Integrating paypal payment gateway with PHP

Introduction

• Paypal is popular payment gateway to send and receive payment and it is worldwide.
• For web development it is easiest option to implement a payment system on the website.

How it works?

• Payment form which redirects buyer to paypal.
• Paypal send IPN data to IPN listener which verifies data.
• IPN listener sent verified data to paypal.
• Paypal give response with transaction status, whether it is success or cancel request.

What is PayPal IPN?

• IPN - Instant Payment Notification
• It is working as a silent post.
• IPN sends form data and receive the response.
• PayPal will send a reaction string with "Checked" or "INVALID".
• In the event that your server neglects to react with an effective HTTP reaction, PayPal will resend this IPN either until a triumph is gotten or up to multiple times.
• On the off chance that your server reliably neglects to react, your IPN might be crippled and you will get warning on your essential paypal email address.

Paypal accounts

• Create account from https://www.paypal.com/
• For developers,Create one account from https://developer.paypal.com/
• Seller account = Business account
• Buyer account = Personal account

To integrate paypal gateway with PHP, Follow below steps

1. Create config.php file and add below code.

PayPal Constants

• PAYPAL_ID – Specify the email of the PayPal account.
• PAYPAL_SANDBOX – Specify Sandbox environment (TRUE/FALSE).
• PAYPAL_RETURN_URL – Specify the URL where the buyer will be redirected after payment.
• PAYPAL_CANCEL_URL – Specify the URL where the buyer will be redirected after payment cancellation.
• PAYPAL_NOTIFY_URL – Specify the URL where the transaction data will be sent for verification through PayPal IPN.
• PAYPAL_CURRENCY – Specify the currency code.
• PAYPAL_URL

- https://www.paypal.com/cgi-bin/webscr (For live)

- https://www.sandbox.paypal.com/cgi-bin/webscr (For sandbox)

2. Create dbconnect.php file for connecting db

3. Create index.php file.

<!-- PayPal payment form for displaying the buy button --> <form action="<?php echo PAYPAL_URL; ?>" method="post"> <!--email address define.Note- Create two account in paypal sandbox one account will be initialized here and other will be perform payment to initialized account.Other wise this example won't work. --> <input type="hidden" name="business" value="[email protected]"> <!-- Specify a Buy Now button. --> <input type="hidden" name="cmd" value="_xclick"> <!-- Specify details about the item that buyers will purchase. --> <input type="hidden" name="item_name" > <input type="hidden" name="item_number" > <input type="hidden" name="amount"> <input type="hidden" name="currency_code" > <!-- Specify URLs --> <input type="hidden" name="return" value="http://example.com/success.php"> <input type="hidden" name="cancel_return" value="http://example.com/cancel.php"> <input type="hidden" name="notify_url" value="http://example.com/ipn.php"> // add url for notify data <!-- Display the payment button. --> <input type="image" name="submit" border="0" src="https://www.paypalobjects.com/en_US/i/btn/btn_buynow_LG.gif"> </form>

4. Create success.php (This file redirects after payment completed)

5. Create ipn.php (It checks whether transaction is valid or not)

/* * Read POST data * reading posted data directly from $_POST causes serialization * issues with array data in POST. * Reading raw POST data from input stream instead. */ $raw_post_data = file_get_contents('php://input'); $raw_post_array = explode('&', $raw_post_data); $myPost = array(); foreach ($raw_post_array as $keyval) { $keyval = explode ('=', $keyval); if (count($keyval) == 2) $myPost[$keyval[0]] = urldecode($keyval[1]); } // Read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; if(function_exists('get_magic_quotes_gpc')) { $get_magic_quotes_exists = true; } foreach ($myPost as $key => $value) { if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) { $value = urlencode(stripslashes($value)); } else { $value = urlencode($value); } $req .= "&$key=$value"; } /* * Post IPN data back to PayPal to validate the IPN data is genuine * Without this step anyone can fake IPN data */ $paypalURL = PAYPAL_URL; $ch = curl_init($paypalURL); if ($ch == FALSE) { return FALSE; } curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_POSTFIELDS, $req); curl_setopt($ch, CURLOPT_SSLVERSION, 6); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($ch, CURLOPT_FORBID_REUSE, 1); // Set TCP timeout to 30 seconds curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close', 'User-Agent: company-name')); $res = curl_exec($ch); /* * Inspect IPN validation result and act accordingly * Split response headers and payload, a better way for strcmp */ $tokens = explode("\r\n\r\n", trim($res)); $res = trim(end($tokens)); if (strcmp($res, "VERIFIED") == 0 || strcasecmp($res, "VERIFIED") == 0) { // Retrieve transaction info from PayPal $item_number = $_POST['item_number']; $txn_id = $_POST['txn_id']; $payment_gross = $_POST['mc_gross']; $currency_code = $_POST['mc_currency']; $payment_status = $_POST['payment_status']; // do something }