PayPal API - Driving Me Mad

Hi There,

I’ve been looking at the PayPal API documentation and I think my head is about to explode with all the different APIs. I could do with someone pointing me in the right direction.

My website is setup whereby the user is able to become a member by choosing a package based on a radio button. Once selected they are moved to an overview of their order with a PayPal button.

So far I have tried encrypting said PayPal button only to draw a blank. I have tried implementing the PayPal API but can’t seem to find out how you can then be passed to the PayPal checkout. I am using custom variables so I am unable to make use of the PayPal build your own buttons.

What I’m trying to achieve is thus either encrypting my current PayPal button, bearing in mind I have tried and followed the instructions on the PayPal website but seem to get lost/confused on how you actually get it all working. Or use the API to send values from a button to a PayPal checkout.

Can anyone help?

Paypal Api:

You need to first save your order required information into your database.
Then send the information at the page payment.php?lastid=“ORDER ID”&price=“AMOUNT”.

The last id will know that payment is done against to this id or not with the amount of cart or single order.

You need to have two files of paypal sdk that will do this action.

  1. payment.php which will handle payments.
  2. paypal.class.php which will be include in your header file.

payment.php

<?php
session_start();
ob_start();
include('config.php');
 if(isset($_GET['lstid'])){
	
 }
// include("../common/dbcon.php");
//include("../common_files/siteconfig.inc.php");
	//include('../tables/tables.php');
	//include("../common_files/mysql-class.php");
	//include("../common_files/sitefunction.php");
	//include("common_files/emailbody.php");

//require_once('../connections/conn.php');
/*require_once('../administrator/DBAccess/DataLogic.php');
$dlogic = new DataLogic();*/
/*  PHP Paypal IPN Integration Class Demonstration File
 *  4.16.2005 - Micah Carrick, email@micahcarrick.com
 *
 *  This file demonstrates the usage of paypal.class.php, a class designed  
 *  to aid in the interfacing between your website, paypal, and the instant
 *  payment notification (IPN) interface.  This single file serves as 4 
 *  virtual pages depending on the "action" varialble passed in the URL. It's
 *  the processing page which processes form data being submitted to paypal, it
 *  is the page paypal returns a user to upon success, it's the page paypal
 *  returns a user to upon canceling an order, and finally, it's the page that
 *  handles the IPN request from Paypal.
 *
 *  I tried to comment this file, aswell as the acutall class file, as well as
 *  I possibly could.  Please email me with questions, comments, and suggestions.
 *  See the header of paypal.class.php for additional resources and information.
*/

// Setup class
require_once('paypal.class.php');  // include the class file
$p = new paypal_class;             // initiate an instance of the class
$p->paypal_url = 'https://www.paypal.com/cgi-bin/webscr';   // testing paypal url

//$p->paypal_url = 'https://www.paypal.com/cgi-bin/webscr';     // paypal url
 	
//Insertion in db start

/*$sql_pay_log="INSERT INTO `payment_log`(`amount`,`currency_code`,`vat`,`p&p`) 
	                       VALUES('".$_SESSION['grand_total']."','GBP','".$_SESSION['vat']."',
						   '".$_SESSION['shipping']."')";
mysql_query($sql_pay_log,$conn);*/
 //mysql_insert_id();




/*foreach ($_SESSION['carts'] as $Cartdat)
{
	
 if($Cartdat[id]!='')
 {
	
  	$sql_pay_log_details="INSERT INTO `payment_log_details`(`payment_log_id`,`plate_type`,`setup`,`front_size`
	                                                        ,`reg_front`,`reg_rear`,`rear_size`,`font`,`side_badge`
															,`border`,`county`,`bottom_slogan`,`background`,`price`) 
	                      VALUES('".$row_sel_log[0]."','".$Cartdat['plate_types']."','".$Cartdat['setup']."'
						  		 ,'".$Cartdat['front_size']."','".$Cartdat['reg_front']."','".$Cartdat['reg_rear']."'
								 ,'".$Cartdat['rear_size']."'
								 ,'".$Cartdat['font_type']."','".$Cartdat['side_bage']."','".$Cartdat['plate_border']."'
								 ,'".$Cartdat['county']."','".$Cartdat['bottom_slogan']."','".$Cartdat['background']."'
								 ,'".$Cartdat['price']."')";
  	mysql_query($sql_pay_log_details,$conn);
  
  } 
  
}*/

/*$sql_ins_inv="INSERT INTO `invoice`(`inv_name`,`inv_address`,`inv_state`,`inv_country`,`inv_postcode`,
                                     `del_name`,`del_address`,`del_state`,`del_country`,`del_postcode`,`payment_log_id`) 
	                       VALUES('".$_POST['inv_name']."','".$_POST['inv_address']."','".$_POST['inv_state']."',
						   		  '".$_POST['inv_country']."','".$_POST['inv_postcode']."','".$_POST['del_name']."',
								  '".$_POST['del_address']."','".$_POST['del_state']."','".$_POST['del_country']."',
								  '".$_POST['del_postcode']."','".$row_sel_log[0]."')";
mysql_query($sql_ins_inv,$conn);*/

//Insertion in db end
// if(isset($_REQUEST['submit']))
// 	{ 
//            if(isset($_REQUEST['pay']))
//	{
//	
//		if($_REQUEST['pay']=='3')
//			{
//				$amount=$_REQUEST['custome_amount'];
//			
//			}
//		else
//			{
//			$amount=$_REQUEST['pay'];
//			
//			}
//	
//	}
//
//
//mysql_query("insert into tbl_payment(org_id,user_id,amount,paid) values ('".$_SESSION['parent_org_id']."','".$_SESSION['parent_id']."','".$amount."',0)");
//
//$id=mysql_insert_id();
//}
// setup a variable for this script (ie: 'http://www.micahcarrick.com/paypal.php')
//$this_script = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
$this_script = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?oid=1';
// if there is not action variable, set the default action of 'process'

if (empty($_GET['action'])) $_GET['action'] = 'process';  

switch ($_GET['action']) {
    
   case 'process':      // Process and order...
	
      // There should be no output at this point.  To process the POST data,
      // the submit_paypal_post() function will output all the HTML tags which
      // contains a FORM which is submited instantaneously using the BODY onload
      // attribute.  In other words, don't echo or printf anything when you're
      // going to be calling the submit_paypal_post() function.
 
      // This is where you would have your form validation  and all that jazz.
      // You would take your POST vars and load them into the class like below,
      // only using the POST values instead of constant string expressions.
 
      // For example, after ensureing all the POST variables from your custom
      // order form are valid, you might have:
      //
		



	  //$p->add_field('business', 'hassanali_88pk@hotmail.com');
	  $p->add_field('business', 'payments@youremail.com');
	  $p->add_field('currency_code', 'USD');
	  $p->add_field('return', $this_script.'&action=success');
      $p->add_field('cancel_return', $this_script.'&action=cancel');
      $p->add_field('notify_url', $this_script.'&action=ipn');	  
      $p->add_field('item_name', 'Total Amount');
      $p->add_field('amount', $_REQUEST['price']);
	  //$p->add_field('amount', 10.50);
      $p->submit_paypal_post(); // submit the fields to paypal
      //$p->dump_fields();      // for debugging, output a table of all the fields
      
	  break;
      
   case 'success':      // Order was successful...
     $q_p="update `place_orders` set `payment`='1'  where id='".$_GET['lstid']."'";
	 $db->query($q_p);
   header("location:thankyou.php?payeei=successidi");
      // This is where you would probably want to thank the user for their order
      // or what have you.  The order information at this point is in POST 
      // variables.  However, you don't want to "process" the order until you
      // get validation from the IPN.  That's where you would have the code to
      // email an admin, update the database with payment status, activate a
      // membership, etc.  
 
     /* echo "<html><head><title>Success</title></head><body><h3>Thank you for your order.</h3>";
      foreach ($_POST as $key => $value) { echo "$key: $value<br>"; }
      echo "</body></html>";
      echo '<br/>';
	  echo '<br/>';
	  echo '<br/>';*/      

      // You could also simply re-direct them to another page, or your own 
      // order status page which presents the user with the status of their
      // order based on a database (which can be modified with the IPN code 
      // below).
	  //echo $p->ipn_data['txn_id'];

	 // exit;
	  
	 // echo "user_id...".$_SESSION['user_id'];
	 //  header('Location:../payment_success.php');
      break;
   case 'cancel':       // Order was canceled...
      // The order was canceled before being completed.
      header("Location:index.php?$msg='Order Cancelled'");
      break;
   case 'ipn':          // Paypal is calling page for IPN validation...
   
      // It's important to remember that paypal calling this script.  There
      // is no output here.  This is where you validate the IPN data and if it's
      // valid, update your database to signify that the user has payed.  If
      // you try and use an echo or printf function here it's not going to do you
      // a bit of good.  This is on the "backend".  That is why, by default, the
      // class logs all IPN data to a text file.
      if ($p->validate_ipn()) {
		 
	 //$paid=mysql_query("update payments set `p_payment`='1' where p_id='".$_GET['lstid']."'");
	 //session_destroy();
	 $q_p="update `place_orders` set `payment`='1'  where id='".$_GET['lstid']."'";
	 $db->query($q_p);
              // Payment has been recieved and IPN is verified.  This is where you
         // update your database to activate or process the order, or setup
         // the database with the user's order details, email an administrator,
         // etc.  You can access a slew of information via the ipn_data() array.
  
         // Check the paypal documentation for specifics on what information
         // is available in the IPN POST variables.  Basically, all the POST vars
         // which paypal sends, which we send back for validation, are now stored
         // in the ipn_data() array.
		 /*******************************Data Insertion***************************************/
		//if ($p->GetCartId1()){
		
		 	 
		 //$oid = $p->ipn_data['invoice'];
		
		 
		
		 //echo "fdsfdsafa..".$_SESSION['user_id'];
		// exit;
		
		/* $sql_up_pay_log="UPDATE `payment_log` SET `trans_id`='".$p->ipn_data['txn_id']."',
		             `email`='".$p->ipn_data['payer_email']."',`payment_status`='1' 
					  WHERE `id`='$oid'";
         mysql_query($sql_up_pay_log,$conn);
         
		 $sql_up_pay_log_details="UPDATE `payment_log_details` SET `trans_id`='".$p->ipn_data['txn_id']."' 
					      WHERE `payment_log_id`='$oid'";
         mysql_query($sql_up_pay_log_details,$conn);
		
		 $sql_up_pay_log="UPDATE `invoices` SET `TransId`='".$p->ipn_data['txn_id']."',
		              	   WHERE `payment_log_id`='$oid'";
         mysql_query($sql_up_pay_log,$conn);*/

		 /**********************************************************************/
		 // For this example, we'll just email ourselves ALL the data.

        

	  //}
	  }
      break;
 }     
ob_flush();
?>

paypal.class.php

<?php
/*******************************************************************************
 *                      PHP Paypal IPN Integration Class
 *******************************************************************************
 *      Author:     Micah Carrick
 *      Email:      email@micahcarrick.com
 *      Website:    http://www.micahcarrick.com
 *
 *      File:       paypal.class.php
 *      Version:    1.3.0
 *      Copyright:  (c) 2005 - Micah Carrick 
 *                  You are free to use, distribute, and modify this software 
 *                  under the terms of the GNU General Public License.  See the
 *                  included license.txt file.
 *      
 *******************************************************************************
 *  VERION HISTORY:
 *      v1.3.0 [10.10.2005] - Fixed it so that single quotes are handled the 
 *                            right way rather than simple stripping them.  This
 *                            was needed because the user could still put in
 *                            quotes.
 *  
 *      v1.2.1 [06.05.2005] - Fixed typo from previous fix :)
 *
 *      v1.2.0 [05.31.2005] - Added the optional ability to remove all quotes
 *                            from the paypal posts.  The IPN will come back
 *                            invalid sometimes when quotes are used in certian
 *                            fields.
 *
 *      v1.1.0 [05.15.2005] - Revised the form output in the submit_paypal_post
 *                            method to allow non-javascript capable browsers
 *                            to provide a means of manual form submission.
 *
 *      v1.0.0 [04.16.2005] - Initial Version
 *
 *******************************************************************************
 *  DESCRIPTION:
 *
 *      NOTE: See www.micahcarrick.com for the most recent version of this class
 *            along with any applicable sample files and other documentaion.
 *
 *      This file provides a neat and simple method to interface with paypal and
 *      The paypal Instant Payment Notification (IPN) interface.  This file is
 *      NOT intended to make the paypal integration "plug 'n' play". It still
 *      requires the developer (that should be you) to understand the paypal
 *      process and know the variables you want/need to pass to paypal to
 *      achieve what you want.  
 *
 *      This class handles the submission of an order to paypal aswell as the
 *      processing an Instant Payment Notification.
 *  
 *      This code is based on that of the php-toolkit from paypal.  I've taken
 *      the basic principals and put it in to a class so that it is a little
 *      easier--at least for me--to use.  The php-toolkit can be downloaded from
 *      http://sourceforge.net/projects/paypal.
 *      
 *      To submit an order to paypal, have your order form POST to a file with:
 *
 *          $p = new paypal_class;
 *          $p->add_field('business', 'somebody@domain.com');
 *          $p->add_field('first_name', $_POST['first_name']);
 *          ... (add all your fields in the same manor)
 *          $p->submit_paypal_post();
 *
 *      To process an IPN, have your IPN processing file contain:
 *
 *          $p = new paypal_class;
 *          if ($p->validate_ipn()) {
 *          ... (IPN is verified.  Details are in the ipn_data() array)
 *          }
 *
 *
 *      In case you are new to paypal, here is some information to help you:
 *
 *      1. Download and read the Merchant User Manual and Integration Guide from
 *         http://www.paypal.com/en_US/pdf/integration_guide.pdf.  This gives 
 *         you all the information you need including the fields you can pass to
 *         paypal (using add_field() with this class) aswell as all the fields
 *         that are returned in an IPN post (stored in the ipn_data() array in
 *         this class).  It also diagrams the entire transaction process.
 *
 *      2. Create a "sandbox" account for a buyer and a seller.  This is just
 *         a test account(s) that allow you to test your site from both the 
 *         seller and buyer perspective.  The instructions for this is available
 *         at https://developer.paypal.com/ as well as a great forum where you
 *         can ask all your paypal integration questions.  Make sure you follow
 *         all the directions in setting up a sandbox test environment, including
 *         the addition of fake bank accounts and credit cards.
 * 
 *******************************************************************************
*/

class paypal_class {
    
   var $last_error;                 // holds the last error encountered
   
   var $ipn_log;                    // bool: log IPN results to text file?
   
   var $ipn_log_file;               // filename of the IPN log
   var $ipn_response;               // holds the IPN response from paypal   
   var $ipn_data = array();         // array contains the POST values for IPN
   
   var $fields = array();           // array holds the fields to submit to paypal

   
   function paypal_class() {
       
      // initialization constructor.  Called when class is created.
      
      $this->paypal_url = 'https://www.paypal.com/cgi-bin/webscr';
      
      $this->last_error = '';
      
      $this->ipn_log_file = '.ipn_results.log';
      $this->ipn_log = true; 
      $this->ipn_response = '';
      
      // populate $fields array with a few default values.  See the paypal
      // documentation for a list of fields and their data types. These defaul
      // values can be overwritten by the calling script.

      $this->add_field('rm','2');           // Return method = POST
      $this->add_field('cmd','_xclick'); 
      
   }
   
   function add_field($field, $value) {
      
      // adds a key=>value pair to the fields array, which is what will be 
      // sent to paypal as POST variables.  If the value is already in the 
      // array, it will be overwritten.
            
      $this->fields["$field"] = $value;
   }

   function submit_paypal_post() {
 
      // this function actually generates an entire HTML page consisting of
      // a form with hidden elements which is submitted to paypal via the 
      // BODY element's onLoad attribute.  We do this so that you can validate
      // any POST vars from you custom form before submitting to paypal.  So 
      // basically, you'll have your own form which is submitted to your script
      // to validate the data, which in turn calls this function to create
      // another hidden form and submit to paypal.
 
      // The user will briefly see a message on the screen that reads:
      // "Please wait, your order is being processed..." and then immediately
      // is redirected to paypal.

     echo "<html>\n";
      echo "<head><title>Processing Payment...</title></head>\n";
      echo "<body onLoad=\"document.forms['paypal_form'].submit();\">
      <form method=\"post\" name=\"paypal_form\" ";
      echo "action=\"".$this->paypal_url."\">\n";

      foreach ($this->fields as $name => $value) {
         echo "<input type=\"hidden\" name=\"$name\" value=\"$value\"/>\n";
      }     
      echo "</form>
      </body></html>\n";
    
    
   }
   
   function validate_ipn() {

      // parse the paypal URL
      $url_parsed=parse_url($this->paypal_url);        

      // generate the post string from the _POST vars aswell as load the
      // _POST vars into an arry so we can play with them from the calling
      // script.
      $post_string = '';    
      foreach ($_POST as $field=>$value) { 
         $this->ipn_data["$field"] = $value;
         $post_string .= $field.'='.urlencode(stripslashes($value)).'&'; 
      }
      $post_string.="cmd=_notify-validate"; // append ipn command

      // open the connection to paypal
      $fp = fsockopen($url_parsed[host],"80",$err_num,$err_str,30); 
      if(!$fp) {
          
         // could not open the connection.  If loggin is on, the error message
         // will be in the log.
         $this->last_error = "fsockopen error no. $errnum: $errstr";
         $this->log_ipn_results(false);       
         return false;
         
      } else { 
 
         // Post the data back to paypal
         fputs($fp, "POST $url_parsed[path] HTTP/1.1\r\n"); 
         fputs($fp, "Host: $url_parsed[host]\r\n"); 
         fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n"); 
         fputs($fp, "Content-length: ".strlen($post_string)."\r\n"); 
         fputs($fp, "Connection: close\r\n\r\n"); 
         fputs($fp, $post_string . "\r\n\r\n"); 

         // loop through the response from the server and append to variable
         while(!feof($fp)) { 
            $this->ipn_response .= fgets($fp, 1024); 
         } 

         fclose($fp); // close connection

      }
      
      if (eregi("VERIFIED",$this->ipn_response)) {
  
         // Valid IPN transaction.
         $this->log_ipn_results(true);
         return true;       
         
      } else {
  
         // Invalid IPN transaction.  Check the log for details.
         $this->last_error = 'IPN Validation Failed.';
         $this->log_ipn_results(false);   
         return false;
         
      }
      
   }
   
   function GetCartId1()
   {
		// This function will generate an encrypted string and
		// will set it as a cookie using set_cookie. This will
		// also be used as the cookieId field in the cart table
		
		if(isset($_COOKIE["cartId"]))
		{
			return $_COOKIE["cartId"];
		}
			else
			{
			// There is no cookie set. We will set the cookie
			// and return the value of the users session ID
			
			session_start();
			setcookie("cartId", session_id(), time() + ((3600 * 24) * 30));
			return session_id();
		}
	}

   function log_ipn_results($success) {
       
      if (!$this->ipn_log) return;  // is logging turned off?
      
      // Timestamp
      $text = '['.date('m/d/Y g:i A').'] - '; 
      
      // Success or failure being logged?
      if ($success) $text .= "SUCCESS!\n";
      else $text .= 'FAIL: '.$this->last_error."\n";
      
      // Log the POST variables
      $text .= "IPN POST Vars from Paypal:\n";
      foreach ($this->ipn_data as $key=>$value) {
         $text .= "$key=$value, ";
      }
 
      // Log the response from the paypal server
      $text .= "\nIPN Response from Paypal Server:\n ".$this->ipn_response;
      
      // Write to log
      $fp=fopen($this->ipn_log_file,'a');
      fwrite($fp, $text . "\n\n"); 

      fclose($fp);  // close file
   }

   function dump_fields() {
 
      // Used for debugging, this function will output all the field/value pairs
      // that are currently defined in the instance of the class using the
      // add_field() function.
      
      echo "<h3>paypal_class->dump_fields() Output:</h3>";
      echo "<table width=\"95%\" border=\"1\" cellpadding=\"2\" cellspacing=\"0\">
            <tr>
               <td bgcolor=\"black\"><b><font color=\"white\">Field Name</font></b></td>
               <td bgcolor=\"black\"><b><font color=\"white\">Value</font></b></td>
            </tr>"; 
      
      ksort($this->fields);
      foreach ($this->fields as $key => $value) {
         echo "<tr><td>$key</td><td>".urldecode($value)."&nbsp;</td></tr>";
      }
 
      echo "</table><br>"; 
   }
}
1 Like

These are super old codes. I suggest giving the OP a more up-to-date one. Furthermore, you need to have a sandbox account in order to test if your code works. Typically, the sandbox account has 1,000 fake money in there to demonstrate if it works or not. If it does work, the amount from the fake money would be subtracted from the amount you set your item to.

1 Like

You can use it too for sandbox it will allow you to test the working with fake money through sandbox. just change a link a little bit. with sandbox.paypal.com and it will allow you with it.

2 Likes

I have never done it this way before. The way I do it, you have to log into your PayPal account and then you can purchase the item. Since I don’t actually log into my actual PayPal account, I can log into the sandbox account and it would still do the same thing as if I were a regular user. I think this would be a better approach because it’s more safer. I haven’t tried the one you posted, but I will later on in the day when I’m off work.

1 Like

yes just change the links and use sandbox.paypal.com and use your sandbox account in paypal then do a purchase and it will work.

1 Like

A massive thank you to everyone that has replied.

I went home last night and re read parts of the API and have slowly formed a solution that sort of works using the REST API.

Next part of the project is to try and get the users PaymentPlan details i.e. the date they started the plan and when the plan is due for renewal along with a button that allows the use to renew their agreement at will.

My assumption for this would be.

Obtain Users Permission First
Access the Billing Agreement using the Plan ID
FInd the date when the plan started vs the next payment date
Show the user the renewal date

I’ve probably got this all wrong as I’m a bit of a newbie when it comes to PayPal API.

Any help would be greatly appreciated.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.