The PHP development method of analyzing PayPal payment interface

Apply for PayPal registration website: https://www.paypal.com/

The paypal interface is a little different from other interfaces and a little more complicated. In fact, the bank interface is also a site plug-in.

The so-called paypal ipn (Instant Payment Notification) is a mechanism developed by paypal that can proactively inform the third-party seller of the transaction status of the system. IPN principle is simple, it is produced when a deal after the transaction status changes, such as the user has the payment, or refund, cancellation, Paypal method of commonly used HTTP POST, some variables of transactions will be submitted to the site of a page (called IPN Handler), when the page takes to request, these data will be intact and an indicator verification CMD = _notify - validate, POST back to Paypal interface address, if the data is correct, Paypal returns a VERIFIED string, otherwise INVALID, and if the result is VERIFIED, your program can use this data to perform operations.

Open a Sandbox account

But the debugging code is a very painful thing, because as a third party developers, cannot open the two account transactions between each test and some money, so Paypal specially developed a Sandbox to developers for development, the first to register a https://developer.paypal.com/ account development, well then enter the Sandbox build test with Paypal virtual account (at least should set up a Business and a Personal). This method of account registration is the same as the Paypal process, information can be false, including bank accounts, credit CARDS (in fact, Paypal Sandbox will automatically generate some random Numbers). Next, you need to activate the virtual account of Paypal Sandbox. Note that no matter what Email address you fill in when you register with Paypal Sanbox, any Email sent to the Email address of the virtual account will be saved in the Email page of the administrative interface of the development account (on the navigation bar). To log into the virtual Paypal environment of the Sandbox, you also need to verify the bank of the virtual account. You can fill in whatever you like here, and then recharge the account through Add Funds (fill in as much as you want 920-203 920-533). Then, you also need to activate the IPN option. In the Profile Settings page of that account of Business, click, and then click the Edit button to open IPN. Here, if you use a fixed IPN Handle, you can directly fill in the address.

Next, the test of time, we should set the address of the Paypal interface to https://www.sandbox.paypal.com/cgi-bin/webscr

Basic flow

When the customer pays you, PayPal sends a notification to the server at the specified URL (type = "hidden" name = "notify_url" value = ""). This notification will include all payment information for your customer (for example, customer name, amount), as well as an encryption code. When the server receives the notification, it then sends the information, including the encryption code, back to the secure PayPal URL. PayPal authenticates transactions by checking the encrypted string. This operation of sending IPN data back to PayPal prevents "spoofing," so you can ensure that the IPN comes from PayPal. PayPal sends a confirmation of its validity back to your server when you verify it.

Tip: to enable instant payment notifications, you will need to enter a URL through which you can receive notifications from your user information.

With instant payment notifications enabled, your server will receive a notification each time you receive payment, which will be sent to the specified URL in a hidden "FORM POST" and will include all payment information. The FORM variables for notifications are listed at the bottom of the page.

Each time you receive an IPN from PayPal, you must complete the notification confirmation process described below before you can execute the order. Confirming the information listed will ensure that the transaction is legal.

Notification confirmation IPN

To ensure that payments are made to your PayPal account, you must verify that the email address used as "receiver_email" is registered and confirmed in your PayPal account.

Once the server receives an instant payment notice, you will need to confirm it by building an HTTP POST to be sent to PayPal. Your POST should be sent to https://www.paypal.com/cgi-bin/webscr

You must send all received form variables exactly as they were when you received them. You also need to append a variable named "CMD" with a value of "_notify-validate" (for example, CMD =_notify-validate) to the POST string.

PayPal replies to the POST with a word "VERIFIED" or "INVALID" in the body of the reply. When you receive a VERIFIED reply, you need to perform several checks before executing the order:

Verify that "payment_status" is "Completed" because the system also sends IPN for other results, such as "Pending" or "Failed".

Check that "txn_id" is not duplicated to prevent fraudsters from reusing old completed transactions.

Verify that "receiver_email" is an email address that has been registered in your PayPal account to prevent payments from being sent to the fraudster's account.

After completing the above check, you can use IPN data to update your database and process the purchase.

If an "invalid" notice is received, it should be considered suspicious and investigated.

Main parameters:

When you submit the paste code to PayPal, you should include the following four hidden variables and a picture. That is to say, the minimum required code for you to paste into PayPal should be as follows:

< The form Action = "https://www.paypal.com/row/cgi-bin/webscr" method = "post" >

< The input Type = "hidden" name = "CMD" value = "_xclick" >     // "_xclick" buy now

< The input Type = "hidden" name = "business" value = "you@youremail.com" >    
/ / email address on PayPal account

< The input Type = "hidden" name = "item_name" value = "Item name" >
// item name (or cart name)

< The input Type = "hidden" name = "currency_code" value = "$" >
// currency can be defined as "USD", "EUR", "GBP", "CAD", "JPY".

< The input Type = "hidden" name = "amount" value = "0.00" >
// item price (total price of all items in the cart, because _Xclick mode)
< The input Type = "image" SRC = "http://www.paypal.com/zh_XC/i/btn/x-click-but01.
GIF "name="submit" Alt =" please pay with PayPal!" >

< / form>

Available variables

Business the email address on your PayPal account

We need to know the quantity of the goods. Greater than 1 is multiplied by the amount

Item_name item name (or cart name). It must be an alphanumeric character with a maximum of 127 characters

Item_number is used to track the optional pass-through variable for the payment. It must be an alphanumeric character with a maximum of 127 characters

Amount (total cost of all items in the cart)

The shipping cost of the item

Shipping2 shipping cost per additional item

Handling fee

Tax is based on the amount of tax on a transaction. If this variable is used, the passed value overrides all user information tax Settings (regardless of the buyer's location).

No_shipping address. If set to "1", your customer is not required to provide a shipping address. The variable is optional; If omitted or set to "0", your customer will be prompted for the shipping address

Cn optional label, will be displayed on the prompt bar (up to 40 characters)

No_note adds a prompt for payment. If set to "1", your customer will not be prompted for a prompt. The variable is optional; If you omit or set to "0", your customer will be prompted for a prompt.

On0 first TAB name. Up to 64 characters

Os0 first set of option values. Up to 200 characters." On0 "must be defined in order to identify "os0".

On1 second TAB name. Up to 64 characters

Os1 second set of option values. Up to 200 characters." On1 "must be defined in order to identify "os1".

Custom never shows an optional forwarding variable to your customer. Can be used to track inventory

An invoice never shows an optional forwarding variable to your customer. Can be used to track bill Numbers

Notify_url is used only with IPN. Send the Internet URL of the IPN Form Post

Return the Internet URL that your client will return after completing the payment

Cancel_return the Internet URL that will be returned after your customer cancels the payment

Image_url the Internet URL for the image you want to use as an icon, with an image size of 150 X 50 pixels

Cs sets the background color of your payment page. If set to "1", the background color will be black. The variable is optional; If omitted or set to "0", the background color will be white

Extension variable

PayPal allows you to paste extension variables on the condition that the following "CMD" value is changed:

To:

With the above "CMD" value modification, you can also use the following variables:

Extension variable

Email client's email address

First_name the name of the customer. Must be alphanumeric characters, up to 32 characters

Last_name the last name of the customer. It must be an alphanumeric character with a maximum of 64 characters

Country or region where address1 customer address is located. Must be alphanumeric characters, up to 100 characters

The second line of the address2 customer address. Must be alphanumeric characters, up to 100 characters

The customer's address is in the city. Must be alphanumeric characters, up to 100 characters

State is the state where the customer is located. Must be a formal 2-letter abbreviation

Zip code for customer address

Area code for night_phone_a client's night contact number

The top three night_phone_b customer contact Numbers for the night

Area code for day_phone_a customer daytime contact phone number

Day_phone_b customers contact the top three daytime phone Numbers

Tip: to change the default shipping and handling Settings in user info, go to your user info, edit your shipping calculation, and then click the allow transaction-based shipping check box.

Pass a single item to PayPal

If your third-party shopping cart can be set up to deliver a single item to PayPal, information about the item will be added to the buyer and seller logs and system notifications. To add information about the item, you need to paste the HTML format element into the new version of the PayPal shopping cart process. This process is very similar to that described in section #1, "passing the total shopping cart number to PayPal", except that:

Set the "CMD" variable to "_cart"

Replace the necessary HTML lines

with

Add a new variable called "upload"

In < Form > Add the following line between and label:

Define item details

For each of the following specific item parameters, define a new set of values corresponding to each item purchased through your partner's shopping cart. Append "_x" to the variable name, where x is the item number, starting at 1 and increasing by 1 for each item added.

Item_name_x (item #x required) the name of item #x in the cart. It must be an alphanumeric character with a maximum of 127 characters

An optional pass-through variable associated with item_number_x and item #x in the shopping cart. It must be an alphanumeric character with a maximum of 127 characters

Amount_x (item #x requires) the price of item #x

Shipping_x the cost of shipping the first item (quantity 1) of item #x

Shipping2_x the shipping cost for each additional item #x (quantity 2 or more) shipped

Handling_x item #x processing cost

On0_x item #x first TAB name. Up to 64 characters

The first set of option values for os0_x item #x. Up to 200 characters." On0_x "must be defined to identify" os0_x ".

On1_x item #x second TAB name. Up to 64 characters

The second set of option values for os1_x item #x. Up to 200 characters." On1_x "must be defined to identify" os1_x ".

Repeat this setting for each item in the cart

Add a set of required variables and any option variables from the above table to each item in your buyer's cart. The first item in the cart must be defined with an argument ending in "_1", such as "item_name_1", "amount_1", and so on. Again, the second item is named after variables "item_name_2", "amount_2", etc. Tip: the "_x" value must be incremented by one in order to be recognized. If you jump from item #1 to item #3 without defining item #2, the third item is ignored.

To specify currency: all currency variables (amount, freight, freight 2, handling fee, tax) will be displayed in the currency specified by the "currency_code" variable pasted on the payment. Since it is not item specific, there is no need to append "_x" to the variable name. If we do not paste the "currency_code" variable, we will assume that all currency values are dollars.

These are the main steps of developing PayPal payment interface with PHP.