I'm developing a site where customers have several payment options, including PayPal Payments Standard. Since I'm collecting a fair amount of data about the customer, I'd like to process the form on my server before sending the user to PayPal's server. One option is to concatenate the data into a single string, assign the string to the custom
field, and then process it in the IPN response, but I find this to be a very inelegant solution. Instead, after collecting the user data, I'm attempting to use cURL to submit a standard HTML PayPal form. How can I redirect the user to PayPal to complete the checkout process?
// Process PayPal payment
if ($method == 'PayPal') {
// Prepare POST data
$query = array();
$query['notify_url'] = 'http://example.com/ipn';
$query['cmd'] = '_cart';
$query['upload'] = '1';
$query['business'] = '[email protected]';
$query['address_override'] = '1';
$query['first_name'] = $first_name;
$query['last_name'] = $last_name;
$query['email'] = $email;
$query['address1'] = $ship_to_address;
$query['city'] = $ship_to_city;
$query['state'] = $ship_to_state;
$query['zip'] = $ship_to_zip;
$query['item_name_'.$i] = $item['description'];
$query['quantity_'.$i] = $item['quantity'];
$query['amount_'.$i] = $item['info']['price'];
// Prepare query string
$query_string = '';
foreach ($query as $key=>$value) {
$query_string .= $key.'='.urlencode($value).'&';
}
$query_string = rtrim($query_string, '&');
// Open connection
$ch = curl_init();
//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL, 'https://www.paypal.com/cgi-bin/webscr');
curl_setopt($ch,CURLOPT_POST, count($query));
curl_setopt($ch,CURLOPT_POSTFIELDS, $query_string);
// Execute post
$result = curl_exec($ch);
// Close connection
curl_close($ch);
}
WARNING: this answer has a security deficit. Passing sensitive data (such as item and price) through the client allows the client to modify the transaction. ie. change the item, or change the price. See the PayPal documentation on how to implement IPN.
You should redirect the user with the php header
function and send the vars as GET not POST.
// Process PayPal payment
if ($method == 'PayPal') {
// Prepare GET data
$query = array();
$query['notify_url'] = 'http://jackeyes.com/ipn';
$query['cmd'] = '_cart';
$query['upload'] = '1';
$query['business'] = '[email protected]';
$query['address_override'] = '1';
$query['first_name'] = $first_name;
$query['last_name'] = $last_name;
$query['email'] = $email;
$query['address1'] = $ship_to_address;
$query['city'] = $ship_to_city;
$query['state'] = $ship_to_state;
$query['zip'] = $ship_to_zip;
$query['item_name_'.$i] = $item['description'];
$query['quantity_'.$i] = $item['quantity'];
$query['amount_'.$i] = $item['info']['price'];
// Prepare query string
$query_string = http_build_query($query);
header('Location: https://www.paypal.com/cgi-bin/webscr?' . $query_string);
}
Rather than trying to post all the data to PayPal and back, you should keep the data on your server and send only an identifying token. Any data you send to PayPal (via the user's browser) can be intercepted and modified. This is a serious security hazard.
If you send only the token there is no opportunity for tampering.
Read the PayPal spec, it has guidelines on how to implement these things.
You must use IPN or some similar post processing because PayPal is the only one who knows whether a payment was actually made. Do not trust any data you get from the user.
doing curl it will make end to end calls in backend side , it will not reflect on frontend behavior .
you have to make a form with hidden field and javascript to auto submit the form once page loaded .
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With