Integrating paypal payment gateway with PHP

Introduction

  • Paypal is popular payment gateway to send and receive payment and it is worldwide.
  • For web development it is easiest option to implement a payment system on the website.

How it works?

  • Payment form which redirects buyer to paypal.
  • Paypal send IPN data to IPN listener which verifies data.
  • IPN listener sent verified data to paypal.
  • Paypal give response with transaction status, whether it is success or cancel request.

What is PayPal IPN?

  • IPN – Instant Payment Notification
  • It is working as a silent post.
  • IPN sends form data and receive the response.
  • PayPal will send a reaction string with “Checked” or “INVALID”.
  • In the event that your server neglects to react with an effective HTTP reaction, PayPal will resend this IPN either until a triumph is gotten or up to multiple times.
  • On the off chance that your server reliably neglects to react, your IPN might be crippled and you will get warning on your essential paypal email address.

Paypal accounts

To integrate paypal gateway with PHP, Follow below steps

1. Create config.php file and add below code.

PayPal Constants

  • PAYPAL_ID – Specify the email of the PayPal account.
  • PAYPAL_SANDBOX – Specify Sandbox environment (TRUE/FALSE).
  • PAYPAL_RETURN_URL – Specify the URL where the buyer will be redirected after payment.
  • PAYPAL_CANCEL_URL – Specify the URL where the buyer will be redirected after payment cancellation.
  • PAYPAL_NOTIFY_URL – Specify the URL where the transaction data will be sent for verification through PayPal IPN.
  • PAYPAL_CURRENCY – Specify the currency code.
  • PAYPAL_URL

– https://www.paypal.com/cgi-bin/webscr (For live)

– https://www.sandbox.paypal.com/cgi-bin/webscr (For sandbox)

2. Create dbconnect.php file for connecting db

3. Create index.php file.

<!-- PayPal payment form for displaying the buy button -->
<form action="<?php echo PAYPAL_URL; ?>" method="post">
<!--email address define.Note-  Create two account in paypal sandbox one account will be initialized here and other will be perform payment to initialized account.Other wise this example won't work. -->
      <input type="hidden" name="business" value="[email protected]">
      <!-- Specify a Buy Now button. -->
      <input type="hidden" name="cmd" value="_xclick">
      <!-- Specify details about the item that buyers will purchase. -->
      <input type="hidden" name="item_name" >
      <input type="hidden" name="item_number" >
      <input type="hidden" name="amount">
      <input type="hidden" name="currency_code" >
	 <!-- Specify URLs -->
      <input type="hidden" name="return" value="http://example.com/success.php">
       <input type="hidden" name="cancel_return" value="http://example.com/cancel.php">
        <input type="hidden" name="notify_url" value="http://example.com/ipn.php"> // add url for notify data
<!-- Display the payment button. -->
     <input type="image" name="submit" border="0" src="https://www.paypalobjects.com/en_US/i/btn/btn_buynow_LG.gif">
</form>

4. Create success.php (This file redirects after payment completed)

5. Create ipn.php (It checks whether transaction is valid or not)

/* 
 * Read POST data 
 * reading posted data directly from $_POST causes serialization 
 * issues with array data in POST. 
 * Reading raw POST data from input stream instead. 
*/        
$raw_post_data = file_get_contents('php://input'); 
$raw_post_array = explode('&', $raw_post_data); 
$myPost = array(); 
foreach ($raw_post_array as $keyval) { 
    $keyval = explode ('=', $keyval); 
    if (count($keyval) == 2) 
        $myPost[$keyval[0]] = urldecode($keyval[1]); 
} 
 
// Read the post from PayPal system and add 'cmd' 
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) { 
    $get_magic_quotes_exists = true; 
} 
foreach ($myPost as $key => $value) { 
    if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) { 
        $value = urlencode(stripslashes($value)); 
    } else { 
        $value = urlencode($value); 
    } 
    $req .= "&$key=$value"; 
} 
/* 
 * Post IPN data back to PayPal to validate the IPN data is genuine 
 * Without this step anyone can fake IPN data 
 */ 
$paypalURL = PAYPAL_URL; 
$ch = curl_init($paypalURL); 
if ($ch == FALSE) {
return FALSE; 
}
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); 
curl_setopt($ch, CURLOPT_POST, 1); 
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); 
curl_setopt($ch, CURLOPT_POSTFIELDS, $req); 
curl_setopt($ch, CURLOPT_SSLVERSION, 6);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); 
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); 
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);  
// Set TCP timeout to 30 seconds 
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); 
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close', 'User-Agent: company-name')); 
$res = curl_exec($ch); 
/* 
 * Inspect IPN validation result and act accordingly 
 * Split response headers and payload, a better way for strcmp 
 */  
$tokens = explode("\r\n\r\n", trim($res));
$res = trim(end($tokens)); 
if (strcmp($res, "VERIFIED") == 0 || strcasecmp($res, "VERIFIED") == 0) { 
    // Retrieve transaction info from PayPal 
    $item_number    = $_POST['item_number']; 
    $txn_id         = $_POST['txn_id']; 
    $payment_gross     = $_POST['mc_gross']; 
    $currency_code     = $_POST['mc_currency']; 
    $payment_status = $_POST['payment_status']; 
// do something
}