my first ipn

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
m2babaey
Forum Contributor
Posts: 364
Joined: Sun May 20, 2007 9:26 am

my first ipn

Post by m2babaey »

Hi
I coded a simple ipn by which one can pay any amount he/she wishes to my account. lease review it if it is including any bugs. there is no fixed fees for products, i just need to know what amount has been paid and save it.
form:
my form:

Code: Select all

<form method="post" action="https://www.paypal.com/cgi-bin/webscr"  >
<p align=center>
Your Username: <input type=text name=username readonly=readonly value="<?php echo $username ;?>" ><br><br>
Amount you want to deposit: <input type=text readonly=readonly value="<?php echo $amount ;?>"  size=10 name=amount>USD
<br><br>
<input type=submit value="Confirm" name="confirm" >
<br><br>Use your browser's Back button to edit the form
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="return" value="http://domain">
<input type="hidden" name="notify_url" value="http://domain/ipn.php">
<input type="hidden" name="cancel_return" value="http://domain">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="bn" value="PP-BuyNowBF">
<input type="hidden" name="business" value="myid@gmail.com">
<input type="hidden" name="mc_gross" value="<?=$amount;?>">
</form>
the notify_url:

Code: Select all

<?php
$username=$_POST['username'];
$business=$_POST['business']; 
$invoice=$_POST['invoice']; 
$memo=$_POST['memo'];
$tax=$_POST['tax'];
$mc_gross=$_POST['mc_gross'];
$mc_currency=$_POST['mc_currency']; 
$payment_status=$_POST['payment_status'];
$pending_reason=$_POST['pending_reason']; 
$reason_code=$_POST['reason_code']; 
$payment_date=$_POST['payment_date']; 
$txn_id=$_POST['txn_id'];
$first_name=$_POST['first_name']; 
$last_name=$_POST['last_name']; 
$address_name=$_POST['address_name']; 
$address_street=$_POST['address_street']; 
$address_city=$_POST['address_city']; 
$address_state=$_POST['address_state']; 
$address_zip=$_POST['address_zip']; 
$address_country=$_POST['address_country']; 
$address_status=$_POST['address_status']; 
$payer_email=$_POST['payer_email']; 
$payer_id=$_POST['payer_id']; 
$payer_status=$_POST['payer_status']; 

if($payment_status!="completed" || $business!="me@email" || $mc_currency!="USD")
echo "The payment was not successful";
else{
//payment was successful. save it in database
$sql="INSERT INTO table  ";
mysql_query($sql);
echo "Thank you. You have paid successfully";

}

?>
miro_igov
Forum Contributor
Posts: 485
Joined: Fri Mar 31, 2006 5:06 am
Location: Bulgaria

Post by miro_igov »

I do not believe you can pass through 'username' and any other custom variables. There are other ways for this.

Edit: Your payment verification is wrong, everyone could hack this script, you should pass back the transaction number to paypal and see if paypal will reply that this is valid and successful transaction. Also be careful with refunded payments, your script does not detect this.
m2babaey
Forum Contributor
Posts: 364
Joined: Sun May 20, 2007 9:26 am

Post by m2babaey »

I do not believe you can pass through 'username' and any other custom variables. There are other ways for this.
what is that way?
:roll:
miro_igov
Forum Contributor
Posts: 485
Joined: Fri Mar 31, 2006 5:06 am
Location: Bulgaria

Post by miro_igov »

RTM === read the manual. Paypal offers bunch of integration guides. I have no time to give you samples.
Post Reply