Integrating paypal payment gateway with PHP

Introduction

• Paypal is popular payment gateway to send and receive payment and it is worldwide.
• For web development it is easiest option to implement a payment system on the website.

How it works?

• Payment form which redirects buyer to paypal.
• Paypal send IPN data to IPN listener which verifies data.
• IPN listener sent verified data to paypal.
• Paypal give response with transaction status, whether it is success or cancel request.

What is PayPal IPN?

• IPN – Instant Payment Notification
• It is working as a silent post.
• IPN sends form data and receive the response.
• PayPal will send a reaction string with “Checked” or “INVALID”.
• In the event that your server neglects to react with an effective HTTP reaction, PayPal will resend this IPN either until a triumph is gotten or up to multiple times.
• On the off chance that your server reliably neglects to react, your IPN might be crippled and you will get warning on your essential paypal email address.

Paypal accounts

• Create account from https://www.paypal.com/
• For developers,Create one account from https://developer.paypal.com/
• Seller account = Business account
• Buyer account = Personal account

To integrate paypal gateway with PHP, Follow below steps

1. Create config.php file and add below code.

PayPal Constants

• PAYPAL_ID – Specify the email of the PayPal account.
• PAYPAL_SANDBOX – Specify Sandbox environment (TRUE/FALSE).
• PAYPAL_RETURN_URL – Specify the URL where the buyer will be redirected after payment.
• PAYPAL_CANCEL_URL – Specify the URL where the buyer will be redirected after payment cancellation.
• PAYPAL_NOTIFY_URL – Specify the URL where the transaction data will be sent for verification through PayPal IPN.
• PAYPAL_CURRENCY – Specify the currency code.
• PAYPAL_URL

– https://www.paypal.com/cgi-bin/webscr (For live)

– https://www.sandbox.paypal.com/cgi-bin/webscr (For sandbox)

2. Create dbconnect.php file for connecting db

3. Create index.php file.

<!-- PayPal payment form for displaying the buy button -->
<form action="<?php echo PAYPAL_URL; ?>" method="post">
<!--email address define.Note-  Create two account in paypal sandbox one account will be initialized here and other will be perform payment to initialized account.Other wise this example won't work. -->
      <input type="hidden" name="business" value="[email protected]">
      <!-- Specify a Buy Now button. -->
      <input type="hidden" name="cmd" value="_xclick">
      <!-- Specify details about the item that buyers will purchase. -->
      <input type="hidden" name="item_name" >
      <input type="hidden" name="item_number" >
      <input type="hidden" name="amount">
      <input type="hidden" name="currency_code" >
	 <!-- Specify URLs -->
      <input type="hidden" name="return" value="http://example.com/success.php">
       <input type="hidden" name="cancel_return" value="http://example.com/cancel.php">
        <input type="hidden" name="notify_url" value="http://example.com/ipn.php"> // add url for notify data
<!-- Display the payment button. -->
     <input type="image" name="submit" border="0" src="https://www.paypalobjects.com/en_US/i/btn/btn_buynow_LG.gif">
</form>

4. Create success.php (This file redirects after payment completed)

5. Create ipn.php (It checks whether transaction is valid or not)

/* 
 * Read POST data 
 * reading posted data directly from $_POST causes serialization 
 * issues with array data in POST. 
 * Reading raw POST data from input stream instead. 
*/        
$raw_post_data = file_get_contents('php://input'); 
$raw_post_array = explode('&', $raw_post_data); 
$myPost = array(); 
foreach ($raw_post_array as $keyval) { 
    $keyval = explode ('=', $keyval); 
    if (count($keyval) == 2) 
        $myPost[$keyval[0]] = urldecode($keyval[1]); 
} 
 
// Read the post from PayPal system and add 'cmd' 
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) { 
    $get_magic_quotes_exists = true; 
} 
foreach ($myPost as $key => $value) { 
    if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) { 
        $value = urlencode(stripslashes($value)); 
    } else { 
        $value = urlencode($value); 
    } 
    $req .= "&$key=$value"; 
} 
/* 
 * Post IPN data back to PayPal to validate the IPN data is genuine 
 * Without this step anyone can fake IPN data 
 */ 
$paypalURL = PAYPAL_URL; 
$ch = curl_init($paypalURL); 
if ($ch == FALSE) {
return FALSE; 
}
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); 
curl_setopt($ch, CURLOPT_POST, 1); 
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); 
curl_setopt($ch, CURLOPT_POSTFIELDS, $req); 
curl_setopt($ch, CURLOPT_SSLVERSION, 6);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); 
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); 
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);  
// Set TCP timeout to 30 seconds 
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); 
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close', 'User-Agent: company-name')); 
$res = curl_exec($ch); 
/* 
 * Inspect IPN validation result and act accordingly 
 * Split response headers and payload, a better way for strcmp 
 */  
$tokens = explode("\r\n\r\n", trim($res));
$res = trim(end($tokens)); 
if (strcmp($res, "VERIFIED") == 0 || strcasecmp($res, "VERIFIED") == 0) { 
    // Retrieve transaction info from PayPal 
    $item_number    = $_POST['item_number']; 
    $txn_id         = $_POST['txn_id']; 
    $payment_gross     = $_POST['mc_gross']; 
    $currency_code     = $_POST['mc_currency']; 
    $payment_status = $_POST['payment_status']; 
// do something
}