This article mainly introduces the PHP shopping site to pay PayPal use method, has a certain reference value, now share to everyone, the need for friends can refer to
PayPal is fast, secure and convenient, and is the preferred online payment method for cross-border transactions. PayPal can now be linked with most of the domestic credit card, can realize the national trade balance.
Defining Constants Paypalurl
Const PAYPAL_URL = ' https://www.sandbox.paypal.com/';
The data to be transferred is recorded as an array
$paypalData = Array (' add ' + = 1, ' cmd ' = ' _ext-en Ter ', ' redirect_cmd ' = ' _xclick ', ' business ' = ' $paypalAccoun T,--------liangliangfeng211@gmail.com This is the payee's PayPal account ' item_name ' = ' 51customimprint shopping Cart ', ' item_number ' = $order->id, ' first_name ', $address first_name, ' last_name ' = = $address->last_name, ' address1 ' = > $address->address1, ' city ' = $address->city, ' st Ate ' = $address->state_or_province, ' zip ' = ' $address-& Gt;zip_code, ' amount ' = $order->subtotal, ' shipping ' =&G T $order->shipping_fEE, ' no_note ' = 1, ' currency_code ' + ' USD ', ' LC ' = ' US ');
Convert this array to a URL address
$paypalArguments = Array (); foreach ($paypalData as $k = = $v) { Array_push ($paypalArguments, $k. '=' . UrlEncode ($v)); } $paypalUrl = self::P aypal_url. '?' . Implode (' & ', $paypalArguments); $this->_redirect ($PAYPALURL);
Next, when we test, we should set the address of the PayPal interface to:
Https://www.sandbox.paypal.com/cgi-bin/webscr
The basic process
When the customer pays you, PayPal sends a notification to the server at the specified URL (type= "hidden" name= "Notify_url" value= "). This notification will include all of your customer's payment information (for example, customer name, amount), and a piece of encryption code. When the server receives a notification, it then sends the information (including the encryption code) back to the secure PayPal URL. PayPal will authenticate the transaction by checking the encrypted string. This transfer of IPN data back to PayPal prevents "spoofing", so you can ensure that IPN comes from PayPal. At the time of verification, PayPal will send a confirmation of its legitimacy back to your server.
tip : To enable instant payment notifications, you will need to enter a URL through which you can receive notifications from your user information.
With instant payment notifications enabled, each time you receive a payment, your server receives a notification that it will be sent to the specified URL as a hidden "form POST" and will include all payment information. The FORM variable for the notification is listed at the bottom of this page.
Each time you receive IPN from PayPal, you must complete the notification confirmation process as described below before implementing the order. Confirming the information listed will ensure that the transaction is legal.
Notification Confirmation IPN
To ensure that the payment has entered your PayPal account, you must verify that the e-mail address used as "Receiver_email" has been registered and confirmed in your PayPal account.
After the server receives an instant payment notification, you will need to confirm it by building an HTTP POST sent to PayPal. Your POST should be sent to HTTPS://WWW.PAYPAL.COM/CGI-BIN/WEBSCR
You must send all received form variables exactly as they were when you received the form variable. You will also need to append a variable named "_notify-validate" with a value of "cmd" (for example, Cmd=_notify-validate) to the POST string.
PayPal will reply to the POST and include a word "verified" or "INVALID" in the body of the reply. When you receive a verified reply, you need to perform several checks before the order is implemented:
Verify that "Payment_status" is "completed" because the system also sends IPN for other results, such as "Pending" or "Failed".
Check if "txn_id" is not duplicated to prevent fraudsters from reusing old, completed transactions.
Verify that "Receiver_email" is an email address that has been registered in your PayPal account to prevent payment from being sent to the fraudster's account.
Check other transaction details (such as item number and price) to confirm that the price has not changed after you have completed the above checks, you can use the IPN data to update your database and process your purchases.
If an "invalid" notification is received, it should be treated as a suspicious notification and should be investigated.
The above is the whole content of this article, I hope that everyone's learning has helped, more relevant content please pay attention to topic.alibabacloud.com!