paypal, php - integrate a paypal payment into a website

Question

Good day to all.

I have a booking site. Here I need to integrate a paypal payment.

Scenario is like this: X enters into the site, fill in a form with a lot of details (name, period, room type, whatever... about 20 fields). The details are sent to a script that calculate the price.

Now what I need is to get the user to pay. I must use authorization & capture to do this (in order to be able to cancel a payment during the time limit of course).

First try was to generate a pay now button. But this kind of request a fixed price (and mine is generated).

Second was an add to cart button. Same thing.

After some research I found that express checkout is what I need (I think... not sure). I used the code generator from https://www.paypal-labs.com/integrationwizard/ecpaypal/code.php.

The problem is that this one require some shipping details also and other useless things. Also I don't see where I fill the visitors name/credit/whatever...

I just want a simple payment. Is anyway I can use a form and send the values to a specified address? Or something like that? Like you know... any normal API.

Answer 1

I've recently done this. You can use PayPal's xclick button, to send custom data (that is, price and shipping) to PayPal. Then the customer will pay via PayPal and send an instant payment notification to a file on your server of your choice, then validate the data using the IPN and process the order how you like.

<form action="https://secure.paypal.com/uk/cgi-bin/webscr" method="post" name="paypal" id="paypal">
    <!-- Prepopulate the PayPal checkout page with customer details, -->
    <input type="hidden" name="first_name" value="<?php echo Firstname?>">
    <input type="hidden" name="last_name" value="<?php echo Lastname?>">
    <input type="hidden" name="email" value="<?php echo Email?>">
    <input type="hidden" name="address1" value="<?php echo Address?>">
    <input type="hidden" name="address2" value="<?php echo Address2?>">
    <input type="hidden" name="city" value="<?php echo City?>">
    <input type="hidden" name="zip" value="<?php echo Postcode?>">
    <input type="hidden" name="day_phone_a" value="">
    <input type="hidden" name="day_phone_b" value="<?php echo Mobile?>">

    <!-- We don't need to use _ext-enter anymore to prepopulate pages -->
    <!-- cmd = _xclick will automatically pre populate pages -->
    <!-- More information: https://www.x.com/docs/DOC-1332 -->
    <input type="hidden" name="cmd" value="_xclick" />
    <input type="hidden" name="business" value="[email protected]" />
    <input type="hidden" name="cbt" value="Return to Your Business Name" />
    <input type="hidden" name="currency_code" value="GBP" />

    <!-- Allow the customer to enter the desired quantity -->
    <input type="hidden" name="quantity" value="1" />
    <input type="hidden" name="item_name" value="Name of Item" />

    <!-- Custom value you want to send and process back in the IPN -->
    <input type="hidden" name="custom" value="<?php echo session_id().?>" />

    <input type="hidden" name="shipping" value="<?php echo $shipping_price; ?>" />
    <input type="hidden" name="invoice" value="<?php echo $invoice_id ?>" />
    <input type="hidden" name="amount" value="<?php echo $total_order_price; ?>" />
    <input type="hidden" name="return" value="http://<?php echo $_SERVER['SERVER_NAME']?>/shop/paypal/thankyou"/>
    <input type="hidden" name="cancel_return" value="http://<?php echo $_SERVER['SERVER_NAME']?>/shop/paypal/cancelled" />

    <!-- Where to send the PayPal IPN to. -->
    <input type="hidden" name="notify_url" value="http://<?php echo $_SERVER['SERVER_NAME']?>/shop/paypal/process" />
</form>

Once the customer pays, PayPal will notify your script, and you can do whatever you want after that to process a successful payment.

To process the payment in your PHP file: Paypal Developers LINK

Validation

* NEVER TRUST ANY USER SUBMITTED DATA *

With all PayPal transactions, users can edit the data in the form and submit unwanted or incorrect data. You should save all your variables (such as ID, amount, shipping, etc...) in a database, and validate when the IPN request is received back from PayPal (to make sure they match).

Treat a PayPal transaction with the same security as you do with SQL data, escape all variables, never trust any user submitted data and always validate your data.