Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
403 views
in Technique[技术] by (71.8m points)

php - Submit form via cURL and redirect browser to PayPal

I'm developing a site where customers have several payment options, including PayPal Payments Standard. Since I'm collecting a fair amount of data about the customer, I'd like to process the form on my server before sending the user to PayPal's server. One option is to concatenate the data into a single string, assign the string to the custom field, and then process it in the IPN response, but I find this to be a very inelegant solution. Instead, after collecting the user data, I'm attempting to use cURL to submit a standard HTML PayPal form. How can I redirect the user to PayPal to complete the checkout process?

  // Process PayPal payment
  if ($method == 'PayPal') {

    // Prepare POST data
    $query = array();
    $query['notify_url'] = 'http://example.com/ipn';
    $query['cmd'] = '_cart';
    $query['upload'] = '1';
    $query['business'] = '[email protected]';
    $query['address_override'] = '1';
    $query['first_name'] = $first_name;
    $query['last_name'] = $last_name;
    $query['email'] = $email;
    $query['address1'] = $ship_to_address;
    $query['city'] = $ship_to_city;
    $query['state'] = $ship_to_state;
    $query['zip'] = $ship_to_zip;
    $query['item_name_'.$i] = $item['description'];
    $query['quantity_'.$i] = $item['quantity'];
    $query['amount_'.$i] = $item['info']['price'];

    // Prepare query string
    $query_string = '';
    foreach ($query as $key=>$value) {
      $query_string .= $key.'='.urlencode($value).'&';
    }
    $query_string = rtrim($query_string, '&');

    // Open connection
    $ch = curl_init();

    //set the url, number of POST vars, POST data
    curl_setopt($ch,CURLOPT_URL, 'https://www.paypal.com/cgi-bin/webscr');
    curl_setopt($ch,CURLOPT_POST, count($query));
    curl_setopt($ch,CURLOPT_POSTFIELDS, $query_string);

    // Execute post
    $result = curl_exec($ch);

    // Close connection
    curl_close($ch);
  }
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

WARNING: this answer has a security deficit. Passing sensitive data (such as item and price) through the client allows the client to modify the transaction. ie. change the item, or change the price. See the PayPal documentation on how to implement IPN.

You should redirect the user with the php header function and send the vars as GET not POST.

// Process PayPal payment
if ($method == 'PayPal') {

    // Prepare GET data
    $query = array();
    $query['notify_url'] = 'http://jackeyes.com/ipn';
    $query['cmd'] = '_cart';
    $query['upload'] = '1';
    $query['business'] = '[email protected]';
    $query['address_override'] = '1';
    $query['first_name'] = $first_name;
    $query['last_name'] = $last_name;
    $query['email'] = $email;
    $query['address1'] = $ship_to_address;
    $query['city'] = $ship_to_city;
    $query['state'] = $ship_to_state;
    $query['zip'] = $ship_to_zip;
    $query['item_name_'.$i] = $item['description'];
    $query['quantity_'.$i] = $item['quantity'];
    $query['amount_'.$i] = $item['info']['price'];

    // Prepare query string
    $query_string = http_build_query($query);

    header('Location: https://www.paypal.com/cgi-bin/webscr?' . $query_string);
}

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...