The PHP development method of analyzing PayPal payment interface
- 2020-03-31 21:18:19
- OfStack
Apply for PayPal registration website: https://www.paypal.com/
The paypal interface is a little different from other interfaces and a little more complicated. In fact, the bank interface is also a site plug-in.
The so-called paypal ipn (Instant Payment Notification) is a mechanism developed by paypal that can proactively inform the third-party seller of the transaction status of the system. IPN principle is simple, it is produced when a deal after the transaction status changes, such as the user has the payment, or refund, cancellation, Paypal method of commonly used HTTP POST, some variables of transactions will be submitted to the site of a page (called IPN Handler), when the page takes to request, these data will be intact and an indicator verification CMD = _notify - validate, POST back to Paypal interface address, if the data is correct, Paypal returns a VERIFIED string, otherwise INVALID, and if the result is VERIFIED, your program can use this data to perform operations.
Open a Sandbox account
But the debugging code is a very painful thing, because as a third party developers, cannot open the two account transactions between each test and some money, so Paypal specially developed a Sandbox to developers for development, the first to register a https://developer.paypal.com/ account development, well then enter the Sandbox build test with Paypal virtual account (at least should set up a Business and a Personal). This method of account registration is the same as the Paypal process, information can be false, including bank accounts, credit CARDS (in fact, Paypal Sandbox will automatically generate some random Numbers). Next, you need to activate the virtual account of Paypal Sandbox. Note that no matter what Email address you fill in when you register with Paypal Sanbox, any Email sent to the Email address of the virtual account will be saved in the Email page of the administrative interface of the development account (on the navigation bar). To log into the virtual Paypal environment of the Sandbox, you also need to verify the bank of the virtual account. You can fill in whatever you like here, and then recharge the account through Add Funds (fill in as much as you want 920-203 920-533). Then, you also need to activate the IPN option. In the Profile Settings page of that account of Business, click, and then click the Edit button to open IPN. Here, if you use a fixed IPN Handle, you can directly fill in the address.
Next, the test of time, we should set the address of the Paypal interface to https://www.sandbox.paypal.com/cgi-bin/webscr
Basic flow
When the customer pays you, PayPal sends a notification to the server at the specified URL (type = "hidden" name = "notify_url" value = ""). This notification will include all payment information for your customer (for example, customer name, amount), as well as an encryption code. When the server receives the notification, it then sends the information, including the encryption code, back to the secure PayPal URL. PayPal authenticates transactions by checking the encrypted string. This operation of sending IPN data back to PayPal prevents "spoofing," so you can ensure that the IPN comes from PayPal. PayPal sends a confirmation of its validity back to your server when you verify it.
Tip: to enable instant payment notifications, you will need to enter a URL through which you can receive notifications from your user information.
With instant payment notifications enabled, your server will receive a notification each time you receive payment, which will be sent to the specified URL in a hidden "FORM POST" and will include all payment information. The FORM variables for notifications are listed at the bottom of the page.
Each time you receive an IPN from PayPal, you must complete the notification confirmation process described below before you can execute the order. Confirming the information listed will ensure that the transaction is legal.
Notification confirmation IPN
To ensure that payments are made to your PayPal account, you must verify that the email address used as "receiver_email" is registered and confirmed in your PayPal account.
Once the server receives an instant payment notice, you will need to confirm it by building an HTTP POST to be sent to PayPal. Your POST should be sent to https://www.paypal.com/cgi-bin/webscr
You must send all received form variables exactly as they were when you received them. You also need to append a variable named "CMD" with a value of "_notify-validate" (for example, CMD =_notify-validate) to the POST string.
PayPal replies to the POST with a word "VERIFIED" or "INVALID" in the body of the reply. When you receive a VERIFIED reply, you need to perform several checks before executing the order:
Verify that "payment_status" is "Completed" because the system also sends IPN for other results, such as "Pending" or "Failed".
Check that "txn_id" is not duplicated to prevent fraudsters from reusing old completed transactions.
Verify that "receiver_email" is an email address that has been registered in your PayPal account to prevent payments from being sent to the fraudster's account.
After completing the above check, you can use IPN data to update your database and process the purchase.
If an "invalid" notice is received, it should be considered suspicious and investigated.
Main parameters:
When you submit the paste code to PayPal, you should include the following four hidden variables and a picture. That is to say, the minimum required code for you to paste into PayPal should be as follows:
< The form Action = "https://www.paypal.com/row/cgi-bin/webscr" method = "post" >
< The input Type = "hidden" name = "CMD" value = "_xclick" > // "_xclick" buy now
< The input
Type = "hidden" name = "business" value = "you@youremail.com"
>
/ / email address on PayPal account
< The input
Type = "hidden" name = "item_name" value = "Item name"
>
// item name (or cart name)
< The input
Type = "hidden" name = "currency_code" value = "$"
>
// currency can be defined as "USD", "EUR", "GBP", "CAD", "JPY".
< The input
Type = "hidden" name = "amount" value = "0.00"
>
// item price (total price of all items in the cart, because _Xclick mode)
< The input
Type = "image" SRC = "http://www.paypal.com/zh_XC/i/btn/x-click-but01.
GIF "name="submit" Alt =" please pay with PayPal!"
>
< / form>
Available variables
Business the email address on your PayPal account
We need to know the quantity of the goods. Greater than 1 is multiplied by the amount
Item_name item name (or cart name). It must be an alphanumeric character with a maximum of 127 characters
Item_number is used to track the optional pass-through variable for the payment. It must be an alphanumeric character with a maximum of 127 characters
Amount (total cost of all items in the cart)
The shipping cost of the item
Shipping2 shipping cost per additional item
Handling fee
Tax is based on the amount of tax on a transaction. If this variable is used, the passed value overrides all user information tax Settings (regardless of the buyer's location).
No_shipping address. If set to "1", your customer is not required to provide a shipping address. The variable is optional; If omitted or set to "0", your customer will be prompted for the shipping address
Cn optional label, will be displayed on the prompt bar (up to 40 characters)
No_note adds a prompt for payment. If set to "1", your customer will not be prompted for a prompt. The variable is optional; If you omit or set to "0", your customer will be prompted for a prompt.
On0 first TAB name. Up to 64 characters
Os0 first set of option values. Up to 200 characters." On0 "must be defined in order to identify "os0".
On1 second TAB name. Up to 64 characters
Os1 second set of option values. Up to 200 characters." On1 "must be defined in order to identify "os1".
Custom never shows an optional forwarding variable to your customer. Can be used to track inventory
An invoice never shows an optional forwarding variable to your customer. Can be used to track bill Numbers
Notify_url is used only with IPN. Send the Internet URL of the IPN Form Post
Return the Internet URL that your client will return after completing the payment
Cancel_return the Internet URL that will be returned after your customer cancels the payment
Image_url the Internet URL for the image you want to use as an icon, with an image size of 150 X 50 pixels
Cs sets the background color of your payment page. If set to "1", the background color will be black. The variable is optional; If omitted or set to "0", the background color will be white
Extension variable
PayPal allows you to paste extension variables on the condition that the following "CMD" value is changed:
To:
With the above "CMD" value modification, you can also use the following variables:
Extension variable
Email client's email address
First_name the name of the customer. Must be alphanumeric characters, up to 32 characters
Last_name the last name of the customer. It must be an alphanumeric character with a maximum of 64 characters
Country or region where address1 customer address is located. Must be alphanumeric characters, up to 100 characters
The second line of the address2 customer address. Must be alphanumeric characters, up to 100 characters
The customer's address is in the city. Must be alphanumeric characters, up to 100 characters
State is the state where the customer is located. Must be a formal 2-letter abbreviation
Zip code for customer address
Area code for night_phone_a client's night contact number
The top three night_phone_b customer contact Numbers for the night
Area code for day_phone_a customer daytime contact phone number
Day_phone_b customers contact the top three daytime phone Numbers
Tip: to change the default shipping and handling Settings in user info, go to your user info, edit your shipping calculation, and then click the allow transaction-based shipping check box.
Pass a single item to PayPal
If your third-party shopping cart can be set up to deliver a single item to PayPal, information about the item will be added to the buyer and seller logs and system notifications. To add information about the item, you need to paste the HTML format element into the new version of the PayPal shopping cart process. This process is very similar to that described in section #1, "passing the total shopping cart number to PayPal", except that:
Set the "CMD" variable to "_cart"
Replace the necessary HTML lines
with
Add a new variable called "upload"
In < Form > Add the following line between and label:
Define item details
For each of the following specific item parameters, define a new set of values corresponding to each item purchased through your partner's shopping cart. Append "_x" to the variable name, where x is the item number, starting at 1 and increasing by 1 for each item added.
Item_name_x (item #x required) the name of item #x in the cart. It must be an alphanumeric character with a maximum of 127 characters
An optional pass-through variable associated with item_number_x and item #x in the shopping cart. It must be an alphanumeric character with a maximum of 127 characters
Amount_x (item #x requires) the price of item #x
Shipping_x the cost of shipping the first item (quantity 1) of item #x
Shipping2_x the shipping cost for each additional item #x (quantity 2 or more) shipped
Handling_x item #x processing cost
On0_x item #x first TAB name. Up to 64 characters
The first set of option values for os0_x item #x. Up to 200 characters." On0_x "must be defined to identify" os0_x ".
On1_x item #x second TAB name. Up to 64 characters
The second set of option values for os1_x item #x. Up to 200 characters." On1_x "must be defined to identify" os1_x ".
Repeat this setting for each item in the cart
Add a set of required variables and any option variables from the above table to each item in your buyer's cart. The first item in the cart must be defined with an argument ending in "_1", such as "item_name_1", "amount_1", and so on. Again, the second item is named after variables "item_name_2", "amount_2", etc. Tip: the "_x" value must be incremented by one in order to be recognized. If you jump from item #1 to item #3 without defining item #2, the third item is ignored.
To specify currency: all currency variables (amount, freight, freight 2, handling fee, tax) will be displayed in the currency specified by the "currency_code" variable pasted on the payment. Since it is not item specific, there is no need to append "_x" to the variable name. If we do not paste the "currency_code" variable, we will assume that all currency values are dollars.
These are the main steps of developing PayPal payment interface with PHP.