Jump to content
CrisTany

PHP - PayPal Payment

Recommended Posts

Posted

Salut, lucrez la un nou website, tema nu conteaza aici, vreau sa fac ca platile sa se desfasoara prin paypal. Pe websiteul meu exista o moneda virtuala uCredits, aceste uCredits le cumperi folosind PayPal.

Uite si problema mea, cand creez butonul pe paypal.com de Buy now, pot completa un camp unde sa redirectioneze clientul dupa ce plata e realizata. Daca pun de exemplu www.mywebsite.com/home/payment/credits , unde e pagina in care adaug creditele in baza de date, clienti pot intra din nou acolo fara a face plata si sa exploateze siteul.

Problema mai pe scurt: cum pot face ca doar dupa ce face plata sa poata accesa acea pagina si sa i se incarce contul cu uCredits.

Asa arata formul dat de paypal pe care il pun pe website:

<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="WZNDEN836CHR8">
<input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>

Daca mai aveti intrebari sau nu ati inteles ceva lasati un reply, multumesc.

Posted

In pagina unde creezi butonul, bifezi "Add advanced variables" si adaugi in acel textarea asta:


notify_url=http://domeniu.com/pagina.php

Pe linkul ala paypalul iti va trimite prin POST o gramada de detalii despre tranzactia efectuata, inclusiv de la cine si suma platita. Parsarea parametrilor primiti nu cred ca e o problema. Mai ramane validarea datelor, pentru ca oricine ar putea face un POST catre linkul ala.

Ca sa validezi datele primite si sa te asiguri ca ce ai primit prin e o tranzactie paypal valida, va trebui sa faci un request simplu, GET la linkul urmator:


https://www.paypal.com/cgi-bin/webscr?cmd=_notify-validate&$post

Variabila $post din link va contine toate datele primite prin post formatate sub forma nume=valoare&nume=valoare

Daca raspunsul primit in pagina este "VERIFIED" atunci ii dai creditele, altfel nu.

  • Active Members
Posted (edited)

OFF:

La unele site-uri poti schimba pretul folosind doar Tamper Data ! Aceasta metoda este veche ! Poate careva nu stie de aici si m-am gandit sa va anunt.

1. Use Google to find sites that take PayPal as payment.

2. Find something (not too expensive lol.)

3. Turn on Tamper Data (can be found in tools once installed.)

4. Click start tamper

5. Click add to cart.

6. This is the annoying part, every time the site tries to store something, Tamper Data pops up and asks what you want to do, being very careful, glance down and look for the price of the item, if its not there, then click OK. If it is, then select the price and change it to what you want (I decided to change it to 1% (Item was $123, I changed it to $1.23) All will become apparent very soon. Then click ok.

7. Once PayPal has loaded, turn Tamper Data off by clicking stop tamper

8. Notice PayPal now charges you whatever price you entered earlier

If you get to the PayPal confirm payment page, then you have gone too far, just go back to the beginning and try again.

Edited by akkiliON
Posted

Am tot incercat sa fac dar nu am reusit, si am zis ca poate e problema cu query-ul meu de UPDATE, si am zis pentru o tura sa pun un INSERT la plesneala sa vad daca se adauga, si se adauga. Deci problema e cu query-ul meu.

Cam asa am query-ul:

include 'models/config.php';
mysql_query("UPDATE `users` SET `credits` = `credits`+ '".$_POST['custom2']."' WHERE `id` = '".$_POST['custom']."' ");

si asta e formul meu actual:

<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="MT8FUVFNAJ9G6">
<input type="hidden" name="notify_url" value="http://www.usedarchive.com/paypal.php">
<input type="hidden" name="custom" value="'.$fetch['id'].'">
<input type="hidden" name="custom2" value="10">
<input type="hidden" name="return" value="http://www.usedarchive.com/home.php">
<input type="hidden" name="cancel_return" value="http://www.usedarchive.com/home.php">
<input type="submit" value="Pay">
</form>

Care sa fie prblema ? Nu se trimite ID-ul sau cantitatea in cele 2 posturi ?

Posted

Cam ce trebuie sa faci:

1. Formular

<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="MT8FUVFNAJ9G6">
<input type="hidden" name="notify_url" value="http://www.usedarchive.com/paypal.php"> <- pagina unde trimite paypal datele dupa ce a facut facuta comanda
<input type="hidden" name="custom" value="'.$fetch['id'].'|'.$fetch['ce-cumpara'].'|'.$fetch['cat-cumpara'].'"> <- aici in custom pui id-ul, pachetul cumparat, si ce contine acel pachet (pentru securitate, vezi mai incolo)
<input type="hidden" name="return" value="http://www.usedarchive.com/home.php"> <- unde il redirectioneaza dupa ce a fost facuta plata
<input type="hidden" name="cancel_return" value="http://www.usedarchive.com/home.php"> <- unde il redirectioneaza daca se hotaraste sa numai platesca
<input type="submit" value="Pay">
</form>

2 IPN care este: notify_url din formular

<?php
require("config.php"); // configurarea unde ai conectarea la baza de date
// STEP 1: Read POST data

// reading posted data from directly from $_POST causes serialization
// issues with array data in POST
// reading raw POST data from input stream instead.
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
$keyval = explode ('=', $keyval);
if (count($keyval) == 2)
$myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
$get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {
if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
$value = urlencode(stripslashes($value));
} else {
$value = urlencode($value);
}
$req .= "&$key=$value";
}


// STEP 2: Post IPN data back to paypal to validate

$ch = curl_init('https://www.paypal.com/cgi-bin/webscr');
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));

// In wamp like environments that do not come bundled with root authority certificates,
// please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
// of the certificate as shown below.
// curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
if( !($res = curl_exec($ch)) ) {
// error_log("Got " . curl_error($ch) . " when processing IPN data");
curl_close($ch);
exit;
}
curl_close($ch);


// STEP 3: Inspect IPN validation result and act accordingly

if (strcmp ($res, "VERIFIED") == 0) {
// check whether the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment
// assign posted variables to local variables

// Variabile pe care le poti folosi
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$custom = explode('|', $_POST['custom']); // mai tii minte ce am pus in formularul de sus da ? 3 chestii
$id = $custom[0]; // prima ID-ul
$pachet = $custom[1]; // 2 ce cumpara
$text = $custom[2]; // 3 cat cumpara
$pack = mysql_fetch_object(mysql_query("SELECT * FROM `pachete` WHERE `nume`='{$item_name}' AND `cat_a_cumparat`='{$item_number}'"));
mysql_query("UPDATE `users` SET `punct`=`punct`+'{$pack->punct}' WHERE `id`='{$id}'");
}
else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
}
?>

Sper ca ti-ai facut o idee !

Bafta

Posted

Data viitoare spune si tu ca ai rezolvat ! :)

Sa nu ne mai chinuim sa te ajutam :)

Si daca tot ai rezolvat spune si cum, ca poate are si altcineva aceiasi problema si cauta rezolvarea !

Posted
Cam asa am query-ul:

include 'models/config.php';
mysql_query("UPDATE `users` SET `credits` = `credits`+ '".$_POST['custom2']."' WHERE `id` = '".$_POST['custom']."' ");

SQLi. Daca ai pastrat query-ul, nu ar strica sa ti-l repari.

Posted

nu folosesc query-ul ala.

Am rezolvat eliminand inputul care trimitea postul custom2, nu exista. In el trebuia sa introduc valorea creditelor, dar le-am introdus in custom ambele, iduser#credite, si folosind explode le-am extras.

Done.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...