Integrating paypal payment gateway with PHP

Introduction
- Paypal is popular payment gateway to send and receive payment and it is worldwide.
- For web development it is easiest option to implement a payment system on the website.
How it works?
- Payment form which redirects buyer to paypal.
- Paypal send IPN data to IPN listener which verifies data.
- IPN listener sent verified data to paypal.
- Paypal give response with transaction status, whether it is success or cancel request.
What is PayPal IPN?
- IPN - Instant Payment Notification
- It is working as a silent post.
- IPN sends form data and receive the response.
- PayPal will send a reaction string with "Checked" or "INVALID".
- In the event that your server neglects to react with an effective HTTP reaction, PayPal will resend this IPN either until a triumph is gotten or up to multiple times.
- On the off chance that your server reliably neglects to react, your IPN might be crippled and you will get warning on your essential paypal email address.
Paypal accounts
- Create account from https://www.paypal.com/
- For developers,Create one account from https://developer.paypal.com/
- Seller account = Business account
- Buyer account = Personal account
To integrate paypal gateway with PHP, Follow below steps
1. Create config.php file and add below code.
PayPal Constants
- PAYPAL_ID – Specify the email of the PayPal account.
- PAYPAL_SANDBOX – Specify Sandbox environment (TRUE/FALSE).
- PAYPAL_RETURN_URL – Specify the URL where the buyer will be redirected after payment.
- PAYPAL_CANCEL_URL – Specify the URL where the buyer will be redirected after payment cancellation.
- PAYPAL_NOTIFY_URL – Specify the URL where the transaction data will be sent for verification through PayPal IPN.
- PAYPAL_CURRENCY – Specify the currency code.
- PAYPAL_URL
- https://www.paypal.com/cgi-bin/webscr (For live)
- https://www.sandbox.paypal.com/cgi-bin/webscr (For sandbox)
2. Create dbconnect.php file for connecting db
3. Create index.php file.
<!-- PayPal payment form for displaying the buy button --> <form action="<?php echo PAYPAL_URL; ?>" method="post"> <!--email address define.Note- Create two account in paypal sandbox one account will be initialized here and other will be perform payment to initialized account.Other wise this example won't work. --> <input type="hidden" name="business" value="[email protected]"> <!-- Specify a Buy Now button. --> <input type="hidden" name="cmd" value="_xclick"> <!-- Specify details about the item that buyers will purchase. --> <input type="hidden" name="item_name" > <input type="hidden" name="item_number" > <input type="hidden" name="amount"> <input type="hidden" name="currency_code" > <!-- Specify URLs --> <input type="hidden" name="return" value="http://example.com/success.php"> <input type="hidden" name="cancel_return" value="http://example.com/cancel.php"> <input type="hidden" name="notify_url" value="http://example.com/ipn.php"> // add url for notify data <!-- Display the payment button. --> <input type="image" name="submit" border="0" src="https://www.paypalobjects.com/en_US/i/btn/btn_buynow_LG.gif"> </form>
4. Create success.php (This file redirects after payment completed)
5. Create ipn.php (It checks whether transaction is valid or not)
/* * Read POST data * reading posted data directly from $_POST causes serialization * issues with array data in POST. * Reading raw POST data from input stream instead. */ $raw_post_data = file_get_contents('php://input'); $raw_post_array = explode('&', $raw_post_data); $myPost = array(); foreach ($raw_post_array as $keyval) { $keyval = explode ('=', $keyval); if (count($keyval) == 2) $myPost[$keyval[0]] = urldecode($keyval[1]); } // Read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; if(function_exists('get_magic_quotes_gpc')) { $get_magic_quotes_exists = true; } foreach ($myPost as $key => $value) { if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) { $value = urlencode(stripslashes($value)); } else { $value = urlencode($value); } $req .= "&$key=$value"; } /* * Post IPN data back to PayPal to validate the IPN data is genuine * Without this step anyone can fake IPN data */ $paypalURL = PAYPAL_URL; $ch = curl_init($paypalURL); if ($ch == FALSE) { return FALSE; } curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_POSTFIELDS, $req); curl_setopt($ch, CURLOPT_SSLVERSION, 6); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($ch, CURLOPT_FORBID_REUSE, 1); // Set TCP timeout to 30 seconds curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close', 'User-Agent: company-name')); $res = curl_exec($ch); /* * Inspect IPN validation result and act accordingly * Split response headers and payload, a better way for strcmp */ $tokens = explode("\r\n\r\n", trim($res)); $res = trim(end($tokens)); if (strcmp($res, "VERIFIED") == 0 || strcasecmp($res, "VERIFIED") == 0) { // Retrieve transaction info from PayPal $item_number = $_POST['item_number']; $txn_id = $_POST['txn_id']; $payment_gross = $_POST['mc_gross']; $currency_code = $_POST['mc_currency']; $payment_status = $_POST['payment_status']; // do something }