Integration of PayPal to the site as a payment system and the problem with https
Recently, a site redesign was to be done with the subsequent rebuilding of the entire CMS. In the process, he drew attention to the integration of PayPal as a payment system. I definitely cannot say about the advantages of this payment system or any benefit, the choice of the customer, and since its main activity is Mail Forwarding (sending and delivering packages from the USA), it is more convenient for him to use this payment system.
The total statistical figures about PayPal are 143 million users in 203 countries of the world, although at the same time, until recently, in Russia it was impossible to withdraw funds to your bank account.
The payment process on the site is implemented in the following way, the client logs in to the site, enters the necessary amount to replenish his personal account.
Next, the form of the site redirects the user to the PayPal authorization and payment page, and, after successful payment, issues a corresponding message, redirecting the client to the personal account of the start site.
')
Actually the simplest form:
We need PayPal to automatically transfer data on all payments, in real time, so that users of the site can instantly access their funds. To do this, we enable the IPN (Instant payment notifications) feature in the Profile-My Selling Tools in the personal account of your PayPal account, specifying a link to receive notifications on your site.
A piece of code for receiving notifications and entering payment data into the database. Since the site uses PHP5, you must install the cURL library.
After the certificate was turned on, the notification form stopped working; accordingly, the data were no longer loaded in real time; after a little digging in the manuals of the official developers, I changed the code a little. The hitch lies in the fact that in the PayPal sandbox the request is processed correctly, but when you switch to combat mode, the form refuses to accept the notification. Therefore, it is necessary to change the corresponding variable in Curl (specified in the form).
PayPal no longer supports the SSLv3 certificate due to the vulnerability, I also heard that when switching to https, many people refused to work IPN, in this case, you can simply make a separate subdomain of the payment.mysite.com type on port 80 that will receive all notifications from payment system.
The total statistical figures about PayPal are 143 million users in 203 countries of the world, although at the same time, until recently, in Russia it was impossible to withdraw funds to your bank account.
The payment process on the site is implemented in the following way, the client logs in to the site, enters the necessary amount to replenish his personal account.
Next, the form of the site redirects the user to the PayPal authorization and payment page, and, after successful payment, issues a corresponding message, redirecting the client to the personal account of the start site.
')
Actually the simplest form:
<form id="paypal" action="https://www.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" id="amount" name="amount" value=""/> <input type="hidden" name="cmd" value="_xclick"/> <input type="hidden" name="business" value=" PayPal E-mail"/> <input type="hidden" name="item_name" value=" "/> <input type="hidden" name="item_number" value=" ID "/> <input type="hidden" name="currency_code" value=""/> <input type="hidden" name="button_subtype" value="services"/> <input type="hidden" name="no_note" value="1"/> <input type="hidden" name="no_shipping" value="1"/> <input type="hidden" name="return" value=" "/> <input type="hidden" name="notify_url" value=" "/> <input type="hidden" name="cancel_return" value=", "/> <input type="hidden" name="bn" value="PP-BuyNowBF:btn_buynowCC_LG.gif:NonHostedGuest"/> <img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1"/> <input type="submit" value=""/> </form> We need PayPal to automatically transfer data on all payments, in real time, so that users of the site can instantly access their funds. To do this, we enable the IPN (Instant payment notifications) feature in the Profile-My Selling Tools in the personal account of your PayPal account, specifying a link to receive notifications on your site.
A piece of code for receiving notifications and entering payment data into the database. Since the site uses PHP5, you must install the cURL library.
$postdata=""; foreach ($_POST as $key=>$value) $postdata.=$key."=".urlencode($value)."&"; $postdata .= "cmd=_notify-validate"; $curl = curl_init("https://www.paypal.com/cgi-bin/webscr"); curl_setopt ($curl, CURLOPT_HEADER, 0); curl_setopt ($curl, CURLOPT_POST, 1); curl_setopt ($curl, CURLOPT_POSTFIELDS, $postdata); curl_setopt ($curl, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt ($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($curl, CURLOPT_SSL_VERIFYHOST, 1); $response = curl_exec ($curl); curl_close ($curl); After the certificate was turned on, the notification form stopped working; accordingly, the data were no longer loaded in real time; after a little digging in the manuals of the official developers, I changed the code a little. The hitch lies in the fact that in the PayPal sandbox the request is processed correctly, but when you switch to combat mode, the form refuses to accept the notification. Therefore, it is necessary to change the corresponding variable in Curl (specified in the form).
PayPal no longer supports the SSLv3 certificate due to the vulnerability, I also heard that when switching to https, many people refused to work IPN, in this case, you can simply make a separate subdomain of the payment.mysite.com type on port 80 that will receive all notifications from payment system.
Source: https://habr.com/ru/post/247261/
All Articles