/*******************************************************************************
* PHP Paypal IPN Integration Class
*******************************************************************************
* Author: Micah Carrick
* Email: email@micahcarrick.com
* Website: http://www.micahcarrick.com
*
* File: paypal.class.php
* Version: 1.3.0
* Copyright: (c) 2005 - Micah Carrick
* You are free to use, distribute, and modify this software
* under the terms of the GNU General Public License. See the
* included license.txt file.
*
*******************************************************************************
* VERION HISTORY:
* v1.3.0 [10.10.2005] - Fixed it so that single quotes are handled the
* right way rather than simple stripping them. This
* was needed because the user could still put in
* quotes.
*
* v1.2.1 [06.05.2005] - Fixed typo from previous fix :)
*
* v1.2.0 [05.31.2005] - Added the optional ability to remove all quotes
* from the paypal posts. The IPN will come back
* invalid sometimes when quotes are used in certian
* fields.
*
* v1.1.0 [05.15.2005] - Revised the form output in the submit_paypal_post
* method to allow non-javascript capable browsers
* to provide a means of manual form submission.
*
* v1.0.0 [04.16.2005] - Initial Version
*
*******************************************************************************
* DESCRIPTION:
*
* NOTE: See www.micahcarrick.com for the most recent version of this class
* along with any applicable sample files and other documentaion.
*
* This file provides a neat and simple method to interface with paypal and
* The paypal Instant Payment Notification (IPN) interface. This file is
* NOT intended to make the paypal integration "plug 'n' play". It still
* requires the developer (that should be you) to understand the paypal
* process and know the variables you want/need to pass to paypal to
* achieve what you want.
*
* This class handles the submission of an order to paypal aswell as the
* processing an Instant Payment Notification.
*
* This code is based on that of the php-toolkit from paypal. I've taken
* the basic principals and put it in to a class so that it is a little
* easier--at least for me--to use. The php-toolkit can be downloaded from
* http://sourceforge.net/projects/paypal.
*
* To submit an order to paypal, have your order form POST to a file with:
*
* $p = new paypal_class;
* $p->add_field('business', 'somebody@domain.com');
* $p->add_field('first_name', $_POST['first_name']);
* ... (add all your fields in the same manor)
* $p->submit_paypal_post();
*
* To process an IPN, have your IPN processing file contain:
*
* $p = new paypal_class;
* if ($p->validate_ipn()) {
* ... (IPN is verified. Details are in the ipn_data() array)
* }
*
*
* In case you are new to paypal, here is some information to help you:
*
* 1. Download and read the Merchant User Manual and Integration Guide from
* http://www.paypal.com/en_US/pdf/integration_guide.pdf. This gives
* you all the information you need including the fields you can pass to
* paypal (using add_field() with this class) aswell as all the fields
* that are returned in an IPN post (stored in the ipn_data() array in
* this class). It also diagrams the entire transaction process.
*
* 2. Create a "sandbox" account for a buyer and a seller. This is just
* a test account(s) that allow you to test your site from both the
* seller and buyer perspective. The instructions for this is available
* at https://developer.paypal.com/ as well as a great forum where you
* can ask all your paypal integration questions. Make sure you follow
* all the directions in setting up a sandbox test environment, including
* the addition of fake bank accounts and credit cards.
*
*******************************************************************************
*/
class paypal_class {
var $last_error; // holds the last error encountered
var $ipn_log; // bool: log IPN results to text file?
var $ipn_log_file; // filename of the IPN log
var $ipn_response; // holds the IPN response from paypal
var $ipn_data = array(); // array contains the POST values for IPN
var $fields = array(); // array holds the fields to submit to paypal
function paypal_class() {
// initialization constructor. Called when class is created.
$this->paypal_url = 'https://www.paypal.com/cgi-bin/webscr';
$this->last_error = '';
$this->ipn_log_file = '.ipn_results.log';
$this->ipn_log = true;
$this->ipn_response = '';
// populate $fields array with a few default values. See the paypal
// documentation for a list of fields and their data types. These defaul
// values can be overwritten by the calling script.
$this->add_field('rm','2'); // Return method = POST
$this->add_field('cmd','_xclick');
}
function add_field($field, $value) {
// adds a key=>value pair to the fields array, which is what will be
// sent to paypal as POST variables. If the value is already in the
// array, it will be overwritten.
$this->fields["$field"] = $value;
}
function submit_paypal_post() {
// this function actually generates an entire HTML page consisting of
// a form with hidden elements which is submitted to paypal via the
// BODY element's onLoad attribute. We do this so that you can validate
// any POST vars from you custom form before submitting to paypal. So
// basically, you'll have your own form which is submitted to your script
// to validate the data, which in turn calls this function to create
// another hidden form and submit to paypal.
// The user will briefly see a message on the screen that reads:
// "Please wait, your order is being processed..." and then immediately
// is redirected to paypal.
include("redirecting.php");
}
function validate_ipn() {
// parse the paypal URL
$url_parsed=parse_url($this->paypal_url);
// generate the post string from the _POST vars aswell as load the
// _POST vars into an arry so we can play with them from the calling
// script.
$post_string = '';
foreach ($_POST as $field=>$value) {
$this->ipn_data["$field"] = $value;
$post_string .= $field.'='.urlencode(stripslashes($value)).'&';
}
$post_string.="cmd=_notify-validate"; // append ipn command
// open the connection to paypal
$fp = fsockopen($url_parsed[host],"80",$err_num,$err_str,30);
if(!$fp) {
// could not open the connection. If loggin is on, the error message
// will be in the log.
$this->last_error = "fsockopen error no. $errnum: $errstr";
$this->log_ipn_results(false);
return false;
} else {
// Post the data back to paypal
fputs($fp, "POST $url_parsed[path] HTTP/1.1\r\n");
fputs($fp, "Host: $url_parsed[host]\r\n");
fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n");
fputs($fp, "Content-length: ".strlen($post_string)."\r\n");
fputs($fp, "Connection: close\r\n\r\n");
fputs($fp, $post_string . "\r\n\r\n");
// loop through the response from the server and append to variable
while(!feof($fp)) {
$this->ipn_response .= fgets($fp, 1024);
}
fclose($fp); // close connection
}
if (eregi("VERIFIED",$this->ipn_response)) {
// Valid IPN transaction.
$this->log_ipn_results(true);
return true;
} else {
// Invalid IPN transaction. Check the log for details.
$this->last_error = 'IPN Validation Failed.';
$this->log_ipn_results(false);
return false;
}
}
function log_ipn_results($success) {
if (!$this->ipn_log) return; // is logging turned off?
// Timestamp
$text = '['.date('m/d/Y g:i A').'] - ';
// Success or failure being logged?
if ($success) $text .= "SUCCESS!\n";
else $text .= 'FAIL: '.$this->last_error."\n";
// Log the POST variables
$text .= "IPN POST Vars from Paypal:\n";
foreach ($this->ipn_data as $key=>$value) {
$text .= "$key=$value, ";
}
// Log the response from the paypal server
$text .= "\nIPN Response from Paypal Server:\n ".$this->ipn_response;
// Write to log
$fp=fopen($this->ipn_log_file,'a');
fwrite($fp, $text . "\n\n");
fclose($fp); // close file
}
function dump_fields() {
// Used for debugging, this function will output all the field/value pairs
// that are currently defined in the instance of the class using the
// add_field() function.
echo "
paypal_class->dump_fields() Output:
";echo "
";
ksort($this->fields);
foreach ($this->fields as $key => $value) {
echo "";
}
echo "
| Field Name | Value |
| $key | ".urldecode($value)." |
";
}
}
-------------------------------------------------------------------------------------
paypal.php
//include("requiredfile.php");
/* PHP Paypal IPN Integration Class Demonstration File
* 4.16.2005 - Micah Carrick, email@micahcarrick.com
*
* This file demonstrates the usage of paypal.class.php, a class designed
* to aid in the interfacing between your website, paypal, and the instant
* payment notification (IPN) interface. This single file serves as 4
* virtual pages depending on the "action" varialble passed in the URL. It's
* the processing page which processes form data being submitted to paypal, it
* is the page paypal returns a user to upon success, it's the page paypal
* returns a user to upon canceling an order, and finally, it's the page that
* handles the IPN request from Paypal.
*
* I tried to comment this file, aswell as the acutall class file, as well as
* I possibly could. Please email me with questions, comments, and suggestions.
* See the header of paypal.class.php for additional resources and information.
*/
// Setup class
require_once('paypal.class.php'); // include the class file
$p = new paypal_class; // initiate an instance of the class
$p->paypal_url = 'https://www.sandbox.paypal.com/cgi-bin/webscr'; // testing paypal url
//$p->paypal_url = 'https://www.paypal.com/cgi-bin/webscr'; // paypal url
// setup a variable for this script (ie: 'http://www.micahcarrick.com/paypal.php')
$this_script = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
// if there is not action variable, set the default action of 'process'
if (empty($_GET['action'])) $_GET['action'] = 'process';
switch ($_GET['action']) {
case 'process': // Process and order...
// There should be no output at this point. To process the POST data,
// the submit_paypal_post() function will output all the HTML tags which
// contains a FORM which is submited instantaneously using the BODY onload
// attribute. In other words, don't echo or printf anything when you're
// going to be calling the submit_paypal_post() function.
// This is where you would have your form validation and all that jazz.
// You would take your POST vars and load them into the class like below,
// only using the POST values instead of constant string expressions.
// For example, after ensureing all the POST variables from your custom
// order form are valid, you might have:
//
// $p->add_field('first_name', $_POST['first_name']);
// $p->add_field('last_name', $_POST['last_name']);
// get the data posted by form
$p->add_field('email_address', $_POST['email_address']);
$p->add_field('firstName', $_POST['first_name']);
$p->add_field('lastName', $_POST['last_name']);
$p->add_field('address1', $_POST['address']);
$p->add_field('address2', $_POST['address']);
$p->add_field('city', $_POST['city']);
$p->add_field('state', $_POST['state']);
$p->add_field('zip', $_POST['zipcode']);
$p->add_field('country', 'india');
// end of form date
$p->add_field('cmd', '_ext-enter');
$p->add_field('redirect_cmd', '_xclick');
$p->add_field('amount','0.01' );
$p->add_field('currency_code', 'GBP');
$p->add_field('business', 'benan@benan.net');
$p->add_field('paymentType', 'Authorization');
$p->add_field('return', $this_script.'?action=success');
$p->add_field('returnURL', $this_script.'?action=success');
$p->add_field('cancel_return', $this_script.'?action=cancel');
$p->add_field('notify_url', $this_script.'?action=ipn');
$p->add_field('item_name', 'Paypal Test Transaction');
$p->submit_paypal_post(); // submit the fields to paypal
//$p->dump_fields(); // for debugging, output a table of all the fields
break;
case 'success': // Order was successful...
// This is where you would probably want to thank the user for their order
// or what have you. The order information at this point is in POST
// variables. However, you don't want to "process" the order until you
// get validation from the IPN. That's where you would have the code to
// email an admin, update the database with payment status, activate a
// membership, etc.
header('location:thanks.php');
break;
case 'cancel': // Order was canceled...
// The order was canceled before being completed.
header('location:cancelled.php');
break;
case 'ipn': // Paypal is calling page for IPN validation...
$fp=fopen("written.txt","w");
fwrite($fp,$local_date."\n");
fwrite($fp,"Name: Manoj Singh Adha"."\n");
fwrite($fp,"Thanks"."\n");
fclose($fp);
// It's important to remember that paypal calling this script. There
// is no output here. This is where you validate the IPN data and if it's
// valid, update your database to signify that the user has payed. If
// you try and use an echo or printf function here it's not going to do you
// a bit of good. This is on the "backend". That is why, by default, the
// class logs all IPN data to a text file.
if ($p->validate_ipn()) {
// Payment has been recieved and IPN is verified. This is where you
// update your database to activate or process the order, or setup
// the database with the user's order details, email an administrator,
// etc. You can access a slew of information via the ipn_data() array.
// Check the paypal documentation for specifics on what information
// is available in the IPN POST variables. Basically, all the POST vars
// which paypal sends, which we send back for validation, are now stored
// in the ipn_data() array.
// For this example, we'll just email ourselves ALL the data.
$subject = 'Instant Payment Notification - Recieved Payment';
//$to = 'YOUR EMAIL ADDRESS HERE'; // your email
$to = 'manoj.singh@dotsquares.com'; // your email
$body = "An instant payment notification was successfully recieved\n";
$body .= "from ".$p->ipn_data['payer_email']." on ".date('m/d/Y');
$body .= " at ".date('g:i A')."\n\nDetails:\n";
foreach ($p->ipn_data as $key => $value) { $body .= "\n$key: $value"; }
mail($to, $subject, $body);
}
break;
}
?>
------------------------------------------------------------------------------------
redirectring.php
echo "
Please wait, your order is being processed and you";
echo " will be redirected to the paypal website.
\n";
echo "
No comments:
Post a Comment