/cc/thanks.php"/>
<input type="hidden" name="cancel_return" value="md/cc/nothanks.php"/>
<input type="hidden" name="no_note" value="1"/>
<input type="hidden" name="currency_code" value="<?php echo $_config['ec_currency']; ?>"/>
<input type="hidden" name="lc" value="CA"/>
<input type="submit" border="0" name="submit" value="Pay by PayPal"/>
<img src="visa_42x27.gif" title="<?php echo _AT('ec_acceptvisa'); ?>" alt="<?php echo _AT('ec_acceptvisa'); ?>" align="middle" /> <img src="<?php echo $_base_path; ?>mods/ecomm/images/mc_42x27.gif" title="<?php echo _AT('ec_acceptmastercard'); ?>" alt="<?php echo _AT('ec_acceptmastercard'); ?>" align="middle" />
</form>Code: Select all
<?php
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_GET as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
// post back to PayPal system to validate
$header = "";
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.sandbox.paypal.com', 80, $errno, $errstr, 30);
// assign posted variables to local variables
$item_name = $_GET['item_name'];
$item_number = $_GET['item_number'];
$payment_status = $_GET['payment_status'];
$payment_amount = $_GET['mc_gross'];
$payment_currency = $_GET['mc_currency'];
$txn_id = $_GET['txn_id'];
$receiver_email = $_GET['receiver_email'];
$payer_email = $_GET['payer_email'];
if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
// check the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment
}
else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
}
}
fclose ($fp);
}
?>Code: Select all
The form also includes two URLs, called return and cancel_return. These are used to send the user back to my web site after he completes or cancels the PayPal transaction. I've created two simple web pages called thanks.html and canceled.html for this example.
I could stop right here, slap that HTML on a web page, and start taking orders for doodads. Whenever someone clicks on the PayPal button and buys a doodad, PayPal will email the transaction details and the customer's contact information to me. But, say I want to automatically enter that customer and transaction data into my own database. I can easily extend the above block of HTML to notify my web server of all transactions as they happen. Simply add one more hidden input field to the HTML form:
<input type="hidden" name="notify_url" value="http://alanb.com/doodads/ipn_response.php">
Now PayPal's servers will call my ipn_response.php, with the details of each doodad order as it occurs. This is Instant Payment Notification. PayPal uses the HTTP POST method to send transaction details to notify.cgi. Then notify.cgi echoes that transaction data back to PayPal to confirm the validity of the payment.