Introduction
- Paypal is popular payment gateway to send and receive payment and it is worldwide.
- For web development it is easiest option to implement a payment system on the website.
How it works?
- Payment form which redirects buyer to paypal.
- Paypal send IPN data to IPN listener which verifies data.
- IPN listener sent verified data to paypal.
- Paypal give response with transaction status, whether it is success or cancel request.
What is PayPal IPN?
- IPN – Instant Payment Notification
- It is working as a silent post.
- IPN sends form data and receive the response.
- PayPal will send a reaction string with “Checked” or “INVALID”.
- In the event that your server neglects to react with an effective HTTP reaction, PayPal will resend this IPN either until a triumph is gotten or up to multiple times.
- On the off chance that your server reliably neglects to react, your IPN might be crippled and you will get warning on your essential paypal email address.
Paypal accounts
- Create account from https://www.paypal.com/
- For developers,Create one account from https://developer.paypal.com/
- Seller account = Business account
- Buyer account = Personal account
To integrate paypal gateway with PHP, Follow below steps
1. Create config.php file and add below code.
PayPal Constants
- PAYPAL_ID – Specify the email of the PayPal account.
- PAYPAL_SANDBOX – Specify Sandbox environment (TRUE/FALSE).
- PAYPAL_RETURN_URL – Specify the URL where the buyer will be redirected after payment.
- PAYPAL_CANCEL_URL – Specify the URL where the buyer will be redirected after payment cancellation.
- PAYPAL_NOTIFY_URL – Specify the URL where the transaction data will be sent for verification through PayPal IPN.
- PAYPAL_CURRENCY – Specify the currency code.
- PAYPAL_URL
– https://www.paypal.com/cgi-bin/webscr (For live)
– https://www.sandbox.paypal.com/cgi-bin/webscr (For sandbox)
2. Create dbconnect.php file for connecting db
3. Create index.php file.
<!-- PayPal payment form for displaying the buy button -->
<form action="<?php echo PAYPAL_URL; ?>" method="post">
<!--email address define.Note- Create two account in paypal sandbox one account will be initialized here and other will be perform payment to initialized account.Other wise this example won't work. -->
<input type="hidden" name="business" value="[email protected]">
<!-- Specify a Buy Now button. -->
<input type="hidden" name="cmd" value="_xclick">
<!-- Specify details about the item that buyers will purchase. -->
<input type="hidden" name="item_name" >
<input type="hidden" name="item_number" >
<input type="hidden" name="amount">
<input type="hidden" name="currency_code" >
<!-- Specify URLs -->
<input type="hidden" name="return" value="http://example.com/success.php">
<input type="hidden" name="cancel_return" value="http://example.com/cancel.php">
<input type="hidden" name="notify_url" value="http://example.com/ipn.php"> // add url for notify data
<!-- Display the payment button. -->
<input type="image" name="submit" border="0" src="https://www.paypalobjects.com/en_US/i/btn/btn_buynow_LG.gif">
</form>
4. Create success.php (This file redirects after payment completed)
5. Create ipn.php (It checks whether transaction is valid or not)
/*
* Read POST data
* reading posted data directly from $_POST causes serialization
* issues with array data in POST.
* Reading raw POST data from input stream instead.
*/
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
$keyval = explode ('=', $keyval);
if (count($keyval) == 2)
$myPost[$keyval[0]] = urldecode($keyval[1]);
}
// Read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
$get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {
if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
$value = urlencode(stripslashes($value));
} else {
$value = urlencode($value);
}
$req .= "&$key=$value";
}
/*
* Post IPN data back to PayPal to validate the IPN data is genuine
* Without this step anyone can fake IPN data
*/
$paypalURL = PAYPAL_URL;
$ch = curl_init($paypalURL);
if ($ch == FALSE) {
return FALSE;
}
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSLVERSION, 6);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
// Set TCP timeout to 30 seconds
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close', 'User-Agent: company-name'));
$res = curl_exec($ch);
/*
* Inspect IPN validation result and act accordingly
* Split response headers and payload, a better way for strcmp
*/
$tokens = explode("\r\n\r\n", trim($res));
$res = trim(end($tokens));
if (strcmp($res, "VERIFIED") == 0 || strcasecmp($res, "VERIFIED") == 0) {
// Retrieve transaction info from PayPal
$item_number = $_POST['item_number'];
$txn_id = $_POST['txn_id'];
$payment_gross = $_POST['mc_gross'];
$currency_code = $_POST['mc_currency'];
$payment_status = $_POST['payment_status'];
// do something
}