Detailed reference:
Https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_html_Appx_ Websitestandard_htmlvariables
Defining Constants Paypalurl
Const PAYPAL_URL = ' https://www.sandbox.paypal.com/';
Record the data to be transferred as an array
$paypalData = Array (
' Add ' => 1,
' cmd ' => ' _ext-enter ',
' Redirect_cmd ' => ' _xclick ',
' Business ' => $paypalAccount,--------liangliangfeng211@gmail.com This is the payee's PayPal account number.
' Item_name ' => ' 51customimprint shopping cart ',
' Item_Number ' => $order->id,
' First_Name ' => $address->first_name,
' Last_Name ' => $address->last_name,
' Address1 ' => $address->address1,
' City ' => $address->city,
' State ' => $address->state_or_province,
' Zip ' => $address->zip_code,
' Amount ' => $order->subtotal,
' Shipping ' => $order->shipping_fee,
' No_note ' => 1,
' Currency_code ' => ' USD ',
' LC ' => ' US '
);
Converts this array to a URL address
$paypalArguments = Array ();
foreach ($paypalData as $k => $v) {
Array_push ($paypalArguments, $k. '=' . UrlEncode ($v));
}
$paypalUrl = self::P aypal_url. '?' . Implode (' & ', $paypalArguments);
$this->_redirect ($PAYPALURL);
Next, when we test, we should set the address of the PayPal interface to:
Https://www.sandbox.paypal.com/cgi-bin/webscr
The basic process
When the customer pays you, PayPal sends a notification to the server at the specified URL (type= "hidden" name= "Notify_url"). This notification will include all of your customer's payment information (for example, customer name, amount), and a section of encrypted code. When the server receives a notification, it then sends the information, including the encrypted code, back to the secure PayPal URL. PayPal will authenticate the transaction by checking the encrypted string. This will send IPN data back to PayPal operation to prevent "deception", so you can ensure that IPN from PayPal. At the time of verification, PayPal sends confirmation of its legality back to your server.
tip : To enable instant payment notifications, you will need to enter a URL through which you can receive notifications from your user information.
When instant payment notifications are enabled, each time you receive a payment, your server receives a notification that will be sent to the specified URL as a hidden "form POST" and will include all payment information. The FORM variable for the notification is listed at the bottom of this page.
Each time you receive an IPN from PayPal, you must complete the notification confirmation process as described below before you implement the order. Confirming that the information listed will ensure that the transaction is legal.
Notify Confirm IPN
In order to ensure payment has entered your PayPal account, you must verify that the email address used as "Receiver_email" has been registered and confirmed in your PayPal account.
Once the server receives an instant payment notification, you will need to confirm it by building an HTTP POST to PayPal. Your POST should be sent to HTTPS://WWW.PAYPAL.COM/CGI-BIN/WEBSCR
You must send all received form variables exactly as they were when the form variable was received. You will also need to append a "_notify-validate" variable named "cmd" (for example, Cmd=_notify-validate) to the POST string.
PayPal will reply to the POST and include a word "verified" or "INVALID" in the body of the reply. When you receive a verified reply, you need to perform several checks before the order is implemented:
Verify that "Payment_status" is "Completed" because the system will also send IPN for other results (such as "Pending" or "Failed").
Check that "txn_id" is not duplicated to prevent fraudsters from reusing old completed transactions.
Verify that "Receiver_email" is an e-mail address that has been registered in your PayPal account to prevent payment from being sent to the fraudster's account.
Check other transaction details (e.g. item number and price) to confirm that the price has not changed after the above inspection, you can use IPN data to update your database and handle shopping.
If an "invalid" notification is received, it should be treated as a suspicious notification and should be investigated.