For details, refer:
Https://cms.paypal.com/us/cgi-bin? Cmd = _ render-content & content_id = developer/e_howto_html_appx_websitestandard_htmlvariables
Define the constant paypalurl
Const paypal_url = 'https: // www.sandbox.paypal.com /';
The data record to be transferred is an array
$ Paypaldata = array (
'Add' => 1,
'Cmd' => '_ ext-enter ',
'Redirect _ cmd' => '_ xclick ',
'Business' => $ paypalaccount, -------- liangliangfeng211@gmail.com this is the recipient's PayPal account
'Item _ name' => '51mimimprint shopping cart ',
'Item _ number' => $ order-> ID,
'First _ name' => $ address-> first_name,
'Last _ name' => $ address-> last_name,
'Addresses' => $ address-> address1,
'City' => $ address-> city,
'State' => $ address-> state_or_province,
'Zip' => $ address-> zip_code,
'Amount '=> $ order-> subtotal,
'Shipping' => $ order-> shipping_timeout,
'No _ note' => 1,
'Currency _ Code' => 'use ',
'Lc '=> 'us'
);
Convert the array into a URL address.
$ Paypalarguments = array ();
Foreach ($ paypaldata as $ k => $ v ){
Array_push ($ paypalarguments, $ K. '='. urlencode ($ V ));
}
$ Paypalurl = self: paypal_url .'? '. Implode (' & ', $ paypalarguments );
$ This-> _ redirect ($ paypalurl );
Next, we should set the address of the PayPal interface:
Https://www.sandbox.paypal.com/cgi-bin/webscr
Basic Process
When the customer pays you, PayPal will send a notification to the server located in the specified URL (type = "hidden" name = "yy_url" value =. This notification will include all your customer's payment information (for example, customer name, amount) and an encrypted SectionCode. When the server receives a notification, it then sends the message (including the encrypted code) back to a secure PayPal URL. PayPal will verify the identity of the transaction by checking the encrypted string. This operation of sending IPN data back to PayPal prevents "spoofing", so you can ensure that IPN comes from PayPal. During verification, PayPal will send the confirmation information of its validity back to your server.
Prompt: To enable instant payment notification, you need to enter a URL through which you can receive notifications from your users.
After the instant payment notification is enabled, your server receives a Notification every time you receive the payment. This notification will be sent to the specified URL in a hidden form post mode, all payment information will be included. The form variable of the notification is listed at the bottom of this page.
Each time you receive an IPN from PayPal, you must complete the following notification confirmation process before implementing the order. Confirming the information listed will ensure that the transaction is legal.
Notification confirmation IPN
To ensure that the payment has been made to your PayPal account, you must verify that the email address used as "receiver_email" has been registered with your PayPal account and has been confirmed.
After the server receives an instant payment notification, you need to build an http post sent to PayPal to confirm it. Your post should be sent to the https://www.paypal.com/cgi-bin/webscr
You must send all received form variables exactly as they are when you receive the form variables. You also need to append a variable named "cmd" (for example, cmd = _ policy-validate) with the value of "_ policy-validate" to the post string.
PayPal will reply to the post and include the word "verified" or "invalid" in the body of the response ". When you receive a verified reply, you need to perform several checks before implementing the order:
Confirm that "payment_status" is "completed" because the system will also send IPN for other results (such as "pending" or "failed.
Check whether "txn_id" is repeated to prevent the fraudster from reusing the old completed transaction.
Verify that "receiver_email" is an email address that has been registered with your PayPal account to prevent sending payments to the account of the fraudster.
After checking other transaction details (such as item numbers and prices) to confirm that the price has not changed, you can use IPN data to update your database and process the purchase.
If an "invalid" notification is received, it shall be deemed as a suspicious notification and should be investigated.