Page 1 of 1

my first ipn

Posted: Sat Aug 25, 2007 1:15 am
by m2babaey
Hi
I coded a simple ipn by which one can pay any amount he/she wishes to my account. lease review it if it is including any bugs. there is no fixed fees for products, i just need to know what amount has been paid and save it.
form:
my form:

Code: Select all

<form method="post" action="https://www.paypal.com/cgi-bin/webscr"  >
<p align=center>
Your Username: <input type=text name=username readonly=readonly value="<?php echo $username ;?>" ><br><br>
Amount you want to deposit: <input type=text readonly=readonly value="<?php echo $amount ;?>"  size=10 name=amount>USD
<br><br>
<input type=submit value="Confirm" name="confirm" >
<br><br>Use your browser's Back button to edit the form
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="return" value="http://domain">
<input type="hidden" name="notify_url" value="http://domain/ipn.php">
<input type="hidden" name="cancel_return" value="http://domain">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="bn" value="PP-BuyNowBF">
<input type="hidden" name="business" value="myid@gmail.com">
<input type="hidden" name="mc_gross" value="<?=$amount;?>">
</form>
the notify_url:

Code: Select all

<?php
$username=$_POST['username'];
$business=$_POST['business']; 
$invoice=$_POST['invoice']; 
$memo=$_POST['memo'];
$tax=$_POST['tax'];
$mc_gross=$_POST['mc_gross'];
$mc_currency=$_POST['mc_currency']; 
$payment_status=$_POST['payment_status'];
$pending_reason=$_POST['pending_reason']; 
$reason_code=$_POST['reason_code']; 
$payment_date=$_POST['payment_date']; 
$txn_id=$_POST['txn_id'];
$first_name=$_POST['first_name']; 
$last_name=$_POST['last_name']; 
$address_name=$_POST['address_name']; 
$address_street=$_POST['address_street']; 
$address_city=$_POST['address_city']; 
$address_state=$_POST['address_state']; 
$address_zip=$_POST['address_zip']; 
$address_country=$_POST['address_country']; 
$address_status=$_POST['address_status']; 
$payer_email=$_POST['payer_email']; 
$payer_id=$_POST['payer_id']; 
$payer_status=$_POST['payer_status']; 

if($payment_status!="completed" || $business!="me@email" || $mc_currency!="USD")
echo "The payment was not successful";
else{
//payment was successful. save it in database
$sql="INSERT INTO table  ";
mysql_query($sql);
echo "Thank you. You have paid successfully";

}

?>

Posted: Sat Aug 25, 2007 10:28 am
by miro_igov
I do not believe you can pass through 'username' and any other custom variables. There are other ways for this.

Edit: Your payment verification is wrong, everyone could hack this script, you should pass back the transaction number to paypal and see if paypal will reply that this is valid and successful transaction. Also be careful with refunded payments, your script does not detect this.

Posted: Sun Aug 26, 2007 12:24 pm
by m2babaey
I do not believe you can pass through 'username' and any other custom variables. There are other ways for this.
what is that way?
:roll:

Posted: Sun Aug 26, 2007 1:49 pm
by miro_igov
RTM === read the manual. Paypal offers bunch of integration guides. I have no time to give you samples.