PHP – PayPal IPN Payment Gateway

PayPal IPN is mostly use payment gateway on web. It's easy to implement.
Instant Payment Notification (IPN) is PayPal's message service that sends a notification when
a transaction is affected.

Code Example: Download Example

index.php
<?php
#$url = "https://www.paypal.com/cgi-bin/webscr";  //live
$url = "https://www.sandbox.paypal.com/cgi-bin/webscr"; // sandbox
?>
<form name="paypal_ipn" action="<?php echo $url ?>" method="POST">
<input type="hidden" name="upload" value="1" />
<input type="hidden" name="cmd" value="_cart" />
<!-- The business email address, where you want to receive the payment -->
<input type="hidden" name="business" value="myshop@gamil.com" />
<!-- The customer email address -->
<input type="hidden" name="receiver_email" value="customer@live.com" />
<input type="hidden" name="item_name_1" value="test product" />
<input type="hidden" name="quantity_1" value="1" />
<input type="hidden" name="amount_1" value="25.58" />
<input type="hidden" name="currency_code" value="USD" />
<input type="hidden" name="invoice" value="12345" />
<input type="hidden" name="amount" value="25.58" /> 
<!-- Where you want to return after PayPal Payment -->
<input type="hidden" name="return" value="http://www.yoursite.com/finished.php" />
<!-- A back-end notification send to the specific page after successful payment  -->
<input type="hidden" name="notify_url" value="https://www.yoursite.com/finished_secure.php" />
<!-- Where you want to return after cancel the PayPal Payment  -->
<input type="hidden" name="cancel_return" value="http://www.yoursite.com" />
<input type="image" src="https://www.paypal.com/en_US/i/btn/btn_xpressCheckout.gif" border=0 />
</form>

finished_secure.php

<?php 
// STEP 1: Read POST data
 
// reading posted data from directly from $_POST causes serialization 
// issues with array data in POST
// reading raw POST data from input stream instead. 
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
  $keyval = explode ('=', $keyval);
  if (count($keyval) == 2)
     $myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
   $get_magic_quotes_exists = true;
} 
foreach ($myPost as $key => $value) {        
   if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) { 
        $value = urlencode(stripslashes($value)); 
   } else {
        $value = urlencode($value);
   }
   $req .= "&$key=$value";
}
 
 
// STEP 2: Post IPN data back to paypal to validate
 
$ch = curl_init('https://www.paypal.com/cgi-bin/webscr');
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
 
// In wamp like environments that do not come bundled with root authority certificates,
// please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path 
// of the certificate as shown below.
// curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
if( !($res = curl_exec($ch)) ) {
    // error_log("Got " . curl_error($ch) . " when processing IPN data");
    curl_close($ch);
    exit;
}
curl_close($ch);
 
 
// STEP 3: Inspect IPN validation result and act accordingly
 
if (strcmp ($res, "VERIFIED") == 0) {
    // check whether the payment_status is Completed
    // check that txn_id has not been previously processed
    // check that receiver_email is your Primary PayPal email
    // check that payment_amount/payment_currency are correct
    // process payment
 
    // assign posted variables to local variables
    $item_name = $_POST['item_name'];
    $item_number = $_POST['item_number'];
    $payment_status = $_POST['payment_status'];
    $payment_amount = $_POST['mc_gross'];
    $payment_currency = $_POST['mc_currency'];
    $txn_id = $_POST['txn_id'];
    $receiver_email = $_POST['receiver_email'];
    $payer_email = $_POST['payer_email'];
} else if (strcmp ($res, "INVALID") == 0) {
    // log for manual investigation
}
?>

Post to Twitter Post to Digg Post to Facebook Post to Google Buzz Send Gmail

Leave a Comment

Your email address will not be published. Required fields are marked *