开发者

Get information from PayPal after a transaction

I want to create a simple transaction on my Web Site where after the person's transaction completes, I want paypal to redirect the user to go to a place on my site and I want PayPal to provide me with details so 开发者_StackOverflowI can use PHP to parse it and email them the link to their purchase. I'm not sure what notify_url does? Thanks


PayPal works like this:

You have a form with a "buy" button. When that is clicked, it sends information (product, price, your account name, etc) to PayPal.

The buyer then agrees to pay you and when the transaction is completed, PayPal send an "IPN" (instant payment notification) to your notify URL - it sends POST data to that URL for your server to process. You reply to PayPal to ask if they sent the POST data (rather than an imposter) and if they then answer that it is a real transaction, you can release the product to the customer. Note that this all happens in the background while your buyer is still "at" the PayPal website.

There is a final optional stage, which is that PayPal returns the buyer to your website. In this case, they send the buyer back to your "return" url, and they can (optionally) pass back the transaction data again, (they call this PDT). And you can again check with Paypal if this is a valid transaction and provide a download etc at that point.

The most difficult bit that nobody explains is that the buyer doesn't get redirected to your notify URL. i.e. the "visitor" to your website's notify URL is PayPal, not the buyer, so this doesn't happen as part of your buyer's session. If you wish to persist a session across the three parts of this process, then you need to create a means of tracking the buyer in your form, and pass that to PayPal in a field of the form called "custom". This data is passed back to you in the IPN and PDT data, and you can use this to re-establish a connection with the original user session.

You really need to implement both IPN and PDT - if the IPN email fails then you have PDT as a backup. And if the user closes their web browser before they are redirected back to your PDT page, then you have sent an IPN email as a backup.

Search on IPN and PDT and you'll find quite a lot of information. PayPal also have full documentation and example scripts.


Notify URL should lead to the script that saves the returned data from PayPal, such as:

   /** Fetch order from PayPal (IPN reply)
    * @return int received ID of inserted row if received correctly, 0 otherwise
    */
   function FetchOrder()
   {
   $transactionID=$_POST["txn_id"];
   $item=$_POST["item_name"];
   $amount=$_POST["mc_gross"];
   $currency=$_POST["mc_currency"];
   $datefields=explode(" ",$_POST["payment_date"]);
   $time=$datefields[0];
   $date=str_replace(",","",$datefields[2])." ".$datefields[1]." ".$datefields[3];
   $timestamp=strtotime($date." ".$time);
   $status=$_POST["payment_status"];
   $firstname=$_POST["first_name"];
   $lastname=$_POST["last_name"];
   $email=$_POST["payer_email"];
   $custom=$_POST["option_selection1"];
   if ($transactionID AND $amount)
      {
      // query to save data
      return $this->insertID;
      }
   else
      {
      return 0;
      }
   }

You can also choose to verify an order later on:

/** Verify PayPal order (IPN)
    * PayPal returns VERIFIED or INVALID on request
    * @return bool verified 1 if verified, 0 if invalid
    */
   function VerifyOrder()
   {
   $_POST["cmd"]="_notify-validate";
   $ch=curl_init();
   curl_setopt($ch,CURLOPT_HEADER,0);
   curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
   curl_setopt($ch,CURLOPT_USERAGENT,"your agent - replace");
   curl_setopt($ch,CURLOPT_URL,"https://www.paypal.com/cgi-bin/webscr");
   curl_setopt($ch,CURLOPT_POST, 1);
   foreach ($_POST as $key=>$value)
      {
      $string.="&".$key."=".urlencode(stripslashes($value));
      }
   curl_setopt($ch, CURLOPT_POSTFIELDS, $string);
   $result=curl_exec($ch);
   if ($result=="VERIFIED") return 1;
   else return 0;
   }


$tx=$_REQUEST['tx'];

$paypal_url='https://www.paypal.com/cgi-bin/webscr?cmd=_notify-synch&tx='.$tx.'&at=token here';

$curl = curl_init($paypal_url);

$data = array(

"cmd" => "_notify-synch",

"tx" => $tx,

"at" => "token here"


);                                                                    

$data_string = json_encode($data); 

curl_setopt ($curl, CURLOPT_HEADER, 0);

curl_setopt ($curl, CURLOPT_POST, 1);

curl_setopt ($curl, CURLOPT_POSTFIELDS, $data_string);

curl_setopt ($curl, CURLOPT_SSL_VERIFYPEER, 0);

curl_setopt ($curl, CURLOPT_RETURNTRANSFER, 1);

curl_setopt ($curl, CURLOPT_SSL_VERIFYHOST, 1);

$headers = array (

'Content-Type: application/x-www-form-urlencoded',

'Host: www.paypal.com',

'Connection: close'

);

curl_setopt ($curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);

curl_setopt ($curl, CURLOPT_HTTPHEADER, $headers);

$response = curl_exec($curl);

$lines = explode("\n", $response);

$keyarray = array();

if (strcmp ($lines[0], "SUCCESS") == 0) {

for ($i=1; $i<count($lines);$i++){

list($key,$val) = explode("=", $lines[$i]);

$keyarray[urldecode($key)] = urldecode($val);

}


$first_name=$keyarray['first_name'];

$last_name=$keyarray['last_name'];

$payment_status=$keyarray['payment_status'];

$business=$keyarray['business'];

$payer_email=$keyarray['payer_email'];

$payment_gross=$keyarray['payment_gross'];

$mc_currency=$keyarray['mc_currency']; 

}


When parsing the PDT response I'm using parse_str. Since the body of the response is url encoded it's just a matter of replacing the line breaks with ampersands- like this

$result = curl_exec($ch);    
//replace the breaks with '&'
$r_string = str_replace("\n", "&", $result);
//parse the response into a key->value array
                    parse_str($r_string, $this->details);
                    if(!isset($this->details['SUCCESS'])){
                 //the "SUCCESS" or "FAIL" response is the first key   
    return FALSE;
                    }
                    else{
//the values of the response are now in an array
                        return TRUE;

                    }

depending on the application you can even leave out the second parameter ($this->details) and the values are set as global variables.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜